last executing test programs: 10.876376113s ago: executing program 0 (id=266): syz_io_uring_setup(0x498, 0x0, &(0x7f0000000340), &(0x7f0000000040)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000000c0)="02", 0x1}], 0x1) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="020300090e000000ff000e000a004e22"], 0x70}}, 0x8810) r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=ANY=[@ANYBLOB="1400000005060301006d00000000000008000009"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}}) 10.431918212s ago: executing program 4 (id=269): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vlan1\x00'}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x8}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001400000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@gettaction={0x14, 0x5a, 0x1}, 0x14}}, 0x8044080) 10.124038677s ago: executing program 0 (id=270): sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @dev={0xfe, 0x80, '\x00', 0x2e}}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000200), 0x2) memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x6) socket$qrtr(0x2a, 0x2, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0xffffff13) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x25, 0x4}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x7, 0x8, 0x0, 0x0, 0x2b}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x200000004, 0x7}, 0x0, 0x0) recvmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) getrlimit(0x5, &(0x7f0000000180)) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_rdma(0x10, 0x3, 0x14) socket(0x2000000015, 0x80005, 0x0) 9.865036535s ago: executing program 4 (id=271): r0 = socket(0x1e, 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/comedi1\x00', 0x20200, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000300)={'aio_iiro_16\x00', [0x4f23, 0x7f, 0x1, 0x3, 0x1, 0xdea7, 0xc, 0x3, 0xa, 0xa6, 0xfffffffa, 0xffffffff, 0x401, 0x8000001, 0x6, 0x101, 0xf7fffffe, 0x5, 0x2, 0x40000001, 0x8c, 0xca9f, 0x0, 0x20001e58, 0xb, 0xc3, 0x3, 0x5, 0x800081, 0x0, 0x4]}) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f00000007c0)={0xa, 0x4e23, 0x0, @loopback, 0x1170}, 0x1c) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x6e21, @loopback}, 0x10) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000300)={0x25f, 0x0, {}, {0xee00}, 0x9b1, 0x80}) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee2, 0x8031, r0, 0x1000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) 6.943452483s ago: executing program 0 (id=275): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f363b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa30d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r0]) 5.91819447s ago: executing program 4 (id=277): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r0, 0xe503, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x103) userfaultfd(0x801) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x2, 0x0, 0x800, 0x4000000000000000, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x2, 0xfdff, 0x3, 0x4, 0x80000000000000, 0x6a9}, 0x0, 0x0) (fail_nth: 3) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000010) getpid() syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) 5.849979566s ago: executing program 3 (id=278): sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01002dbd0600ffdbdb2521000000200003"], 0x44}}, 0x28000) sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x18bf8ac0fc3e0635}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@void, @void}}}, 0x14}}, 0x840) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x64}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 5.844777199s ago: executing program 0 (id=279): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r0 = socket$netlink(0x10, 0x3, 0x8000000004) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x0) socket$netlink(0x10, 0x3, 0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0x24000}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}]}, 0x28}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x29, '\x00', r4, @fallback=0x4, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x6, 0x200008, 0x5, 0x409}, 0x10, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000000)={&(0x7f0000000380)=@bridge_setlink={0x0, 0x13, 0x8, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, 0x0, 0xc004, 0x7}, [@IFLA_WEIGHT={0x0, 0xf, 0x2}, @IFLA_AF_SPEC={0x0, 0x1a, 0x0, 0x1, [@AF_MPLS, @AF_MPLS, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @loopback}, @IFLA_INET6_TOKEN={0x0, 0x7, @private2}, @IFLA_INET6_ADDR_GEN_MODE={0x0, 0x8, 0x30}, @IFLA_INET6_ADDR_GEN_MODE={0x0, 0x8, 0xfe}, @IFLA_INET6_TOKEN={0x0, 0x7, @remote}]}]}, @IFLA_TARGET_NETNSID={0x0, 0x2e, 0x3}, @IFLA_GROUP={0x0, 0x1b, 0x6}]}, 0x14}, 0x1, 0x0, 0x0, 0x4040090}, 0x40014) 5.546995602s ago: executing program 0 (id=281): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @remote}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000002e00090027bd7000000000004e62b1b608001a00ac1414aa"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x275a, 0x0) ftruncate(r2, 0x8979) sendfile(r0, r2, 0x0, 0xfdef) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000203850000a26939d60000000000000f080001"], 0x1c}, 0x1, 0x0, 0x0, 0x20044005}, 0x0) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r3) r6 = getuid() quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f00000002c0)=@loop={'/dev/loop', 0x0}, r6, &(0x7f0000000300)='./bus\x00') ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1, {0xee01, 0xffffffffffffffff}}, './file0\x00'}) fchown(r2, r6, r7) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r5, 0x200, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x800) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000080)={'wpan1\x00'}) sendmsg$IEEE802154_LLSEC_DEL_DEV(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000f674bd00000d00000000000000", @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf252b0000000c0005000203aaaaaaaaaaaa0a0001007770616e30000000"], 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x90) r9 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) r10 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) ioctl$FBIOBLANK(r10, 0x4611, 0x2) sendfile(r9, r9, 0x0, 0x7) 5.506604468s ago: executing program 3 (id=282): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080)='udf\x00', 0x200004, &(0x7f00000001c0)='^\xc3cS\x9a\x92\x96\x00') io_setup(0xd9, &(0x7f00000000c0)=0x0) r1 = openat$sysfs(0xffffff9c, &(0x7f00000001c0)='/sys/power/pm_trace', 0x42, 0x0) io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0xfffffc98}]) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @private, @private}, &(0x7f0000000280)=0xc) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0/file0\x00'}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r4, 0x0, 0x0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xb, 0xd, &(0x7f0000000140)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], &(0x7f0000000040)='syzkaller\x00', 0xff, 0x4, &(0x7f0000000200)=""/4, 0x55a3581c21796eb2, 0xd, '\x00', r2, @fallback=0x22, r3, 0x8, &(0x7f0000000300)={0x9, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r4, 0x9, 0x0, &(0x7f0000000540)=[{0x5, 0x4, 0x7, 0x4}, {0x1, 0x5, 0xf, 0x1}, {0x2, 0x5, 0xa, 0x6}, {0x2, 0x3, 0x1, 0xb}, {0x2, 0x3, 0xd, 0xa}, {0x2, 0x3, 0xe, 0x3}, {0x0, 0x1, 0xd, 0xc}, {0x3, 0x1, 0xe, 0xa}, {0x3, 0x1, 0x9, 0x8}], 0x10, 0x3}, 0x94) r5 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r5, 0xffffffff80000600, 0x0, &(0x7f0000000100)={0x9, 0x4, 0x1, 0x5}) 4.174560237s ago: executing program 2 (id=283): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000280)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r1, 0x1, 0x30, 0x30, 0x0, @in6={0x1b, 0x4000, 0x0, @loopback, 0x10000bff}, @ib={0x1b, 0xd9, 0x100fff, {"4a50abf0c8ed50f638facd57de629163"}, 0x8000000000000001, 0x2, 0x3}}}, 0x118) 4.106396217s ago: executing program 3 (id=284): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@fwd={0x1}]}, {0x0, [0x4f, 0x5f]}}, 0x0, 0x28, 0x0, 0xa}, 0x28) (fail_nth: 3) 3.915420452s ago: executing program 2 (id=286): unshare(0x20000400) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x434, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x9}, 0x1c) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0xd, 0x6, 0x202, 0x0, 0x0, {0x3}}, 0x14}}, 0x4008801) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="100000ea2d000400000008000000020000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), 0xffffffffffffffff) 3.914696536s ago: executing program 3 (id=287): r0 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x200000a, 0x12, r0, 0x994c0000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000e57d60b7030000030a00006a0a00fe0000000c8500000026000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x143}, 0x48) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000170900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2000c450) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x1d}, @NFTA_NG_MODULUS={0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r0, 0x2000) fsetxattr$security_ima(r0, &(0x7f0000000040), &(0x7f0000000080)=@md5={0x1, "7c052a040e49bed672c6e5e0ed584554"}, 0x11, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0xfffff3db, 0x2, 0x7f11b2d5, 0x0, 0x2, 0xd2d6, 0x1, 0x6, 0x0, 0x91, 0xdfffffff, 0xb83, 0x0, 0x0, 0x8000, 0x1, 0x0, 0xffffffff, 0x0, 0x8, 0xc}}) 3.68406437s ago: executing program 1 (id=288): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0xbc}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xfe2c, 0x0, &(0x7f0000000100)="54ae1f8219560625baa794a469ce", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 3.645895485s ago: executing program 2 (id=289): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x98}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00') syz_open_dev$MSR(&(0x7f0000000140), 0x4ea, 0x0) pread64(0xffffffffffffffff, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3d) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2020020}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8020}, 0x40080) 2.538289147s ago: executing program 1 (id=290): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)='./file1\x00') setxattr$incfs_metadata(&(0x7f0000000840)='./bus\x00', &(0x7f0000000880), 0x0, 0x0, 0x2) rename(0x0, &(0x7f0000000200)='./file1/file0\x00') 2.396218672s ago: executing program 1 (id=291): r0 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) lseek(r0, 0x47c, 0x1) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240)=0x10, 0x80000) accept4$phonet_pipe(r2, &(0x7f0000000300), &(0x7f0000000340)=0x10, 0x180000) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x40) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000003c21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000001ec0)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d787fd9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d863b1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c0156e4b754c5c648b4ef8af32c91859f9706048f029634cefd0d767e8b7743262cb8a468ad37dfa47a745495e3f03cfa1d4ed71af55453c0a25fa1122a9054bcc4d9960c9a54f36b6db55154ab7dd19890d9f8ff3549e0fbd5a655319566b7f9c72be0242e7ffb59020356c3ffb5b9c43858e69d7b677a9bc5b8a64721a51b75a254e07199a73726834bea05901455ad53b38116b953c970b2002d0d1f91deb73ccb7266fbb21aa8555599daed7585575ef3efbd737f2523018ba4645d862889d5c3d91b12f04166db8bffecde54ee278d0d5351f3bf1f8902ff3f4c24a8c0c8a4e6addc9baadc471813589324d3128a1b193137c15c01be9f367317b1c885301ff8e9df728efa37df27f65eb0464055091f2ed469fdab48f413e3978f73ff9dffeb85453e841f86594612ac91b50add8d14910748bfa903033662f3e735ce6d299ce52338a96035aa89f63bd59d151fb20c38125236cbc0d795ac6f8da4cafc74714ed62a23b017e15adcaade58385b78c6945fb30a2539c42b1e415879433b9fb6966c6d19ed19f9f90cbd360d936a8b9f8e03bca5a83c063651b4636a7783bbda6417c83e470a16dfb115344a527436242ace9341432b5816b5e6609d97d600e142ca3cf74cbc00e1d9ee203cdfad339ce460b294f3931c5bd8ae6da8fc14d66a01bae4a212ef3d914e58c13217c8ad91628636b56257c7ca41b404cc2d4b5d50e26ebefc74656c62b1b4e9b6c5b6cc8d79101460f719d95925630bf99e042018439c50026513d680ea573620132ded57dea9e2da4e16f17dbc171642b1e80a3f41311ee73441302285668792160db6614fdb30d25a5719d2ae03ab98ea167597c48dd8197e7faf6189d801134462027901506c5ff1ae2558d96722217f65131d2f429693ae9fae19c101319473608976d08cc1c0d98f789b0c364e8aca574321ab2857af1015f1588afd313503085db4d99961a9391db06c10477ceb44199f1648594e8f9b452fafdab49b1962d02ee77ebd31b7931174a729fa943cb18102130e7e08eaba77df066069c2c3564fc85881ba0dad12c4f06a9e6dea9fea53931ff85e38505eb7ad60a52e2a8a248b3f4d0d55eee31f75f110c70e3b12409a79a5a98b0156c6d2a5d94604b8fa202b12746a365c708c671316cc0ffff6e9b7139b337953be22672a4910e1eb28cccc023b77028e20a6d377a339372f0dc235069f41c2692b0a3a7e0f315f4aebeef435a46b2e8b8462739293f9184c01b1434e87bf3fd48be54bf437056a1d2cff0c7aa52578013f96b1d5100ca936ff029cfd6f9a093621f684196ed7e1d363a97c647c34fe5f2370e7ab9dc718a1fc317779ab8a04bc12c01b778d17eea0b546bce03475fc6373c860714df0322dde550186c553ebd61ed18c0b80655f0827a63d209117ca23b026c1ad30bac4d43a4611292c7049f855b829a3a17fd2b83c142078beed8ca07b7cb7cd624705ccc160246c81174a4d3a9f2057caffe84b1ac073375e065c1ff4e9e22e7d87b3adb40ff796132e4ed86e5fc9f9616f8e4116be96497621692fb516e9316cfd15ad01742a1de4aa35fe02861236295823edf4c48fc37faf55226044e393a3733d58e8ef0f0c7941bc30f09739f37dea2f395f2e9e9b2c31a11923a2d6c9b14f1bacce15094cbbd6445f3581c6d45b76943b4d0db8fd4d4acbdb91780f57c872827abd7a1f13290a0d17dda220493476c92ce65e33f07afcf763aec0e67450f547101f1a5ada0f760c8f12137679324e22c7a13fdf78575115acb0ae4a2818b7b3ead27eea5eccba6f7a34c61819382eebfad742a3c603c6d2f332726996b3e8fcbdfd56b436c1173b1b3bc1ab66a717e31f2f918f0bea3f4801e04c14c881c59324fd9bc38745dd0e47da6bc8e98fe74a760304d74f17cd3cfceb33503397cf592d2b6a51b641d559ba8d6dc449e19b289fd1a4b3772b3998181e787723fe3893362d8f3e346c0ab0abe933e9bdd9a82b377914018377af9d2cbc58ab4fc08cea2623174239cea585603b8acd20da923a44799b1745c3bd65640508f96a0d92a6a2fd8314573f10b4f6e6cbf61e8828bd6e69b1b0c47f5795917a5035b3424dc3cadd2aadbbafb9d18349fab41d79ba13660f2c9400ff87784b26c3e88785db8522c93d3d4f12608736a235c8b9fff98a17934fe36792cb1992ea1b72b5e151cfe82b4ebc4f510882e4b34ee9f6ada188b104ba36e8acbd7bafe39b32f957da45c2743017545fd61667d36d58952de0cdbacb3abc549e1001bf6d9b19f9a353bb84bd152e04c061c691b514d6f1b36a8895424ce210a4cd75d537443a2791dc68e9fff510358f7586d3b73ed04223e683adf6a1c79d3bc92aa595cc6167", 0xa91}], 0x3}, 0x0) r3 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x14, 0x1000, 0x0, 0x7d}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2.391131657s ago: executing program 2 (id=292): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7ff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000019140000001100"], 0xd8}}, 0x80) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443", 0x67}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) 2.194936343s ago: executing program 0 (id=293): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf6a, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0xce}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="120000000c0000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f0000000500), 0x0}, 0x20) 2.194548615s ago: executing program 3 (id=294): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000700)=ANY=[@ANYRES32=0x1, @ANYRES32, @ANYBLOB='.\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="686ca731e26b657c88ebd2870ee3a75d31d1fe0bad6200e7516de03059fc8751be0c2dcdc3d46a9a6ea872343d6b8408f1e7f71170d3d5ebc76ebe0432900ea1886bccbfc726daf9d173c48dc5988b2c7e6c5859389a9dfffcecc29b31022afcfcb8873a0dc068b2f95b90ffbf30181e9914a3dccf2e137d9f2cf94a32a45b54559c71ef3456d66ce6731eb189630236", @ANYRES64=0x0], 0x20) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x0, 0xe9}, 0x9c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd29, 0x25dfdbfd, {0x60, 0x0, 0x0, 0x0, {0xf, 0xfff2}, {0xfff1, 0x10}, {0xfff3, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_INGRESS={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x3404c050}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) 2.194360332s ago: executing program 4 (id=295): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000020001280090001006970697000000000100002800800140002004000040002001400030074756e6c38000000000000001ede0000"], 0x54}}, 0x1020) 865.891195ms ago: executing program 1 (id=296): sched_setscheduler(0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b"], 0xfc}, 0x1, 0x0, 0x0, 0x2000c010}, 0x20000080) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) 863.771739ms ago: executing program 2 (id=297): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) setreuid(0xffffffffffffffff, 0xee00) r2 = epoll_create(0xf032126) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x10}) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r4, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x2) epoll_wait(r2, 0x0, 0x0, 0x8) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r5, &(0x7f0000002b40)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000300)="be84", 0x2}], 0x1}}, {{&(0x7f0000000280)={0x2, 0x4e26, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000200)="17349d03781faa032c8e742110fdadf10996fbc9115102495f1af15f54debe", 0x1f}], 0x1}}, {{&(0x7f0000000040)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000780)=[{&(0x7f0000000340)="7317", 0x2}], 0x1}}], 0x3, 0x2000c044) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x48, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) r9 = syz_io_uring_setup(0x10, &(0x7f0000000140)={0x0, 0xf9f9, 0x20, 0x2, 0x1e1}, &(0x7f0000000100)=0x0, &(0x7f0000000940)=0x0) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x760}}) io_uring_enter(r9, 0x133d, 0x0, 0x8, 0x0, 0x0) r12 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r12, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) close_range(r7, r12, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r6, 0x400455c8, 0x0) 682.723095ms ago: executing program 3 (id=298): r0 = syz_io_uring_setup(0x7c, &(0x7f0000000540)={0x0, 0x3bcf, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=0x0, &(0x7f0000000280)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r4, 0x0, &(0x7f0000000000)="bd", 0x1, 0x100, 0x1}) io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000200)='~', 0x1) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x8000) socketpair$nbd(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) r6 = syz_clone(0xa3004000, &(0x7f00000009c0)="7b642955ce8861d5884fe831e6988faed26cd4071fa4290853f7e365bfbb206229108fd4c15075f17348f14074d6414cd9a1dee2f76a74c624db86c3a1ea4addbacfc7cf6e8862f856b43e1a038f1f88b67ee86a2de3545624df97615712b547c9d8bc90198f039d5928c2ce5c59ad4d5aa5f6986d6a66122912021a9041949732788d48bd767e771005368c1e004f2d3ffbccf7cc1efe452ece06902674b69e380826d51bff06d30641c03645cdcd1f40a94194153e3f37ea9b27f41376a8cf38566a90b0700367a96f5ae6bb990173c74c73335cc69a8f1caa4923f2a59628ef6a8a06b995f115acf94b0a873731df5f4207b4339beb31075522bd24321fdcc6c3b87ad3d455ce18c209a3ffbbba10e9e0855d2221650cfd8746fe618f284c751420ed976e25705f237195c854d8bb10811f203cefef8b8ad8f90e4975cbaacc73672ffc3c1fbdd27cbf6bc12eb6", 0x14f, &(0x7f0000000100), &(0x7f0000000180), &(0x7f0000000240)="dedf1cdb98fce3b7887d574b19daaddec22d6d4f164868f971237990644ddf10a78832f91c20aacea81116fa004000") getpriority(0x2, r6) mount$cgroup2(0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) r10 = openat(r9, &(0x7f00000000c0)='./file0\x00', 0x402800, 0x141) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000100), 0x0, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, &(0x7f0000002280)) mkdir(0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r10, 0x0, 0xcc, 0x0, 0x0) r12 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/14], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r12}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 641.529013ms ago: executing program 1 (id=299): unshare(0x20000400) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x434, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x9}, 0x1c) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0xd, 0x6, 0x202, 0x0, 0x0, {0x3}}, 0x14}}, 0x4008801) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x403, 0x70bd29, 0x3d, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @loopback}, @IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x10001}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004}, 0x4804) 554.251053ms ago: executing program 2 (id=300): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) getpriority(0x2, 0xffffffffffffffff) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@ip_ttl={{0x14, 0x110}}], 0x18}, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000000)=0x800, 0x4) ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x2, 0x5001) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x40, 0x107, 0xfffffefe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x6, 0xb, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000000c0)={'veth1_to_batadv\x00', &(0x7f0000000000)=@ethtool_ts_info={0x4a}}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)='\\\\\xe9\x83\a\x00<\f\x91\b\xab\xe6\xfc\xf8~\x1d/\xd0\x12\xf5\xb1\a\xd4$\xae$\x91>6n @\xf4\xaa\xb1d\xe3\xd0\xb2e\x86KB\x1c\x8dCJd\x8bM\xbar<\xd6@\xdb\xd7\x01yd\xc5\x00G\x81<\xb8\xa5\xb3?\xb3>B\xc5\x13@\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\f\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\\\xeaQ\x17\n\f\xcd\xd5\x00\x00\x00\x00\x00\x00\x00j\xa4v\xefw\x96\\\\//\xcd4g+\xbd\xd1\xe0R{\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8cW\xee\xaer\xcb\xda\xfa\xaby\x80#', 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000003c0)=0x4) 131.293087ms ago: executing program 4 (id=301): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)='./file1\x00') setxattr$incfs_metadata(&(0x7f0000000840)='./bus\x00', &(0x7f0000000880), 0x0, 0x0, 0x2) rename(0x0, &(0x7f0000000200)='./file1/file0\x00') 97.926776ms ago: executing program 1 (id=302): prlimit64(0x0, 0xe, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x11b) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_ALM_READ(r2, 0x40187014, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x85c}, 0x1, 0x0, 0x0, 0x28044811}, 0xc042) 0s ago: executing program 4 (id=303): unshare(0x20000400) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0xd, 0x6, 0x202, 0x0, 0x0, {0x3}}, 0x14}}, 0x4008801) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="100000ea2d000400000008000000020000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), 0xffffffffffffffff) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 62.970995][ T5462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.991085][ T5462] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. syzkaller login: [ 90.922461][ T5784] cgroup: Unknown subsys name 'net' [ 91.184209][ T5784] cgroup: Unknown subsys name 'cpuset' [ 91.258960][ T5784] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.902924][ T31] cfg80211: failed to load regulatory.db [ 93.248198][ T5784] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.154652][ T5806] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.156315][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.157956][ T5806] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.159548][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.162244][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.166954][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.170725][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.214484][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.217210][ T5117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.237578][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.298525][ T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.300648][ T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.301520][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.304208][ T5806] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.304967][ T5806] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.306000][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 97.307269][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.326842][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 97.327639][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 97.327765][ T5810] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.337846][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 97.340764][ T5810] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.344659][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 97.364910][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.368768][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.129824][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 98.338756][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 98.395981][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 98.526417][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 98.540903][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 98.569134][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.569896][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.570315][ T5803] bridge_slave_0: entered allmulticast mode [ 98.572385][ T5803] bridge_slave_0: entered promiscuous mode [ 98.631333][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.631473][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.631706][ T5803] bridge_slave_1: entered allmulticast mode [ 98.633555][ T5803] bridge_slave_1: entered promiscuous mode [ 98.826179][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.826444][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.826567][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.826741][ T5804] bridge_slave_0: entered allmulticast mode [ 98.832034][ T5804] bridge_slave_0: entered promiscuous mode [ 98.892321][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.892708][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.892825][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.894666][ T5804] bridge_slave_1: entered allmulticast mode [ 98.896444][ T5804] bridge_slave_1: entered promiscuous mode [ 98.942449][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.942577][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.942717][ T5812] bridge_slave_0: entered allmulticast mode [ 98.944799][ T5812] bridge_slave_0: entered promiscuous mode [ 99.022687][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.022828][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.022950][ T5812] bridge_slave_1: entered allmulticast mode [ 99.024795][ T5812] bridge_slave_1: entered promiscuous mode [ 99.211876][ T5803] team0: Port device team_slave_0 added [ 99.215225][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.215464][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.215661][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.216211][ T5807] bridge_slave_0: entered allmulticast mode [ 99.218065][ T5807] bridge_slave_0: entered promiscuous mode [ 99.238792][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.239138][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.239653][ T5809] bridge_slave_0: entered allmulticast mode [ 99.246860][ T5809] bridge_slave_0: entered promiscuous mode [ 99.272186][ T5803] team0: Port device team_slave_1 added [ 99.303840][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.304093][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.304222][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.304869][ T5807] bridge_slave_1: entered allmulticast mode [ 99.306624][ T5807] bridge_slave_1: entered promiscuous mode [ 99.307971][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.308088][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.308220][ T5809] bridge_slave_1: entered allmulticast mode [ 99.341916][ T60] Bluetooth: hci0: command tx timeout [ 99.342644][ T5813] Bluetooth: hci1: command tx timeout [ 99.374956][ T5809] bridge_slave_1: entered promiscuous mode [ 99.407544][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.428544][ T60] Bluetooth: hci2: command tx timeout [ 99.428747][ T5813] Bluetooth: hci4: command tx timeout [ 99.485889][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.498702][ T5813] Bluetooth: hci3: command tx timeout [ 99.541442][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.541460][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.541487][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.589869][ T5804] team0: Port device team_slave_0 added [ 99.599695][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.603035][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.603945][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.603959][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.603987][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.670981][ T5804] team0: Port device team_slave_1 added [ 99.674231][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.676942][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.726071][ T5812] team0: Port device team_slave_0 added [ 99.777468][ T5812] team0: Port device team_slave_1 added [ 99.811818][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.811832][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.811851][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.854878][ T5807] team0: Port device team_slave_0 added [ 99.863128][ T5809] team0: Port device team_slave_0 added [ 99.886970][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.886982][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.887002][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.936897][ T5807] team0: Port device team_slave_1 added [ 99.942100][ T5809] team0: Port device team_slave_1 added [ 99.970387][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.970401][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.970420][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.050739][ T5803] hsr_slave_0: entered promiscuous mode [ 100.051782][ T5803] hsr_slave_1: entered promiscuous mode [ 100.055112][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.055123][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.055142][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.142916][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.142929][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.142948][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.145219][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.145229][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.145248][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.661532][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.661547][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.661572][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.686607][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.686659][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.686740][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.797476][ T5804] hsr_slave_0: entered promiscuous mode [ 100.803765][ T5804] hsr_slave_1: entered promiscuous mode [ 100.806855][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 100.807106][ T5804] Cannot create hsr debugfs directory [ 100.896312][ T5812] hsr_slave_0: entered promiscuous mode [ 100.897503][ T5812] hsr_slave_1: entered promiscuous mode [ 100.898209][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 100.898226][ T5812] Cannot create hsr debugfs directory [ 101.004760][ T5807] hsr_slave_0: entered promiscuous mode [ 101.005692][ T5807] hsr_slave_1: entered promiscuous mode [ 101.006383][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 101.006400][ T5807] Cannot create hsr debugfs directory [ 101.044587][ T5809] hsr_slave_0: entered promiscuous mode [ 101.045567][ T5809] hsr_slave_1: entered promiscuous mode [ 101.046232][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 101.046249][ T5809] Cannot create hsr debugfs directory [ 101.418558][ T5813] Bluetooth: hci1: command tx timeout [ 101.418600][ T5813] Bluetooth: hci0: command tx timeout [ 101.508673][ T60] Bluetooth: hci4: command tx timeout [ 101.508706][ T60] Bluetooth: hci2: command tx timeout [ 101.578646][ T5813] Bluetooth: hci3: command tx timeout [ 101.950622][ T5803] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.997353][ T5803] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 102.015922][ T5803] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 102.068912][ T5803] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.176314][ T5812] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 102.214707][ T5812] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 102.254083][ T5812] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 102.307038][ T5812] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 102.417103][ T5807] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.456143][ T5807] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.475638][ T5807] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.532917][ T5807] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.669125][ T5804] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 102.701583][ T5804] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 102.739468][ T5804] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 102.794229][ T5804] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 102.920466][ T5809] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.965073][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.981271][ T5809] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.031682][ T5809] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.067896][ T5809] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.152996][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.176188][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.207612][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.216693][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.254261][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.254398][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.307353][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.351500][ T1132] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.351735][ T1132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.358242][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.403690][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.403839][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.489715][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.507594][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.509855][ T5813] Bluetooth: hci0: command tx timeout [ 103.509887][ T5813] Bluetooth: hci1: command tx timeout [ 103.556773][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.556921][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.578848][ T60] Bluetooth: hci2: command tx timeout [ 103.578879][ T60] Bluetooth: hci4: command tx timeout [ 103.644046][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.655650][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.669327][ T5813] Bluetooth: hci3: command tx timeout [ 103.705476][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.754784][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.772406][ T1500] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.772523][ T1500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.831160][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.831339][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.919631][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.980874][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.981115][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.020387][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.035686][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.061538][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.306135][ T5803] veth0_vlan: entered promiscuous mode [ 104.373663][ T5803] veth1_vlan: entered promiscuous mode [ 104.390600][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.546478][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.595792][ T5803] veth0_macvtap: entered promiscuous mode [ 104.636914][ T5803] veth1_macvtap: entered promiscuous mode [ 104.780143][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.827422][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.861126][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.910391][ T1500] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.927388][ T1500] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.948039][ T1500] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.948218][ T5807] veth0_vlan: entered promiscuous mode [ 104.970292][ T1500] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.042551][ T5807] veth1_vlan: entered promiscuous mode [ 105.091627][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.272177][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.272204][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.347975][ T5804] veth0_vlan: entered promiscuous mode [ 105.380569][ T5807] veth0_macvtap: entered promiscuous mode [ 105.394411][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.394432][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.430534][ T5812] veth0_vlan: entered promiscuous mode [ 105.434100][ T5807] veth1_macvtap: entered promiscuous mode [ 105.451633][ T5804] veth1_vlan: entered promiscuous mode [ 105.490130][ T5809] veth0_vlan: entered promiscuous mode [ 105.501094][ T5812] veth1_vlan: entered promiscuous mode [ 105.536124][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.550321][ T5809] veth1_vlan: entered promiscuous mode [ 105.567461][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.579219][ T5813] Bluetooth: hci1: command tx timeout [ 105.579250][ T5813] Bluetooth: hci0: command tx timeout [ 105.615543][ T43] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.627478][ T43] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.650562][ T1132] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.666495][ T1132] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.668528][ T5813] Bluetooth: hci2: command tx timeout [ 105.668571][ T60] Bluetooth: hci4: command tx timeout [ 105.700590][ T5804] veth0_macvtap: entered promiscuous mode [ 105.738527][ T60] Bluetooth: hci3: command tx timeout [ 105.781752][ T5804] veth1_macvtap: entered promiscuous mode [ 105.797959][ T37] audit: type=1326 audit(1773733250.415:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5913 comm="syz.2.3" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2b89fcc799 code=0x0 [ 105.843335][ T5812] veth0_macvtap: entered promiscuous mode [ 105.919150][ T5812] veth1_macvtap: entered promiscuous mode [ 105.945804][ T5809] veth0_macvtap: entered promiscuous mode [ 106.005438][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.021390][ T5809] veth1_macvtap: entered promiscuous mode [ 106.093477][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.134646][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.134668][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.150736][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.176957][ T1132] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.195957][ T1132] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.210024][ T1132] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.212861][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.238119][ T1132] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.294424][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.360500][ T57] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.363348][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.363367][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.399549][ T57] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.401781][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.433428][ T57] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.497407][ T57] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.541941][ T147] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.578785][ T147] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.642466][ T147] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.678542][ T1514] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.845246][ T5932] FAULT_INJECTION: forcing a failure. [ 106.845246][ T5932] name failslab, interval 1, probability 0, space 0, times 1 [ 106.845295][ T5932] CPU: 0 UID: 0 PID: 5932 Comm: syz.1.9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 106.845320][ T5932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 106.845345][ T5932] Call Trace: [ 106.845354][ T5932] [ 106.845364][ T5932] dump_stack_lvl+0xe8/0x150 [ 106.845407][ T5932] should_fail_ex+0x46b/0x600 [ 106.845440][ T5932] should_failslab+0xa8/0x100 [ 106.845464][ T5932] kmem_cache_alloc_noprof+0x87/0x680 [ 106.845497][ T5932] ? io_submit_one+0x130/0x14c0 [ 106.845537][ T5932] io_submit_one+0x130/0x14c0 [ 106.845573][ T5932] ? irqentry_exit+0x59e/0x620 [ 106.845606][ T5932] ? lockdep_hardirqs_on+0x7a/0x110 [ 106.845638][ T5932] ? irqentry_exit+0x59e/0x620 [ 106.845676][ T5932] ? trace_irq_disable+0x3b/0x150 [ 106.845709][ T5932] ? __pfx_io_submit_one+0x10/0x10 [ 106.845758][ T5932] ? __might_fault+0xaf/0x130 [ 106.845799][ T5932] __se_sys_io_submit+0x195/0x340 [ 106.845834][ T5932] ? __pfx___se_sys_io_submit+0x10/0x10 [ 106.845863][ T5932] ? ksys_write+0x248/0x270 [ 106.845913][ T5932] do_syscall_64+0x14d/0xf80 [ 106.845946][ T5932] ? trace_irq_disable+0x3b/0x150 [ 106.845983][ T5932] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.846006][ T5932] ? clear_bhb_loop+0x40/0x90 [ 106.846033][ T5932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.846055][ T5932] RIP: 0033:0x7f65129ac799 [ 106.846079][ T5932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.846115][ T5932] RSP: 002b:00007f6510c06028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 106.846139][ T5932] RAX: ffffffffffffffda RBX: 00007f6512c25fa0 RCX: 00007f65129ac799 [ 106.846154][ T5932] RDX: 0000200000000140 RSI: 0000000000000001 RDI: 00007f6513760000 [ 106.846170][ T5932] RBP: 00007f6510c06090 R08: 0000000000000000 R09: 0000000000000000 [ 106.846183][ T5932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.846195][ T5932] R13: 00007f6512c26038 R14: 00007f6512c25fa0 R15: 00007ffd697ab328 [ 106.846226][ T5932] [ 107.213242][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.213263][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.386719][ T5942] Malformed UNC in devname [ 107.386719][ T5942] [ 107.387201][ T5942] CIFS: VFS: Malformed UNC in devname [ 107.406663][ T5943] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.570089][ T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.570111][ T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.646616][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.646637][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.676818][ T5887] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 107.746042][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.746064][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.827849][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.827871][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.906161][ T5887] usb 3-1: unable to get BOS descriptor or descriptor too short [ 107.942703][ T5887] usb 3-1: config 63 has an invalid interface number: 66 but max is 0 [ 107.942733][ T5887] usb 3-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 107.942754][ T5887] usb 3-1: config 63 has no interface number 0 [ 107.942789][ T5887] usb 3-1: config 63 interface 66 has no altsetting 0 [ 107.947240][ T5887] usb 3-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 107.947270][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.947292][ T5887] usb 3-1: Product: ခ [ 107.947307][ T5887] usb 3-1: Manufacturer: 될듊鄐鹪퐐呴彄ɑ慥䆫솮⃧窙⫦㘃댉⢙ꥣ횡ӣ塷䌷ᾫ䚶䂰ﶂ를ﯭ࠰ೊ蘄蝄ﶇ넲엌鉿잦⼀哇ᩪ⯔䫹唉舞İᣲ帪প鎪൅ś큘⌚⮠쥖檨ℂႥ檯ഘ泲䝻瞨軵ᷔ耂∎竫⿣㲍诒┩삹杙䋊瀿魇ᜩ僓喦ᣙ疃䖒щ㾋鲭䵳 [ 107.947340][ T5887] usb 3-1: SerialNumber: syz [ 108.245794][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.245819][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.426075][ T5949] FAULT_INJECTION: forcing a failure. [ 108.426075][ T5949] name failslab, interval 1, probability 0, space 0, times 0 [ 108.426111][ T5949] CPU: 1 UID: 0 PID: 5949 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 108.426135][ T5949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.426148][ T5949] Call Trace: [ 108.426157][ T5949] [ 108.426166][ T5949] dump_stack_lvl+0xe8/0x150 [ 108.426206][ T5949] should_fail_ex+0x46b/0x600 [ 108.426240][ T5949] should_failslab+0xa8/0x100 [ 108.426265][ T5949] __kmalloc_noprof+0xdf/0x7b0 [ 108.426299][ T5949] ? kfree+0x4d/0x6c0 [ 108.426328][ T5949] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 108.426363][ T5949] tomoyo_realpath_from_path+0xe3/0x5d0 [ 108.426405][ T5949] tomoyo_path_perm+0x283/0x560 [ 108.426439][ T5949] ? tomoyo_path_perm+0x251/0x560 [ 108.426474][ T5949] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 108.426540][ T5949] ? rcu_is_watching+0x15/0xb0 [ 108.426573][ T5949] ? bpf_lsm_capable+0x9/0x20 [ 108.426598][ T5949] ? security_capable+0x7e/0x2c0 [ 108.426636][ T5949] security_path_chroot+0x85/0x240 [ 108.426669][ T5949] __se_sys_chroot+0x23a/0x3f0 [ 108.426693][ T5949] ? __pfx___se_sys_chroot+0x10/0x10 [ 108.426730][ T5949] do_syscall_64+0x14d/0xf80 [ 108.426764][ T5949] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.426787][ T5949] ? clear_bhb_loop+0x40/0x90 [ 108.426816][ T5949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.426839][ T5949] RIP: 0033:0x7fcd6360c799 [ 108.426859][ T5949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.426878][ T5949] RSP: 002b:00007fcd61824028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1 [ 108.426901][ T5949] RAX: ffffffffffffffda RBX: 00007fcd63886180 RCX: 00007fcd6360c799 [ 108.426917][ T5949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 108.426931][ T5949] RBP: 00007fcd61824090 R08: 0000000000000000 R09: 0000000000000000 [ 108.426944][ T5949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.426957][ T5949] R13: 00007fcd63886218 R14: 00007fcd63886180 R15: 00007fff8d7cbac8 [ 108.426992][ T5949] [ 108.427001][ T5949] ERROR: Out of memory at tomoyo_realpath_from_path. [ 109.323135][ T5950] geneve2: entered promiscuous mode [ 109.487005][ T5953] FAULT_INJECTION: forcing a failure. [ 109.487005][ T5953] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 109.487040][ T5953] CPU: 0 UID: 0 PID: 5953 Comm: syz.4.5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 109.487064][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.487076][ T5953] Call Trace: [ 109.487084][ T5953] [ 109.487093][ T5953] dump_stack_lvl+0xe8/0x150 [ 109.487129][ T5953] should_fail_ex+0x46b/0x600 [ 109.487162][ T5953] _copy_to_user+0x31/0xb0 [ 109.487214][ T5953] simple_read_from_buffer+0xe1/0x170 [ 109.487260][ T5953] proc_fail_nth_read+0x1be/0x230 [ 109.487290][ T5953] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.487319][ T5953] ? rw_verify_area+0x2ac/0x4e0 [ 109.487351][ T5953] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.487379][ T5953] vfs_read+0x212/0xa80 [ 109.487415][ T5953] ? __pfx_vfs_read+0x10/0x10 [ 109.487449][ T5953] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 109.487483][ T5953] ? lockdep_hardirqs_on+0x7a/0x110 [ 109.487516][ T5953] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 109.487549][ T5953] ? mutex_lock_nested+0x152/0x1d0 [ 109.487574][ T5953] ? fdget_pos+0x252/0x320 [ 109.487611][ T5953] ksys_read+0x156/0x270 [ 109.487645][ T5953] ? __pfx_ksys_read+0x10/0x10 [ 109.487676][ T5953] ? __pfx_tty_ioctl+0x10/0x10 [ 109.487715][ T5953] do_syscall_64+0x14d/0xf80 [ 109.487745][ T5953] ? trace_irq_disable+0x3b/0x150 [ 109.487770][ T5953] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.487810][ T5953] ? clear_bhb_loop+0x40/0x90 [ 109.487838][ T5953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.487862][ T5953] RIP: 0033:0x7fcc1925cfce [ 109.487890][ T5953] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 109.487909][ T5953] RSP: 002b:00007fcc174f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.487932][ T5953] RAX: ffffffffffffffda RBX: 00007fcc174f66c0 RCX: 00007fcc1925cfce [ 109.487946][ T5953] RDX: 000000000000000f RSI: 00007fcc174f60a0 RDI: 0000000000000004 [ 109.487960][ T5953] RBP: 00007fcc174f6090 R08: 0000000000000000 R09: 0000000000000000 [ 109.487973][ T5953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.487986][ T5953] R13: 00007fcc19516038 R14: 00007fcc19515fa0 R15: 00007ffd6be9b5c8 [ 109.488021][ T5953] [ 109.951978][ T5960] syz.3.15 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 110.475555][ T3125] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 111.403011][ T5975] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 111.403070][ T5975] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 111.410453][ T5975] vhci_hcd vhci_hcd.0: Device attached [ 111.704541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.704576][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.704662][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.838452][ T5922] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 111.884191][ T3125] usb 1-1: config 0 has no interfaces? [ 111.970027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 112.208379][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.268342][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.498331][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.568337][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.789773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.893509][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 113.374930][ T5976] vhci_hcd: connection reset by peer [ 113.380220][ T1132] vhci_hcd vhci_hcd.1: stop threads [ 113.423123][ T1132] vhci_hcd vhci_hcd.1: release socket [ 113.423384][ T1132] vhci_hcd vhci_hcd.1: disconnect device [ 113.498848][ T5887] uvcvideo 3-1:63.66: Found UVC 0.07 device ခ (174f:8acf) [ 113.498959][ T5887] uvcvideo 3-1:63.66: No valid video chain found. [ 113.595144][ T5887] usb 3-1: USB disconnect, device number 2 [ 113.963062][ T3125] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 113.963096][ T3125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.963128][ T3125] usb 1-1: Product: syz [ 113.963145][ T3125] usb 1-1: Manufacturer: syz [ 114.017394][ T3125] usb 1-1: config 0 descriptor?? [ 114.029542][ T3125] usb 1-1: can't set config #0, error -71 [ 114.105110][ T3125] usb 1-1: USB disconnect, device number 2 [ 117.196757][ T5922] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 117.423969][ T6004] FAULT_INJECTION: forcing a failure. [ 117.423969][ T6004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.423996][ T6004] CPU: 1 UID: 0 PID: 6004 Comm: syz.2.25 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 117.424013][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.424023][ T6004] Call Trace: [ 117.424028][ T6004] [ 117.424035][ T6004] dump_stack_lvl+0xe8/0x150 [ 117.424063][ T6004] should_fail_ex+0x46b/0x600 [ 117.424087][ T6004] _copy_from_iter+0x1d3/0x1670 [ 117.424114][ T6004] ? trace_kmem_cache_alloc+0x29/0xf0 [ 117.424137][ T6004] ? __alloc_skb+0x27d/0x7d0 [ 117.424160][ T6004] ? __pfx__copy_from_iter+0x10/0x10 [ 117.424181][ T6004] ? kmem_cache_alloc_node_noprof+0x27c/0x6e0 [ 117.424205][ T6004] ? __alloc_skb+0x27d/0x7d0 [ 117.424230][ T6004] ? netlink_sendmsg+0x650/0xb40 [ 117.424251][ T6004] ? skb_put+0x11b/0x210 [ 117.424304][ T6004] netlink_sendmsg+0x6c0/0xb40 [ 117.424344][ T6004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.424380][ T6004] ? unwind_get_return_address+0x4d/0x90 [ 117.424400][ T6004] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 117.424426][ T6004] ____sys_sendmsg+0x94c/0x9c0 [ 117.424446][ T6004] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.424472][ T6004] ? import_iovec+0x73/0xa0 [ 117.424497][ T6004] ___sys_sendmsg+0x2a5/0x360 [ 117.424517][ T6004] ? __pfx____sys_sendmsg+0x10/0x10 [ 117.424557][ T6004] ? __fget_files+0x2a/0x420 [ 117.424577][ T6004] ? __fget_files+0x3a6/0x420 [ 117.424606][ T6004] __x64_sys_sendmsg+0x1c3/0x2a0 [ 117.424624][ T6004] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 117.424646][ T6004] ? __pfx_ksys_write+0x10/0x10 [ 117.424683][ T6004] do_syscall_64+0x14d/0xf80 [ 117.424706][ T6004] ? trace_irq_disable+0x3b/0x150 [ 117.424725][ T6004] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.424741][ T6004] ? clear_bhb_loop+0x40/0x90 [ 117.424760][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.424775][ T6004] RIP: 0033:0x7f2b89fcc799 [ 117.424791][ T6004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.424804][ T6004] RSP: 002b:00007f2b88226028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.424820][ T6004] RAX: ffffffffffffffda RBX: 00007f2b8a245fa0 RCX: 00007f2b89fcc799 [ 117.424832][ T6004] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 117.424841][ T6004] RBP: 00007f2b88226090 R08: 0000000000000000 R09: 0000000000000000 [ 117.424851][ T6004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.424860][ T6004] R13: 00007f2b8a246038 R14: 00007f2b8a245fa0 R15: 00007ffeb79eec78 [ 117.424884][ T6004] [ 117.722352][ T6007] overlayfs: missing 'lowerdir' [ 118.309970][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29'. [ 118.309994][ T6015] netlink: 12 bytes leftover after parsing attributes in process `syz.2.29'. [ 118.310104][ T6015] netlink: 'syz.2.29': attribute type 15 has an invalid length. [ 118.588993][ T6022] FAULT_INJECTION: forcing a failure. [ 118.588993][ T6022] name failslab, interval 1, probability 0, space 0, times 0 [ 118.589029][ T6022] CPU: 0 UID: 0 PID: 6022 Comm: syz.3.32 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 118.589054][ T6022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.589067][ T6022] Call Trace: [ 118.589075][ T6022] [ 118.589085][ T6022] dump_stack_lvl+0xe8/0x150 [ 118.589133][ T6022] should_fail_ex+0x46b/0x600 [ 118.589166][ T6022] should_failslab+0xa8/0x100 [ 118.589191][ T6022] __kmalloc_cache_noprof+0x84/0x690 [ 118.589225][ T6022] ? __se_sys_mount+0x166/0x420 [ 118.589250][ T6022] ? memdup_user+0x99/0xd0 [ 118.589283][ T6022] __se_sys_mount+0x166/0x420 [ 118.589318][ T6022] ? __pfx___se_sys_mount+0x10/0x10 [ 118.589352][ T6022] ? __x64_sys_mount+0x20/0xc0 [ 118.589382][ T6022] do_syscall_64+0x14d/0xf80 [ 118.589414][ T6022] ? trace_irq_disable+0x3b/0x150 [ 118.589440][ T6022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.589462][ T6022] ? clear_bhb_loop+0x40/0x90 [ 118.589489][ T6022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.589512][ T6022] RIP: 0033:0x7fcd6360c799 [ 118.589532][ T6022] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.589551][ T6022] RSP: 002b:00007fcd61824028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 118.589573][ T6022] RAX: ffffffffffffffda RBX: 00007fcd63886180 RCX: 00007fcd6360c799 [ 118.589589][ T6022] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 118.589603][ T6022] RBP: 00007fcd61824090 R08: 0000200000000400 R09: 0000000000000000 [ 118.589617][ T6022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.589630][ T6022] R13: 00007fcd63886218 R14: 00007fcd63886180 R15: 00007fff8d7cbac8 [ 118.589670][ T6022] [ 120.921721][ T6042] FAULT_INJECTION: forcing a failure. [ 120.921721][ T6042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.921792][ T6042] CPU: 1 UID: 0 PID: 6042 Comm: syz.2.38 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 120.921817][ T6042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 120.921830][ T6042] Call Trace: [ 120.921838][ T6042] [ 120.921848][ T6042] dump_stack_lvl+0xe8/0x150 [ 120.921895][ T6042] should_fail_ex+0x46b/0x600 [ 120.921929][ T6042] _copy_from_user+0x2d/0xb0 [ 120.921963][ T6042] __copy_msghdr+0x3c5/0x5b0 [ 120.921991][ T6042] ___sys_sendmsg+0x213/0x360 [ 120.922020][ T6042] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.922048][ T6042] ? kstrtouint+0x6e/0xe0 [ 120.922101][ T6042] ? __fget_files+0x2a/0x420 [ 120.922137][ T6042] ? __fget_files+0x3a6/0x420 [ 120.922176][ T6042] __sys_sendmmsg+0x282/0x4e0 [ 120.922205][ T6042] ? __pfx___sys_sendmmsg+0x10/0x10 [ 120.922238][ T6042] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 120.922280][ T6042] ? ksys_write+0x248/0x270 [ 120.922314][ T6042] ? __pfx_ksys_write+0x10/0x10 [ 120.922354][ T6042] __x64_sys_sendmmsg+0xa0/0xc0 [ 120.922379][ T6042] do_syscall_64+0x14d/0xf80 [ 120.922418][ T6042] ? trace_irq_disable+0x3b/0x150 [ 120.922445][ T6042] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.922468][ T6042] ? clear_bhb_loop+0x40/0x90 [ 120.922497][ T6042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.922519][ T6042] RIP: 0033:0x7f2b89fcc799 [ 120.922552][ T6042] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.922570][ T6042] RSP: 002b:00007f2b88226028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 120.922601][ T6042] RAX: ffffffffffffffda RBX: 00007f2b8a245fa0 RCX: 00007f2b89fcc799 [ 120.922618][ T6042] RDX: 0000000000000002 RSI: 0000200000000bc0 RDI: 0000000000000003 [ 120.922631][ T6042] RBP: 00007f2b88226090 R08: 0000000000000000 R09: 0000000000000000 [ 120.922645][ T6042] R10: 0000000024004044 R11: 0000000000000246 R12: 0000000000000001 [ 120.922658][ T6042] R13: 00007f2b8a246038 R14: 00007f2b8a245fa0 R15: 00007ffeb79eec78 [ 120.922694][ T6042] [ 122.653075][ T6051] overlayfs: missing 'lowerdir' [ 122.792093][ T6054] fuse: Bad value for 'user_id' [ 122.792113][ T6054] fuse: Bad value for 'user_id' [ 123.057502][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz.2.45'. [ 123.067796][ T6060] netlink: 'syz.2.45': attribute type 6 has an invalid length. [ 123.067820][ T6060] netlink: 72 bytes leftover after parsing attributes in process `syz.2.45'. [ 123.176398][ T6062] netlink: 20 bytes leftover after parsing attributes in process `syz.4.46'. [ 123.238515][ T6065] netlink: 20 bytes leftover after parsing attributes in process `syz.4.46'. [ 123.453525][ T6069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.44'. [ 123.453552][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.44'. [ 123.453580][ T6069] netlink: 'syz.3.44': attribute type 15 has an invalid length. [ 124.837461][ T6083] overlayfs: missing 'lowerdir' [ 127.808544][ T5886] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 127.958413][ T5886] usb 2-1: Using ep0 maxpacket: 8 [ 127.968197][ T5886] usb 2-1: config 3 has an invalid interface number: 35 but max is 2 [ 127.968220][ T5886] usb 2-1: config 3 has an invalid interface number: 3 but max is 2 [ 127.968235][ T5886] usb 2-1: config 3 has an invalid interface number: 123 but max is 2 [ 127.974993][ T5886] usb 2-1: config 3 has no interface number 0 [ 127.975078][ T5886] usb 2-1: config 3 has no interface number 1 [ 127.975142][ T5886] usb 2-1: config 3 has no interface number 2 [ 127.975599][ T5886] usb 2-1: config 3 interface 35 altsetting 8 endpoint 0x4 has invalid maxpacket 520, setting to 64 [ 127.975682][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 127.975737][ T5886] usb 2-1: config 3 interface 35 altsetting 8 endpoint 0xC has invalid maxpacket 927, setting to 64 [ 127.975809][ T5886] usb 2-1: config 3 interface 35 altsetting 8 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 127.975883][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has a duplicate endpoint with address 0xC, skipping [ 127.975946][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 127.976002][ T5886] usb 2-1: config 3 interface 35 altsetting 8 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 127.976077][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 127.976138][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 127.976192][ T5886] usb 2-1: config 3 interface 35 altsetting 8 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 127.976265][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has a duplicate endpoint with address 0xC, skipping [ 127.976330][ T5886] usb 2-1: config 3 interface 35 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 127.976419][ T5886] usb 2-1: config 3 interface 3 altsetting 5 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 127.976447][ T5886] usb 2-1: config 3 interface 3 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 127.976470][ T5886] usb 2-1: config 3 interface 3 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 127.976554][ T5886] usb 2-1: config 3 interface 123 altsetting 1 has a duplicate endpoint with address 0x7, skipping [ 127.976632][ T5886] usb 2-1: config 3 interface 123 altsetting 1 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 127.976699][ T5886] usb 2-1: config 3 interface 35 has no altsetting 0 [ 127.976756][ T5886] usb 2-1: config 3 interface 3 has no altsetting 0 [ 127.976807][ T5886] usb 2-1: config 3 interface 123 has no altsetting 0 [ 128.121315][ T5886] usb 2-1: Dual-Role OTG device on HNP port [ 128.122329][ T5886] usb 2-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice=f7.9a [ 128.122355][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.122376][ T5886] usb 2-1: Product: ю [ 128.122422][ T5886] usb 2-1: Manufacturer: 䦶碬韐뱱㛨꒷﬚䱂퓳煏撳憤虲읗竴讎㘥ᳺ䘁틦ꗻီ폆铧坦쎏滳璈﬜훡ꪽǝ柈蟨纜ﲞ㬴敊코 [ 128.122497][ T5886] usb 2-1: SerialNumber: 痧䗝⥢鏅盟쮟 [ 128.418469][ T808] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 128.529619][ T6111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.532535][ T6111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.536960][ T6111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.537527][ T6111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.615606][ T808] usb 1-1: unable to get BOS descriptor or descriptor too short [ 128.617899][ T808] usb 1-1: not running at top speed; connect to a high speed hub [ 128.642583][ T808] usb 1-1: config 4 has an invalid interface number: 47 but max is 0 [ 128.642611][ T808] usb 1-1: config 4 has no interface number 0 [ 128.642645][ T808] usb 1-1: config 4 interface 47 has no altsetting 0 [ 128.647885][ T6119] FAULT_INJECTION: forcing a failure. [ 128.647885][ T6119] name failslab, interval 1, probability 0, space 0, times 0 [ 128.647917][ T6119] CPU: 1 UID: 0 PID: 6119 Comm: syz.3.61 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 128.647938][ T6119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 128.647948][ T6119] Call Trace: [ 128.647953][ T6119] [ 128.647960][ T6119] dump_stack_lvl+0xe8/0x150 [ 128.647988][ T6119] should_fail_ex+0x46b/0x600 [ 128.648012][ T6119] should_failslab+0xa8/0x100 [ 128.648030][ T6119] __kmalloc_noprof+0xdf/0x7b0 [ 128.648055][ T6119] ? tomoyo_encode+0x28b/0x550 [ 128.648077][ T6119] tomoyo_encode+0x28b/0x550 [ 128.648099][ T6119] tomoyo_realpath_from_path+0x58d/0x5d0 [ 128.648125][ T6119] ? tomoyo_path_number_perm+0x219/0x630 [ 128.648150][ T6119] tomoyo_path_number_perm+0x246/0x630 [ 128.648176][ T6119] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.648203][ T6119] ? __lock_acquire+0x6b5/0x2cf0 [ 128.648262][ T6119] ? __fget_files+0x2a/0x420 [ 128.648292][ T6119] ? __fget_files+0x2a/0x420 [ 128.648320][ T6119] ? __fget_files+0x3a6/0x420 [ 128.648345][ T6119] ? __fget_files+0x2a/0x420 [ 128.648377][ T6119] security_file_ioctl+0xc3/0x2a0 [ 128.648414][ T6119] __se_sys_ioctl+0x47/0x170 [ 128.648453][ T6119] do_syscall_64+0x14d/0xf80 [ 128.648487][ T6119] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.648510][ T6119] ? clear_bhb_loop+0x40/0x90 [ 128.648538][ T6119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.648560][ T6119] RIP: 0033:0x7fcd6360c799 [ 128.648580][ T6119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.648598][ T6119] RSP: 002b:00007fcd61866028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.648621][ T6119] RAX: ffffffffffffffda RBX: 00007fcd63885fa0 RCX: 00007fcd6360c799 [ 128.648636][ T6119] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 128.648649][ T6119] RBP: 00007fcd61866090 R08: 0000000000000000 R09: 0000000000000000 [ 128.648662][ T6119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.648673][ T6119] R13: 00007fcd63886038 R14: 00007fcd63885fa0 R15: 00007fff8d7cbac8 [ 128.648707][ T6119] [ 128.675657][ T6119] ERROR: Out of memory at tomoyo_realpath_from_path. [ 128.923105][ T808] usb 1-1: New USB device found, idVendor=17cc, idProduct=1940, bcdDevice=cf.e5 [ 128.923137][ T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.923159][ T808] usb 1-1: Product: syz [ 128.923174][ T808] usb 1-1: Manufacturer: syz [ 128.923189][ T808] usb 1-1: SerialNumber: syz [ 129.041776][ T5886] option 2-1:3.35: GSM modem (1-port) converter detected [ 129.235668][ T5886] option 2-1:3.123: GSM modem (1-port) converter detected [ 129.362654][ T5886] usb 2-1: USB disconnect, device number 2 [ 129.513083][ T5886] option 2-1:3.35: device disconnected [ 129.611172][ T5886] option 2-1:3.123: device disconnected [ 129.995087][ T6131] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 129.995156][ T6131] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 130.178132][ T6133] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 131.160205][ T808] snd-usb-caiaq 1-1:4.47: can't set alt interface. [ 131.160228][ T808] usb 1-1: unable to init card! (ret=-5) [ 131.456582][ T808] snd-usb-caiaq 1-1:4.47: probe with driver snd-usb-caiaq failed with error -5 [ 131.470000][ T808] usb 1-1: USB disconnect, device number 3 [ 131.706486][ T6151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.71'. [ 131.706509][ T6151] netlink: 12 bytes leftover after parsing attributes in process `syz.3.71'. [ 131.706535][ T6151] netlink: 'syz.3.71': attribute type 15 has an invalid length. [ 131.966563][ T6157] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 131.966621][ T6157] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 132.140692][ T6159] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 132.463933][ T6166] FAULT_INJECTION: forcing a failure. [ 132.463933][ T6166] name failslab, interval 1, probability 0, space 0, times 0 [ 132.463970][ T6166] CPU: 0 UID: 0 PID: 6166 Comm: syz.1.79 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 132.463995][ T6166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 132.464007][ T6166] Call Trace: [ 132.464016][ T6166] [ 132.464026][ T6166] dump_stack_lvl+0xe8/0x150 [ 132.464072][ T6166] should_fail_ex+0x46b/0x600 [ 132.464106][ T6166] should_failslab+0xa8/0x100 [ 132.464132][ T6166] __kmalloc_cache_noprof+0x84/0x690 [ 132.464169][ T6166] ? ipv6_flowlabel_opt+0xd72/0x2340 [ 132.464200][ T6166] ipv6_flowlabel_opt+0xd72/0x2340 [ 132.464239][ T6166] ? __pfx_ipv6_flowlabel_opt+0x10/0x10 [ 132.464275][ T6166] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 132.464310][ T6166] ? lockdep_hardirqs_on+0x7a/0x110 [ 132.464343][ T6166] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 132.464377][ T6166] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 132.464417][ T6166] ? __local_bh_enable+0x1e1/0x2f0 [ 132.464454][ T6166] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 132.464486][ T6166] ? lockdep_hardirqs_on+0x7a/0x110 [ 132.464524][ T6166] do_ipv6_setsockopt+0xda7/0x31c0 [ 132.464558][ T6166] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 132.464608][ T6166] ? __lock_acquire+0x6b5/0x2cf0 [ 132.464647][ T6166] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 132.464680][ T6166] ? lockdep_hardirqs_on+0x7a/0x110 [ 132.464727][ T6166] ? __fget_files+0x2a/0x420 [ 132.464759][ T6166] ipv6_setsockopt+0x59/0x170 [ 132.464782][ T6166] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 132.464815][ T6166] do_sock_setsockopt+0x17c/0x1b0 [ 132.464855][ T6166] __x64_sys_setsockopt+0x143/0x1b0 [ 132.464895][ T6166] do_syscall_64+0x14d/0xf80 [ 132.464927][ T6166] ? trace_irq_disable+0x3b/0x150 [ 132.464952][ T6166] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.464976][ T6166] ? clear_bhb_loop+0x40/0x90 [ 132.465003][ T6166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.465026][ T6166] RIP: 0033:0x7f65129ac799 [ 132.465047][ T6166] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.465072][ T6166] RSP: 002b:00007f6510c06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 132.465096][ T6166] RAX: ffffffffffffffda RBX: 00007f6512c25fa0 RCX: 00007f65129ac799 [ 132.465112][ T6166] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000003 [ 132.465124][ T6166] RBP: 00007f6510c06090 R08: 0000000000006033 R09: 0000000000000000 [ 132.465138][ T6166] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 132.465152][ T6166] R13: 00007f6512c26038 R14: 00007f6512c25fa0 R15: 00007ffd697ab328 [ 132.465187][ T6166] [ 132.963042][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.963168][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.448848][ T5970] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 133.627294][ T5970] usb 5-1: config 0 has no interfaces? [ 133.633804][ T5970] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 133.633838][ T5970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.633859][ T5970] usb 5-1: Product: syz [ 133.633875][ T5970] usb 5-1: Manufacturer: syz [ 133.633891][ T5970] usb 5-1: SerialNumber: syz [ 133.674030][ T5970] usb 5-1: config 0 descriptor?? [ 134.090415][ T6176] team_slave_0: entered promiscuous mode [ 134.090471][ T6176] team_slave_1: entered promiscuous mode [ 134.090952][ T6176] vlan2: entered promiscuous mode [ 134.090969][ T6176] team0: entered promiscuous mode [ 134.384484][ T808] usb 5-1: USB disconnect, device number 2 [ 134.588923][ T3125] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 135.231569][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.90'. [ 135.268482][ T3125] usb 2-1: Using ep0 maxpacket: 32 [ 135.272057][ T3125] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 135.272084][ T3125] usb 2-1: config 0 has no interface number 0 [ 135.272132][ T3125] usb 2-1: config 0 interface 12 has no altsetting 0 [ 135.277504][ T3125] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 135.277535][ T3125] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.277556][ T3125] usb 2-1: Product: syz [ 135.277571][ T3125] usb 2-1: Manufacturer: syz [ 135.277586][ T3125] usb 2-1: SerialNumber: syz [ 135.365154][ T3125] usb 2-1: config 0 descriptor?? [ 136.953906][ T6204] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 137.633491][ T3125] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 137.633560][ T3125] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 137.633578][ T3125] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 137.633672][ T3125] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 137.698923][ T3125] usb 2-1: USB disconnect, device number 3 [ 138.418490][ T5886] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 138.570730][ T5886] usb 3-1: config 0 has no interfaces? [ 138.574467][ T5886] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 138.574492][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.574509][ T5886] usb 3-1: Product: syz [ 138.574522][ T5886] usb 3-1: Manufacturer: syz [ 138.574535][ T5886] usb 3-1: SerialNumber: syz [ 138.609217][ T5886] usb 3-1: config 0 descriptor?? [ 138.876942][ T6218] bond_slave_0: entered promiscuous mode [ 138.877001][ T6218] bond_slave_1: entered promiscuous mode [ 138.893495][ T6218] vlan2: entered promiscuous mode [ 138.893518][ T6218] bond0: entered promiscuous mode [ 138.968548][ T5886] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 139.120589][ T6230] overlayfs: missing 'lowerdir' [ 139.126006][ T5886] usb 2-1: Using ep0 maxpacket: 16 [ 139.128882][ T5886] usb 2-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config [ 139.128924][ T5886] usb 2-1: config 0 interface 0 has no altsetting 0 [ 139.145222][ T5886] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 139.145306][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.145361][ T5886] usb 2-1: Product: syz [ 139.145402][ T5886] usb 2-1: Manufacturer: syz [ 139.145443][ T5886] usb 2-1: SerialNumber: syz [ 139.239038][ T808] usb 3-1: USB disconnect, device number 3 [ 139.267110][ T5886] usb 2-1: config 0 descriptor?? [ 139.474827][ T5886] hub 2-1:0.0: bad descriptor, ignoring hub [ 139.474875][ T5886] hub 2-1:0.0: probe with driver hub failed with error -5 [ 139.523759][ T5886] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 139.558467][ T1500] usb 2-1: Failed to submit usb control message: -71 [ 139.558508][ T1500] usb 2-1: unable to send the bmi data to the device: -71 [ 139.558528][ T1500] usb 2-1: unable to get target info from device [ 139.558557][ T1500] usb 2-1: could not get target info (-71) [ 139.558597][ T1500] usb 2-1: could not probe fw (-71) [ 139.574799][ T5886] usb 2-1: USB disconnect, device number 4 [ 139.673099][ T37] audit: type=1326 audit(1773733284.295:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.673154][ T37] audit: type=1326 audit(1773733284.295:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724448][ T37] audit: type=1326 audit(1773733284.325:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724503][ T37] audit: type=1326 audit(1773733284.325:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724546][ T37] audit: type=1326 audit(1773733284.325:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724598][ T37] audit: type=1326 audit(1773733284.345:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724641][ T37] audit: type=1326 audit(1773733284.345:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724685][ T37] audit: type=1326 audit(1773733284.345:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724728][ T37] audit: type=1326 audit(1773733284.345:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd6360c799 code=0x7ffc0000 [ 139.724771][ T37] audit: type=1326 audit(1773733284.345:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6239 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcd635ccfce code=0x7ffc0000 [ 139.759044][ T5922] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 139.930242][ T5922] usb 5-1: Using ep0 maxpacket: 16 [ 139.943437][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.943496][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.943620][ T5922] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 139.943689][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.093058][ T5922] usb 5-1: config 0 descriptor?? [ 140.343901][ T6248] process 'syz.1.106' launched './file0' with NULL argv: empty string added [ 140.747685][ T6251] FAULT_INJECTION: forcing a failure. [ 140.747685][ T6251] name failslab, interval 1, probability 0, space 0, times 0 [ 140.747786][ T6251] CPU: 0 UID: 0 PID: 6251 Comm: syz.0.107 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 140.747812][ T6251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 140.747825][ T6251] Call Trace: [ 140.747833][ T6251] [ 140.747842][ T6251] dump_stack_lvl+0xe8/0x150 [ 140.747888][ T6251] should_fail_ex+0x46b/0x600 [ 140.747922][ T6251] should_failslab+0xa8/0x100 [ 140.747946][ T6251] kmem_cache_alloc_noprof+0x87/0x680 [ 140.747980][ T6251] ? alloc_empty_file+0x55/0x1d0 [ 140.748011][ T6251] alloc_empty_file+0x55/0x1d0 [ 140.748038][ T6251] path_openat+0x11b/0x38a0 [ 140.748081][ T6251] ? try_to_take_rt_mutex+0x840/0xb00 [ 140.748108][ T6251] ? arch_stack_walk+0xfb/0x150 [ 140.748139][ T6251] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 140.748177][ T6251] ? __pfx_path_openat+0x10/0x10 [ 140.748210][ T6251] ? __lock_acquire+0x6b5/0x2cf0 [ 140.748237][ T6251] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 140.748277][ T6251] ? do_raw_spin_lock+0x12b/0x2f0 [ 140.748316][ T6251] do_file_open+0x23e/0x4a0 [ 140.748347][ T6251] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 140.748383][ T6251] ? __pfx_do_file_open+0x10/0x10 [ 140.748411][ T6251] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 140.748462][ T6251] ? alloc_fd+0x64e/0x6c0 [ 140.748499][ T6251] do_sys_openat2+0x113/0x200 [ 140.748530][ T6251] ? __pfx_do_sys_openat2+0x10/0x10 [ 140.748558][ T6251] ? ksys_write+0x248/0x270 [ 140.748592][ T6251] ? __pfx_ksys_write+0x10/0x10 [ 140.748629][ T6251] __x64_sys_openat+0x138/0x170 [ 140.748662][ T6251] do_syscall_64+0x14d/0xf80 [ 140.748695][ T6251] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.748718][ T6251] ? clear_bhb_loop+0x40/0x90 [ 140.748745][ T6251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.748767][ T6251] RIP: 0033:0x7fab9ec2c799 [ 140.748788][ T6251] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.748806][ T6251] RSP: 002b:00007fab9ce65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 140.748829][ T6251] RAX: ffffffffffffffda RBX: 00007fab9eea6090 RCX: 00007fab9ec2c799 [ 140.748852][ T6251] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 140.748867][ T6251] RBP: 00007fab9ce65090 R08: 0000000000000000 R09: 0000000000000000 [ 140.748881][ T6251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.748893][ T6251] R13: 00007fab9eea6128 R14: 00007fab9eea6090 R15: 00007fff72fda818 [ 140.748926][ T6251] [ 140.822356][ T3125] IPVS: starting estimator thread 0... [ 141.079315][ T6255] IPVS: using max 7 ests per chain, 16800 per kthread [ 141.271506][ T5922] ntrig 0003:1B96:0008.0001: item fetching failed at offset 5/7 [ 141.272352][ T5922] ntrig 0003:1B96:0008.0001: parse failed [ 141.272462][ T5922] ntrig 0003:1B96:0008.0001: probe with driver ntrig failed with error -22 [ 141.325604][ T5922] usb 5-1: USB disconnect, device number 3 [ 142.087981][ T6267] overlayfs: missing 'lowerdir' [ 142.719984][ T3125] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 142.885730][ T3125] usb 5-1: config 0 has no interfaces? [ 142.888133][ T3125] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 142.888172][ T3125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.888194][ T3125] usb 5-1: Product: syz [ 142.888209][ T3125] usb 5-1: Manufacturer: syz [ 142.888225][ T3125] usb 5-1: SerialNumber: syz [ 142.942453][ T3125] usb 5-1: config 0 descriptor?? [ 142.989712][ T6274] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 142.991317][ T6274] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 143.180782][ T6271] bond_slave_0: entered promiscuous mode [ 143.180838][ T6271] bond_slave_1: entered promiscuous mode [ 143.181008][ T6271] vlan2: entered promiscuous mode [ 143.181023][ T6271] bond0: entered promiscuous mode [ 143.355197][ T5922] usb 5-1: USB disconnect, device number 4 [ 143.909110][ T6280] IPv4: Oversized IP packet from 127.202.26.0 [ 144.057852][ T6283] netlink: 76 bytes leftover after parsing attributes in process `syz.0.119'. [ 144.057886][ T6283] netlink: 72 bytes leftover after parsing attributes in process `syz.0.119'. [ 144.057903][ T6283] netlink: 'syz.0.119': attribute type 3 has an invalid length. [ 144.057916][ T6283] netlink: 11 bytes leftover after parsing attributes in process `syz.0.119'. [ 144.618603][ T5871] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 144.781314][ T5871] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.781400][ T5871] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 65528, setting to 8 [ 144.781430][ T5871] usb 5-1: config 1 interface 1 has no altsetting 1 [ 144.808819][ T5871] usb 5-1: string descriptor 0 read error: -22 [ 144.809216][ T5871] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 144.809281][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.904459][ T6292] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 144.929070][ T5871] usb 5-1: selecting invalid altsetting 1 [ 145.118568][ T5871] cdc_ncm 5-1:1.0: bind() failure [ 145.226259][ T5871] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 145.226308][ T5871] cdc_ncm 5-1:1.1: bind() failure [ 145.318762][ T5871] usb 5-1: USB disconnect, device number 5 [ 145.478359][ T3125] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 145.628380][ T3125] usb 1-1: Using ep0 maxpacket: 16 [ 145.634215][ T3125] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.634249][ T3125] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.634273][ T3125] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 145.634318][ T3125] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 145.634342][ T3125] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.710907][ T3125] usb 1-1: config 0 descriptor?? [ 146.014986][ T6335] netlink: 28 bytes leftover after parsing attributes in process `syz.3.125'. [ 146.315849][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.315901][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.315930][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.315959][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.315987][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.316014][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.316042][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.316070][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.316097][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.316125][ T3125] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 146.406746][ T3125] HID 045e:07da: Invalid code 65791 type 1 [ 146.407193][ T3125] HID 045e:07da: Invalid code 768 type 1 [ 146.407212][ T3125] HID 045e:07da: Invalid code 769 type 1 [ 146.407227][ T3125] HID 045e:07da: Invalid code 770 type 1 [ 146.407241][ T3125] HID 045e:07da: Invalid code 771 type 1 [ 146.407255][ T3125] HID 045e:07da: Invalid code 772 type 1 [ 146.407275][ T3125] HID 045e:07da: Invalid code 773 type 1 [ 146.407289][ T3125] HID 045e:07da: Invalid code 774 type 1 [ 146.407302][ T3125] HID 045e:07da: Invalid code 775 type 1 [ 146.407320][ T3125] HID 045e:07da: Invalid code 776 type 1 [ 146.495815][ T3125] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0002/input/input7 [ 146.638967][ T3125] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 146.711176][ T3125] usb 1-1: USB disconnect, device number 4 [ 147.220577][ T5871] IPVS: starting estimator thread 0... [ 147.318433][ T6341] IPVS: using max 7 ests per chain, 16800 per kthread [ 147.360735][ T6344] FAULT_INJECTION: forcing a failure. [ 147.360735][ T6344] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 147.360772][ T6344] CPU: 1 UID: 0 PID: 6344 Comm: syz.4.127 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 147.360796][ T6344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 147.360808][ T6344] Call Trace: [ 147.360816][ T6344] [ 147.360825][ T6344] dump_stack_lvl+0xe8/0x150 [ 147.360863][ T6344] should_fail_ex+0x46b/0x600 [ 147.360896][ T6344] prepare_alloc_pages+0x22a/0x6b0 [ 147.360929][ T6344] __alloc_frozen_pages_noprof+0x12f/0x380 [ 147.360967][ T6344] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 147.360996][ T6344] ? __pfx_policy_nodemask+0x10/0x10 [ 147.361019][ T6344] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 147.361049][ T6344] ? lockdep_hardirqs_on+0x7a/0x110 [ 147.361086][ T6344] alloc_pages_mpol+0xd1/0x380 [ 147.361108][ T6344] alloc_pages_noprof+0xce/0x1e0 [ 147.361131][ T6344] get_free_pages_noprof+0xf/0x80 [ 147.361155][ T6344] __pollwait+0x263/0x430 [ 147.361181][ T6344] ? __pfx___pollwait+0x10/0x10 [ 147.361205][ T6344] unix_poll+0x88/0x3f0 [ 147.361231][ T6344] ? sock_poll+0x88/0xc0 [ 147.361254][ T6344] ? __pfx_sock_poll+0x10/0x10 [ 147.361279][ T6344] do_select+0x101e/0x15c0 [ 147.361311][ T6344] ? do_select+0x801/0x15c0 [ 147.361352][ T6344] ? __pfx_do_select+0x10/0x10 [ 147.361380][ T6344] ? unwind_next_frame+0xa5/0x23c0 [ 147.361404][ T6344] ? __pfx___pollwait+0x10/0x10 [ 147.361440][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361470][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361498][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361525][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361552][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361581][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361610][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361639][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361668][ T6344] ? __pfx_pollwake+0x10/0x10 [ 147.361718][ T6344] core_sys_select+0x898/0xc30 [ 147.361761][ T6344] ? __pfx_core_sys_select+0x10/0x10 [ 147.361812][ T6344] ? __pfx_set_user_sigmask+0x10/0x10 [ 147.361841][ T6344] ? rt_mutex_slowunlock+0x1cb/0x300 [ 147.361868][ T6344] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 147.361903][ T6344] __se_sys_pselect6+0x267/0x320 [ 147.361935][ T6344] ? __pfx___se_sys_pselect6+0x10/0x10 [ 147.361968][ T6344] ? __pfx_ksys_write+0x10/0x10 [ 147.362007][ T6344] ? __x64_sys_pselect6+0x21/0xf0 [ 147.362036][ T6344] do_syscall_64+0x14d/0xf80 [ 147.362072][ T6344] ? trace_irq_disable+0x3b/0x150 [ 147.362098][ T6344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.362121][ T6344] ? clear_bhb_loop+0x40/0x90 [ 147.362148][ T6344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.362170][ T6344] RIP: 0033:0x7fcc1929c799 [ 147.362191][ T6344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.362209][ T6344] RSP: 002b:00007fcc174f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 147.362232][ T6344] RAX: ffffffffffffffda RBX: 00007fcc19515fa0 RCX: 00007fcc1929c799 [ 147.362248][ T6344] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 147.362261][ T6344] RBP: 00007fcc174f6090 R08: 0000000000000000 R09: 0000000000000000 [ 147.362274][ T6344] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 147.362288][ T6344] R13: 00007fcc19516038 R14: 00007fcc19515fa0 R15: 00007ffd6be9b5c8 [ 147.362322][ T6344] [ 147.816621][ T6342] fido_id[6342]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 149.185484][ T6355] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.223347][ T6355] netlink: 68 bytes leftover after parsing attributes in process `syz.4.131'. [ 149.486014][ T6358] netlink: 28 bytes leftover after parsing attributes in process `syz.0.132'. [ 149.842621][ T6364] FAULT_INJECTION: forcing a failure. [ 149.842621][ T6364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.842660][ T6364] CPU: 1 UID: 0 PID: 6364 Comm: syz.0.135 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 149.842686][ T6364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 149.842699][ T6364] Call Trace: [ 149.842707][ T6364] [ 149.842717][ T6364] dump_stack_lvl+0xe8/0x150 [ 149.842759][ T6364] should_fail_ex+0x46b/0x600 [ 149.842794][ T6364] _copy_from_user+0x2d/0xb0 [ 149.842829][ T6364] __sys_bpf+0x229/0x950 [ 149.842861][ T6364] ? __pfx___sys_bpf+0x10/0x10 [ 149.842886][ T6364] ? rt_mutex_slowunlock+0x1cb/0x300 [ 149.842932][ T6364] ? ksys_write+0x248/0x270 [ 149.842969][ T6364] ? __pfx_ksys_write+0x10/0x10 [ 149.843017][ T6364] __x64_sys_bpf+0x7c/0x90 [ 149.843045][ T6364] do_syscall_64+0x14d/0xf80 [ 149.843079][ T6364] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.843111][ T6364] ? clear_bhb_loop+0x40/0x90 [ 149.843140][ T6364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.843163][ T6364] RIP: 0033:0x7fab9ec2c799 [ 149.843185][ T6364] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.843204][ T6364] RSP: 002b:00007fab9ce86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 149.843228][ T6364] RAX: ffffffffffffffda RBX: 00007fab9eea5fa0 RCX: 00007fab9ec2c799 [ 149.843246][ T6364] RDX: 0000000000000028 RSI: 0000200000000140 RDI: 0000000000000012 [ 149.843260][ T6364] RBP: 00007fab9ce86090 R08: 0000000000000000 R09: 0000000000000000 [ 149.843273][ T6364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.843285][ T6364] R13: 00007fab9eea6038 R14: 00007fab9eea5fa0 R15: 00007fff72fda818 [ 149.843319][ T6364] [ 150.356955][ T6368] overlayfs: missing 'workdir' [ 150.578455][ T9] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 151.092268][ T9] usb 1-1: config 0 has no interfaces? [ 151.094705][ T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 151.094733][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.094756][ T9] usb 1-1: Product: syz [ 151.094767][ T9] usb 1-1: Manufacturer: syz [ 151.094777][ T9] usb 1-1: SerialNumber: syz [ 151.116973][ T9] usb 1-1: config 0 descriptor?? [ 151.378099][ T6378] Zero length message leads to an empty skb [ 151.402172][ T6366] bond_slave_0: entered promiscuous mode [ 151.402229][ T6366] bond_slave_1: entered promiscuous mode [ 151.402396][ T6366] vlan2: entered promiscuous mode [ 151.402410][ T6366] bond0: entered promiscuous mode [ 151.421003][ T808] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 151.574642][ T808] usb 5-1: config 0 has no interfaces? [ 151.584441][ T808] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 151.584471][ T808] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.584492][ T808] usb 5-1: Product: syz [ 151.584506][ T808] usb 5-1: Manufacturer: syz [ 151.584521][ T808] usb 5-1: SerialNumber: syz [ 151.633808][ T808] usb 5-1: config 0 descriptor?? [ 151.682878][ T3125] usb 1-1: USB disconnect, device number 5 [ 151.875846][ T6374] vlan2: entered promiscuous mode [ 151.948545][ T5922] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 151.991596][ T3125] usb 5-1: USB disconnect, device number 6 [ 152.118413][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 152.125397][ T5922] usb 4-1: config 9 has an invalid interface number: 221 but max is 1 [ 152.125418][ T5922] usb 4-1: config 9 has an invalid interface number: 221 but max is 1 [ 152.125432][ T5922] usb 4-1: config 9 has 1 interface, different from the descriptor's value: 2 [ 152.125447][ T5922] usb 4-1: config 9 has no interface number 0 [ 152.125478][ T5922] usb 4-1: config 9 interface 221 altsetting 64 endpoint 0xA has invalid wMaxPacketSize 0 [ 152.125496][ T5922] usb 4-1: config 9 interface 221 has no altsetting 0 [ 152.157704][ T5922] usb 4-1: New USB device found, idVendor=0582, idProduct=74ce, bcdDevice=ba.38 [ 152.157727][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.157741][ T5922] usb 4-1: Product: syz [ 152.157752][ T5922] usb 4-1: Manufacturer: syz [ 152.157762][ T5922] usb 4-1: SerialNumber: syz [ 152.751211][ T6383] capability: warning: `syz.0.143' uses deprecated v2 capabilities in a way that may be insecure [ 152.756359][ T6383] 9pnet_fd: Insufficient options for proto=fd [ 152.852413][ T60] Bluetooth: hci4: Malformed Event: 0x2f [ 153.606022][ T6393] batadv0: entered promiscuous mode [ 153.623340][ T6393] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 153.867997][ T6400] overlayfs: missing 'workdir' [ 154.326314][ T6404] FAULT_INJECTION: forcing a failure. [ 154.326314][ T6404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.326377][ T6404] CPU: 1 UID: 0 PID: 6404 Comm: syz.4.150 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 154.326402][ T6404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 154.326415][ T6404] Call Trace: [ 154.326423][ T6404] [ 154.326433][ T6404] dump_stack_lvl+0xe8/0x150 [ 154.326479][ T6404] should_fail_ex+0x46b/0x600 [ 154.326513][ T6404] _copy_to_user+0x31/0xb0 [ 154.326549][ T6404] simple_read_from_buffer+0xe1/0x170 [ 154.326582][ T6404] proc_fail_nth_read+0x1be/0x230 [ 154.326612][ T6404] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 154.326643][ T6404] ? rw_verify_area+0x2ac/0x4e0 [ 154.326674][ T6404] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 154.326703][ T6404] vfs_read+0x212/0xa80 [ 154.326744][ T6404] ? __pfx_vfs_read+0x10/0x10 [ 154.326781][ T6404] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 154.326815][ T6404] ? lockdep_hardirqs_on+0x7a/0x110 [ 154.326849][ T6404] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 154.326882][ T6404] ? mutex_lock_nested+0x152/0x1d0 [ 154.326908][ T6404] ? fdget_pos+0x252/0x320 [ 154.326945][ T6404] ksys_read+0x156/0x270 [ 154.326980][ T6404] ? __pfx_ksys_read+0x10/0x10 [ 154.327026][ T6404] do_syscall_64+0x14d/0xf80 [ 154.327059][ T6404] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.327081][ T6404] ? clear_bhb_loop+0x40/0x90 [ 154.327109][ T6404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.327132][ T6404] RIP: 0033:0x7fcc1925cfce [ 154.327152][ T6404] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 154.327171][ T6404] RSP: 002b:00007fcc174b3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 154.327193][ T6404] RAX: ffffffffffffffda RBX: 00007fcc174b46c0 RCX: 00007fcc1925cfce [ 154.327210][ T6404] RDX: 000000000000000f RSI: 00007fcc174b40a0 RDI: 0000000000000005 [ 154.327224][ T6404] RBP: 00007fcc174b4090 R08: 0000000000000000 R09: 0000000000000000 [ 154.327237][ T6404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.327250][ T6404] R13: 00007fcc19516218 R14: 00007fcc19516180 R15: 00007ffd6be9b5c8 [ 154.327285][ T6404] [ 156.040294][ T6423] overlayfs: missing 'lowerdir' [ 156.200621][ T5922] usb 4-1: USB disconnect, device number 2 [ 156.341272][ T6429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.156'. [ 156.341348][ T6429] netlink: 12 bytes leftover after parsing attributes in process `syz.2.156'. [ 156.341473][ T6429] netlink: 'syz.2.156': attribute type 15 has an invalid length. [ 157.412921][ T5969] udevd[5969]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:9.221/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 159.291661][ T6445] FAULT_INJECTION: forcing a failure. [ 159.291661][ T6445] name failslab, interval 1, probability 0, space 0, times 0 [ 159.291697][ T6445] CPU: 1 UID: 0 PID: 6445 Comm: syz.0.164 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 159.291722][ T6445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 159.291735][ T6445] Call Trace: [ 159.291743][ T6445] [ 159.291752][ T6445] dump_stack_lvl+0xe8/0x150 [ 159.291791][ T6445] should_fail_ex+0x46b/0x600 [ 159.291826][ T6445] should_failslab+0xa8/0x100 [ 159.291852][ T6445] __kmalloc_noprof+0xdf/0x7b0 [ 159.291905][ T6445] ? tomoyo_encode+0x28b/0x550 [ 159.291937][ T6445] tomoyo_encode+0x28b/0x550 [ 159.291970][ T6445] tomoyo_realpath_from_path+0x58d/0x5d0 [ 159.292010][ T6445] ? tomoyo_path_number_perm+0x219/0x630 [ 159.292045][ T6445] tomoyo_path_number_perm+0x246/0x630 [ 159.292084][ T6445] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 159.292122][ T6445] ? __lock_acquire+0x6b5/0x2cf0 [ 159.292185][ T6445] ? __fget_files+0x2a/0x420 [ 159.292217][ T6445] ? __fget_files+0x2a/0x420 [ 159.292243][ T6445] ? __fget_files+0x3a6/0x420 [ 159.292271][ T6445] ? __fget_files+0x2a/0x420 [ 159.292304][ T6445] security_file_ioctl+0xc3/0x2a0 [ 159.292343][ T6445] __se_sys_ioctl+0x47/0x170 [ 159.292381][ T6445] do_syscall_64+0x14d/0xf80 [ 159.292414][ T6445] ? trace_irq_disable+0x3b/0x150 [ 159.292440][ T6445] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.292463][ T6445] ? clear_bhb_loop+0x40/0x90 [ 159.292492][ T6445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.292516][ T6445] RIP: 0033:0x7fab9ec2c799 [ 159.292537][ T6445] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.292555][ T6445] RSP: 002b:00007fab9ce86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.292579][ T6445] RAX: ffffffffffffffda RBX: 00007fab9eea5fa0 RCX: 00007fab9ec2c799 [ 159.292595][ T6445] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 159.292608][ T6445] RBP: 00007fab9ce86090 R08: 0000000000000000 R09: 0000000000000000 [ 159.292622][ T6445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.292634][ T6445] R13: 00007fab9eea6038 R14: 00007fab9eea5fa0 R15: 00007fff72fda818 [ 159.292670][ T6445] [ 159.292693][ T6445] ERROR: Out of memory at tomoyo_realpath_from_path. [ 159.926754][ T6464] overlayfs: missing 'lowerdir' [ 159.961260][ T6460] openvswitch: netlink: Message has 8 unknown bytes. [ 159.962606][ T6460] ======================================================= [ 159.962606][ T6460] WARNING: The mand mount option has been deprecated and [ 159.962606][ T6460] and is ignored by this kernel. Remove the mand [ 159.962606][ T6460] option from the mount to silence this warning. [ 159.962606][ T6460] ======================================================= [ 159.964770][ T6460] overlayfs: overlapping lowerdir path [ 160.314810][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 160.388393][ T3125] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 160.459252][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 160.462139][ T9] usb 3-1: config 2 has an invalid interface number: 88 but max is 0 [ 160.462167][ T9] usb 3-1: config 2 has no interface number 0 [ 160.462214][ T9] usb 3-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 160.462243][ T9] usb 3-1: config 2 interface 88 has no altsetting 0 [ 160.465528][ T9] usb 3-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 160.465558][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.465580][ T9] usb 3-1: Product: syz [ 160.465596][ T9] usb 3-1: Manufacturer: syz [ 160.465612][ T9] usb 3-1: SerialNumber: syz [ 160.560590][ T3125] usb 5-1: Using ep0 maxpacket: 8 [ 160.810092][ T6458] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 161.048054][ T6458] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 161.192581][ T3125] usb 5-1: unable to get BOS descriptor or descriptor too short [ 161.195028][ T3125] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 161.195064][ T3125] usb 5-1: can't read configurations, error -71 [ 161.318880][ T9] asix 3-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 161.319215][ T9] asix 3-1:2.88: probe with driver asix failed with error -71 [ 161.349403][ T9] usb 3-1: USB disconnect, device number 4 [ 162.476034][ T6496] overlay: Unknown parameter '/' [ 164.408093][ T6507] FAULT_INJECTION: forcing a failure. [ 164.408093][ T6507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.408129][ T6507] CPU: 0 UID: 0 PID: 6507 Comm: syz.2.183 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 164.408154][ T6507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 164.408166][ T6507] Call Trace: [ 164.408175][ T6507] [ 164.408184][ T6507] dump_stack_lvl+0xe8/0x150 [ 164.408227][ T6507] should_fail_ex+0x46b/0x600 [ 164.408258][ T6507] _copy_to_user+0x31/0xb0 [ 164.408292][ T6507] simple_read_from_buffer+0xe1/0x170 [ 164.408325][ T6507] proc_fail_nth_read+0x1be/0x230 [ 164.408355][ T6507] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 164.408387][ T6507] ? rw_verify_area+0x2ac/0x4e0 [ 164.408417][ T6507] ? __wake_up_common_lock+0x18a/0x1e0 [ 164.408450][ T6507] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 164.408479][ T6507] vfs_read+0x212/0xa80 [ 164.408529][ T6507] ? __pfx_vfs_read+0x10/0x10 [ 164.408565][ T6507] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 164.408600][ T6507] ? lockdep_hardirqs_on+0x7a/0x110 [ 164.408634][ T6507] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 164.408669][ T6507] ? mutex_lock_nested+0x152/0x1d0 [ 164.408695][ T6507] ? fdget_pos+0x252/0x320 [ 164.408732][ T6507] ksys_read+0x156/0x270 [ 164.408769][ T6507] ? __pfx_ksys_read+0x10/0x10 [ 164.408800][ T6507] ? fput+0xa0/0xd0 [ 164.408838][ T6507] do_syscall_64+0x14d/0xf80 [ 164.408869][ T6507] ? trace_irq_disable+0x3b/0x150 [ 164.408895][ T6507] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.408919][ T6507] ? clear_bhb_loop+0x40/0x90 [ 164.408947][ T6507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.408971][ T6507] RIP: 0033:0x7f2b89f8cfce [ 164.408992][ T6507] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 164.409010][ T6507] RSP: 002b:00007f2b88225fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 164.409033][ T6507] RAX: ffffffffffffffda RBX: 00007f2b882266c0 RCX: 00007f2b89f8cfce [ 164.409050][ T6507] RDX: 000000000000000f RSI: 00007f2b882260a0 RDI: 0000000000000004 [ 164.409063][ T6507] RBP: 00007f2b88226090 R08: 0000000000000000 R09: 0000000000000000 [ 164.409076][ T6507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.409089][ T6507] R13: 00007f2b8a246038 R14: 00007f2b8a245fa0 R15: 00007ffeb79eec78 [ 164.409124][ T6507] [ 164.410898][ T6505] overlayfs: missing 'lowerdir' [ 164.932824][ T6513] openvswitch: netlink: Message has 8 unknown bytes. [ 164.939492][ T6513] overlayfs: overlapping lowerdir path [ 165.228440][ T5922] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 165.378352][ T5922] usb 2-1: Using ep0 maxpacket: 8 [ 166.382994][ T6520] sg_write: data in/out 988/98 bytes for SCSI command 0x0-- guessing data in; [ 166.382994][ T6520] program syz.3.187 not setting count and/or reply_len properly [ 166.489374][ T6517] netlink: 160 bytes leftover after parsing attributes in process `syz.3.187'. [ 166.489401][ T6517] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 166.969188][ T6529] FAULT_INJECTION: forcing a failure. [ 166.969188][ T6529] name failslab, interval 1, probability 0, space 0, times 0 [ 166.969224][ T6529] CPU: 0 UID: 0 PID: 6529 Comm: syz.3.189 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 166.969259][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 166.969272][ T6529] Call Trace: [ 166.969280][ T6529] [ 166.969289][ T6529] dump_stack_lvl+0xe8/0x150 [ 166.969329][ T6529] should_fail_ex+0x46b/0x600 [ 166.969364][ T6529] should_failslab+0xa8/0x100 [ 166.969388][ T6529] __kmalloc_noprof+0xdf/0x7b0 [ 166.969423][ T6529] ? tomoyo_encode+0x28b/0x550 [ 166.969455][ T6529] tomoyo_encode+0x28b/0x550 [ 166.969489][ T6529] tomoyo_realpath_from_path+0x58d/0x5d0 [ 166.969528][ T6529] ? tomoyo_path_number_perm+0x219/0x630 [ 166.969564][ T6529] tomoyo_path_number_perm+0x246/0x630 [ 166.969602][ T6529] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 166.969641][ T6529] ? __lock_acquire+0x6b5/0x2cf0 [ 166.969701][ T6529] ? __fget_files+0x2a/0x420 [ 166.969732][ T6529] ? __fget_files+0x2a/0x420 [ 166.969759][ T6529] ? __fget_files+0x3a6/0x420 [ 166.969787][ T6529] ? __fget_files+0x2a/0x420 [ 166.969820][ T6529] security_file_ioctl+0xc3/0x2a0 [ 166.969860][ T6529] __se_sys_ioctl+0x47/0x170 [ 166.969897][ T6529] do_syscall_64+0x14d/0xf80 [ 166.969929][ T6529] ? trace_irq_disable+0x3b/0x150 [ 166.969955][ T6529] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.969979][ T6529] ? clear_bhb_loop+0x40/0x90 [ 166.970013][ T6529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.970036][ T6529] RIP: 0033:0x7fcd6360c799 [ 166.970057][ T6529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.970076][ T6529] RSP: 002b:00007fcd61866028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.970099][ T6529] RAX: ffffffffffffffda RBX: 00007fcd63885fa0 RCX: 00007fcd6360c799 [ 166.970116][ T6529] RDX: 0000200000000040 RSI: 00000000c1105518 RDI: 0000000000000003 [ 166.970130][ T6529] RBP: 00007fcd61866090 R08: 0000000000000000 R09: 0000000000000000 [ 166.970144][ T6529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.970157][ T6529] R13: 00007fcd63886038 R14: 00007fcd63885fa0 R15: 00007fff8d7cbac8 [ 166.970193][ T6529] [ 166.970214][ T6529] ERROR: Out of memory at tomoyo_realpath_from_path. [ 167.297691][ T5922] usb 2-1: unable to get BOS descriptor or descriptor too short [ 167.306548][ T5922] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 167.306590][ T5922] usb 2-1: can't read configurations, error -71 [ 167.353543][ T6528] loop2: detected capacity change from 0 to 7 [ 167.443717][ T6528] Dev loop2: unable to read RDB block 7 [ 167.443773][ T6528] loop2: AHDI p1 p2 p3 [ 167.443808][ T6528] loop2: partition table partially beyond EOD, truncated [ 167.472774][ T6528] loop2: p1 start 1601398130 is beyond EOD, truncated [ 167.472804][ T6528] loop2: p2 start 1702059890 is beyond EOD, truncated [ 169.226349][ T6546] netlink: 32 bytes leftover after parsing attributes in process `syz.0.190'. [ 169.532761][ T6553] overlayfs: missing 'lowerdir' [ 171.150508][ T6565] netlink: 16 bytes leftover after parsing attributes in process `syz.0.201'. [ 171.371254][ T6567] openvswitch: netlink: Message has 8 unknown bytes. [ 171.374057][ T6567] overlayfs: overlapping lowerdir path [ 171.748404][ T808] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 171.901006][ T808] usb 3-1: Using ep0 maxpacket: 8 [ 172.586523][ T808] usb 3-1: unable to get BOS descriptor or descriptor too short [ 172.590345][ T808] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 172.590394][ T808] usb 3-1: can't read configurations, error -71 [ 173.188385][ T3125] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 173.325193][ T6601] loop2: detected capacity change from 0 to 7 [ 173.340942][ T6601] Dev loop2: unable to read RDB block 7 [ 173.340975][ T6601] loop2: AHDI p2 p3 [ 173.341007][ T6601] loop2: partition table partially beyond EOD, truncated [ 173.341437][ T6601] loop2: p2 start 1702059890 is beyond EOD, truncated [ 173.419024][ T3125] usb 1-1: Using ep0 maxpacket: 8 [ 173.423237][ T3125] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 173.423266][ T3125] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 173.423287][ T3125] usb 1-1: config 127 has 1 interface, different from the descriptor's value: 2 [ 173.423310][ T3125] usb 1-1: config 127 has no interface number 0 [ 173.423362][ T3125] usb 1-1: config 127 interface 171 has no altsetting 0 [ 173.427752][ T3125] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 173.427781][ T3125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.427803][ T3125] usb 1-1: Product: syz [ 173.427818][ T3125] usb 1-1: Manufacturer: syz [ 173.427833][ T3125] usb 1-1: SerialNumber: syz [ 173.740312][ T6605] netlink: 16 bytes leftover after parsing attributes in process `syz.4.214'. [ 173.800939][ T3125] usb 1-1: USB disconnect, device number 6 [ 174.365512][ T6611] FAULT_INJECTION: forcing a failure. [ 174.365512][ T6611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.365569][ T6611] CPU: 0 UID: 0 PID: 6611 Comm: syz.2.216 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 174.365597][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 174.365609][ T6611] Call Trace: [ 174.365617][ T6611] [ 174.365626][ T6611] dump_stack_lvl+0xe8/0x150 [ 174.365667][ T6611] should_fail_ex+0x46b/0x600 [ 174.365699][ T6611] _copy_to_user+0x31/0xb0 [ 174.365734][ T6611] simple_read_from_buffer+0xe1/0x170 [ 174.365766][ T6611] proc_fail_nth_read+0x1be/0x230 [ 174.365795][ T6611] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.365825][ T6611] ? rw_verify_area+0x2ac/0x4e0 [ 174.365856][ T6611] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.365884][ T6611] vfs_read+0x212/0xa80 [ 174.365923][ T6611] ? __pfx_vfs_read+0x10/0x10 [ 174.365959][ T6611] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 174.365984][ T6611] ? lockdep_hardirqs_on+0x7a/0x110 [ 174.366008][ T6611] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 174.366032][ T6611] ? mutex_lock_nested+0x152/0x1d0 [ 174.366049][ T6611] ? fdget_pos+0x252/0x320 [ 174.366076][ T6611] ksys_read+0x156/0x270 [ 174.366101][ T6611] ? __pfx_ksys_read+0x10/0x10 [ 174.366132][ T6611] do_syscall_64+0x14d/0xf80 [ 174.366160][ T6611] ? trace_irq_disable+0x3b/0x150 [ 174.366179][ T6611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.366195][ T6611] ? clear_bhb_loop+0x40/0x90 [ 174.366214][ T6611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.366230][ T6611] RIP: 0033:0x7f2b89f8cfce [ 174.366245][ T6611] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 174.366258][ T6611] RSP: 002b:00007f2b881e3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.366275][ T6611] RAX: ffffffffffffffda RBX: 00007f2b881e46c0 RCX: 00007f2b89f8cfce [ 174.366286][ T6611] RDX: 000000000000000f RSI: 00007f2b881e40a0 RDI: 0000000000000008 [ 174.366296][ T6611] RBP: 00007f2b881e4090 R08: 0000000000000000 R09: 0000000000000000 [ 174.366305][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.366314][ T6611] R13: 00007f2b8a246218 R14: 00007f2b8a246180 R15: 00007ffeb79eec78 [ 174.366339][ T6611] [ 175.112852][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 175.112873][ T37] audit: type=1800 audit(1773733319.725:15): pid=6615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.218" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 175.245880][ T6613] team_slave_0: entered promiscuous mode [ 175.266419][ T6626] syz.0.219 uses obsolete (PF_INET,SOCK_PACKET) [ 175.271047][ T6613] team_slave_1: entered promiscuous mode [ 175.271633][ T6613] vlan2: entered promiscuous mode [ 175.271668][ T6613] team0: entered promiscuous mode [ 175.683940][ T6638] FAULT_INJECTION: forcing a failure. [ 175.683940][ T6638] name failslab, interval 1, probability 0, space 0, times 0 [ 175.683977][ T6638] CPU: 1 UID: 0 PID: 6638 Comm: syz.2.223 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 175.684001][ T6638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 175.684014][ T6638] Call Trace: [ 175.684023][ T6638] [ 175.684033][ T6638] dump_stack_lvl+0xe8/0x150 [ 175.684073][ T6638] should_fail_ex+0x46b/0x600 [ 175.684108][ T6638] should_failslab+0xa8/0x100 [ 175.684139][ T6638] __kmalloc_cache_noprof+0x84/0x690 [ 175.684177][ T6638] ? tipc_nametbl_lookup_group+0x7b4/0xc40 [ 175.684207][ T6638] tipc_nametbl_lookup_group+0x7b4/0xc40 [ 175.684246][ T6638] ? tipc_nametbl_lookup_group+0xac/0xc40 [ 175.684278][ T6638] __tipc_sendmsg+0x155f/0x2c30 [ 175.684326][ T6638] ? __lock_acquire+0x6b5/0x2cf0 [ 175.684351][ T6638] ? __pfx___tipc_sendmsg+0x10/0x10 [ 175.684385][ T6638] ? try_to_take_rt_mutex+0x840/0xb00 [ 175.684429][ T6638] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 175.684464][ T6638] ? __lock_acquire+0x6b5/0x2cf0 [ 175.684493][ T6638] ? __lock_acquire+0x6b5/0x2cf0 [ 175.684524][ T6638] ? __lock_acquire+0x6b5/0x2cf0 [ 175.684550][ T6638] ? __lock_acquire+0x6b5/0x2cf0 [ 175.684611][ T6638] ? __local_bh_enable+0x1e1/0x2f0 [ 175.684649][ T6638] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 175.684690][ T6638] tipc_sendmsg+0x55/0x70 [ 175.684721][ T6638] ____sys_sendmsg+0x94c/0x9c0 [ 175.684752][ T6638] ? __pfx_____sys_sendmsg+0x10/0x10 [ 175.684786][ T6638] ? import_iovec+0x73/0xa0 [ 175.684823][ T6638] ___sys_sendmsg+0x2a5/0x360 [ 175.684853][ T6638] ? __pfx____sys_sendmsg+0x10/0x10 [ 175.684920][ T6638] ? __fget_files+0x2a/0x420 [ 175.684949][ T6638] ? __fget_files+0x3a6/0x420 [ 175.684989][ T6638] __x64_sys_sendmsg+0x1c3/0x2a0 [ 175.685015][ T6638] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 175.685050][ T6638] ? __pfx_ksys_write+0x10/0x10 [ 175.685097][ T6638] do_syscall_64+0x14d/0xf80 [ 175.685130][ T6638] ? trace_irq_disable+0x3b/0x150 [ 175.685157][ T6638] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.685181][ T6638] ? clear_bhb_loop+0x40/0x90 [ 175.685209][ T6638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.685240][ T6638] RIP: 0033:0x7f2b89fcc799 [ 175.685261][ T6638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 175.685280][ T6638] RSP: 002b:00007f2b88226028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.685303][ T6638] RAX: ffffffffffffffda RBX: 00007f2b8a245fa0 RCX: 00007f2b89fcc799 [ 175.685319][ T6638] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005 [ 175.685333][ T6638] RBP: 00007f2b88226090 R08: 0000000000000000 R09: 0000000000000000 [ 175.685346][ T6638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.685359][ T6638] R13: 00007f2b8a246038 R14: 00007f2b8a245fa0 R15: 00007ffeb79eec78 [ 175.685396][ T6638] [ 177.845994][ T1852] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 178.401069][ T1852] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 81, changing to 10 [ 178.401109][ T1852] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 178.405286][ T1852] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 178.405317][ T1852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 178.405339][ T1852] usb 1-1: SerialNumber: syz [ 178.643237][ T6668] overlayfs: missing 'workdir' [ 178.895503][ T6680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.896161][ T6680] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.918394][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 178.997829][ T1852] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 179.071221][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 179.071255][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 179.071280][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 179.071303][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 179.105607][ T3125] usb 1-1: USB disconnect, device number 7 [ 179.116825][ T3125] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device [ 179.118631][ T5970] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 179.125641][ T9] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 179.125715][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.125771][ T9] usb 3-1: Product: syz [ 179.125812][ T9] usb 3-1: Manufacturer: syz [ 179.125847][ T9] usb 3-1: SerialNumber: syz [ 179.214300][ T9] usb 3-1: config 0 descriptor?? [ 179.225926][ T9] ums-isd200 3-1:0.0: USB Mass Storage device detected [ 179.268357][ T5970] usb 2-1: Using ep0 maxpacket: 32 [ 179.275602][ T5970] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 179.275631][ T5970] usb 2-1: config 0 has no interface number 0 [ 179.275678][ T5970] usb 2-1: config 0 interface 12 has no altsetting 0 [ 179.279375][ T5970] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 179.279573][ T5970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.279633][ T5970] usb 2-1: Product: syz [ 179.279792][ T5970] usb 2-1: Manufacturer: syz [ 179.279833][ T5970] usb 2-1: SerialNumber: syz [ 179.381974][ T5970] usb 2-1: config 0 descriptor?? [ 179.434451][ T9] scsi host1: usb-storage 3-1:0.0 [ 179.524956][ T9] usb 3-1: USB disconnect, device number 7 [ 179.719335][ T5864] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 179.849613][ T5955] udevd[5955]: setting owner of /dev/bus/usb/003/007 to uid=0, gid=0 failed: No such file or directory [ 179.889696][ T5864] usb 5-1: Using ep0 maxpacket: 32 [ 179.906268][ T5864] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 179.906298][ T5864] usb 5-1: config 0 has no interface number 0 [ 179.906408][ T5864] usb 5-1: config 0 interface 12 has no altsetting 0 [ 179.944774][ T5864] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 179.944797][ T5864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.944812][ T5864] usb 5-1: Product: syz [ 179.945170][ T5864] usb 5-1: Manufacturer: syz [ 179.945182][ T5864] usb 5-1: SerialNumber: syz [ 180.063146][ T6691] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 180.140314][ T5864] usb 5-1: config 0 descriptor?? [ 180.213049][ T5970] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 180.213324][ T5970] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 180.213345][ T5970] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 180.214729][ T5970] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 180.401241][ T5970] usb 2-1: USB disconnect, device number 7 [ 182.329159][ T6711] FAULT_INJECTION: forcing a failure. [ 182.329159][ T6711] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.329200][ T6711] CPU: 0 UID: 0 PID: 6711 Comm: syz.2.245 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 182.329225][ T6711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 182.329241][ T6711] Call Trace: [ 182.329250][ T6711] [ 182.329260][ T6711] dump_stack_lvl+0xe8/0x150 [ 182.329298][ T6711] should_fail_ex+0x46b/0x600 [ 182.329333][ T6711] _copy_from_user+0x2d/0xb0 [ 182.329368][ T6711] ___sys_recvmsg+0x175/0x590 [ 182.329390][ T6711] ? __lock_acquire+0x6b5/0x2cf0 [ 182.329418][ T6711] ? __pfx____sys_recvmsg+0x10/0x10 [ 182.329484][ T6711] do_recvmmsg+0x33a/0x800 [ 182.329523][ T6711] ? __pfx_do_recvmmsg+0x10/0x10 [ 182.329561][ T6711] ? rt_mutex_slowunlock+0x1cb/0x300 [ 182.329607][ T6711] __x64_sys_recvmmsg+0x198/0x250 [ 182.329635][ T6711] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 182.329673][ T6711] do_syscall_64+0x14d/0xf80 [ 182.329706][ T6711] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.329729][ T6711] ? clear_bhb_loop+0x40/0x90 [ 182.329758][ T6711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.329780][ T6711] RIP: 0033:0x7f2b89fcc799 [ 182.329801][ T6711] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 182.329820][ T6711] RSP: 002b:00007f2b88226028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 182.329844][ T6711] RAX: ffffffffffffffda RBX: 00007f2b8a245fa0 RCX: 00007f2b89fcc799 [ 182.329861][ T6711] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004 [ 182.329875][ T6711] RBP: 00007f2b88226090 R08: 0000000000000000 R09: 0000000000000000 [ 182.329888][ T6711] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 182.329901][ T6711] R13: 00007f2b8a246038 R14: 00007f2b8a245fa0 R15: 00007ffeb79eec78 [ 182.329937][ T6711] [ 182.687118][ T5864] f81534 5-1:0.12: f81534_get_register: reg: 1003 failed: -32 [ 182.687178][ T5864] f81534 5-1:0.12: f81534_find_config_idx: read failed: -32 [ 182.687197][ T5864] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -32 [ 182.687293][ T5864] f81534 5-1:0.12: probe with driver f81534 failed with error -32 [ 183.130539][ T6725] overlayfs: missing 'workdir' [ 184.038435][ T5864] usb 5-1: USB disconnect, device number 9 [ 184.378395][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 184.538504][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 184.540918][ T9] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 184.540946][ T9] usb 2-1: config 0 has no interface number 0 [ 184.541004][ T9] usb 2-1: config 0 interface 12 has no altsetting 0 [ 184.544330][ T9] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 184.544361][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.544382][ T9] usb 2-1: Product: syz [ 184.544398][ T9] usb 2-1: Manufacturer: syz [ 184.544414][ T9] usb 2-1: SerialNumber: syz [ 185.639090][ T9] usb 2-1: config 0 descriptor?? [ 186.061839][ T6762] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 187.068382][ T5980] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 187.228647][ T5980] usb 3-1: Using ep0 maxpacket: 16 [ 187.233981][ T5980] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.234036][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 187.234067][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 187.234089][ T5980] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 187.234112][ T5980] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.236018][ T5980] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 187.236046][ T5980] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 187.236072][ T5980] usb 3-1: Manufacturer: syz [ 187.342406][ T5980] usb 3-1: config 0 descriptor?? [ 187.515466][ T9] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 187.515521][ T9] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 187.515539][ T9] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 187.515641][ T9] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 187.575294][ T9] usb 2-1: USB disconnect, device number 8 [ 187.598866][ T6778] FAULT_INJECTION: forcing a failure. [ 187.598866][ T6778] name failslab, interval 1, probability 0, space 0, times 0 [ 187.598901][ T6778] CPU: 1 UID: 0 PID: 6778 Comm: syz.4.264 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 187.598925][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 187.598938][ T6778] Call Trace: [ 187.598946][ T6778] [ 187.598955][ T6778] dump_stack_lvl+0xe8/0x150 [ 187.598993][ T6778] should_fail_ex+0x46b/0x600 [ 187.599026][ T6778] should_failslab+0xa8/0x100 [ 187.599051][ T6778] __kmalloc_noprof+0xdf/0x7b0 [ 187.599083][ T6778] ? __kmalloc_cache_noprof+0x3a6/0x690 [ 187.599116][ T6778] ? alloc_pipe_info+0x1fc/0x4d0 [ 187.599148][ T6778] ? alloc_pipe_info+0xe8/0x4d0 [ 187.599187][ T6778] alloc_pipe_info+0x1fc/0x4d0 [ 187.599225][ T6778] splice_direct_to_actor+0xa19/0xc80 [ 187.599266][ T6778] ? __pfx_direct_splice_actor+0x10/0x10 [ 187.599305][ T6778] ? get_pid_task+0x20/0x1f0 [ 187.599334][ T6778] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 187.599361][ T6778] ? __lock_acquire+0x6b5/0x2cf0 [ 187.599393][ T6778] do_splice_direct+0x19b/0x2a0 [ 187.599425][ T6778] ? __pfx_do_splice_direct+0x10/0x10 [ 187.599454][ T6778] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 187.599490][ T6778] ? rw_verify_area+0x25b/0x4e0 [ 187.599527][ T6778] do_sendfile+0x547/0x7e0 [ 187.599553][ T6778] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 187.599594][ T6778] ? __pfx_do_sendfile+0x10/0x10 [ 187.599633][ T6778] __se_sys_sendfile64+0x144/0x1a0 [ 187.599659][ T6778] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 187.599697][ T6778] do_syscall_64+0x14d/0xf80 [ 187.599729][ T6778] ? trace_irq_disable+0x3b/0x150 [ 187.599755][ T6778] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.599778][ T6778] ? clear_bhb_loop+0x40/0x90 [ 187.599806][ T6778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.599828][ T6778] RIP: 0033:0x7fcc1929c799 [ 187.599850][ T6778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 187.599868][ T6778] RSP: 002b:00007fcc174f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 187.599890][ T6778] RAX: ffffffffffffffda RBX: 00007fcc19515fa0 RCX: 00007fcc1929c799 [ 187.599906][ T6778] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 187.599919][ T6778] RBP: 00007fcc174f6090 R08: 0000000000000000 R09: 0000000000000000 [ 187.599932][ T6778] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 187.599944][ T6778] R13: 00007fcc19516038 R14: 00007fcc19515fa0 R15: 00007ffd6be9b5c8 [ 187.599979][ T6778] [ 188.058126][ T5980] rc_core: IR keymap rc-hauppauge not found [ 188.058142][ T5980] Registered IR keymap rc-empty [ 188.064183][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.107403][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.147763][ T5980] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 188.183541][ T5980] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input11 [ 188.318609][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.338562][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.359777][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.378439][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.398746][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.418470][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.439051][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.458637][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.478575][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.498448][ T5980] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 188.599490][ T5980] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 188.599518][ T5980] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 188.687740][ T5980] usb 3-1: USB disconnect, device number 8 [ 191.011693][ T60] Bluetooth: hci0: command 0x0401 tx timeout [ 191.604915][ T6796] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 191.926450][ T6821] openvswitch: netlink: Invalid VLAN frame [ 192.021060][ T6821] netlink: 12 bytes leftover after parsing attributes in process `syz.2.273'. [ 192.788873][ T5980] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 193.197942][ T6835] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.212721][ T6835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.312648][ T5980] usb 2-1: unable to get BOS descriptor or descriptor too short [ 193.325609][ T5980] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 193.325912][ T5980] usb 2-1: can't read configurations, error -71 [ 193.903255][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.280'. [ 193.903305][ T6849] netlink: 12 bytes leftover after parsing attributes in process `syz.2.280'. [ 193.903431][ T6849] netlink: 'syz.2.280': attribute type 15 has an invalid length. [ 194.117903][ T6837] FAULT_INJECTION: forcing a failure. [ 194.117903][ T6837] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.118008][ T6837] CPU: 1 UID: 0 PID: 6837 Comm: syz.4.277 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 194.118034][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 194.118047][ T6837] Call Trace: [ 194.118055][ T6837] [ 194.118066][ T6837] dump_stack_lvl+0xe8/0x150 [ 194.118104][ T6837] should_fail_ex+0x46b/0x600 [ 194.118138][ T6837] core_sys_select+0x8df/0xc30 [ 194.118183][ T6837] ? __pfx_core_sys_select+0x10/0x10 [ 194.118235][ T6837] ? __pfx_set_user_sigmask+0x10/0x10 [ 194.118266][ T6837] ? rt_mutex_slowunlock+0x1cb/0x300 [ 194.118294][ T6837] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 194.118330][ T6837] __se_sys_pselect6+0x267/0x320 [ 194.118363][ T6837] ? __pfx___se_sys_pselect6+0x10/0x10 [ 194.118389][ T6837] ? __pfx_ksys_write+0x10/0x10 [ 194.118429][ T6837] ? __x64_sys_pselect6+0x21/0xf0 [ 194.118458][ T6837] do_syscall_64+0x14d/0xf80 [ 194.118490][ T6837] ? trace_irq_disable+0x3b/0x150 [ 194.118515][ T6837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.118538][ T6837] ? clear_bhb_loop+0x40/0x90 [ 194.118565][ T6837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.118588][ T6837] RIP: 0033:0x7fcc1929c799 [ 194.118609][ T6837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.118628][ T6837] RSP: 002b:00007fcc174f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 194.118651][ T6837] RAX: ffffffffffffffda RBX: 00007fcc19515fa0 RCX: 00007fcc1929c799 [ 194.118667][ T6837] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040 [ 194.118681][ T6837] RBP: 00007fcc174f6090 R08: 0000000000000000 R09: 0000000000000000 [ 194.118694][ T6837] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 194.118707][ T6837] R13: 00007fcc19516038 R14: 00007fcc19515fa0 R15: 00007ffd6be9b5c8 [ 194.118742][ T6837] [ 194.525156][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.525230][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.124384][ T6855] geneve2: entered promiscuous mode [ 195.739527][ T37] audit: type=1800 audit(1773733340.355:16): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.3.287" name="/" dev="sockfs" ino=11114 res=0 errno=0 [ 196.477192][ T6870] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 198.706965][ T6893] netlink: 'syz.4.295': attribute type 2 has an invalid length. [ 198.837806][ T6896] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 198.979502][ T5813] 1024-page vmalloc region starting at 0xffffc90006a81000 allocated at kcov_ioctl+0x58/0x640 [ 198.979549][ T5813] list_del corruption. next->prev should be ffffc9001c83f000, but was 0000000000000000. (next=ffffc90006a81000) [ 198.980238][ T5813] ------------[ cut here ]------------ [ 198.980249][ T5813] kernel BUG at lib/list_debug.c:67! [ 198.980293][ T5813] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 198.980317][ T5813] CPU: 1 UID: 0 PID: 5813 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 198.980340][ T5813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 198.980354][ T5813] Workqueue: hci3 hci_rx_work [ 198.980383][ T5813] RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 [ 198.980411][ T5813] Code: 3c 61 61 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 2d 90 82 fd 49 8b 56 08 48 c7 c7 40 6c a6 8b 48 89 de 4c 89 f1 e8 27 6c 7f fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 198.980429][ T5813] RSP: 0018:ffffc900049f79e0 EFLAGS: 00010246 [ 198.980446][ T5813] RAX: 000000000000006d RBX: ffffc9001c83f000 RCX: 8e0896113636e600 [ 198.980462][ T5813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.980474][ T5813] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 198.980487][ T5813] R10: dffffc0000000000 R11: ffffed1017124923 R12: 1ffff92000d50201 [ 198.980503][ T5813] R13: dffffc0000000000 R14: ffffc90006a81000 R15: ffffc90006a81008 [ 198.980518][ T5813] FS: 0000000000000000(0000) GS:ffff88812643c000(0000) knlGS:0000000000000000 [ 198.980536][ T5813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.980550][ T5813] CR2: 00007f0574997b80 CR3: 000000003df2c000 CR4: 00000000003526f0 [ 198.980570][ T5813] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 198.980584][ T5813] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 198.980598][ T5813] Call Trace: [ 198.980606][ T5813] [ 198.980617][ T5813] kcov_remote_start+0x2af/0x710 [ 198.980645][ T5813] hci_rx_work+0x10f/0x1030 [ 198.980678][ T5813] ? process_scheduled_works+0xa8d/0x18c0 [ 198.980720][ T5813] process_scheduled_works+0xb6e/0x18c0 [ 198.980767][ T5813] ? __pfx_process_scheduled_works+0x10/0x10 [ 198.980800][ T5813] ? assign_work+0x3d5/0x5e0 [ 198.980831][ T5813] worker_thread+0xa53/0xfc0 [ 198.980875][ T5813] kthread+0x388/0x470 [ 198.980896][ T5813] ? __pfx_worker_thread+0x10/0x10 [ 198.980924][ T5813] ? __pfx_kthread+0x10/0x10 [ 198.980946][ T5813] ret_from_fork+0x51e/0xb90 [ 198.980977][ T5813] ? __pfx_ret_from_fork+0x10/0x10 [ 198.981006][ T5813] ? __switch_to+0xc7d/0x1450 [ 198.981034][ T5813] ? __pfx_kthread+0x10/0x10 [ 198.981061][ T5813] ret_from_fork_asm+0x1a/0x30 [ 198.981096][ T5813] [ 198.981103][ T5813] Modules linked in: [ 198.981131][ T5813] ---[ end trace 0000000000000000 ]--- [ 198.981142][ T5813] RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 [ 198.981168][ T5813] Code: 3c 61 61 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 2d 90 82 fd 49 8b 56 08 48 c7 c7 40 6c a6 8b 48 89 de 4c 89 f1 e8 27 6c 7f fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 198.981186][ T5813] RSP: 0018:ffffc900049f79e0 EFLAGS: 00010246 [ 198.981204][ T5813] RAX: 000000000000006d RBX: ffffc9001c83f000 RCX: 8e0896113636e600 [ 198.981220][ T5813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.981233][ T5813] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 198.981245][ T5813] R10: dffffc0000000000 R11: ffffed1017124923 R12: 1ffff92000d50201 [ 198.981261][ T5813] R13: dffffc0000000000 R14: ffffc90006a81000 R15: ffffc90006a81008 [ 198.981277][ T5813] FS: 0000000000000000(0000) GS:ffff88812643c000(0000) knlGS:0000000000000000 [ 198.981294][ T5813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.981308][ T5813] CR2: 00007f0574997b80 CR3: 000000003df2c000 CR4: 00000000003526f0 [ 198.981326][ T5813] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 198.981341][ T5813] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 198.981363][ T5813] Kernel panic - not syncing: Fatal exception [ 198.981949][ T5813] Kernel Offset: disabled