last executing test programs: 7.371052245s ago: executing program 4 (id=75): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x2, 0x3, 0xf8) sendto$unix(r2, 0x0, 0x0, 0x48850, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x9) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r5, r6, 0x0, 0x7fffffffffffffff) 4.274738985s ago: executing program 1 (id=86): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd(0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) 3.472982646s ago: executing program 1 (id=91): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000200)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) preadv2(r0, &(0x7f00000004c0)=[{&(0x7f00000007c0)=""/210, 0xd2}], 0x1, 0x10000, 0x58c6, 0x16) 2.999165637s ago: executing program 3 (id=94): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x1, r1}, 0x10) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_RESET(r3, 0x4141, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) mq_open(&(0x7f0000000100)='\x00', 0x80, 0x4, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x20040000) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, 0x0, 0x20000005) 2.723481819s ago: executing program 2 (id=95): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x5}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xfffe, 0x0, 0x80, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x20, 0xca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x1ff, 0x56}]}}}}}}}, 0x0) 2.704526891s ago: executing program 4 (id=96): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) 2.426878751s ago: executing program 2 (id=99): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="e2", 0x1}], 0x1}, 0x4040001) setsockopt$sock_attach_bpf(r1, 0x1, 0xa, &(0x7f0000000180), 0x4) recvmsg$unix(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x100) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) r4 = openat$vicodec0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) preadv(r4, &(0x7f0000001900)=[{&(0x7f0000000500)=""/3, 0x3}], 0x1, 0x1, 0xb1) ptrace$getregset(0x4205, r3, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0x70bd28, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x40, 0x4251}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x5}}]}]}}}, @IFLA_NET_NS_PID={0x8, 0x13, r3}]}, 0x4c}}, 0x8010) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@private1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@dev}}, &(0x7f0000000500)=0xe8) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000500, r5, &(0x7f0000000540)) socket(0x10, 0x803, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x100, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) 2.237615691s ago: executing program 1 (id=101): socket(0x10, 0x2, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)=@generic={0x0, r1}, 0x18) 1.999974736s ago: executing program 1 (id=103): set_mempolicy(0x3, 0x0, 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000070200000080000001"], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f00000005c0), 0x0}, 0x20) 1.840858215s ago: executing program 3 (id=105): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f00000004c0)=[{0x6, 0x4, 0xa4, 0x7fff0003}]}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000002c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000740)="b3", 0x1}], 0x1, &(0x7f0000000080)=ANY=[], 0xf0}}], 0x1, 0x24004c41) 1.81825061s ago: executing program 2 (id=106): r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x6c) fcntl$notify(r0, 0x402, 0x5) open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) 1.768577799s ago: executing program 1 (id=107): mkdir(0x0, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0xb, &(0x7f0000000000), 0xe) sendmsg$inet(r0, &(0x7f0000000ac0)={&(0x7f00000001c0)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001880)="04", 0x1}], 0x1}, 0x8054) close(r0) 1.548940589s ago: executing program 2 (id=110): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x1, r1}, 0x10) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_RESET(r4, 0x4141, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) mq_open(&(0x7f0000000100)='\x00', 0x80, 0x4, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x20040000) 1.408164236s ago: executing program 1 (id=112): stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000602, r0, &(0x7f0000000100)={0x6, 0x39, 0x1, 0xa013abda6fcf7674}) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1580, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x24008040) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c2c2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x3ff, 0x1, {0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x8}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r5, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xff, @time={0xfff, 0x3}, {0x0, 0xa}, {}, @result={0x9}}], 0x1c) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905811765"], 0x0) syz_usb_disconnect(r6) r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[], 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x3, 0xbde, 0x0, 0x0}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) syz_usb_disconnect(r6) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r8, 0x0, 0x0) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r9, 0x0, 0x0) syz_usb_disconnect(r7) 1.347837443s ago: executing program 3 (id=113): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)=@generic={0x0, r0}, 0x18) 1.203747537s ago: executing program 0 (id=114): r0 = add_key$fscrypt_provisioning(&(0x7f0000000380), &(0x7f0000000600)={'syz', 0x1}, &(0x7f0000000640)={0x1, 0x0, @b}, 0x48, 0xfffffffffffffffc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0}, &(0x7f0000000700)=0xc) lstat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r0, r1, r2) 1.145903622s ago: executing program 3 (id=115): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x1, r1}, 0x10) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_RESET(r3, 0x4141, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) mq_open(&(0x7f0000000100)='\x00', 0x80, 0x4, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x20040000) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, 0x0, 0x20000005) 1.011228815s ago: executing program 0 (id=116): ioprio_set$uid(0x3, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 943.902556ms ago: executing program 4 (id=117): set_mempolicy(0x3, 0x0, 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000070200000080000001"], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f00000005c0), 0x0}, 0x20) 868.142472ms ago: executing program 4 (id=118): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="e2", 0x1}], 0x1}, 0x4040001) setsockopt$sock_attach_bpf(r1, 0x1, 0xa, &(0x7f0000000180), 0x4) recvmsg$unix(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x100) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) r4 = openat$vicodec0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) preadv(r4, &(0x7f0000001900)=[{&(0x7f0000000500)=""/3, 0x3}], 0x1, 0x1, 0xb1) ptrace$getregset(0x4205, r3, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0x70bd28, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x40, 0x4251}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x5}}]}]}}}, @IFLA_NET_NS_PID={0x8, 0x13, r3}]}, 0x4c}}, 0x8010) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@private1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@dev}}, &(0x7f0000000500)=0xe8) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000500, r5, &(0x7f0000000540)) socket(0x10, 0x803, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x100, 0x0) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) 860.788652ms ago: executing program 0 (id=119): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x2c, r1, 0x7, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x1}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40410}, 0x0) 605.117004ms ago: executing program 0 (id=120): write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x88c0}, 0x8804) 475.091988ms ago: executing program 2 (id=121): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x10}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff}, {0x0, 0x10000}}, [@tmpl={0x84, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x8, 0x0, 0x3, 0x2a, 0x2, 0x0, 0xd1f}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0xff}, 0x0, @in6=@private1, 0x0, 0x5}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0xc001004}, 0x40800) 473.930641ms ago: executing program 4 (id=122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000000202010400000000000000000a0000003c0002802c0001"], 0x50}}, 0x0) 335.936652ms ago: executing program 0 (id=123): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r0 = memfd_create(&(0x7f0000000080)=',\xea\x00', 0x4) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_QBUF(r1, 0xc058565d, &(0x7f0000000200)=@userptr={0x7, 0xe, 0x4, 0x400, 0xfffff001, {}, {0x5, 0x8, 0xf5, 0x2, 0x20, 0x8, "fa678636"}, 0x10000000, 0x2, {0x0}, 0x8000}) ftruncate(r0, 0x806ffffff) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000003580)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0xffffffffffffffff}], 0x9, 0x0) 335.608552ms ago: executing program 2 (id=124): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 223.410318ms ago: executing program 4 (id=125): stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000602, r0, &(0x7f0000000100)={0x6, 0x39, 0x1, 0xa013abda6fcf7674}) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1580, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x24008040) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c2c2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x3ff, 0x1, {0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x8}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r5, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xff, @time={0xfff, 0x3}, {0x0, 0xa}, {}, @result={0x9}}], 0x1c) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905811765"], 0x0) syz_usb_disconnect(r6) r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[], 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x3, 0xbde, 0x0, 0x0}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_disconnect(r6) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r8, 0x0, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 144.270285ms ago: executing program 3 (id=126): r0 = add_key$fscrypt_provisioning(&(0x7f0000000380), &(0x7f0000000600)={'syz', 0x1}, &(0x7f0000000640)={0x1, 0x0, @b}, 0x48, 0xfffffffffffffffc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0}, &(0x7f0000000700)=0xc) lstat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r0, r1, r2) 59.326958ms ago: executing program 3 (id=127): set_mempolicy(0x3, &(0x7f0000000040)=0xe3, 0x8) r0 = syz_open_dev$usbfs(0x0, 0x205, 0x2581) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e200000040006"], 0x48}}, 0x4000) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0xb0, 0x400) syz_open_procfs(r2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 0 (id=128): set_mempolicy(0x3, 0x0, 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000070200000080000001"], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f00000005c0), 0x0}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.42' (ED25519) to the list of known hosts. [ 97.759813][ T43] cfg80211: failed to load regulatory.db [ 99.928047][ T5587] cgroup: Unknown subsys name 'net' [ 100.190319][ T5587] cgroup: Unknown subsys name 'cpuset' [ 100.262817][ T5587] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 102.386850][ T5587] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 105.086851][ T5605] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 105.159603][ T5604] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 105.160511][ T5604] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 105.165420][ T5613] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 105.209029][ T5613] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 105.226262][ T5613] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 105.229234][ T5613] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 105.246267][ T5617] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 105.262690][ T5617] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 105.266140][ T5617] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 105.266319][ T5617] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 105.266619][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 105.273888][ T5604] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 105.286309][ T5613] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 105.328022][ T5604] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 105.335886][ T5613] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 105.346016][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 105.346701][ T5617] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 105.356433][ T5604] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 105.358419][ T5604] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 105.372804][ T5604] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 105.442442][ T5610] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 105.459987][ T5610] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 105.534190][ T5617] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 105.546048][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 107.479489][ T4916] Bluetooth: hci3: command tx timeout [ 107.552212][ T4916] Bluetooth: hci4: command tx timeout [ 107.632861][ T4916] Bluetooth: hci0: command tx timeout [ 107.712516][ T5617] Bluetooth: hci1: command tx timeout [ 107.712837][ T4916] Bluetooth: hci2: command tx timeout [ 108.510382][ T5602] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.511627][ T5602] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.511793][ T5602] bridge_slave_0: entered allmulticast mode [ 108.523187][ T5602] bridge_slave_0: entered promiscuous mode [ 108.567922][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.568038][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.568160][ T5601] bridge_slave_0: entered allmulticast mode [ 108.570016][ T5601] bridge_slave_0: entered promiscuous mode [ 108.621695][ T5602] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.621823][ T5602] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.623379][ T5602] bridge_slave_1: entered allmulticast mode [ 108.631041][ T5602] bridge_slave_1: entered promiscuous mode [ 108.666032][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.666159][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.666326][ T5601] bridge_slave_1: entered allmulticast mode [ 108.668595][ T5601] bridge_slave_1: entered promiscuous mode [ 108.725406][ T5598] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.725522][ T5598] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.725653][ T5598] bridge_slave_0: entered allmulticast mode [ 108.727528][ T5598] bridge_slave_0: entered promiscuous mode [ 108.813250][ T5598] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.813401][ T5598] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.813662][ T5598] bridge_slave_1: entered allmulticast mode [ 108.815788][ T5598] bridge_slave_1: entered promiscuous mode [ 108.900047][ T5602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.928452][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.928797][ T5600] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.929026][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.929222][ T5600] bridge_slave_0: entered allmulticast mode [ 108.931467][ T5600] bridge_slave_0: entered promiscuous mode [ 108.995550][ T5602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.026555][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.026869][ T5600] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.026961][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.027178][ T5600] bridge_slave_1: entered allmulticast mode [ 109.031108][ T5600] bridge_slave_1: entered promiscuous mode [ 109.049162][ T5599] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.049507][ T5599] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.050115][ T5599] bridge_slave_0: entered allmulticast mode [ 109.063409][ T5599] bridge_slave_0: entered promiscuous mode [ 109.113596][ T5598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.156321][ T5599] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.156483][ T5599] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.156947][ T5599] bridge_slave_1: entered allmulticast mode [ 109.158935][ T5599] bridge_slave_1: entered promiscuous mode [ 109.206283][ T5598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.280064][ T5602] team0: Port device team_slave_0 added [ 109.305545][ T5601] team0: Port device team_slave_0 added [ 109.311494][ T5600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.341539][ T5602] team0: Port device team_slave_1 added [ 109.368851][ T5601] team0: Port device team_slave_1 added [ 109.371915][ T5600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.399777][ T5599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.425208][ T5598] team0: Port device team_slave_0 added [ 109.465459][ T5599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.495723][ T5598] team0: Port device team_slave_1 added [ 109.549109][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.549124][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.549144][ T5602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.552160][ T4916] Bluetooth: hci3: command tx timeout [ 109.609246][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.609271][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.609291][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.615961][ T5600] team0: Port device team_slave_0 added [ 109.635697][ T4916] Bluetooth: hci4: command tx timeout [ 109.683105][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.683123][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.683152][ T5602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.712208][ T4916] Bluetooth: hci0: command tx timeout [ 109.744918][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.744932][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.744953][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.747466][ T5600] team0: Port device team_slave_1 added [ 109.749949][ T5599] team0: Port device team_slave_0 added [ 109.802234][ T5617] Bluetooth: hci1: command tx timeout [ 109.802416][ T4916] Bluetooth: hci2: command tx timeout [ 109.826615][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.826629][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.826648][ T5598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.898303][ T5599] team0: Port device team_slave_1 added [ 110.266739][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.266754][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.266773][ T5598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.366759][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.366775][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.366805][ T5600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.469509][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.469529][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.469563][ T5600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.516341][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.516396][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.521435][ T5599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.649590][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.649603][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.649622][ T5599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.704145][ T5602] hsr_slave_0: entered promiscuous mode [ 110.705340][ T5602] hsr_slave_1: entered promiscuous mode [ 110.741920][ T5601] hsr_slave_0: entered promiscuous mode [ 110.748188][ T5601] hsr_slave_1: entered promiscuous mode [ 110.749081][ T5601] debugfs: 'hsr0' already exists in 'hsr' [ 110.749175][ T5601] Cannot create hsr debugfs directory [ 110.835750][ T5598] hsr_slave_0: entered promiscuous mode [ 110.836733][ T5598] hsr_slave_1: entered promiscuous mode [ 110.837455][ T5598] debugfs: 'hsr0' already exists in 'hsr' [ 110.837479][ T5598] Cannot create hsr debugfs directory [ 111.052839][ T5600] hsr_slave_0: entered promiscuous mode [ 111.053938][ T5600] hsr_slave_1: entered promiscuous mode [ 111.054667][ T5600] debugfs: 'hsr0' already exists in 'hsr' [ 111.054686][ T5600] Cannot create hsr debugfs directory [ 111.147590][ T5599] hsr_slave_0: entered promiscuous mode [ 111.148571][ T5599] hsr_slave_1: entered promiscuous mode [ 111.149295][ T5599] debugfs: 'hsr0' already exists in 'hsr' [ 111.149313][ T5599] Cannot create hsr debugfs directory [ 111.632213][ T4916] Bluetooth: hci3: command tx timeout [ 111.712325][ T4916] Bluetooth: hci4: command tx timeout [ 111.793973][ T4916] Bluetooth: hci0: command tx timeout [ 111.872360][ T4916] Bluetooth: hci2: command tx timeout [ 111.872394][ T4916] Bluetooth: hci1: command tx timeout [ 112.020366][ T5602] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 112.090267][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 112.108979][ T5602] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 112.147725][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 112.155514][ T5602] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 112.198874][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 112.231535][ T5602] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 112.261529][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 112.402924][ T5598] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 112.448616][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 112.457622][ T5598] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 112.496916][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 112.511071][ T5598] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 112.539405][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 112.577508][ T5598] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 112.616384][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 112.771450][ T5600] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 112.805772][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 112.810665][ T5600] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 112.856741][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 112.872931][ T5600] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 112.901575][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 112.951457][ T5600] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 112.986956][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 113.179093][ T5599] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 113.216538][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 113.230087][ T5599] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 113.265870][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 113.294378][ T5599] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 113.327432][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 113.365093][ T5599] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 113.407012][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 113.546617][ T5602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.625667][ T5601] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 113.666172][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 113.682982][ T5601] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 113.724090][ T5617] Bluetooth: hci3: command tx timeout [ 113.731122][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 113.768341][ T5601] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 113.792723][ T5617] Bluetooth: hci4: command tx timeout [ 113.797076][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 113.819429][ T5601] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 113.847016][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 113.865612][ T5602] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.872204][ T5617] Bluetooth: hci0: command tx timeout [ 113.935025][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.935270][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.971277][ T5617] Bluetooth: hci1: command tx timeout [ 113.971319][ T5617] Bluetooth: hci2: command tx timeout [ 114.077286][ T5598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.097228][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.097837][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.241615][ T5598] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.295415][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.297568][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.325714][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.374206][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.374325][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.506125][ T5600] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.511631][ T5599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.636490][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.636762][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.762849][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.763063][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.869748][ T5599] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.915158][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.935951][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.936214][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.988579][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.988735][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.135699][ T5601] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.270187][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.270425][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.397378][ T1061] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.397507][ T1061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.866563][ T5602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.477718][ T5598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.597827][ T5602] veth0_vlan: entered promiscuous mode [ 116.724593][ T5602] veth1_vlan: entered promiscuous mode [ 117.101068][ T5598] veth0_vlan: entered promiscuous mode [ 117.271839][ T5598] veth1_vlan: entered promiscuous mode [ 117.290785][ T5602] veth0_macvtap: entered promiscuous mode [ 117.349786][ T5600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.351504][ T5602] veth1_macvtap: entered promiscuous mode [ 117.471083][ T5599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.554889][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.600119][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.659982][ T5598] veth0_macvtap: entered promiscuous mode [ 117.679606][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.734317][ T5598] veth1_macvtap: entered promiscuous mode [ 117.831527][ T1291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.887802][ T1291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.915411][ T1291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.975012][ T1291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.011755][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.144732][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.359003][ T5599] veth0_vlan: entered promiscuous mode [ 118.369351][ T3352] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.441793][ T3352] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.500323][ T3352] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.603100][ T3352] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.631718][ T5601] veth0_vlan: entered promiscuous mode [ 118.655186][ T5599] veth1_vlan: entered promiscuous mode [ 118.834477][ T5601] veth1_vlan: entered promiscuous mode [ 119.063733][ T5600] veth0_vlan: entered promiscuous mode [ 119.068244][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.069849][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.275822][ T5600] veth1_vlan: entered promiscuous mode [ 119.322570][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.322594][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.358345][ T5599] veth0_macvtap: entered promiscuous mode [ 119.431091][ T5599] veth1_macvtap: entered promiscuous mode [ 119.452739][ T5601] veth0_macvtap: entered promiscuous mode [ 119.464288][ T1291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.464310][ T1291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.591400][ T5601] veth1_macvtap: entered promiscuous mode [ 119.627522][ T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.627546][ T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.729012][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.765403][ T5600] veth0_macvtap: entered promiscuous mode [ 119.799064][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.810766][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.866845][ T5600] veth1_macvtap: entered promiscuous mode [ 119.880846][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.923149][ T3403] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.925363][ T3403] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.928750][ T3403] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.009935][ T3403] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.026971][ T42] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.056332][ T42] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.172881][ T42] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.214610][ T42] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.235761][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.413116][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.674350][ T92] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.735919][ T1574] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.803783][ T1574] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.825337][ T1291] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.230325][ T5798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 121.421563][ T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.421584][ T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.460468][ T5797] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.915805][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.915842][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.172444][ T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.172475][ T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.040703][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.040726][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.179419][ T3352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.179441][ T3352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.631560][ T3301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.631585][ T3301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.653961][ T5823] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 126.072019][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 127.601257][ T5606] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 127.788552][ T5842] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16'. [ 127.973110][ T5606] usb 4-1: unable to get BOS descriptor or descriptor too short [ 127.998671][ T5842] geneve2: entered promiscuous mode [ 127.998693][ T5842] geneve2: entered allmulticast mode [ 128.084584][ T5606] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 128.084615][ T5606] usb 4-1: can't read configurations, error -71 [ 128.121843][ T5842] Zero length message leads to an empty skb [ 128.133409][ T3352] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.134580][ T3352] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.134625][ T3352] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.134656][ T3352] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 130.115731][ T5862] netlink: 'syz.4.21': attribute type 10 has an invalid length. [ 130.115752][ T5862] netlink: 40 bytes leftover after parsing attributes in process `syz.4.21'. [ 130.177005][ T5862] dummy0: entered promiscuous mode [ 130.177038][ T5862] dummy0: entered allmulticast mode [ 130.220585][ T5862] bridge0: port 3(dummy0) entered blocking state [ 130.228125][ T5862] bridge0: port 3(dummy0) entered disabled state [ 130.283984][ T5862] bridge0: port 3(dummy0) entered blocking state [ 130.284150][ T5862] bridge0: port 3(dummy0) entered forwarding state [ 131.287070][ T5885] netlink: 'syz.4.28': attribute type 12 has an invalid length. [ 132.045503][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 132.258516][ T31] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 132.258547][ T31] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.258567][ T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 132.258605][ T31] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.376767][ T31] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 132.376798][ T31] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 132.376819][ T31] usb 1-1: Product: syz [ 132.376833][ T31] usb 1-1: Manufacturer: syz [ 133.576590][ T31] cdc_wdm 1-1:1.0: skipping garbage [ 133.576614][ T31] cdc_wdm 1-1:1.0: skipping garbage [ 133.924774][ T31] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 133.924808][ T31] cdc_wdm 1-1:1.0: Unknown control protocol [ 134.127976][ T31] usb 1-1: USB disconnect, device number 2 [ 134.422042][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 135.383884][ T5917] syzkaller0: entered promiscuous mode [ 135.383913][ T5917] syzkaller0: entered allmulticast mode [ 138.219139][ T36] audit: type=1326 audit(1777631051.235:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.219185][ T36] audit: type=1326 audit(1777631051.335:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.374014][ T36] audit: type=1326 audit(1777631051.435:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.451097][ T36] audit: type=1326 audit(1777631051.565:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.451157][ T36] audit: type=1326 audit(1777631051.565:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.630238][ T36] audit: type=1326 audit(1777631051.755:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.659657][ T36] audit: type=1326 audit(1777631051.775:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.659724][ T36] audit: type=1326 audit(1777631051.775:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.660318][ T36] audit: type=1326 audit(1777631051.775:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 138.712938][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.713220][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.759418][ T5940] netlink: 28 bytes leftover after parsing attributes in process `syz.1.46'. [ 138.787291][ T36] audit: type=1326 audit(1777631051.775:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5948 comm="syz.2.47" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d812ecdd9 code=0x7ffc0000 [ 139.272144][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 139.511883][ T10] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 139.511907][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.511921][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 139.564331][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.595694][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 139.595727][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 139.595748][ T10] usb 1-1: Product: syz [ 139.595763][ T10] usb 1-1: Manufacturer: syz [ 139.740816][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 139.740839][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 139.831842][ T10] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 139.831859][ T10] cdc_wdm 1-1:1.0: Unknown control protocol [ 139.918628][ T5332] usb 1-1: USB disconnect, device number 3 [ 140.892149][ T5332] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 141.077897][ T5332] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 141.077930][ T5332] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.077951][ T5332] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 141.078004][ T5332] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.142631][ T5332] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 141.142676][ T5332] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 141.142697][ T5332] usb 1-1: Product: syz [ 141.142712][ T5332] usb 1-1: Manufacturer: syz [ 141.413401][ T5332] cdc_wdm 1-1:1.0: skipping garbage [ 141.413425][ T5332] cdc_wdm 1-1:1.0: skipping garbage [ 141.468692][ T5332] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 141.468710][ T5332] cdc_wdm 1-1:1.0: Unknown control protocol [ 142.319546][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.319606][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.319880][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.319894][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.321749][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.321767][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.322365][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.322380][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.322596][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.322609][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.322826][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.322844][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.323087][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.323108][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.323368][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.323382][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.323625][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.323644][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.323892][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 142.323912][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 142.480916][ T10] usb 1-1: USB disconnect, device number 4 [ 142.481007][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 145.053826][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 145.239704][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 145.253400][ T10] usb 3-1: config 63 has an invalid interface number: 66 but max is 0 [ 145.253430][ T10] usb 3-1: config 63 contains an unexpected descriptor of type 0x2, skipping [ 145.253450][ T10] usb 3-1: config 63 has an invalid descriptor of length 9, skipping remainder of the config [ 145.253471][ T10] usb 3-1: config 63 has no interface number 0 [ 145.253504][ T10] usb 3-1: config 63 interface 66 has no altsetting 0 [ 145.309918][ T10] usb 3-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 145.309950][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.309971][ T10] usb 3-1: Product: syz [ 145.309986][ T10] usb 3-1: Manufacturer: syz [ 145.310001][ T10] usb 3-1: SerialNumber: syz [ 147.024732][ T1244] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 147.374426][ T1244] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.374456][ T1244] usb 2-1: config 0 has no interfaces? [ 147.374489][ T1244] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 147.376349][ T1244] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.706174][ T1244] usb 2-1: config 0 descriptor?? [ 148.354523][ T1243] usb 2-1: USB disconnect, device number 2 [ 149.669868][ T10] uvcvideo 3-1:63.66: Found UVC 0.07 device syz (174f:8acf) [ 149.669944][ T10] uvcvideo 3-1:63.66: No valid video chain found. [ 149.761667][ T10] usb 3-1: USB disconnect, device number 2 [ 154.175789][ T822] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 154.347669][ T822] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 154.347700][ T822] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 154.347721][ T822] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 154.347775][ T822] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.370946][ T822] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 154.371072][ T822] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 154.371130][ T822] usb 2-1: Product: syz [ 154.371172][ T822] usb 2-1: Manufacturer: syz [ 154.694480][ T822] cdc_wdm 2-1:1.0: skipping garbage [ 154.694503][ T822] cdc_wdm 2-1:1.0: skipping garbage [ 154.730713][ T822] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 154.730738][ T822] cdc_wdm 2-1:1.0: Unknown control protocol [ 154.863425][ T822] usb 2-1: USB disconnect, device number 3 [ 154.882356][ T6189] netlink: 12 bytes leftover after parsing attributes in process `syz.4.122'. [ 154.882382][ T6189] netlink: 40 bytes leftover after parsing attributes in process `syz.4.122'. [ 155.059710][ T5786] udevd[5786]: setting mode of /dev/cdc-wdm0 to 020600 failed: No such file or directory [ 155.059875][ T5786] udevd[5786]: setting owner of /dev/cdc-wdm0 to uid=0, gid=0 failed: No such file or directory [ 155.183991][ T5612] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 155.184020][ T5612] #PF: supervisor read access in kernel mode [ 155.184032][ T5612] #PF: error_code(0x0000) - not-present page [ 155.184044][ T5612] PGD 800000004208f067 P4D 800000004208f067 PUD 0 [ 155.184083][ T5612] Oops: Oops: 0000 [#1] SMP KASAN PTI [ 155.184117][ T5612] CPU: 1 UID: 0 PID: 5612 Comm: kworker/1:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 155.184141][ T5612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 155.184155][ T5612] Workqueue: usb_hub_wq hub_event [ 155.184192][ T5612] RIP: 0010:kcov_remote_start+0x2a1/0x710 [ 155.184218][ T5612] Code: 8a 8d 4c 8b b8 08 f4 6a 92 bd 00 00 04 00 eb 4f 41 8b ae a4 00 00 00 49 c7 c7 20 57 02 8e 4d 8b 3f 49 81 ff 20 57 02 8e 74 4c <41> 39 6f 10 75 ee 4c 89 ff e8 51 5a e7 02 84 c0 74 0e 49 8b 07 49 [ 155.184236][ T5612] RSP: 0018:ffffc900051477c8 EFLAGS: 00010203 [ 155.184253][ T5612] RAX: 0000000000000000 RBX: ffff8880298ebd80 RCX: 0000000000000000 [ 155.184267][ T5612] RDX: 000000006ad7f000 RSI: 0000000000000001 RDI: ffffffff8ba74c80 [ 155.184281][ T5612] RBP: 0000000000100000 R08: ffffffff8b1e9760 R09: ffffffff8dfc8140 [ 155.184296][ T5612] R10: dffffc0000000000 R11: fffffbfff1f11b7f R12: 0000000000000002 [ 155.184311][ T5612] R13: 0000000000000001 R14: ffff88802b0ce400 R15: 0000000000000000 [ 155.184325][ T5612] FS: 0000000000000000(0000) GS:ffff88812627a000(0000) knlGS:0000000000000000 [ 155.184342][ T5612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.184356][ T5612] CR2: 0000000000000010 CR3: 000000005cbc6000 CR4: 00000000003526f0 [ 155.184375][ T5612] Call Trace: [ 155.184382][ T5612] [ 155.184394][ T5612] hub_event+0x150/0x4f60 [ 155.184420][ T5612] ? __lock_acquire+0x6b5/0x2cf0 [ 155.184448][ T5612] ? look_up_lock_class+0x57/0x110 [ 155.184473][ T5612] ? __lock_acquire+0x6b5/0x2cf0 [ 155.184507][ T5612] ? lock_acquire+0x106/0x350 [ 155.184535][ T5612] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 155.184561][ T5612] ? __pfx_hub_event+0x10/0x10 [ 155.184582][ T5612] ? process_scheduled_works+0xa70/0x1860 [ 155.184608][ T5612] ? process_scheduled_works+0xa70/0x1860 [ 155.184630][ T5612] ? process_scheduled_works+0xa70/0x1860 [ 155.184654][ T5612] process_scheduled_works+0xb5d/0x1860 [ 155.184691][ T5612] ? __pfx_process_scheduled_works+0x10/0x10 [ 155.184716][ T5612] ? assign_work+0x3d5/0x5e0 [ 155.184740][ T5612] worker_thread+0xa53/0xfc0 [ 155.184775][ T5612] kthread+0x388/0x470 [ 155.184804][ T5612] ? __pfx_worker_thread+0x10/0x10 [ 155.184826][ T5612] ? __pfx_kthread+0x10/0x10 [ 155.184855][ T5612] ret_from_fork+0x514/0xb70 [ 155.184880][ T5612] ? __pfx_ret_from_fork+0x10/0x10 [ 155.184904][ T5612] ? __switch_to+0xc79/0x1410 [ 155.184936][ T5612] ? __pfx_kthread+0x10/0x10 [ 155.184990][ T5612] ret_from_fork_asm+0x1a/0x30 [ 155.185030][ T5612] [ 155.185038][ T5612] Modules linked in: [ 155.185059][ T5612] CR2: 0000000000000010 [ 155.185074][ T5612] ---[ end trace 0000000000000000 ]--- [ 155.185088][ T5612] RIP: 0010:kcov_remote_start+0x2a1/0x710 [ 155.185111][ T5612] Code: 8a 8d 4c 8b b8 08 f4 6a 92 bd 00 00 04 00 eb 4f 41 8b ae a4 00 00 00 49 c7 c7 20 57 02 8e 4d 8b 3f 49 81 ff 20 57 02 8e 74 4c <41> 39 6f 10 75 ee 4c 89 ff e8 51 5a e7 02 84 c0 74 0e 49 8b 07 49 [ 155.185129][ T5612] RSP: 0018:ffffc900051477c8 EFLAGS: 00010203 [ 155.185146][ T5612] RAX: 0000000000000000 RBX: ffff8880298ebd80 RCX: 0000000000000000 [ 155.185159][ T5612] RDX: 000000006ad7f000 RSI: 0000000000000001 RDI: ffffffff8ba74c80 [ 155.185173][ T5612] RBP: 0000000000100000 R08: ffffffff8b1e9760 R09: ffffffff8dfc8140 [ 155.185187][ T5612] R10: dffffc0000000000 R11: fffffbfff1f11b7f R12: 0000000000000002 [ 155.185202][ T5612] R13: 0000000000000001 R14: ffff88802b0ce400 R15: 0000000000000000 [ 155.185215][ T5612] FS: 0000000000000000(0000) GS:ffff88812627a000(0000) knlGS:0000000000000000 [ 155.185231][ T5612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.185245][ T5612] CR2: 0000000000000010 CR3: 000000005cbc6000 CR4: 00000000003526f0 [ 155.185263][ T5612] Kernel panic - not syncing: Fatal exception [ 155.185858][ T5612] Kernel Offset: disabled