last executing test programs: 37.705609722s ago: executing program 4 (id=74): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="480000000e0601020000000000000900020073797a31000000000900020073797a31000000000500010007d800000900020073797a3201000000"], 0x48}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000080) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000020601080000000000001000000000000c0007800500150004000000050005000a000000050001000700000005000400000000000900020073797a31000000000c000300686173683a697000"], 0x50}, 0x1, 0x0, 0x0, 0x4080}, 0x0) clock_gettime(0x8, &(0x7f0000000340)) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, r1, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0xa}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0x9d4}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x7fff}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x4f2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000840) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEV(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x24040051) 36.67518595s ago: executing program 4 (id=77): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}, 0x1, 0x0, 0x0, 0x20002010}, 0x0) 34.863713115s ago: executing program 4 (id=82): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000001280)=ANY=[@ANYBLOB="1808000000000000000000000000004018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004600000076000000db98000000010000b5080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x61, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = gettid() prlimit64(r2, 0xf, &(0x7f0000000140)={0xfffffffffffffffa, 0x2}, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000000)) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, r4, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f0000000100)={0x0, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @loopback}, {0x2, 0x4e20, @remote}, 0x28a, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000080)='dvmrp0\x00', 0x5, 0x4, 0x9}) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_buf(r5, 0x6, 0x21, &(0x7f0000000000)="adbcc72ca6d732549f13db1a0206c458", 0x10) r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x2000000000000, 0x101001) ioctl$EVIOCSREP(r6, 0x40084503, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x15, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0) 31.619148243s ago: executing program 4 (id=92): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000006c0)='mounts\x00') r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x2000}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0/../file0\x00') sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0, @ANYRES8=r0, @ANYBLOB="0000000000000000200012800b00010065727370616e000010000280060010004e20000004001200"], 0x40}, 0x1, 0x0, 0x0, 0x41}, 0x0) 31.329728336s ago: executing program 4 (id=93): syz_emit_ethernet(0x87, &(0x7f0000000180)=ANY=[@ANYBLOB="ff"], 0x0) r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x3}, &(0x7f00000005c0), 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) 28.41578957s ago: executing program 4 (id=105): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 27.766499248s ago: executing program 32 (id=105): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 18.463721846s ago: executing program 3 (id=126): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="b8000000190001000000000000000100e0000002000000000000000000000000ac1414aa000000000000000000000000000000000000000a00000000000000d9a9f600ee6fc0e37049e447ba38fcdb598d51717051e24f9362b44494126030dd240d42b2139573207e27bcfcaf150916180afb43d67ea679236c3dc0e78c4d6dcc6494aee91bb385072d14dff7d21a54cfda4ab2f8aed32417074314f58c7ac10a1c06b582e486d7cb9e0f943ecc8eba5b069b0259590540f45205a21382b8b6d1d1538cbd31729d7c12f62d1df60122c5bde37c503a2c6654baeefbebfef05618bc078a28f83def31a6422858a4e9d99751e6d7bbdf68d0c300", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0800000000000000100000000000000002000000010000000000000000000000ff0f00000000000073b4ffffffffffffffffffffffffffff0000000000000000000000001000000000000000000000200200000000000000fdffffffffffffff02000000000000000000000300000000"], 0xb8}}, 0x200048c4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001900010000000000000000abe0000002000000000000000000000000000000000000003400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000700000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00"/112], 0xb8}}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="020300090c0000000000000000000000030006000000000002000000e00000010000000000000000020001000000000000000300000000000300050000000000020000007f0000010000000000000000020013"], 0x60}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000fdfffffbffffffff00000000000000000200000000000000ffffff1700ffffff0000000000000000000000000000000002000000000000000000000000000000ffffffffffffffff0700000000000000000000000000000065ca4cdd14238a054829ae415cd9cb52bae0613f7ac891ca21e24a20267eed78e932160f4b52e2d25f889b0100000093c6c8a4d81319b538da1d8972f11fec78bcdbb24c15201ce995ac1b46b231f0adfac17ab55f7bc16ae0e279"], 0xb8}}, 0x10) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20002) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.log\x00', 0x0, 0x80) write$evdev(r5, &(0x7f0000000400), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x1) ioprio_set$pid(0x1, 0x0, 0x0) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10b841, 0x0) pwritev2(r6, &(0x7f0000000600)=[{&(0x7f0000000580)="e5", 0x1}], 0x1, 0x1, 0xfffffffb, 0x1a) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'tunl0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="00000000000000002400128009000100697069700000000014000280050004001e0000000500050000000000"], 0x44}}, 0x0) ioctl$DVB_DVR_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000100)={0xe44, 0x80000, r0}) sendmsg$AUDIT_GET_FEATURE(r9, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x3fb, 0x10, 0x70bd2c, 0x25dfdbfc, "", ["", ""]}, 0x10}}, 0x2008005) r10 = socket(0x2, 0x3, 0xff) sendmsg$rds(r6, &(0x7f00000001c0)={&(0x7f0000000240)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000280)=""/218, 0xda}], 0x2, 0x0, 0x0, 0x4404}, 0x4040840) setsockopt$MRT_ASSERT(r10, 0x0, 0xcf, &(0x7f00000003c0)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r9, 0x84, 0x8, &(0x7f0000000340), &(0x7f0000000380)=0x4) fcntl$dupfd(r9, 0x0, r10) r11 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r11, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) 18.128448695s ago: executing program 2 (id=127): r0 = gettid() timer_create(0x0, 0x0, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x20000) ioctl$SNDRV_PCM_IOCTL_RESUME(r1, 0x4147, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = syz_open_dev$evdev(&(0x7f00000190c0), 0x10, 0x14b140) write$evdev(r3, &(0x7f0000019100), 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000200)=0xdc, 0x7, 0x4) r4 = syz_open_dev$radio(&(0x7f0000019140), 0x1, 0x2) ioctl$VIDIOC_G_STD(r4, 0x80085617, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x0, 0x6083) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r5, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"}) rename(&(0x7f0000000040)='./file0\x00', 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r7 = getpid() sched_setscheduler(r7, 0x1, &(0x7f0000000100)=0x5) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000007c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, 0x401}, 0x0, 0x0, 0x9, 0x8667, 0x5, 0x2, 0x8, 0xfff7, 0x9, 0x81f, r7, r0}) r8 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r8, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c00000022008102e00f80ecdb4cb9020a", 0x11}, {&(0x7f0000001700)="0c74c75350f4a590e15c61", 0xb}], 0x2, 0x0, 0x0, 0x10}, 0x0) r9 = fcntl$dupfd(r6, 0x0, r6) syz_open_procfs(0x0, 0x0) read$FUSE(r9, 0x0, 0x0) 15.868961665s ago: executing program 3 (id=128): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x81, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080891, 0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) setuid(0x0) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x5319) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) 15.760841013s ago: executing program 2 (id=129): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x1, 0x100) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(r0, 0x1) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) fsopen(0x0, 0x1) 15.745537252s ago: executing program 1 (id=130): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = open(&(0x7f0000000140)='.\x00', 0x12080, 0x0) renameat2(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4) renameat2(r0, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000002c0)='./file0\x00', 0x2) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000180)=0x84000000) unshare(0x2a020400) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0x1f29, 0xc000, 0x2, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000070000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495dd, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x2000012, 0x8ff, 0x0, &(0x7f00000004c0)="4133c9e924380000000000000000", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$nl_route(r4, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=@setlink={0x3c, 0x13, 0x5, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40601}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_vlan\x00'}, @IFLA_CARRIER={0x5, 0x21, 0x8}]}, 0x3c}}, 0x48000) r6 = creat(0x0, 0xa2) dup2(r6, r6) 13.58432966s ago: executing program 3 (id=132): gettid() ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) (fail_nth: 1) 13.306654093s ago: executing program 1 (id=134): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x7e6, &(0x7f00000012c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x7b0, 0x2b, 0x0, @private2, @local, {[@hopopts={0x3c, 0xf2, '\x00', [@hao={0xc9, 0x10, @empty}, @generic={0x14, 0x77d, "d6104212567aa3978a2c3cd1a4d868b66b717801cff409c49009239d568b596d332b33ef4d3b9484b97b74f478fc6605ffb98a2f78c3b8e195e6a7c9d9f730b14b0afcfcf8c7cf46a521815b770cda83c34236b2901a5b02d6eec7932d2c75fd6ed644a987fe46a7262e4f49488394453cee05a8a173cc9219476fe4f21a5a1006c852e6d2549c18714b8b15dbec6bb4629b29a479e1272326ab7fcda0e8c49e3e37c398a115ff759804323de8a4176e7f18592b5afcf15e08d907f9195b48f0e503dddf228826d21265401c7774616d10c9b4377ae5d180aee75ccd0e811e8f145f3ee93d0c9803561565efddc9b5bf8b736c2a4da4f539ddc53237edb1a442c65a2fc67e726a28a9c4736209f24882d72245a2f92e1ee6e618cdf9137f92101c468beef0f5f3d8e43e4729ac127967b64e79ac00d0563d78333a74d5e266b2c2460dfe3b6ca60a206d7428f79b7ce1f5bbfc1c93fbf544afdb2f480edf3bf866b9a8502e7b4a465c8f15459c04ac9c7c8cd576835652460740a7cfe1143637c9eef4330fd6b247321ae9e3b75319a5f5bd6371682f89bb8eea2e112526475ac9741ea1c312927f80aee53eb19b548e65f07b717fd375bedb7bc0d6971cd4b2baf52fb22c0cffed68ab78333b4b67183f3ebcab6d2f76195d92d2eb10a9c311ba370e600c2859b436cac9ad9a97cd10761b85e5ab7d34c4df0626e07f6538a3d6a41a766b31e4e56eba04fa8a8f439da9358e75aced905a372834010803dbe691ed620eeb47b7b45d5ef58210a06580607c91a04352afe8f1c96eaf974860b7c3baaf08e3464db09574d11793d73e174014ee224c6e5d3f8c8581d868f6ee52f137ce539737937f71ecacd3217796a769dfba7745383fda4f7f2d6bd1f671e0c7b07b23b217db0bc17b341fcc481a35f0531e6cf7c7b7472ddae3c2dbe70464aff2b95c3937762edc1046a51e00a90b9d0027afbb1e15696e4842136a2798c265aa9a0270c57b9ced2bc509592b6211a1c09ed026f99e1835d78f6a4e955c6de192248f000a47e865e9a7aed77c5e26ace3dc8842344b7f5fb5986a955e350b473ab326fbaaf3cdc812430f8597d4b7bc30cf75735c90ecbf75b31d56d37f28a18715b1fed3c0a3c07744ab766971ebb04525dcf4bcc7659cba2c04032f2f7adf9e65ceaddb5505fe57b94c784d07eb2a2fe4fcacd9802a75c8acbec9381a04726fda6c95b6960703ffe78bcbb079c67437dac882b51d79983ee6c052b487b2edf4ceaa6c3811241897a8da7e4a5d282f415d7bf30855533ffbef090233fbdc7cfd5259d99dd1d8b4a203da5d57c9fa20ac0f4d572e7c260a0c5955855af810c44550552a066572f9838dde1717c3144f3b211d58c20c82dc94fba71d8f622bff96f3ada6d840d1321ebb47bd683a512a44048dbe8ac6d6d293facdd51fd6279aca849f9bd4b3cc2e45f44905eaed9bfcc3ab33f97069cf4889e8da2b594a8eadebe3fc81724af89737a9ef69bdecbf675d3282e074ed1d3593635555397a2c23bfa531054d71fe306667c69bd03fa6956483104ce1a0350b243739b2b1f0de8f44a6502e91beeee579c3374d0cd5c43900e587592610ce303801f08fa6970ab3d745c50f396a7bd88ec1f761b834e72f7f9511fd1c2102ed87473f23de0121e2df4941c241b8ebc8101383e1404a3bf06a209ec836dd5d5e367a6bd14caabb31efffa684eaaded13b7df7bcc1c0162f07ebd968d6ae0b4f127ef5ed589f88ac5ca5ed33534cdcefd10b4c7ef37c5537e1d02ea745e206dac16e0962fc2ccea44e4a03dc535b9a2e7183919cd7e2a7327c17940beb13e221470585f709dac534696c51bf8740d56fa0e9241068d6aec4e4cbc09f51f8b7fd027a1f884c52acd518cec328d275c5207dd413ad1b35f2710ff47e76551ccd0b4c9d0fd25d1dc87e0498b7ebb40af68474e33bdd08668ad0f5fb919acbf7d7d649997190acd35774b4eb1e35a1ac9d14675e377590192474fd9b43a82d79f06350492c42691321485944e42ec53221f59a7d3bf8c2bc92b50c7dcf61a426c2eb474cfdcbbfb44bdaacbd7b5555f3de05c45c1461c4a121ff20bb7815ca164462cf977312f53ceef57be2929cf9e8ef94c9a016ea933b127cb224652db8a870dcaec19b6faeb144150d177db884637d50faff03deef8bced965332f86b415bc3af406dbe73c68fefb97816a446232337a6a24f707633b2fb8e67b31ede05f6e9ebf6b5afd168b86a8242f963e235f1be9d8b6f5f60bf1755115519abbd53fe2ee602aa165aa8dbfaf1949fe2bc191dfa16a812d5e7136dd94a8c7c84ef240ff8f130295f161b151699f25c3b8bf7b715b40e8800d7f68c9cd57ed192584738ff64a9ca39b1d42db506f50aba87f4d6d06c9ccb2d956637c87909a59a248c892d4491e086707d095970f7170a87d83051a777ab1ce991bf7ebe905231db662d6d185e3651edb455c6f738d1c7bbc71c3cd4edf0d9ea643afe6eecd02746f0a07c8193da254cab549306156308949476501ddd70fbf7452604ac716f401265a3950c8a1bc28a99b3eedc96fab7e2192f6e7a8ebc39da7529806d760fa40f27d8155e950124f96ebe77c6ed3ae952acd3f4fa9fbda4e796bc3788852c6ec203a39dd47d229f222daa5b3ab293dee076f6e5471f1b7895841c03bb6bd55e94fb3b326a6f078373"}]}], {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x0, 0x6f}}}}}}}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) r0 = socket$kcm(0xa, 0x3, 0x11) recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x80108907, 0x0) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, 0x0, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201500200000010ef0e010040000102030109022400010101008409040001010800010909210800030122f90709058103bf07097066288434aad7601f607f93ef0cc876c0004b8f7a6198c610e89fca879ae17a24b3001477a833ee43ffca2adf375c502a793d813b0bb529968e721963789ee01870090d6e4504bab44dafaa635b29e4ff34284ddb236588bb22daf0d3ade8e660dcbca0021b7d13300d6d367c535a6c67e207d3aae30fdce4ecc541def7d5f06aecacfe"], &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x3, [{0xf3, &(0x7f0000000100)=@string={0xf3, 0x3, "9d3cf4ef494ef74e85dd3985b0fdfd0784cffda08dac72b6221a96fce715a478754d1fe531b712cd4fa51f7697cae6f460d0981781004fe8bc0dea89c49140df8f9d9369644a9e24a9c3cf86da09cbc35eaa4336490b41b0de862783731adbff7979c5f818494a9f5f8013df54fb8aa37929830e588967e0553ac23d490dede46230f7babc29d5ec93cb5fcc717abe58340be0016b7e5ff25c7f3b41a0fe9e36c5a0cd42c50217b8dde7487f25039bfebc4fd2ef122fc482d812c09ba4adf6c985822d0660d50e8ca0027e6ed62bcd9abbac6f7af89b3315136dd49339b9a9fb3de2d73037a50cd94db408ef8650ff07af"}}, {0x0, 0x0}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1401}}]}) 12.195789402s ago: executing program 3 (id=136): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c0c5}, 0x0) 10.745118713s ago: executing program 3 (id=138): r0 = socket$inet6(0xa, 0x5, 0x4000003) r1 = fsopen(&(0x7f0000000180)='btrfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) r3 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$PTP_SYS_OFFSET(r3, 0x43403d05, &(0x7f0000000900)={0x19}) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x0, 0x1, 0x2, 0x0, 0x8}, 0x20) ioctl$TCSETS(0xffffffffffffffff, 0xc0384707, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000d40)={0x0}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x17) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000001c0)={0x8}, 0x4) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000640)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYRES16], 0x0) (fail_nth: 1) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) fcntl$setstatus(r4, 0x4, 0xc00) 10.536037619s ago: executing program 0 (id=139): socket$inet6(0xa, 0x805, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$uac3(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002000000201e04df30400001020301090292000301fa8001080b0002010130400904000000010130000a2401062e0008000000132403030404030108"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x40c600, 0x0) ptrace$ARCH_SET_CPUID(0x1e, 0x0, 0x0, 0x1012) ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000ffd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) (fail_nth: 1) sendto$inet(r0, 0x0, 0x0, 0x10008095, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) r3 = syz_open_procfs(0x0, 0x0) preadv(r3, &(0x7f0000001600)=[{&(0x7f0000000000)=""/248, 0xf8}], 0x1, 0x5, 0x8) semop(0x0, &(0x7f0000000100)=[{0x0, 0x8, 0x1800}], 0x1) 9.321313075s ago: executing program 1 (id=140): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x81, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080891, 0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) setuid(0x0) lstat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000002c0)={0x1, 0x0, [{0x0, 0x0, &(0x7f0000000280)}]}) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x5319) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) 7.038743833s ago: executing program 1 (id=141): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x81, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080891, 0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) setuid(0x0) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x5319) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) 5.31596318s ago: executing program 3 (id=142): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x81, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x200000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080891, 0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) setuid(0x0) lstat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000002c0)={0x1, 0x0, [{0x0, 0x0, &(0x7f0000000280)}]}) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x5319) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) 5.213194986s ago: executing program 1 (id=143): r0 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b000000090400"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$9p_virtio(0x0, 0x0, 0x0, 0x8c, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r0) 5.072194043s ago: executing program 0 (id=144): syz_emit_ethernet(0x87, &(0x7f0000000180)=ANY=[@ANYBLOB="ff"], 0x0) r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x3}, &(0x7f00000005c0)="d25a9850a9a91163f76c5357", 0xc, 0xfffffffffffffffe) r1 = add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) 4.829825057s ago: executing program 0 (id=145): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r2) keyctl$KEYCTL_MOVE(0x1e, r2, 0xfffffffffffffffe, r2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x55, 0x55, 0x7, [@func={0x6, 0x0, 0x0, 0xc, 0x1}, @fwd={0xe}, @const={0xc, 0x0, 0x0, 0xa, 0x4}, @type_tag={0x6, 0x0, 0x0, 0x12, 0x1}, @datasec={0x3, 0x1, 0x0, 0xf, 0x1, [{0x3, 0x4}], "af"}, @type_tag={0x1, 0x0, 0x0, 0x12, 0x1}]}, {0x0, [0x0, 0x2e, 0x0, 0x30, 0x0]}}, &(0x7f0000000800)=""/227, 0x77, 0xe3, 0x1, 0x7fff, 0x10000}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r4 = socket$kcm(0x11, 0x2, 0x300) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r6, 0x4) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@bloom_filter={0x1e, 0x8, 0x37a, 0x80000000, 0x244a4, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x3}, 0x50) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000180)=0x14) r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x6, 0x0, r7, 0x9, '\x00', r8, r0, 0x0, 0x5, 0x5}, 0x50) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x24, &(0x7f00000006c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8c4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @generic={0x3, 0x2, 0x0, 0x6, 0x75}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}, @ldst={0x3, 0x3, 0x3, 0x1, 0xa, 0xc, 0x4}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffa}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x34ae}, @ldst={0x1, 0x1, 0x2, 0x2, 0x5, 0x4, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe664}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0x24}, @map_fd={0x18, 0x2, 0x1, 0x0, r10}], &(0x7f0000000440)='syzkaller\x00', 0x9, 0x25, &(0x7f0000000480)=""/37, 0x40f00, 0x24, '\x00', 0x0, 0x0, r9, 0x8, &(0x7f00000004c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xd, 0xfffffffa}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbabd}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000600)={r11, r7}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x28, 0x7, 0x3, 0x6, 0x8c4, r7, 0x5, '\x00', r8, r9, 0x5, 0x1, 0x5}, 0x50) ioctl$PTP_SYS_OFFSET(r0, 0x43403d05, 0x0) 4.738094409s ago: executing program 2 (id=146): syz_emit_ethernet(0x87, &(0x7f0000000180)=ANY=[@ANYBLOB="ff"], 0x0) r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x3}, &(0x7f00000005c0)="d25a9850a9a911", 0x7, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) 4.369744435s ago: executing program 2 (id=147): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a3100000000090003007379"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$IPCTNL_MSG_EXP_GET(r0, 0x0, 0x0) 3.472197808s ago: executing program 0 (id=148): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x4, 0x4, 0x9}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000021c0)={0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x10800ff, r4, 0x500}, 0x38) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRES16=r0], 0x54}, 0x1, 0x0, 0x0, 0x20002010}, 0x0) 3.218596109s ago: executing program 2 (id=149): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x88, 0x2, 0x2}, 0x18, 0x1) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) splice(r2, 0x0, r3, &(0x7f0000000080)=0x9, 0x200000000005, 0x6) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000600)={&(0x7f0000000440)={0x1c0, r4, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x114, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x18d5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xe}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x28000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x99}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4421}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xc0000000}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x81}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}]}, @TIPC_NLA_NODE={0x64, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "ef1b32d68e04e915e99f6faf160b97b859d9d8bcecf2bab52c14e65789"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x88a7}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xb92}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008040) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r5, 0x89e3, &(0x7f0000000200)={0x38, 0x7, 0x5, 0x4}) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000040)={0x8211, r0}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x140e, 0x303, 0x70bd29, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x8040}, 0x800) r6 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x17ef, 0x60ee, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xb, 0x20, 0x6, "", [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x1, 0x1, 0x8, {0x9, 0x21, 0x9, 0x1, 0x1, {0x22, 0x924}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x7, 0x2a}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x8, 0x3, 0x35}}]}}}]}}]}}, &(0x7f0000000b40)={0xa, &(0x7f0000000680)={0xa, 0x6, 0x250, 0x4, 0x6, 0x81, 0x40, 0x10}, 0x5, &(0x7f00000006c0)={0x5, 0xf, 0x5}, 0xa, [{0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x180c}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x240a}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x813}}, {0x101, &(0x7f0000000800)=@string={0x101, 0x3, "ce63e8cbde7baf8a416e020a580c89452e0e3f1f919af68c9823d3c6bb7675dcd75bb86e6e4bb6a7138760da58c9e6d598354d32a0978ea7385e9598f3e9fc5ce6ef0f3a88d8d9c28adc3a59b693ed82e884cc4fc823cf3387032481723f8c6a505a4669ed147f4d5aa0e701a618603827341b6858787b0b4190cbb65b505cdeabf2bec229c72b9082a9eef323c3f1b681cd8608104c2d4a5f2b24790b90a73276f9867545561f092378b1831e3de7fed405eb17527403d7fbf7f9ad9eb639178ee6339845e46a8feda2175e2590f74d676f184c5cef95747ea760076e00377a296e2f5b2d3598e8ddf27b138798d9b37759203691d79e1fdde3db55cf15bb"}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0x82c}}, {0xdf, &(0x7f0000000980)=@string={0xdf, 0x3, "6cf39223ea81e29810f256dca91a2218c70867a0260dbc688a06e434505dd999a1b1b699c145ccebeae95d498ce60cff843a92544f3e2d6ed2f7f5d2811f272779c76f82eee671cf8e7ee99ee4707ae3b51216a386a7371598b3a752a7d4b8fb2f754e6d1bf970929ba1d8c37efeb269cd2c5b6df4c9edc0325d054a64801cc591e9eb5bba94ee8093f5a43f7a3a7b4101424173272a89aded1a075229244230981032159a0f4da11084ec829f4e9ac4e83fcda5ca18c336f751f8edba7fdb4573cbdd5284c50977a322fda51b401e479c0da1c5404b1d0cf84deaa93e"}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x2809}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0xc0c}}, {0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x443}}]}) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x124, r6, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x124}}, 0x40080) 1.782310161s ago: executing program 0 (id=150): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x81, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080891, 0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) setuid(0x0) lstat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000002c0)={0x1, 0x0, [{0x0, 0x0, &(0x7f0000000280)}]}) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_STOP_UNIT(r4, 0x5319) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) 1.769065878s ago: executing program 1 (id=151): socket$inet6(0xa, 0x805, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$uac3(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002000000201e04df30400001020301090292000301fa8001080b0002010130400904000000010130000a2401062e0008000000132403030404030108"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x40c600, 0x0) ptrace$ARCH_SET_CPUID(0x1e, 0x0, 0x0, 0x1012) ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x20000ffd, &(0x7f0000e68000)={0x2, 0x4e27, @remote}, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000003"], 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendto$inet(r0, 0x0, 0x0, 0x10008095, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f0000001600)=[{&(0x7f0000000000)=""/248, 0xf8}], 0x1, 0x5, 0x8) semop(0x0, &(0x7f0000000100)=[{0x0, 0x8, 0x1800}], 0x1) 88.715343ms ago: executing program 2 (id=152): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) io_setup(0x2, &(0x7f0000000000)=0x0) io_pgetevents(r1, 0x8, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x0, 0x0) io_destroy(r1) r2 = socket$alg(0x26, 0x5, 0x0) syz_usb_connect$uac1(0x0, 0x9c, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000406b1d010140000102030109028a000301ffa0060904000000010100000a240100000202010207240504062e7d0904010000000000000000010101010200000c2402ec79030420be11d1d109050109758b0620010725010006efff0904020000010200000904020101010200001124020306040803000c0000000000000007240116050210090506090002"], 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000000)=0x6, 0x4) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)=',8Zz', 0x4) r4 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="f78d9ca38fff48f3be52163448412ba82d2369d5ef1ed468cb4742c946ddf81584d915aa59367402bf5ef07c51a5133812ec10d3cc2152a61999cb3493d31d10a69044ee9dbc6243cc926d0296fd53b28de6610828afda6ed44b65096decc759070eb517652d7b6d98cadcfa76e55ec07149966cdf8f26eb924cbd537a62c616afca2c99a76bfa6d8603660daff82c680010a6c4b856711159", 0x99}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d2098242cb695e643c3aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ad884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f0000000600)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@op={0x44, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x404c850) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aac728aaaaaaffffffffffff86dd600a843500140600fe8000000000000000000000000000bbfe8000000000000001000000000000aa4e204e220ea38a9e6da68e815a", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c20000907803ff"], 0x0) io_setup(0x9, &(0x7f0000000540)=0x0) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) io_submit(r5, 0x1, &(0x7f0000000740)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x6, r6, 0x0, 0x0, 0xd5f, 0x0, 0x1}]) clock_gettime(0x0, &(0x7f0000000500)) io_pgetevents(r5, 0x4a1a, 0x800000000000019, &(0x7f0000000780)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000540), &(0x7f0000000700)={&(0x7f0000000580)={[0x300]}, 0x8}) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c10000000010000000000", 0x58}], 0x1) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), r7) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=153): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x81, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x200000000000002) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000500)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080891, 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) setuid(0x0) ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_STOP_UNIT(r3, 0x5319) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts. [ 86.869209][ T10] cfg80211: failed to load regulatory.db [ 88.191594][ T5585] cgroup: Unknown subsys name 'net' [ 88.431930][ T5585] cgroup: Unknown subsys name 'cpuset' [ 88.477412][ T5585] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.454803][ T5585] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.942898][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.972415][ T5603] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.974905][ T5603] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.975589][ T5603] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.999101][ T5608] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.008925][ T5608] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.039920][ T5612] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.058323][ T5614] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.069779][ T5604] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.072158][ T5604] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.080301][ T5604] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.085309][ T5604] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.087282][ T5604] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.094848][ T5604] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.095334][ T5614] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.095388][ T5604] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.119041][ T5614] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.140825][ T5614] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.163252][ T5604] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.168801][ T5604] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.187687][ T5608] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.190027][ T5608] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.208956][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 93.211094][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.213466][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.168823][ T5612] Bluetooth: hci0: command tx timeout [ 95.246776][ T5612] Bluetooth: hci4: command tx timeout [ 95.326842][ T59] Bluetooth: hci1: command tx timeout [ 95.326998][ T59] Bluetooth: hci3: command tx timeout [ 95.327201][ T5612] Bluetooth: hci2: command tx timeout [ 95.860871][ T5600] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.861957][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.862290][ T5600] bridge_slave_0: entered allmulticast mode [ 95.864807][ T5600] bridge_slave_0: entered promiscuous mode [ 95.926074][ T5600] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.926197][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.926373][ T5600] bridge_slave_1: entered allmulticast mode [ 95.932983][ T5600] bridge_slave_1: entered promiscuous mode [ 95.961230][ T5597] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.961351][ T5597] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.961460][ T5597] bridge_slave_0: entered allmulticast mode [ 95.963063][ T5597] bridge_slave_0: entered promiscuous mode [ 96.015513][ T5597] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.015621][ T5597] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.015725][ T5597] bridge_slave_1: entered allmulticast mode [ 96.028096][ T5597] bridge_slave_1: entered promiscuous mode [ 96.092681][ T5599] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.092871][ T5599] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.093041][ T5599] bridge_slave_0: entered allmulticast mode [ 96.094924][ T5599] bridge_slave_0: entered promiscuous mode [ 96.106267][ T5600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.161554][ T5599] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.161654][ T5599] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.161765][ T5599] bridge_slave_1: entered allmulticast mode [ 96.163333][ T5599] bridge_slave_1: entered promiscuous mode [ 96.167882][ T5600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.168329][ T5598] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.168449][ T5598] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.168628][ T5598] bridge_slave_0: entered allmulticast mode [ 96.171593][ T5598] bridge_slave_0: entered promiscuous mode [ 96.210455][ T5597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.234965][ T5598] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.235106][ T5598] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.235283][ T5598] bridge_slave_1: entered allmulticast mode [ 96.239548][ T5598] bridge_slave_1: entered promiscuous mode [ 96.243472][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.243593][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.243744][ T5601] bridge_slave_0: entered allmulticast mode [ 96.247545][ T5601] bridge_slave_0: entered promiscuous mode [ 96.259659][ T5597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.305322][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.305466][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.305772][ T5601] bridge_slave_1: entered allmulticast mode [ 96.308499][ T5601] bridge_slave_1: entered promiscuous mode [ 96.338935][ T5599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.394672][ T5599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.417081][ T5598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.435039][ T5597] team0: Port device team_slave_0 added [ 96.454380][ T5600] team0: Port device team_slave_0 added [ 96.459032][ T5598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.465204][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.472310][ T5597] team0: Port device team_slave_1 added [ 96.496348][ T5600] team0: Port device team_slave_1 added [ 96.519792][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.542597][ T5599] team0: Port device team_slave_0 added [ 96.604766][ T5599] team0: Port device team_slave_1 added [ 96.623582][ T5598] team0: Port device team_slave_0 added [ 96.641933][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.641945][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.641959][ T5597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.665492][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.665509][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.665531][ T5600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.672811][ T5598] team0: Port device team_slave_1 added [ 96.676111][ T5601] team0: Port device team_slave_0 added [ 96.678869][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.678882][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.678905][ T5597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.726524][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.726540][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.726565][ T5600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.767988][ T5601] team0: Port device team_slave_1 added [ 96.783654][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.783671][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.783694][ T5599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.856158][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.856175][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.856198][ T5599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.860364][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.860379][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.860401][ T5598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.909354][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.909371][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.909395][ T5598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.911108][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.911119][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.911141][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.978073][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.978089][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.978111][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.083593][ T5597] hsr_slave_0: entered promiscuous mode [ 97.084991][ T5597] hsr_slave_1: entered promiscuous mode [ 97.100114][ T5600] hsr_slave_0: entered promiscuous mode [ 97.101431][ T5600] hsr_slave_1: entered promiscuous mode [ 97.102657][ T5600] debugfs: 'hsr0' already exists in 'hsr' [ 97.102756][ T5600] Cannot create hsr debugfs directory [ 97.174788][ T5599] hsr_slave_0: entered promiscuous mode [ 97.175642][ T5599] hsr_slave_1: entered promiscuous mode [ 97.180224][ T5599] debugfs: 'hsr0' already exists in 'hsr' [ 97.180249][ T5599] Cannot create hsr debugfs directory [ 97.246959][ T5612] Bluetooth: hci0: command tx timeout [ 97.327041][ T5612] Bluetooth: hci4: command tx timeout [ 97.406856][ T5612] Bluetooth: hci2: command tx timeout [ 97.406905][ T5612] Bluetooth: hci3: command tx timeout [ 97.406928][ T5612] Bluetooth: hci1: command tx timeout [ 97.739191][ T5598] hsr_slave_0: entered promiscuous mode [ 97.740313][ T5598] hsr_slave_1: entered promiscuous mode [ 97.740937][ T5598] debugfs: 'hsr0' already exists in 'hsr' [ 97.740955][ T5598] Cannot create hsr debugfs directory [ 97.810815][ T5601] hsr_slave_0: entered promiscuous mode [ 97.811953][ T5601] hsr_slave_1: entered promiscuous mode [ 97.812527][ T5601] debugfs: 'hsr0' already exists in 'hsr' [ 97.812544][ T5601] Cannot create hsr debugfs directory [ 98.560023][ T5597] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.609499][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.628014][ T5597] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.670929][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.673341][ T5597] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.714620][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.736384][ T5597] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.774896][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.896525][ T5600] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.934798][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.946321][ T5600] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.981090][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.984743][ T5600] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.021719][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.050713][ T5600] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.084305][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.216367][ T5599] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.264418][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.268049][ T5599] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.300258][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.314661][ T5599] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.326944][ T5603] Bluetooth: hci0: command tx timeout [ 99.352425][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.379075][ T5599] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.406919][ T5603] Bluetooth: hci4: command tx timeout [ 99.422645][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.488249][ T5603] Bluetooth: hci1: command tx timeout [ 99.497534][ T5603] Bluetooth: hci3: command tx timeout [ 99.497564][ T5603] Bluetooth: hci2: command tx timeout [ 99.582774][ T5598] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.620054][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.635173][ T5598] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.662200][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.678292][ T5598] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.720908][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.744961][ T5598] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.780379][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.878020][ T5597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.952982][ T5601] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 99.980427][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 100.000196][ T5601] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 100.040162][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 100.051651][ T5601] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 100.084452][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 100.095103][ T5601] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 100.120938][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 100.149380][ T5597] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.202417][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.203148][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.247438][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.270441][ T1586] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.270641][ T1586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.405460][ T5600] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.479625][ T1586] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.482757][ T1586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.515327][ T5599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.555008][ T1586] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.555128][ T1586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.654864][ T5599] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.729092][ T5598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.764050][ T1586] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.764302][ T1586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.826056][ T1586] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.826240][ T1586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.962097][ T5598] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.985370][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.014482][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.014625][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.086548][ T1586] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.093861][ T1586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.263581][ T5601] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.330273][ T2214] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.330430][ T2214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.406864][ T5612] Bluetooth: hci0: command tx timeout [ 101.448254][ T2214] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.448463][ T2214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.488101][ T5612] Bluetooth: hci4: command tx timeout [ 101.569265][ T5612] Bluetooth: hci2: command tx timeout [ 101.569302][ T5612] Bluetooth: hci3: command tx timeout [ 101.569327][ T5612] Bluetooth: hci1: command tx timeout [ 101.840408][ T5597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.346199][ T5600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.387601][ T5597] veth0_vlan: entered promiscuous mode [ 102.474322][ T5597] veth1_vlan: entered promiscuous mode [ 102.686050][ T5600] veth0_vlan: entered promiscuous mode [ 102.722201][ T5597] veth0_macvtap: entered promiscuous mode [ 102.768886][ T5597] veth1_macvtap: entered promiscuous mode [ 102.805090][ T5600] veth1_vlan: entered promiscuous mode [ 102.949976][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.039100][ T5599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.077842][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.189658][ T1586] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.232639][ T1586] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.251898][ T1586] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.272512][ T1586] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.285504][ T5600] veth0_macvtap: entered promiscuous mode [ 103.364987][ T5598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.390318][ T5600] veth1_macvtap: entered promiscuous mode [ 103.468226][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.850008][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.850242][ T5599] veth0_vlan: entered promiscuous mode [ 103.894730][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.907616][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.907639][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.027660][ T5599] veth1_vlan: entered promiscuous mode [ 104.031118][ T3310] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.067140][ T3310] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.090422][ T3310] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.096020][ T3310] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.116184][ T5598] veth0_vlan: entered promiscuous mode [ 104.123371][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.123387][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.245343][ T5598] veth1_vlan: entered promiscuous mode [ 104.606174][ T5599] veth0_macvtap: entered promiscuous mode [ 104.648748][ T5599] veth1_macvtap: entered promiscuous mode [ 104.654445][ T5601] veth0_vlan: entered promiscuous mode [ 104.857743][ T2045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.857764][ T2045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.868781][ T5601] veth1_vlan: entered promiscuous mode [ 104.899606][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.900466][ T5598] veth0_macvtap: entered promiscuous mode [ 104.979712][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.983261][ T5598] veth1_macvtap: entered promiscuous mode [ 105.162617][ T77] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.189075][ T77] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.192764][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.192785][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.255320][ T77] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.268095][ T77] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.436577][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.495800][ T5601] veth0_macvtap: entered promiscuous mode [ 105.586211][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.738373][ T5601] veth1_macvtap: entered promiscuous mode [ 105.800601][ T147] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.802251][ T147] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.802772][ T147] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.816020][ T147] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.152444][ T5795] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 106.375314][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.585561][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.600693][ T1586] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.600716][ T1586] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.732768][ T5605] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.925767][ T1586] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.966919][ T5605] usb 1-1: Using ep0 maxpacket: 32 [ 106.998270][ T5605] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.998308][ T5605] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.034695][ T5605] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 107.034727][ T1586] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.034736][ T5605] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 107.034759][ T5605] usb 1-1: Product: syz [ 107.034773][ T5605] usb 1-1: Manufacturer: syz [ 107.180623][ T1586] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.237614][ T5605] hub 1-1:4.0: USB hub found [ 107.315890][ T1586] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.321499][ T1586] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.321517][ T1586] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.413821][ T5605] hub 1-1:4.0: 2 ports detected [ 107.684879][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.684901][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.820784][ T5605] hub 1-1:4.0: set hub depth failed [ 107.971569][ T821] hub 1-1:4.0: hub_ext_port_status failed (err = -71) [ 108.031446][ T5605] usb 1-1: USB disconnect, device number 2 [ 108.475754][ T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.475779][ T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.777124][ T3007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.777147][ T3007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.036873][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 109.116311][ T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.116334][ T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.065577][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 110.244572][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.568647][ T10] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 110.568680][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.568700][ T10] usb 2-1: Product: syz [ 110.568714][ T10] usb 2-1: Manufacturer: syz [ 110.568729][ T10] usb 2-1: SerialNumber: syz [ 110.685891][ T10] usb 2-1: config 0 descriptor?? [ 110.979308][ T10] cdc_ether 2-1:0.0: missing cdc header descriptor [ 111.016869][ T10] usb 2-1: unsupported MDLM descriptors [ 112.089617][ T10] usb 2-1: USB disconnect, device number 2 [ 116.689594][ T4980] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 117.792004][ T5851] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 119.881245][ T5859] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 121.688593][ T5864] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 121.826331][ T4980] usb 4-1: Using ep0 maxpacket: 32 [ 122.109042][ T4980] usb 4-1: device descriptor read/all, error -71 [ 122.979955][ T5876] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 124.258580][ T5862] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 126.864987][ T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 127.618361][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 127.637406][ T31] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 127.637437][ T31] usb 1-1: config 0 has no interface number 0 [ 127.637489][ T31] usb 1-1: config 0 interface 12 has no altsetting 0 [ 127.678492][ T5605] IPVS: starting estimator thread 0... [ 127.796107][ T31] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 127.796159][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.796179][ T31] usb 1-1: Product: syz [ 127.796193][ T31] usb 1-1: Manufacturer: syz [ 127.796207][ T31] usb 1-1: SerialNumber: syz [ 127.867099][ T5901] IPVS: using max 8 ests per chain, 19200 per kthread [ 127.924007][ T31] usb 1-1: config 0 descriptor?? [ 128.736858][ T5862] usb 3-1: device descriptor read/64, error -71 [ 128.871192][ T5917] syz.4.32 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 128.898451][ T31] f81534 1-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 128.898516][ T31] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 128.898532][ T31] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 128.898634][ T31] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 129.029217][ T31] usb 1-1: USB disconnect, device number 3 [ 129.216817][ T5862] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 129.359630][ T4980] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 131.359929][ T5928] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 132.090400][ T5931] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 132.196809][ T4980] usb 4-1: Using ep0 maxpacket: 32 [ 132.222732][ T4980] usb 4-1: device descriptor read/all, error -71 [ 132.781431][ T5938] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 132.956173][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.956278][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.116842][ T31] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 133.118450][ T5605] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 133.228532][ T4980] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 133.269679][ T5605] usb 3-1: Using ep0 maxpacket: 32 [ 133.274870][ T5605] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.274903][ T5605] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.286753][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 133.306567][ T5605] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 133.306599][ T5605] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 133.306782][ T5605] usb 3-1: Product: syz [ 133.306800][ T5605] usb 3-1: Manufacturer: syz [ 133.352857][ T31] usb 5-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 133.376385][ T31] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 133.376417][ T31] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 133.376437][ T31] usb 5-1: Product: syz [ 133.376451][ T31] usb 5-1: Manufacturer: syz [ 133.396800][ T4980] usb 4-1: Using ep0 maxpacket: 32 [ 133.399047][ T4980] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.399075][ T4980] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.401926][ T4980] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 133.401950][ T4980] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 133.401968][ T4980] usb 4-1: Product: syz [ 133.401981][ T4980] usb 4-1: Manufacturer: syz [ 133.608303][ T5605] hub 3-1:4.0: USB hub found [ 133.613687][ T31] hub 5-1:4.0: bad descriptor, ignoring hub [ 133.613724][ T31] hub 5-1:4.0: probe with driver hub failed with error -5 [ 133.690173][ T31] usbhid 5-1:4.0: couldn't find an input interrupt endpoint [ 133.724054][ T5605] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 133.918505][ T4980] hub 4-1:4.0: USB hub found [ 133.999022][ T4980] hub 4-1:4.0: 2 ports detected [ 134.215864][ T5605] usb 3-1: USB disconnect, device number 4 [ 134.229185][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 134.229311][ T4980] hub 4-1:4.0: hub_hub_status failed (err = -32) [ 134.229326][ T4980] hub 4-1:4.0: config failed, can't get hub status (err -32) [ 134.455156][ T4980] usb 4-1: USB disconnect, device number 5 [ 135.921783][ T31] usb 5-1: USB disconnect, device number 2 [ 136.402890][ T5963] FAULT_INJECTION: forcing a failure. [ 136.402890][ T5963] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 136.402915][ T5963] CPU: 1 UID: 0 PID: 5963 Comm: syz.0.46 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 136.402930][ T5963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 136.402937][ T5963] Call Trace: [ 136.402941][ T5963] [ 136.402947][ T5963] dump_stack_lvl+0xe8/0x150 [ 136.402975][ T5963] should_fail_ex+0x46b/0x600 [ 136.402996][ T5963] _copy_from_user+0x2d/0xb0 [ 136.403010][ T5963] __sys_sendto+0x2bc/0x710 [ 136.403028][ T5963] ? __pfx___sys_sendto+0x10/0x10 [ 136.403054][ T5963] ? ksys_write+0x248/0x270 [ 136.403069][ T5963] ? __pfx_ksys_write+0x10/0x10 [ 136.403090][ T5963] __x64_sys_sendto+0xde/0x100 [ 136.403104][ T5963] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.403117][ T5963] do_syscall_64+0x15f/0xf80 [ 136.403130][ T5963] ? trace_irq_disable+0x3b/0x140 [ 136.403143][ T5963] ? clear_bhb_loop+0x40/0x90 [ 136.403158][ T5963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.403169][ T5963] RIP: 0033:0x7f79f2e7cdd9 [ 136.403181][ T5963] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.403191][ T5963] RSP: 002b:00007f79f10ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 136.403205][ T5963] RAX: ffffffffffffffda RBX: 00007f79f30f6090 RCX: 00007f79f2e7cdd9 [ 136.403213][ T5963] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003 [ 136.403221][ T5963] RBP: 00007f79f10ad090 R08: 000020000005ffe4 R09: 000000000000001c [ 136.403228][ T5963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.403235][ T5963] R13: 00007f79f30f6128 R14: 00007f79f30f6090 R15: 00007ffca23da4b8 [ 136.403253][ T5963] [ 137.551441][ T5710] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 138.062474][ T5969] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 138.081821][ T5710] usb 5-1: Using ep0 maxpacket: 32 [ 138.093854][ T5710] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 138.093914][ T5710] usb 5-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 138.096810][ T4980] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 138.097073][ C0] raw-gadget.1 gadget.1: ignoring, device is not running [ 138.138178][ T5710] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 138.138210][ T5710] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 138.138230][ T5710] usb 5-1: Product: syz [ 138.138245][ T5710] usb 5-1: Manufacturer: syz [ 138.223259][ T5710] hub 5-1:4.0: bad descriptor, ignoring hub [ 138.223305][ T5710] hub 5-1:4.0: probe with driver hub failed with error -5 [ 138.224907][ T5972] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 138.226978][ T4980] usb 2-1: device descriptor read/64, error -32 [ 138.265675][ T5710] usbhid 5-1:4.0: couldn't find an input interrupt endpoint [ 138.492573][ T4980] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 140.034308][ T5983] netlink: 40 bytes leftover after parsing attributes in process `syz.3.52'. [ 140.038360][ T5982] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 140.057901][ T36] usb 5-1: USB disconnect, device number 3 [ 140.098633][ T5986] netlink: 40 bytes leftover after parsing attributes in process `syz.1.53'. [ 140.101863][ T5983] netlink: 40 bytes leftover after parsing attributes in process `syz.3.52'. [ 140.123260][ T5986] netlink: 40 bytes leftover after parsing attributes in process `syz.1.53'. [ 140.366858][ T5613] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 140.367231][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 140.469870][ T5995] netdevsim netdevsim1: Direct firmware load for  failed with error -2 [ 140.469898][ T5995] netdevsim netdevsim1: Falling back to sysfs fallback for:  [ 140.516950][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 140.517142][ T5613] usb 5-1: Using ep0 maxpacket: 16 [ 140.519543][ T10] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.519577][ T10] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.526474][ T5613] usb 5-1: config index 0 descriptor too short (expected 51443, got 18) [ 140.527409][ T10] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 140.527434][ T10] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 140.528020][ T10] usb 3-1: Product: syz [ 140.528034][ T10] usb 3-1: Manufacturer: syz [ 140.579816][ T5613] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 140.579845][ T5613] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.579863][ T5613] usb 5-1: Product: syz [ 140.579876][ T5613] usb 5-1: Manufacturer: syz [ 140.579889][ T5613] usb 5-1: SerialNumber: syz [ 140.609520][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 140.650442][ T10] hub 3-1:4.0: USB hub found [ 140.654145][ T5613] r8152-cfgselector 5-1: Unknown version 0x0000 [ 140.654164][ T5613] r8152-cfgselector 5-1: config 0 descriptor?? [ 140.761850][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 140.798834][ T9] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 140.808452][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 140.808552][ T9] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 140.808571][ T9] usb 4-1: Product: syz [ 140.808585][ T9] usb 4-1: Manufacturer: syz [ 140.869526][ T10] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 141.023522][ T9] hub 4-1:4.0: bad descriptor, ignoring hub [ 141.023561][ T9] hub 4-1:4.0: probe with driver hub failed with error -5 [ 141.054307][ T9] usbhid 4-1:4.0: couldn't find an input interrupt endpoint [ 141.067021][ T10] usb 3-1: USB disconnect, device number 5 [ 142.063863][ T6005] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 142.207104][ T10] r8152-cfgselector 5-1: USB disconnect, device number 4 [ 142.273448][ T6019] ======================================================= [ 142.273448][ T6019] WARNING: The mand mount option has been deprecated and [ 142.273448][ T6019] and is ignored by this kernel. Remove the mand [ 142.273448][ T6019] option from the mount to silence this warning. [ 142.273448][ T6019] ======================================================= [ 142.289441][ T9] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 142.416921][ T9] usb 1-1: device descriptor read/64, error -71 [ 142.439247][ T6017] syz.2.64 (6017) used greatest stack depth: 18136 bytes left [ 142.553249][ T6022] FAULT_INJECTION: forcing a failure. [ 142.553249][ T6022] name failslab, interval 1, probability 0, space 0, times 0 [ 142.553285][ T6022] CPU: 0 UID: 0 PID: 6022 Comm: syz.2.67 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 142.553311][ T6022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 142.553322][ T6022] Call Trace: [ 142.553330][ T6022] [ 142.553339][ T6022] dump_stack_lvl+0xe8/0x150 [ 142.553369][ T6022] should_fail_ex+0x46b/0x600 [ 142.553406][ T6022] should_failslab+0xa8/0x100 [ 142.553432][ T6022] kmem_cache_alloc_noprof+0x87/0x680 [ 142.553454][ T6022] ? do_getname+0x2e/0x250 [ 142.553484][ T6022] do_getname+0x2e/0x250 [ 142.553510][ T6022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.553531][ T6022] __se_sys_unlinkat+0x4f/0x1a0 [ 142.553556][ T6022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.553578][ T6022] do_syscall_64+0x15f/0xf80 [ 142.553599][ T6022] ? trace_irq_disable+0x3b/0x140 [ 142.553620][ T6022] ? clear_bhb_loop+0x40/0x90 [ 142.553644][ T6022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.553663][ T6022] RIP: 0033:0x7f6db52ecdd9 [ 142.553680][ T6022] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.553696][ T6022] RSP: 002b:00007f6db3546028 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 142.553717][ T6022] RAX: ffffffffffffffda RBX: 00007f6db5565fa0 RCX: 00007f6db52ecdd9 [ 142.553732][ T6022] RDX: 0000000000000200 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 142.553747][ T6022] RBP: 00007f6db3546090 R08: 0000000000000000 R09: 0000000000000000 [ 142.553759][ T6022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.553771][ T6022] R13: 00007f6db5566038 R14: 00007f6db5565fa0 R15: 00007ffc354c9ab8 [ 142.553803][ T6022] [ 142.631708][ T6024] netlink: 40 bytes leftover after parsing attributes in process `syz.1.66'. [ 142.656790][ T9] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 142.763172][ T6025] netlink: 40 bytes leftover after parsing attributes in process `syz.1.66'. [ 142.817322][ T9] usb 1-1: device descriptor read/64, error -71 [ 142.942420][ T9] usb usb1-port1: attempt power cycle [ 143.691900][ T9] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 143.767861][ T9] usb 1-1: device descriptor read/8, error -71 [ 143.966284][ T6038] netlink: 108 bytes leftover after parsing attributes in process `syz.3.72'. [ 143.987953][ T10] usb 4-1: USB disconnect, device number 6 [ 144.016907][ T9] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 144.037924][ T9] usb 1-1: device descriptor read/8, error -71 [ 144.190274][ T9] usb usb1-port1: unable to enumerate USB device [ 144.199950][ T6041] netlink: 52 bytes leftover after parsing attributes in process `syz.4.74'. [ 145.560053][ T6047] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 145.852532][ T6055] Zero length message leads to an empty skb [ 146.965116][ T6057] FAULT_INJECTION: forcing a failure. [ 146.965116][ T6057] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.965154][ T6057] CPU: 0 UID: 0 PID: 6057 Comm: syz.2.78 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 146.965177][ T6057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 146.965189][ T6057] Call Trace: [ 146.965197][ T6057] [ 146.965205][ T6057] dump_stack_lvl+0xe8/0x150 [ 146.965236][ T6057] should_fail_ex+0x46b/0x600 [ 146.965275][ T6057] _copy_from_user+0x2d/0xb0 [ 146.965300][ T6057] ___sys_sendmsg+0x1c6/0x360 [ 146.965327][ T6057] ? __lock_acquire+0x6b5/0x2cf0 [ 146.965360][ T6057] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.965425][ T6057] ? __fget_files+0x2a/0x420 [ 146.965466][ T6057] ? __fget_files+0x3a6/0x420 [ 146.965496][ T6057] __x64_sys_sendmsg+0x1c3/0x2a0 [ 146.965526][ T6057] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 146.965563][ T6057] ? __pfx_ksys_write+0x10/0x10 [ 146.965596][ T6057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.965619][ T6057] do_syscall_64+0x15f/0xf80 [ 146.965641][ T6057] ? trace_irq_disable+0x3b/0x140 [ 146.965666][ T6057] ? clear_bhb_loop+0x40/0x90 [ 146.965700][ T6057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.965721][ T6057] RIP: 0033:0x7f6db52ecdd9 [ 146.965740][ T6057] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.965757][ T6057] RSP: 002b:00007f6db3546028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.965778][ T6057] RAX: ffffffffffffffda RBX: 00007f6db5565fa0 RCX: 00007f6db52ecdd9 [ 146.965793][ T6057] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 146.965806][ T6057] RBP: 00007f6db3546090 R08: 0000000000000000 R09: 0000000000000000 [ 146.965818][ T6057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.965830][ T6057] R13: 00007f6db5566038 R14: 00007f6db5565fa0 R15: 00007ffc354c9ab8 [ 146.965863][ T6057] [ 147.103561][ T6059] netlink: 40 bytes leftover after parsing attributes in process `syz.3.80'. [ 147.217161][ T6062] netlink: 40 bytes leftover after parsing attributes in process `syz.3.80'. [ 147.232933][ T6064] netlink: 826 bytes leftover after parsing attributes in process `syz.1.79'. [ 149.653792][ T6088] FAULT_INJECTION: forcing a failure. [ 149.653792][ T6088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.653829][ T6088] CPU: 0 UID: 0 PID: 6088 Comm: syz.1.86 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 149.653853][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 149.653865][ T6088] Call Trace: [ 149.653873][ T6088] [ 149.653882][ T6088] dump_stack_lvl+0xe8/0x150 [ 149.653913][ T6088] should_fail_ex+0x46b/0x600 [ 149.653953][ T6088] _copy_from_user+0x2d/0xb0 [ 149.653979][ T6088] ___sys_sendmsg+0x1c6/0x360 [ 149.654005][ T6088] ? __lock_acquire+0x6b5/0x2cf0 [ 149.654039][ T6088] ? __pfx____sys_sendmsg+0x10/0x10 [ 149.654108][ T6088] ? __fget_files+0x2a/0x420 [ 149.654128][ T6088] ? __fget_files+0x3a6/0x420 [ 149.654158][ T6088] __x64_sys_sendmsg+0x1c3/0x2a0 [ 149.654188][ T6088] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 149.654225][ T6088] ? __pfx_ksys_write+0x10/0x10 [ 149.654259][ T6088] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.654282][ T6088] do_syscall_64+0x15f/0xf80 [ 149.654304][ T6088] ? trace_irq_disable+0x3b/0x140 [ 149.654329][ T6088] ? clear_bhb_loop+0x40/0x90 [ 149.654354][ T6088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.654375][ T6088] RIP: 0033:0x7fb3b20fcdd9 [ 149.654395][ T6088] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.654412][ T6088] RSP: 002b:00007fb3b034e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.654435][ T6088] RAX: ffffffffffffffda RBX: 00007fb3b2375fa0 RCX: 00007fb3b20fcdd9 [ 149.654450][ T6088] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005 [ 149.654463][ T6088] RBP: 00007fb3b034e090 R08: 0000000000000000 R09: 0000000000000000 [ 149.654477][ T6088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.654489][ T6088] R13: 00007fb3b2376038 R14: 00007fb3b2375fa0 R15: 00007ffcd85e2408 [ 149.654523][ T6088] [ 150.109774][ T6093] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 150.609197][ T6105] FAULT_INJECTION: forcing a failure. [ 150.609197][ T6105] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.609232][ T6105] CPU: 0 UID: 0 PID: 6105 Comm: syz.1.90 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 150.609255][ T6105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 150.609267][ T6105] Call Trace: [ 150.609275][ T6105] [ 150.609284][ T6105] dump_stack_lvl+0xe8/0x150 [ 150.609316][ T6105] should_fail_ex+0x46b/0x600 [ 150.609355][ T6105] _copy_to_user+0x31/0xb0 [ 150.609380][ T6105] simple_read_from_buffer+0xe1/0x170 [ 150.609423][ T6105] proc_fail_nth_read+0x1be/0x230 [ 150.609460][ T6105] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 150.609497][ T6105] ? rw_verify_area+0x2ac/0x4e0 [ 150.609519][ T6105] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 150.609553][ T6105] vfs_read+0x212/0xa80 [ 150.609587][ T6105] ? __pfx_vfs_read+0x10/0x10 [ 150.609613][ T6105] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 150.609637][ T6105] ? lockdep_hardirqs_on+0x7a/0x110 [ 150.609660][ T6105] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 150.609683][ T6105] ? mutex_lock_nested+0x152/0x1d0 [ 150.609711][ T6105] ? fdget_pos+0x252/0x320 [ 150.609741][ T6105] ksys_read+0x156/0x270 [ 150.609769][ T6105] ? __pfx_ksys_read+0x10/0x10 [ 150.609809][ T6105] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.609832][ T6105] do_syscall_64+0x15f/0xf80 [ 150.609854][ T6105] ? trace_irq_disable+0x3b/0x140 [ 150.609878][ T6105] ? clear_bhb_loop+0x40/0x90 [ 150.609905][ T6105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.609926][ T6105] RIP: 0033:0x7fb3b20bd60e [ 150.609945][ T6105] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 150.609962][ T6105] RSP: 002b:00007fb3b030bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 150.609984][ T6105] RAX: ffffffffffffffda RBX: 00007fb3b030c6c0 RCX: 00007fb3b20bd60e [ 150.609999][ T6105] RDX: 000000000000000f RSI: 00007fb3b030c0a0 RDI: 0000000000000008 [ 150.610012][ T6105] RBP: 00007fb3b030c090 R08: 0000000000000000 R09: 0000000000000000 [ 150.610024][ T6105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.610036][ T6105] R13: 00007fb3b2376218 R14: 00007fb3b2376180 R15: 00007ffcd85e2408 [ 150.610072][ T6105] [ 151.208816][ T6113] netlink: 40 bytes leftover after parsing attributes in process `syz.1.95'. [ 151.271873][ T6115] netlink: 40 bytes leftover after parsing attributes in process `syz.1.95'. [ 152.730679][ T6133] FAULT_INJECTION: forcing a failure. [ 152.730679][ T6133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.730716][ T6133] CPU: 0 UID: 0 PID: 6133 Comm: syz.0.100 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 152.730740][ T6133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 152.730752][ T6133] Call Trace: [ 152.730760][ T6133] [ 152.730769][ T6133] dump_stack_lvl+0xe8/0x150 [ 152.730809][ T6133] should_fail_ex+0x46b/0x600 [ 152.730848][ T6133] _copy_from_user+0x2d/0xb0 [ 152.730874][ T6133] ___sys_sendmsg+0x1c6/0x360 [ 152.730901][ T6133] ? __lock_acquire+0x6b5/0x2cf0 [ 152.730935][ T6133] ? __pfx____sys_sendmsg+0x10/0x10 [ 152.730999][ T6133] ? __fget_files+0x2a/0x420 [ 152.731018][ T6133] ? __fget_files+0x3a6/0x420 [ 152.731049][ T6133] __x64_sys_sendmsg+0x1c3/0x2a0 [ 152.731079][ T6133] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 152.731116][ T6133] ? __pfx_ksys_write+0x10/0x10 [ 152.731150][ T6133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.731173][ T6133] do_syscall_64+0x15f/0xf80 [ 152.731196][ T6133] ? trace_irq_disable+0x3b/0x140 [ 152.731220][ T6133] ? clear_bhb_loop+0x40/0x90 [ 152.731246][ T6133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.731267][ T6133] RIP: 0033:0x7f79f2e7cdd9 [ 152.731287][ T6133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.731304][ T6133] RSP: 002b:00007f79f10ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.731327][ T6133] RAX: ffffffffffffffda RBX: 00007f79f30f5fa0 RCX: 00007f79f2e7cdd9 [ 152.731342][ T6133] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000004 [ 152.731355][ T6133] RBP: 00007f79f10ce090 R08: 0000000000000000 R09: 0000000000000000 [ 152.731373][ T6133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.731385][ T6133] R13: 00007f79f30f6038 R14: 00007f79f30f5fa0 R15: 00007ffca23da4b8 [ 152.731419][ T6133] [ 153.180686][ T5613] IPVS: starting estimator thread 0... [ 153.203043][ T6139] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 153.266909][ T6138] IPVS: using max 8 ests per chain, 19200 per kthread [ 153.551667][ T6141] FAULT_INJECTION: forcing a failure. [ 153.551667][ T6141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.551703][ T6141] CPU: 0 UID: 0 PID: 6141 Comm: syz.3.106 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 153.551727][ T6141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 153.551738][ T6141] Call Trace: [ 153.551746][ T6141] [ 153.551756][ T6141] dump_stack_lvl+0xe8/0x150 [ 153.551788][ T6141] should_fail_ex+0x46b/0x600 [ 153.551837][ T6141] _copy_from_user+0x2d/0xb0 [ 153.551863][ T6141] ___sys_sendmsg+0x1c6/0x360 [ 153.551891][ T6141] ? __lock_acquire+0x6b5/0x2cf0 [ 153.551925][ T6141] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.551990][ T6141] ? __fget_files+0x2a/0x420 [ 153.552010][ T6141] ? __fget_files+0x3a6/0x420 [ 153.552041][ T6141] __x64_sys_sendmsg+0x1c3/0x2a0 [ 153.552073][ T6141] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.552110][ T6141] ? __pfx_ksys_write+0x10/0x10 [ 153.552145][ T6141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.552169][ T6141] do_syscall_64+0x15f/0xf80 [ 153.552191][ T6141] ? trace_irq_disable+0x3b/0x140 [ 153.552216][ T6141] ? clear_bhb_loop+0x40/0x90 [ 153.552243][ T6141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.552264][ T6141] RIP: 0033:0x7fe6f056cdd9 [ 153.552284][ T6141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 153.552301][ T6141] RSP: 002b:00007fe6ee7c6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.552325][ T6141] RAX: ffffffffffffffda RBX: 00007fe6f07e5fa0 RCX: 00007fe6f056cdd9 [ 153.552341][ T6141] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000004 [ 153.552355][ T6141] RBP: 00007fe6ee7c6090 R08: 0000000000000000 R09: 0000000000000000 [ 153.552368][ T6141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.552386][ T6141] R13: 00007fe6f07e6038 R14: 00007fe6f07e5fa0 R15: 00007ffddc4b77f8 [ 153.552420][ T6141] [ 154.451076][ T5603] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 154.451251][ T5603] Bluetooth: hci2: Injecting HCI hardware error event [ 154.471112][ T5612] Bluetooth: hci2: hardware error 0x00 [ 154.544886][ T5603] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 154.954999][ T6149] FAULT_INJECTION: forcing a failure. [ 154.954999][ T6149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.955026][ T6149] CPU: 1 UID: 0 PID: 6149 Comm: syz.3.110 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 154.955041][ T6149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 154.955048][ T6149] Call Trace: [ 154.955053][ T6149] [ 154.955058][ T6149] dump_stack_lvl+0xe8/0x150 [ 154.955078][ T6149] should_fail_ex+0x46b/0x600 [ 154.955099][ T6149] _copy_from_user+0x2d/0xb0 [ 154.955114][ T6149] __sys_bind+0x1cc/0x410 [ 154.955128][ T6149] ? __pfx___sys_bind+0x10/0x10 [ 154.955146][ T6149] ? __pfx_ksys_write+0x10/0x10 [ 154.955162][ T6149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.955175][ T6149] __x64_sys_bind+0x7a/0x90 [ 154.955188][ T6149] do_syscall_64+0x15f/0xf80 [ 154.955201][ T6149] ? clear_bhb_loop+0x40/0x90 [ 154.955216][ T6149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.955232][ T6149] RIP: 0033:0x7fe6f056cdd9 [ 154.955245][ T6149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 154.955254][ T6149] RSP: 002b:00007fe6ee7a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 154.955268][ T6149] RAX: ffffffffffffffda RBX: 00007fe6f07e6090 RCX: 00007fe6f056cdd9 [ 154.955277][ T6149] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000005 [ 154.955284][ T6149] RBP: 00007fe6ee7a5090 R08: 0000000000000000 R09: 0000000000000000 [ 154.955291][ T6149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.955298][ T6149] R13: 00007fe6f07e6128 R14: 00007fe6f07e6090 R15: 00007ffddc4b77f8 [ 154.955316][ T6149] [ 154.958707][ T5603] Bluetooth: hci3: Injecting HCI hardware error event [ 154.964975][ T59] Bluetooth: hci3: hardware error 0x00 [ 155.053146][ T6150] capability: warning: `syz.1.109' uses 32-bit capabilities (legacy support in use) [ 155.762712][ T5608] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 155.804414][ T5608] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 155.806427][ T5608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 155.810932][ T5608] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 155.813389][ T5608] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 157.021783][ T6172] process 'syz.2.113' launched './file1' with NULL argv: empty string added [ 157.407700][ T5612] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 157.417094][ T5878] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 157.488854][ T59] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 157.617668][ T5878] usb 2-1: Using ep0 maxpacket: 32 [ 157.641381][ T5878] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.645709][ T5878] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 157.645730][ T5878] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 157.645741][ T5878] usb 2-1: Product: syz [ 157.645750][ T5878] usb 2-1: Manufacturer: syz [ 157.704884][ T5878] hub 2-1:4.0: bad descriptor, ignoring hub [ 157.704911][ T5878] hub 2-1:4.0: probe with driver hub failed with error -5 [ 157.747436][ T5878] usbhid 2-1:4.0: couldn't find an input interrupt endpoint [ 157.806041][ T6184] FAULT_INJECTION: forcing a failure. [ 157.806041][ T6184] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.806067][ T6184] CPU: 1 UID: 0 PID: 6184 Comm: syz.2.116 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 157.806081][ T6184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 157.806087][ T6184] Call Trace: [ 157.806092][ T6184] [ 157.806098][ T6184] dump_stack_lvl+0xe8/0x150 [ 157.806117][ T6184] should_fail_ex+0x46b/0x600 [ 157.806139][ T6184] _copy_from_user+0x2d/0xb0 [ 157.806153][ T6184] ucma_write+0x166/0x2f0 [ 157.806169][ T6184] ? __pfx_ucma_write+0x10/0x10 [ 157.806183][ T6184] ? rw_verify_area+0x25b/0x4e0 [ 157.806199][ T6184] vfs_writev+0x4c6/0x9a0 [ 157.806216][ T6184] ? __pfx_ucma_write+0x10/0x10 [ 157.806231][ T6184] ? __pfx_vfs_writev+0x10/0x10 [ 157.806254][ T6184] ? __fget_files+0x2a/0x420 [ 157.806268][ T6184] ? __fget_files+0x3a6/0x420 [ 157.806277][ T6184] ? __fget_files+0x2a/0x420 [ 157.806292][ T6184] do_writev+0x15a/0x2e0 [ 157.806309][ T6184] ? __pfx_do_writev+0x10/0x10 [ 157.806329][ T6184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.806342][ T6184] do_syscall_64+0x15f/0xf80 [ 157.806355][ T6184] ? trace_irq_disable+0x3b/0x140 [ 157.806369][ T6184] ? clear_bhb_loop+0x40/0x90 [ 157.806383][ T6184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.806395][ T6184] RIP: 0033:0x7f6db52ecdd9 [ 157.806407][ T6184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.806417][ T6184] RSP: 002b:00007f6db3525028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 157.806431][ T6184] RAX: ffffffffffffffda RBX: 00007f6db5566090 RCX: 00007f6db52ecdd9 [ 157.806439][ T6184] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003 [ 157.806447][ T6184] RBP: 00007f6db3525090 R08: 0000000000000000 R09: 0000000000000000 [ 157.806454][ T6184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.806461][ T6184] R13: 00007f6db5566128 R14: 00007f6db5566090 R15: 00007ffc354c9ab8 [ 157.806487][ T6184] [ 157.891299][ T59] Bluetooth: hci4: command tx timeout [ 159.151179][ T6193] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 159.458390][ T5878] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 159.668335][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 159.673703][ T5878] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.673739][ T5878] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.681083][ T5878] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 159.681110][ T5878] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 159.681128][ T5878] usb 3-1: Product: syz [ 159.681141][ T5878] usb 3-1: Manufacturer: syz [ 159.701216][ T5878] hub 3-1:4.0: USB hub found [ 159.866776][ T5862] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 159.895595][ T5878] hub 3-1:4.0: 2 ports detected [ 159.969483][ T59] Bluetooth: hci4: command tx timeout [ 160.023411][ T5862] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 160.023442][ T5862] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 160.023461][ T5862] usb 4-1: config 0 has no interface number 0 [ 160.036255][ T5862] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 160.036286][ T5862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.036306][ T5862] usb 4-1: Product: syz [ 160.036321][ T5862] usb 4-1: Manufacturer: syz [ 160.036336][ T5862] usb 4-1: SerialNumber: syz [ 160.106474][ T5878] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 160.106507][ T5878] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 160.191044][ T5862] usb 4-1: config 0 descriptor?? [ 160.451475][ T5862] hub 4-1:0.31: bad descriptor, ignoring hub [ 160.451520][ T5862] hub 4-1:0.31: probe with driver hub failed with error -5 [ 160.493666][ T5878] usb 3-1: USB disconnect, device number 6 [ 160.541696][ T5862] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 160.541779][ T5862] uvcvideo 4-1:0.31: Entity type for entity Output 32774 was not initialized! [ 160.542157][ T5862] uvcvideo 4-1:0.31: Failed to create links for entity 32774 [ 160.542177][ T5862] uvcvideo 4-1:0.31: Failed to register entities (-22). [ 160.584775][ T36] usb 2-1: USB disconnect, device number 5 [ 161.867995][ T5862] usb 4-1: USB disconnect, device number 7 [ 162.046926][ T59] Bluetooth: hci4: command tx timeout [ 163.200563][ T6224] cgroup: No subsys list or none specified [ 163.378362][ T36] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 163.548113][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.548412][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.548626][ T6155] bridge_slave_0: entered allmulticast mode [ 163.551870][ T6155] bridge_slave_0: entered promiscuous mode [ 163.558704][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.558895][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.559070][ T6155] bridge_slave_1: entered allmulticast mode [ 163.563441][ T6155] bridge_slave_1: entered promiscuous mode [ 163.588104][ T36] usb 2-1: unable to get BOS descriptor or descriptor too short [ 163.588865][ T36] usb 2-1: not running at top speed; connect to a high speed hub [ 163.591913][ T36] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1983, setting to 64 [ 163.591940][ T36] usb 2-1: config 1 interface 0 has no altsetting 0 [ 163.595616][ T36] usb 2-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40 [ 163.595639][ T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.595656][ T36] usb 2-1: Product: syz [ 163.595668][ T36] usb 2-1: Manufacturer: syz [ 163.595680][ T36] usb 2-1: SerialNumber: syz [ 163.685296][ T6212] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 163.714860][ T6232] capability: warning: `syz.3.126' uses deprecated v2 capabilities in a way that may be insecure [ 163.741654][ T6155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.746372][ T6155] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.858808][ T36] usb 2-1: can't set config #1, error -71 [ 163.883030][ T36] usb 2-1: USB disconnect, device number 6 [ 164.127357][ T59] Bluetooth: hci4: command tx timeout [ 165.964220][ T5796] udevd[5796]: setting owner of /dev/bus/usb/002/006 to uid=0, gid=0 failed: No such file or directory [ 166.388017][ T6155] team0: Port device team_slave_0 added [ 166.394012][ T6155] team0: Port device team_slave_1 added [ 166.595722][ T6155] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.595740][ T6155] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 166.595766][ T6155] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.667147][ T6241] Driver unsupported XDP return value 0 on prog (id 6) dev N/A, expect packet loss! [ 166.979507][ T6249] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 168.337974][ T6255] netlink: 40 bytes leftover after parsing attributes in process `syz.0.131'. [ 168.345418][ T6155] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.345468][ T6155] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.345525][ T6155] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.452562][ T6256] netlink: 40 bytes leftover after parsing attributes in process `syz.0.131'. [ 168.857671][ T6262] FAULT_INJECTION: forcing a failure. [ 168.857671][ T6262] name failslab, interval 1, probability 0, space 0, times 0 [ 168.857703][ T6262] CPU: 1 UID: 0 PID: 6262 Comm: syz.3.132 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 168.857727][ T6262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.857738][ T6262] Call Trace: [ 168.857746][ T6262] [ 168.857756][ T6262] dump_stack_lvl+0xe8/0x150 [ 168.857788][ T6262] should_fail_ex+0x46b/0x600 [ 168.857825][ T6262] should_failslab+0xa8/0x100 [ 168.857853][ T6262] __kmalloc_noprof+0xdf/0x7b0 [ 168.857877][ T6262] ? memcg_list_lru_alloc+0x286/0x870 [ 168.857915][ T6262] memcg_list_lru_alloc+0x286/0x870 [ 168.857944][ T6262] ? percpu_ref_tryget+0x1c/0x250 [ 168.857984][ T6262] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 168.858020][ T6262] ? get_mem_cgroup_from_objcg+0x186/0x1c0 [ 168.858060][ T6262] zswap_store+0x986/0x2000 [ 168.858087][ T6262] ? __pfx_flush_tlb_func+0x10/0x10 [ 168.858120][ T6262] ? zswap_store+0x764/0x2000 [ 168.858146][ T6262] ? smp_call_function_many_cond+0xe9b/0x1420 [ 168.858180][ T6262] ? folio_free_swap+0x3f7/0x8b0 [ 168.858209][ T6262] ? __pfx_zswap_store+0x10/0x10 [ 168.858239][ T6262] ? folio_free_swap+0x3f7/0x8b0 [ 168.858266][ T6262] ? folio_free_swap+0x747/0x8b0 [ 168.858289][ T6262] ? folio_free_swap+0x3f7/0x8b0 [ 168.858314][ T6262] swap_writeout+0x60f/0xd10 [ 168.858358][ T6262] shrink_folio_list+0x3444/0x5220 [ 168.858431][ T6262] ? __pfx_shrink_folio_list+0x10/0x10 [ 168.858522][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.858562][ T6262] reclaim_folio_list+0x100/0x430 [ 168.858608][ T6262] ? __pfx_reclaim_folio_list+0x10/0x10 [ 168.858654][ T6262] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.858684][ T6262] reclaim_pages+0x45b/0x530 [ 168.858707][ T6262] ? reacquire_held_locks+0x104/0x190 [ 168.858749][ T6262] ? __pfx_reclaim_pages+0x10/0x10 [ 168.858778][ T6262] ? madvise_cold_or_pageout_pte_range+0x16b8/0x1920 [ 168.858813][ T6262] madvise_cold_or_pageout_pte_range+0x16dd/0x1920 [ 168.858864][ T6262] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 168.858902][ T6262] ? do_raw_spin_lock+0x12b/0x2f0 [ 168.858934][ T6262] walk_pgd_range+0xed8/0x1ce0 [ 168.859007][ T6262] ? __pfx_walk_pgd_range+0x10/0x10 [ 168.859053][ T6262] __walk_page_range+0x14c/0x710 [ 168.859098][ T6262] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.859132][ T6262] walk_page_range_vma_unsafe+0x309/0x410 [ 168.859162][ T6262] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 168.859182][ T6262] ? rt_spin_unlock+0x14f/0x200 [ 168.859217][ T6262] ? rt_spin_unlock+0x160/0x200 [ 168.859251][ T6262] ? walk_page_range_vma+0x6b/0x90 [ 168.859275][ T6262] madvise_vma_behavior+0x2849/0x41f0 [ 168.859314][ T6262] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 168.859338][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.859373][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.859403][ T6262] ? __pfx_smack_log+0x10/0x10 [ 168.859423][ T6262] ? tomoyo_check_open_permission+0x1d3/0x470 [ 168.859465][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.859500][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.859531][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.859570][ T6262] ? unwind_next_frame+0xa6/0x2550 [ 168.859606][ T6262] ? unwind_next_frame+0xa6/0x2550 [ 168.859666][ T6262] ? mas_prev_slot+0xb7e/0xc00 [ 168.859704][ T6262] ? find_vma_prev+0x123/0x1b0 [ 168.859730][ T6262] ? __pfx_find_vma_prev+0x10/0x10 [ 168.859764][ T6262] ? __lock_acquire+0x6b5/0x2cf0 [ 168.859800][ T6262] madvise_walk_vmas+0x573/0xae0 [ 168.859841][ T6262] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 168.859874][ T6262] ? blk_start_plug+0x6e/0x1b0 [ 168.859906][ T6262] madvise_do_behavior+0x386/0x540 [ 168.859940][ T6262] ? __pfx_madvise_do_behavior+0x10/0x10 [ 168.859964][ T6262] ? down_read+0x156/0x200 [ 168.860011][ T6262] do_madvise+0x1b3/0x270 [ 168.860047][ T6262] ? __pfx_do_madvise+0x10/0x10 [ 168.860085][ T6262] ? __pfx_ksys_write+0x10/0x10 [ 168.860115][ T6262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.860138][ T6262] __x64_sys_madvise+0xa6/0xc0 [ 168.860167][ T6262] do_syscall_64+0x15f/0xf80 [ 168.860192][ T6262] ? clear_bhb_loop+0x40/0x90 [ 168.860219][ T6262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.860240][ T6262] RIP: 0033:0x7fe6f056cdd9 [ 168.860260][ T6262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.860277][ T6262] RSP: 002b:00007fe6ee7a5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 168.860300][ T6262] RAX: ffffffffffffffda RBX: 00007fe6f07e6090 RCX: 00007fe6f056cdd9 [ 168.860315][ T6262] RDX: 0000000000000015 RSI: 7fffffffffffffff RDI: 0000200000000000 [ 168.860330][ T6262] RBP: 00007fe6ee7a5090 R08: 0000000000000000 R09: 0000000000000000 [ 168.860343][ T6262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.860356][ T6262] R13: 00007fe6f07e6128 R14: 00007fe6f07e6090 R15: 00007ffddc4b77f8 [ 168.860390][ T6262] [ 169.472923][ T6155] hsr_slave_0: entered promiscuous mode [ 169.487627][ T6155] hsr_slave_1: entered promiscuous mode [ 169.508442][ T6155] debugfs: 'hsr0' already exists in 'hsr' [ 169.508463][ T6155] Cannot create hsr debugfs directory [ 169.805747][ T6268] netlink: 40 bytes leftover after parsing attributes in process `syz.3.136'. [ 169.842296][ T6268] netlink: 40 bytes leftover after parsing attributes in process `syz.3.136'. [ 171.201556][ T9] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 171.682032][ T6278] FAULT_INJECTION: forcing a failure. [ 171.682032][ T6278] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 171.682097][ T6278] CPU: 0 UID: 0 PID: 6278 Comm: syz.3.138 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 171.682122][ T6278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 171.682133][ T6278] Call Trace: [ 171.682144][ T6278] [ 171.682155][ T6278] dump_stack_lvl+0xe8/0x150 [ 171.682175][ T6278] should_fail_ex+0x46b/0x600 [ 171.682198][ T6278] prepare_alloc_pages+0x22a/0x6b0 [ 171.682219][ T6278] __alloc_frozen_pages_noprof+0x12f/0x380 [ 171.682237][ T6278] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 171.682254][ T6278] ? __pfx_policy_nodemask+0x10/0x10 [ 171.682269][ T6278] ? __lock_acquire+0x6b5/0x2cf0 [ 171.682289][ T6278] alloc_pages_mpol+0xd1/0x380 [ 171.682306][ T6278] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 171.682330][ T6278] vma_alloc_folio_noprof+0xe1/0x1e0 [ 171.682346][ T6278] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 171.682361][ T6278] ? __pte_offset_map+0x29/0x200 [ 171.682378][ T6278] do_pte_missing+0x822/0x2950 [ 171.682402][ T6278] handle_mm_fault+0xd0a/0x13c0 [ 171.682419][ T6278] ? handle_mm_fault+0xe7/0x13c0 [ 171.682434][ T6278] ? __pfx_handle_mm_fault+0x10/0x10 [ 171.682445][ T6278] ? lock_vma_under_rcu+0x45a/0x500 [ 171.682475][ T6278] do_user_addr_fault+0xa73/0x1340 [ 171.682493][ T6278] ? rcu_is_watching+0x15/0xb0 [ 171.682511][ T6278] ? trace_page_fault_user+0x84/0x1e0 [ 171.682525][ T6278] exc_page_fault+0x6a/0xc0 [ 171.682540][ T6278] asm_exc_page_fault+0x26/0x30 [ 171.682559][ T6278] RIP: 0033:0x7fe6f0434806 [ 171.682572][ T6278] Code: fc ff ff 90 41 57 31 c0 41 56 49 89 fe 48 8d 3d 36 f0 1c 00 41 55 49 89 d5 41 54 49 89 f4 48 89 d6 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 fc c9 fe ff 4d 85 ed 0f 84 2b 0a 00 [ 171.682586][ T6278] RSP: 002b:00007fe6ee7a2f60 EFLAGS: 00010206 [ 171.682603][ T6278] RAX: 0000000000000000 RBX: 00007fe6f07e6090 RCX: 0000000000000000 [ 171.682612][ T6278] RDX: 0000200000000640 RSI: 0000200000000640 RDI: 00007fe6f0603826 [ 171.682620][ T6278] RBP: 00007fe6ee7a5090 R08: 00007fe6f04215a0 R09: 0000000000000000 [ 171.682627][ T6278] R10: 0000000000000000 R11: 0000200000000640 R12: 0000000000000072 [ 171.682634][ T6278] R13: 0000200000000640 R14: 0000000000000000 R15: 00007ffddc4b77f8 [ 171.682653][ T6278] [ 171.682820][ T6278] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 172.330902][ T5709] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 172.346829][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 172.513501][ T9] usb 2-1: device descriptor read/all, error -71 [ 172.556844][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 172.575563][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 172.575599][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 172.580488][ T5709] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 172.580516][ T5709] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 172.580532][ T5709] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 172.580581][ T5709] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.620936][ T5709] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 172.620966][ T5709] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 172.620984][ T5709] usb 4-1: Product: syz [ 172.620997][ T5709] usb 4-1: Manufacturer: syz [ 172.680460][ T10] usb 1-1: New USB device found, idVendor=041e, idProduct=30df, bcdDevice= 0.40 [ 172.680508][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.680528][ T10] usb 1-1: Product: syz [ 172.680542][ T10] usb 1-1: Manufacturer: syz [ 172.680556][ T10] usb 1-1: SerialNumber: syz [ 172.708772][ T5709] cdc_wdm 4-1:1.0: skipping garbage [ 172.708792][ T5709] cdc_wdm 4-1:1.0: skipping garbage [ 173.169500][ T6282] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 174.852934][ T6277] FAULT_INJECTION: forcing a failure. [ 174.852934][ T6277] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.852959][ T6277] CPU: 1 UID: 0 PID: 6277 Comm: syz.0.139 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 174.852973][ T6277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 174.852980][ T6277] Call Trace: [ 174.852985][ T6277] [ 174.852990][ T6277] dump_stack_lvl+0xe8/0x150 [ 174.853010][ T6277] should_fail_ex+0x46b/0x600 [ 174.853032][ T6277] strncpy_from_user+0x36/0x2b0 [ 174.853052][ T6277] do_tcp_setsockopt+0x16f/0x2060 [ 174.853074][ T6277] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 174.853097][ T6277] ? __fget_files+0x2a/0x420 [ 174.853110][ T6277] ? sock_common_setsockopt+0x36/0xc0 [ 174.853121][ T6277] ? tcp_setsockopt+0x3d/0xe0 [ 174.853131][ T6277] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 174.853147][ T6277] do_sock_setsockopt+0x17c/0x1b0 [ 174.853164][ T6277] __x64_sys_setsockopt+0x143/0x1b0 [ 174.853180][ T6277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.853193][ T6277] do_syscall_64+0x15f/0xf80 [ 174.853207][ T6277] ? clear_bhb_loop+0x40/0x90 [ 174.853222][ T6277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.853233][ T6277] RIP: 0033:0x7f79f2e7cdd9 [ 174.853245][ T6277] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.853256][ T6277] RSP: 002b:00007f79f10ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 174.853272][ T6277] RAX: ffffffffffffffda RBX: 00007f79f30f5fa0 RCX: 00007f79f2e7cdd9 [ 174.853280][ T6277] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000004 [ 174.853287][ T6277] RBP: 00007f79f10ce090 R08: 0000000000000003 R09: 0000000000000000 [ 174.853294][ T6277] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 174.853302][ T6277] R13: 00007f79f30f6038 R14: 00007f79f30f5fa0 R15: 00007ffca23da4b8 [ 174.853319][ T6277] [ 175.028637][ T5709] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 175.028659][ T5709] cdc_wdm 4-1:1.0: Unknown control protocol [ 175.316833][ T5709] usb 4-1: USB disconnect, device number 8 [ 175.552770][ T6288] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 176.660644][ T10] usb 1-1: 0:1 : does not exist [ 176.660745][ T10] usb 1-1: unit 1 not found! [ 176.660761][ T10] usb 1-1: unit 8 not found! [ 177.408330][ T5613] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 177.562112][ T6302] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 177.583737][ T5613] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 177.583827][ T5613] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 177.583852][ T5613] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.638643][ T6306] netlink: 40 bytes leftover after parsing attributes in process `syz.2.147'. [ 178.174809][ T5613] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 178.215302][ T10] usb 1-1: USB disconnect, device number 8 [ 178.888727][ T6311] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 180.618205][ T6155] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 180.731130][ T6320] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 181.776814][ T5613] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 181.809597][ T5613] usb 2-1: USB disconnect, device number 9 [ 182.071684][ T6155] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 182.074772][ T6155] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 182.306942][ T5613] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 182.415038][ T3310] ------------[ cut here ]------------ [ 182.415054][ T3310] in_task() && kcov_mode_enabled(mode) [ 182.415062][ T3310] WARNING: kernel/kcov.c:884 at kcov_remote_start+0x5d8/0x710, CPU#0: kworker/u8:16/3310 [ 182.415105][ T3310] Modules linked in: [ 182.415126][ T3310] CPU: 0 UID: 0 PID: 3310 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 182.415150][ T3310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 182.415164][ T3310] Workqueue: events_unbound cfg80211_wiphy_work [ 182.415191][ T3310] RIP: 0010:kcov_remote_start+0x5d8/0x710 [ 182.415216][ T3310] Code: 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 52 da dc 02 90 0f 0b 90 e9 62 fa ff ff 90 0f 0b 90 0f b7 83 c0 04 00 00 e9 a3 fa ff ff 90 <0f> 0b 90 eb 04 90 0f 0b 90 e8 5a ef 57 09 89 c0 48 c7 c7 10 04 6b [ 182.415243][ T3310] RSP: 0018:ffffc9000e9379d8 EFLAGS: 00010202 [ 182.415262][ T3310] RAX: 0000000000000002 RBX: ffff888032d00000 RCX: 0000000000000000 [ 182.415277][ T3310] RDX: 0000000000000000 RSI: ffffffff8ba74d40 RDI: ffffffff8ba74d00 [ 182.415292][ T3310] RBP: ffff88802bebf140 R08: ffffffff8b1ea760 R09: ffffffff8dfc8140 [ 182.415309][ T3310] R10: dffffc0000000000 R11: fffffbfff1f11c3f R12: ffff8880622f9dc8 [ 182.415325][ T3310] R13: ffff8880622e07c0 R14: 0000000000000000 R15: ffff8880622f9de0 [ 182.415340][ T3310] FS: 0000000000000000(0000) GS:ffff888126179000(0000) knlGS:0000000000000000 [ 182.415358][ T3310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 182.415374][ T3310] CR2: 000000110c391f2a CR3: 000000003d32e000 CR4: 00000000003526f0 [ 182.415395][ T3310] Call Trace: [ 182.415403][ T3310] [ 182.415418][ T3310] ieee80211_iface_work+0x211/0x1390 [ 182.415465][ T3310] cfg80211_wiphy_work+0x2cf/0x460 [ 182.415489][ T3310] ? process_scheduled_works+0xa70/0x1860 [ 182.415517][ T3310] process_scheduled_works+0xb5d/0x1860 [ 182.415583][ T3310] ? __pfx_process_scheduled_works+0x10/0x10 [ 182.415638][ T3310] ? assign_work+0x3d5/0x5e0 [ 182.415670][ T3310] worker_thread+0xa53/0xfc0 [ 182.415731][ T3310] kthread+0x388/0x470 [ 182.415762][ T3310] ? __pfx_worker_thread+0x10/0x10 [ 182.415784][ T3310] ? __pfx_kthread+0x10/0x10 [ 182.415817][ T3310] ret_from_fork+0x514/0xb70 [ 182.415847][ T3310] ? __pfx_ret_from_fork+0x10/0x10 [ 182.415873][ T3310] ? __switch_to+0xc79/0x1410 [ 182.415910][ T3310] ? __pfx_kthread+0x10/0x10 [ 182.415943][ T3310] ret_from_fork_asm+0x1a/0x30 [ 182.415993][ T3310] [ 182.416005][ T3310] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 182.416019][ T3310] CPU: 0 UID: 0 PID: 3310 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 182.416042][ T3310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 182.416055][ T3310] Workqueue: events_unbound cfg80211_wiphy_work [ 182.416078][ T3310] Call Trace: [ 182.416086][ T3310] [ 182.416095][ T3310] vpanic+0x56c/0xa60 [ 182.416123][ T3310] ? __pfx__printk+0x10/0x10 [ 182.416153][ T3310] ? __pfx_vpanic+0x10/0x10 [ 182.416178][ T3310] ? is_bpf_text_address+0x292/0x2b0 [ 182.416207][ T3310] ? is_bpf_text_address+0x26/0x2b0 [ 182.416254][ T3310] panic+0xc5/0xd0 [ 182.416281][ T3310] ? __pfx_panic+0x10/0x10 [ 182.416319][ T3310] ? ret_from_fork_asm+0x1a/0x30 [ 182.416354][ T3310] __warn+0x315/0x4c0 [ 182.416379][ T3310] ? kcov_remote_start+0x5d8/0x710 [ 182.416405][ T3310] ? kcov_remote_start+0x5d8/0x710 [ 182.416431][ T3310] __report_bug+0x29a/0x540 [ 182.416463][ T3310] ? kcov_remote_start+0x5d8/0x710 [ 182.416486][ T3310] ? __pfx___report_bug+0x10/0x10 [ 182.416518][ T3310] ? do_raw_spin_lock+0x12b/0x2f0 [ 182.416544][ T3310] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 182.416582][ T3310] ? rt_spin_lock+0x1e0/0x400 [ 182.416612][ T3310] ? rt_spin_lock+0x1e0/0x400 [ 182.416642][ T3310] ? kcov_remote_start+0x5d8/0x710 [ 182.416665][ T3310] report_bug+0x16a/0x220 [ 182.416688][ T3310] ? kcov_remote_start+0x5d8/0x710 [ 182.416708][ T3310] ? kcov_remote_start+0x5da/0x710 [ 182.416730][ T3310] handle_bug+0x9c/0x200 [ 182.416760][ T3310] exc_invalid_op+0x1a/0x50 [ 182.416789][ T3310] asm_exc_invalid_op+0x1a/0x20 [ 182.416810][ T3310] RIP: 0010:kcov_remote_start+0x5d8/0x710 [ 182.416835][ T3310] Code: 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 52 da dc 02 90 0f 0b 90 e9 62 fa ff ff 90 0f 0b 90 0f b7 83 c0 04 00 00 e9 a3 fa ff ff 90 <0f> 0b 90 eb 04 90 0f 0b 90 e8 5a ef 57 09 89 c0 48 c7 c7 10 04 6b [ 182.416852][ T3310] RSP: 0018:ffffc9000e9379d8 EFLAGS: 00010202 [ 182.416870][ T3310] RAX: 0000000000000002 RBX: ffff888032d00000 RCX: 0000000000000000 [ 182.416885][ T3310] RDX: 0000000000000000 RSI: ffffffff8ba74d40 RDI: ffffffff8ba74d00 [ 182.416899][ T3310] RBP: ffff88802bebf140 R08: ffffffff8b1ea760 R09: ffffffff8dfc8140 [ 182.416915][ T3310] R10: dffffc0000000000 R11: fffffbfff1f11c3f R12: ffff8880622f9dc8 [ 182.416930][ T3310] R13: ffff8880622e07c0 R14: 0000000000000000 R15: ffff8880622f9de0 [ 182.416955][ T3310] ? rt_spin_lock+0x1e0/0x400 [ 182.416995][ T3310] ? kcov_remote_start+0xe0/0x710 [ 182.417022][ T3310] ieee80211_iface_work+0x211/0x1390 [ 182.417067][ T3310] cfg80211_wiphy_work+0x2cf/0x460 [ 182.417092][ T3310] ? process_scheduled_works+0xa70/0x1860 [ 182.417119][ T3310] process_scheduled_works+0xb5d/0x1860 [ 182.417183][ T3310] ? __pfx_process_scheduled_works+0x10/0x10 [ 182.417216][ T3310] ? assign_work+0x3d5/0x5e0 [ 182.417256][ T3310] worker_thread+0xa53/0xfc0 [ 182.417315][ T3310] kthread+0x388/0x470 [ 182.417346][ T3310] ? __pfx_worker_thread+0x10/0x10 [ 182.417368][ T3310] ? __pfx_kthread+0x10/0x10 [ 182.417400][ T3310] ret_from_fork+0x514/0xb70 [ 182.417429][ T3310] ? __pfx_ret_from_fork+0x10/0x10 [ 182.417452][ T3310] ? __switch_to+0xc79/0x1410 [ 182.417488][ T3310] ? __pfx_kthread+0x10/0x10 [ 182.417519][ T3310] ret_from_fork_asm+0x1a/0x30 [ 182.417569][ T3310] [ 182.417909][ T3310] Kernel Offset: disabled