last executing test programs: 19.300697343s ago: executing program 1 (id=1973): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4008855}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) r2 = semget$private(0x0, 0x3, 0x0) semtimedop(r2, &(0x7f0000000340)=[{0x0, 0x401}], 0x1, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a44000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000018000480140003007465616d5f736c6176655f31000000001400000011000100009cdc8105a55e18a6b4bc48"], 0x6c}, 0x1, 0x0, 0x0, 0x20040845}, 0x802) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_usb_control_io$rtl8150(0xffffffffffffffff, &(0x7f00000004c0)={0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="2004060000000e0e425196a5c184f21265760be5"], 0x0}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) 17.905837232s ago: executing program 1 (id=1976): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x0, 0x8, 0x8001, 0x0, 0xaf, 0x0, 0xfffffe0000000001, 0x7, 0xffffffff}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) r2 = dup(0xffffffffffffffff) syz_open_dev$video4linux(&(0x7f0000000080), 0x5, 0x1801) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0xa1300) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x20042) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x3}, 0xb2a1}) ioctl$SNDCTL_DSP_RESET(r3, 0x5000, 0x0) write$binfmt_script(r2, &(0x7f0000000140)={'#! ', './file0'}, 0xb) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={0x0, r5}, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) gettid() r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000740), r2) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000000780)={0x6d4, r6, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x3}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PEERS={0x680, 0x8, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "c756a48acf9b2945cc32efb3277a3166c68eb2ac3112795bead06cd1821c10c4"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @rand_addr=0x64010101}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "e22f5a32021056eab3214c555aefc7eb7b8447f2c680ff2e9f9eb750d7f915ca"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xc845}, @WGPEER_A_ALLOWEDIPS={0x3c, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1c}}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x424, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x37c, 0x9, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x8}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x6, @remote, 0x4}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0xe, @remote, 0x3f35}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x4}]}, {0x40, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @loopback}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x13}, 0x5}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xfffd}]}, {0x24, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x80, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9886ba422ab3bf0466d9a5d5c978449d3a9cee445480c865d732230c7d1458bd"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x64, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x9, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x4}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x8, @empty, 0x130}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @remote}}]}, {0x1c, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xffc0}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x6d4}, 0x1, 0x0, 0x0, 0x4000000}, 0x40040) getsockname(r0, &(0x7f0000000180)=@hci, &(0x7f0000000040)=0x80) 16.450933427s ago: executing program 0 (id=1981): socket$netlink(0x10, 0x3, 0x8) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1a8043, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = eventfd(0xf9) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xfec00000, 0x0, r2}) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d682db9, 0x800) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3007, 0x6, 0x805, 0x100000, 0x10001}) r4 = syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x810042, 0x0, 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=0x0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x89100) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80c81, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x7, r7, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1004000}) ioctl$IOMMU_HWPT_ALLOC$TEST(r6, 0x3b89, &(0x7f0000000140)={0x28, 0x0, r8, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000100)}) ioctl$KVM_CAP_PTP_KVM(r5, 0x4068aea3, &(0x7f0000000180)) r9 = socket(0x2a, 0x2, 0x8) getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtfilter={0x370, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {}, {0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, '.,\\-\\}d'}, @TCA_DEF_PARMS={0x18, 0x2, {0x55b, 0x2, 0x10000000, 0x7, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @filter_kind_options=@f_u32={{0x8}, {0x2d8, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0xf}, @TCA_U32_ACT={0x2c4, 0x7, [@m_simple={0x144, 0xa, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x8, 0x0, 0xffffffffdffffff7, 0x9, 0x7}}, @TCA_DEF_DATA={0xb, 0x3, '.,*UN\xccD'}, @TCA_DEF_DATA={0xc, 0x3, '+(:},{]\x00'}]}, {0xe8, 0x6, "515f19d866b5ab9b545769fd5eedf5d16a811630bdd8fa7596b005fcf615dc6235b36849f3d26715bdd4df3eeb54e1988cd1e1c37a2d7a245348e7c96b94f021459f188b0a2731191060a05187dfdc189f9538ee2db6fa5d0aa84382b40bea9a505d71e59761ba560f76c5c95010f09d239bb707d2ea15a762c9dee069f8d3c4bb994b60e38f656f2639badbe8ce1f88ce1434a25db5bb2d2f1d90f228ea03ee0bc2f94a5d8a4a72b36ec418916bcd6235475f5108f7281177faaf52bb1319e1d2d6770e810cf4fbaaae3dada22c83522148fc02c3eaeb64d4d80af569b9b0f3d9bfbcb8"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_bpf={0x17c, 0x15, 0x0, 0x0, {{0x8}, {0x68, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_OPS={0x4c, 0x4, [{0x2, 0xb0, 0x8, 0x4}, {0x7, 0x5, 0x8, 0x5}, {0x3ff, 0x3, 0xf9, 0x8}, {0x6, 0x3, 0x7f, 0x4}, {0xfffe, 0x5, 0x6, 0x10001}, {0xfffe, 0x6, 0x3}, {0xb, 0x7a, 0xdf, 0x800}, {0x5, 0x2, 0x44, 0x7}, {0x1, 0x0, 0xfd, 0x1843}]}]}, {0xf0, 0x6, "f9fc58c683a9b267e9a1d3031e6dc6553526973375858a095da07480b6ddddccd9dcb0e3e8521fff4593d87e71567c44d6da629c42b7cc791a818c4a12531f0392869b5ac3ab81a4c4460c5ec58b0f5086d4af24cd744c1bd29fa8fe29bc30aa1bab428baeb1cc531395b7e76fb180ebb942d18fcea2775aef77782940b9a0f425d39e5659b8f261d7abae4efe33e221c96edd8298dcfdd4c8cb323a7df2513d9392cb7b1cd58781a9647f5204143f3bc7111f0660dcddc9a5c1c062a023c39aa60a5b92545ce2085d526bd0e7a35a72aecc46c57d28a157b69df72eb250117712fa4a797330c9c8d6384d93"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_U32_CLASSID={0x8, 0x1, {0xfff1, 0x1d}}]}}]}, 0x370}, 0x1, 0x0, 0x0, 0x48805}, 0x40801) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 14.643583213s ago: executing program 0 (id=1985): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) sendmmsg(r0, &(0x7f00000017c0)=[{{&(0x7f00000018c0)=@l2tp6={0xa, 0x500, 0x4000000, @empty, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0) 14.370874138s ago: executing program 0 (id=1986): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_clone3(&(0x7f0000001b40)={0x20001200, &(0x7f0000000000), &(0x7f00000000c0)=0x0, &(0x7f0000000100), {0x2}, &(0x7f0000000140)=""/156, 0x9c, &(0x7f0000000b00)=""/4096, &(0x7f0000001b00)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_uring_setup(0x1028, 0x0) process_vm_writev(r3, &(0x7f0000000500), 0x0, &(0x7f0000002c80)=[{&(0x7f0000000540)=""/19, 0x13}, {&(0x7f0000000580)=""/84, 0x54}, {&(0x7f0000000600)=""/102, 0x66}, {0x0}], 0x4, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000300)={{0xeeef0000, 0x70000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x10}, {0x6000, 0xd000, 0xc, 0x8, 0x0, 0x3, 0x6, 0xb2, 0x8, 0x7, 0x0, 0xff}, {0x3000, 0x0, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0xe2, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4}, {0xdddd0000, 0xd000, 0xd, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x8000000, 0x0, 0x6, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x4000}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x4, 0x0, 0x1]}) close(0x5) close(0x4) openat$sndtimer(0xffffffffffffff9c, 0x0, 0xa1001) r6 = socket(0x40000000015, 0x5, 0x0) r7 = syz_open_dev$dvb_demux(0x0, 0x0, 0x20000) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, &(0x7f00000000c0)={0x100, 0x0, 0x2, 0x15, 0x4}) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, &(0x7f0000000040)={0xeef9, 0x0, 0x3, 0x3b, 0x4}) close_range(r6, 0xffffffffffffffff, 0x0) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 12.173310017s ago: executing program 2 (id=1988): socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x80800) socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500", @ANYRES8=r1], 0x7c}}, 0x24000004) 12.127234755s ago: executing program 3 (id=1989): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x3, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x800) syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r2 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000240)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x11, 0x660f537f, 0x5e}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @multicast2, 0x4f29, 0x3, 'nq\x00', 0x5, 0xc, 0x6c}, {@loopback, 0x4e23, 0x0, 0x1, 0x1}}, 0x44) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 11.08240466s ago: executing program 1 (id=1991): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_clone3(&(0x7f0000001b40)={0x20001200, &(0x7f0000000000), &(0x7f00000000c0)=0x0, &(0x7f0000000100), {0x2}, &(0x7f0000000140)=""/156, 0x9c, &(0x7f0000000b00)=""/4096, &(0x7f0000001b00)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_uring_setup(0x1028, 0x0) process_vm_writev(r3, &(0x7f0000000500), 0x0, &(0x7f0000002c80)=[{&(0x7f0000000540)=""/19, 0x13}, {&(0x7f0000000580)=""/84, 0x54}, {&(0x7f0000000600)=""/102, 0x66}, {0x0}], 0x4, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000300)={{0xeeef0000, 0x70000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x10}, {0x6000, 0xd000, 0xc, 0x8, 0x0, 0x3, 0x6, 0xb2, 0x8, 0x7, 0x0, 0xff}, {0x3000, 0x0, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0xe2, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4}, {0xdddd0000, 0xd000, 0xd, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x8000000, 0x0, 0x6, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x4000}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x4, 0x0, 0x1]}) close(0x5) close(0x4) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001) r6 = socket(0x40000000015, 0x5, 0x0) r7 = syz_open_dev$dvb_demux(0x0, 0x0, 0x20000) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, 0x0) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, &(0x7f0000000040)={0xeef9, 0x0, 0x3, 0x3b, 0x4}) close_range(r6, 0xffffffffffffffff, 0x0) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 10.913615766s ago: executing program 4 (id=1992): creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4c) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000002, 0x31, 0xffffffffffffffff, 0x1000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) socket$can_raw(0x1d, 0x3, 0x1) sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844) bpf$MAP_CREATE(0x0, 0x0, 0x50) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0x2, 0x4e23, 0x0, @private0, 0x4}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x2) connect$inet6(r3, &(0x7f0000000800)={0xa, 0x4e24, 0xc0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xc58e}, 0x1c) writev(r4, &(0x7f0000001200)=[{0x0}], 0x1) syz_open_dev$sg(0x0, 0x0, 0x40100) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r6 = socket(0xa, 0x2, 0x0) setsockopt$sock_int(r6, 0x1, 0x2e, &(0x7f0000000040)=0x4, 0x4) readv(r6, &(0x7f0000003600)=[{&(0x7f0000002340)=""/138, 0x8a}], 0x1) 10.635495167s ago: executing program 2 (id=1993): socket$netlink(0x10, 0x3, 0x8) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1a8043, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = eventfd(0xf9) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xfec00000, 0x0, r2}) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d682db9, 0x800) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3007, 0x6, 0x805, 0x100000, 0x10001}) r4 = syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x810042, 0x0, 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=0x0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r5 = socket(0x2a, 0x2, 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000680)=ANY=[], 0x44}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtfilter={0x370, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, '.,\\-\\}d'}, @TCA_DEF_PARMS={0x18, 0x2, {0x55b, 0x2, 0x10000000, 0x7, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @filter_kind_options=@f_u32={{0x8}, {0x2d8, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0xf}, @TCA_U32_ACT={0x2c4, 0x7, [@m_simple={0x144, 0xa, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x8, 0x0, 0xffffffffdffffff7, 0x9, 0x7}}, @TCA_DEF_DATA={0xb, 0x3, '.,*UN\xccD'}, @TCA_DEF_DATA={0xc, 0x3, '+(:},{]\x00'}]}, {0xe8, 0x6, "515f19d866b5ab9b545769fd5eedf5d16a811630bdd8fa7596b005fcf615dc6235b36849f3d26715bdd4df3eeb54e1988cd1e1c37a2d7a245348e7c96b94f021459f188b0a2731191060a05187dfdc189f9538ee2db6fa5d0aa84382b40bea9a505d71e59761ba560f76c5c95010f09d239bb707d2ea15a762c9dee069f8d3c4bb994b60e38f656f2639badbe8ce1f88ce1434a25db5bb2d2f1d90f228ea03ee0bc2f94a5d8a4a72b36ec418916bcd6235475f5108f7281177faaf52bb1319e1d2d6770e810cf4fbaaae3dada22c83522148fc02c3eaeb64d4d80af569b9b0f3d9bfbcb8"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_bpf={0x17c, 0x15, 0x0, 0x0, {{0x8}, {0x68, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_OPS={0x4c, 0x4, [{0x2, 0xb0, 0x8, 0x4}, {0x7, 0x5, 0x8, 0x5}, {0x3ff, 0x3, 0xf9, 0x8}, {0x6, 0x3, 0x7f, 0x4}, {0xfffe, 0x5, 0x6, 0x10001}, {0xfffe, 0x6, 0x3}, {0xb, 0x7a, 0xdf, 0x800}, {0x5, 0x2, 0x44, 0x7}, {0x1, 0x0, 0xfd, 0x1843}]}]}, {0xf0, 0x6, "f9fc58c683a9b267e9a1d3031e6dc6553526973375858a095da07480b6ddddccd9dcb0e3e8521fff4593d87e71567c44d6da629c42b7cc791a818c4a12531f0392869b5ac3ab81a4c4460c5ec58b0f5086d4af24cd744c1bd29fa8fe29bc30aa1bab428baeb1cc531395b7e76fb180ebb942d18fcea2775aef77782940b9a0f425d39e5659b8f261d7abae4efe33e221c96edd8298dcfdd4c8cb323a7df2513d9392cb7b1cd58781a9647f5204143f3bc7111f0660dcddc9a5c1c062a023c39aa60a5b92545ce2085d526bd0e7a35a72aecc46c57d28a157b69df72eb250117712fa4a797330c9c8d6384d93"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_U32_CLASSID={0x8, 0x1, {0xfff1, 0x1d}}]}}]}, 0x370}, 0x1, 0x0, 0x0, 0x48805}, 0x40801) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 9.890963615s ago: executing program 2 (id=1994): bind$l2tp6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xb91e9c5a8444a131, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x40281, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000000000)=0x1) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x8854) unshare(0x6020400) socket$unix(0x1, 0x2, 0x0) unshare(0x22020400) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f00000007c0)={0xf0f023}) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xec, 0xec, 0x424, 0x0, 0x1cc, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x80]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xff}}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@hbh={{0x48}, {0x8, 0x2, 0x0, [0x905, 0xfffe, 0x4, 0x4, 0x68e, 0xffff, 0x6, 0x7, 0x6, 0x7, 0xfff7, 0x9, 0xffff, 0x8, 0x2, 0x9], 0xa}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8) 9.715309373s ago: executing program 4 (id=1995): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_clone3(&(0x7f0000001b40)={0x20001200, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x2}, &(0x7f0000000140)=""/156, 0x9c, 0x0, &(0x7f0000001b00)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) io_uring_setup(0x1028, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}}, 0xc800) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(r5, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}, 0x29c}], 0x1, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000000301019e"], 0x38}}, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, 0x0) close(0x5) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 8.429870172s ago: executing program 0 (id=1996): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) sendmmsg(r0, &(0x7f00000017c0)=[{{&(0x7f00000018c0)=@l2tp6={0xa, 0x500, 0x4000000, @empty, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0) 8.299791128s ago: executing program 0 (id=1997): unshare(0x64000600) syz_usb_connect(0x5a51613e9f312c1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009b23fd406d04c1088dee000000410902"], 0x0) r0 = socket$inet(0x2, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_clone3(&(0x7f0000000280)={0x20000, &(0x7f0000000080)=0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100), {0xc}, &(0x7f0000000140)=""/188, 0xbc, &(0x7f0000000200), &(0x7f0000000240)=[0x0, 0xffffffffffffffff], 0x2}, 0x58) ioctl$OCFS2_IOC_GROUP_ADD(r2, 0x40186f02, &(0x7f0000000300)={0xfffffffffffffff9, 0x5, 0xfffffe00, 0x530}) syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000200000040f003040040000102030109022403fd05090400e5020701010909050102000435a907090582020800071005"], &(0x7f0000000580)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x300, 0x5, 0x7, 0xfd, 0x8, 0xf0}, 0xee, &(0x7f0000000380)={0x5, 0xf, 0xee, 0x5, [@wireless={0xb, 0x10, 0x1, 0x8, 0x1d, 0x3e, 0x1, 0x1, 0x4}, @generic={0xc6, 0x10, 0x2, "a3fd8a8f3ff0bf37ba5c28f5b16d4efb14ca7aca88230040e480bb77fe5307c876493d4020e44ef7b6def4a9b6142c80557faf960c26587308d6c86599c873ce4024f4494a9b41916b51f94a6fadd8459efc2a68ac86459c6078f06c5896c0dda0e4f565ca6911b0232a6ee2248e70f319ee8d7aa27e481cac91b0d5c90b1174e43205e2839ce3114b8b08e681f7208a742f57ce83505dcba7f9feca371ba2efa727bf1b9f2182f55f0c389e51ec0e56203950da90b19c4e3afcbf6189d4f242dc101d"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x3, 0x0, 0x101}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4, 0x1, 0x82, 0x3ff, 0x7}]}, 0x1, [{0xeb, &(0x7f0000000480)=@string={0xeb, 0x3, "118346accbf0beab4f87f7be90c8ebfe7460bfcde0c32227e29ccb089c26bf992593c2d8cbd756ab621f72c8b3245fbb614dc14d58f9e158d31cd979a1b9e56efc7b7f34be59c6c505b426338fd5de5b94216579127af02156884d8b43536bd536015c911fe5f6f158f7d7a949f9b6a284ca97b18414c5096d383375cee4d7bd22e80fe94e17468fa08fae4413994cb644f74397dc3a7468b331a5e5f6f353ff00f5ec890c32d27fe07b6b497c0d32f84e69cc7f7e3c7a0abd208646228f37bf67836e200cd84fd2360b6f231056bf115795c77cc1c059e2c583c1ae992be9aa25a6de723c49f14c05"}}]}) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x7a) r4 = inotify_init() inotify_add_watch(r4, &(0x7f0000000440)='.\x00', 0x449) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x6a, 0x0, &(0x7f0000000480)="07003d8cfa7dbecb9093317efc4e550fe40f9d55dfe5b573b9861c207b358592cca77412039e58ef41cb725dc463f283798900589cc275a3f91190a5ea9235ae83bfac8ecc05032000246ad645e09c87c5a817ef4b935f4509ccfb39e1106269dcd6a2a0b9abd30f947e", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) write$binfmt_elf32(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000980)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSET={0x160, 0xb, 0xa, 0x502, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x25}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_DESC={0x128, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0xb4, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x835}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8aa1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xd3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x10000}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x200}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x979a}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x100}, @NFTA_SET_DESC_CONCAT={0x58, 0x2, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xf0}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xe}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0xef}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSETELEM={0x1c, 0xe, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELTABLE={0x134, 0x2, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0xfe, 0x6, "752f549551d43356224aaec46a8961a0ff90510fe6acbdf5524ef51b858674b1d0a489d30655c95232c6b18979f0edc7c9fdd97cc1a9d0287e21ce6a3ef8caf4183b5095107953f7b83b184a33db8651cd24584e32d6edf0ac31e6eb1e2d5ab4e608ceafe58333de5f228d54ee1c0601cb734cc2145a75cfc14b3337ec81781d5b728ccc1bcbac5a83852e1a399f6c3888433290bc4d7bf7063860e1ec07ae2f5dc76a6b3b9ef5de444f65dce9faf5dce73a955a1176da637b7c3e93242adbe8cf3bbfdfe15760b5ea124b82892cb40d9712b204ad32a095e819149583b142a0191ba58b2b14d09f0aa43e78befd493ed959c5bd405b92d8f5d7"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x7f}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x30c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r7, 0x1}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000040)={0x10, 0x0, 0x1, r7}) close(r3) socket$inet6_tcp(0xa, 0x1, 0x0) execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fcntl$addseals(r1, 0x409, 0x8) 7.583123434s ago: executing program 2 (id=1998): socket$netlink(0x10, 0x3, 0x8) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1a8043, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = eventfd(0xf9) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xfec00000, 0x0, r2}) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d682db9, 0x800) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3007, 0x6, 0x805, 0x100000, 0x10001}) r4 = syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x810042, 0x0, 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=0x0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x89100) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80c81, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x7, r7, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1004000}) ioctl$IOMMU_HWPT_ALLOC$TEST(r6, 0x3b89, &(0x7f0000000140)={0x28, 0x0, r8, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000100)}) ioctl$KVM_CAP_PTP_KVM(r5, 0x4068aea3, &(0x7f0000000180)) r9 = socket(0x2a, 0x2, 0x8) getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtfilter={0x370, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {}, {0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, '.,\\-\\}d'}, @TCA_DEF_PARMS={0x18, 0x2, {0x55b, 0x2, 0x10000000, 0x7, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @filter_kind_options=@f_u32={{0x8}, {0x2d8, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0xf}, @TCA_U32_ACT={0x2c4, 0x7, [@m_simple={0x144, 0xa, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x8, 0x0, 0xffffffffdffffff7, 0x9, 0x7}}, @TCA_DEF_DATA={0xb, 0x3, '.,*UN\xccD'}, @TCA_DEF_DATA={0xc, 0x3, '+(:},{]\x00'}]}, {0xe8, 0x6, "515f19d866b5ab9b545769fd5eedf5d16a811630bdd8fa7596b005fcf615dc6235b36849f3d26715bdd4df3eeb54e1988cd1e1c37a2d7a245348e7c96b94f021459f188b0a2731191060a05187dfdc189f9538ee2db6fa5d0aa84382b40bea9a505d71e59761ba560f76c5c95010f09d239bb707d2ea15a762c9dee069f8d3c4bb994b60e38f656f2639badbe8ce1f88ce1434a25db5bb2d2f1d90f228ea03ee0bc2f94a5d8a4a72b36ec418916bcd6235475f5108f7281177faaf52bb1319e1d2d6770e810cf4fbaaae3dada22c83522148fc02c3eaeb64d4d80af569b9b0f3d9bfbcb8"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_bpf={0x17c, 0x15, 0x0, 0x0, {{0x8}, {0x68, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_OPS={0x4c, 0x4, [{0x2, 0xb0, 0x8, 0x4}, {0x7, 0x5, 0x8, 0x5}, {0x3ff, 0x3, 0xf9, 0x8}, {0x6, 0x3, 0x7f, 0x4}, {0xfffe, 0x5, 0x6, 0x10001}, {0xfffe, 0x6, 0x3}, {0xb, 0x7a, 0xdf, 0x800}, {0x5, 0x2, 0x44, 0x7}, {0x1, 0x0, 0xfd, 0x1843}]}]}, {0xf0, 0x6, "f9fc58c683a9b267e9a1d3031e6dc6553526973375858a095da07480b6ddddccd9dcb0e3e8521fff4593d87e71567c44d6da629c42b7cc791a818c4a12531f0392869b5ac3ab81a4c4460c5ec58b0f5086d4af24cd744c1bd29fa8fe29bc30aa1bab428baeb1cc531395b7e76fb180ebb942d18fcea2775aef77782940b9a0f425d39e5659b8f261d7abae4efe33e221c96edd8298dcfdd4c8cb323a7df2513d9392cb7b1cd58781a9647f5204143f3bc7111f0660dcddc9a5c1c062a023c39aa60a5b92545ce2085d526bd0e7a35a72aecc46c57d28a157b69df72eb250117712fa4a797330c9c8d6384d93"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_U32_CLASSID={0x8, 0x1, {0xfff1, 0x1d}}]}}]}, 0x370}, 0x1, 0x0, 0x0, 0x48805}, 0x40801) socket$netlink(0x10, 0x3, 0x0) 6.872395324s ago: executing program 3 (id=1999): bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a0300000000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet(0x2, 0x3, 0x30) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, 0x0, &(0x7f0000000080)) 6.492960341s ago: executing program 3 (id=2000): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0xbd, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x1}], 0x1}, 0x41) syz_emit_ethernet(0x6a, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0008004503005c00000000402f907800000000e0000001348022eb000000000000100008000000000086dd080088be00000000100000000100000000000000080022eb00000000200000020200000000000000000458000008006558000000"], 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000540)='net/ip_tables_targets\x00') ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x92, 0x0, 0x3, 0xd59f80, 0x5, 0x2800, 0x10, 0x3, 0x2, 0x2800, 0x0, 0x0, 0x0, 0x1, 0x10, {0x401}, 0xce, 0x9}}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x900, 0x12) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c0f0000000000001a0004000000000000000000000000000000000015e0df874f430546c881aaa7775eeff544392448a53bbc"], 0x1c}}, 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000fedbdf250600000008000300", @ANYRES32=r7, @ANYBLOB="0c009900fb0a00006e00000008000500030000000a00e8943efc27d5a5c8c09ce1c904369100ffffffffffff00000c00178004000300040003001c02d727a1b96b69a9939da1f8058c7efd00e700c768b1b1007152aab72d0f101ae019b8d791e234f51d15d810498764c2b7d16ac5abb5456ba5adb796eddfa5e6efd4448834312057383a90b7dc617f206c54d560d65e061703ca8f00b0bcd5041fc7718aacbae9731f629e84966e04acf7f10860e614c9e203000000b9f2ac106de12c72e355b134aeac5ea5772106a3d47eb6b47fb20886460a81234b17e1d1f154a51c9826e952ad06e6b994d12de3b40092988b106d41e52c4bb5c663e0dfd555e656f079ea9f8fdc8060bd7df85f09"], 0x64}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r7, @ANYBLOB="36000e008000fc00ffffffffffff08021100000008021100000000000000000000000000640003082503008401710701ffff0000bc680000080026006c090000050018013a00000008000d00fdffffff"], 0x74}}, 0x0) 4.894112131s ago: executing program 1 (id=2001): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000380)=ANY=[@ANYBLOB="66643d9a0959bb17b39f2c68bf3b47c7cdcf90d8931b799d4aded5426aa1d4dde94c84dbbfb3abe344bb379a86dd91b2d420d89eac6aeff8b7b7dc476ab3dc729c4e7ed3dc9922407cf55de40233ec52882ad52a97666d8be1fff4797f6a8a", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)) 3.565669494s ago: executing program 0 (id=2002): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x3, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x800) syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r2 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000240)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x11, 0x660f537f, 0x5e}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @multicast2, 0x4f29, 0x3, 'nq\x00', 0x5, 0xc, 0x6c}, {@loopback, 0x4e23, 0x0, 0x1, 0x1}}, 0x44) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 2.598877676s ago: executing program 4 (id=2003): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000909010073797a30000000000800"], 0xe4}, 0x1, 0x0, 0x0, 0x8801}, 0x20050840) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000200)={'veth0_to_team\x00', 0x0}) r0 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0800002c0007012bbd7000000000e5087c00000c0098800600060084a2d80009800280040071008c1900000000", @ANYRES32, @ANYRES8=r0], 0x85c}}, 0xc000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='cpuacct.usage_sys\x00', 0x275a, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r2, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newqdisc={0xe0, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@TCA_STAB={0x80, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x6, 0x2, 0x9, 0x1, 0x2, 0x6, 0x6}}, {0x10, 0x2, [0xa, 0x4, 0x5, 0x6, 0x1, 0xa]}}, {{0x1c, 0x1, {0x0, 0x5, 0x3896, 0x80, 0x2, 0xf, 0xb, 0x4}}, {0xc, 0x2, [0x2, 0xfff, 0x7f, 0x6]}}, {{0x45, 0x1, {0xa3, 0x6, 0x4, 0x7, 0x0, 0x9, 0xa, 0x4}}, {0xc, 0x2, [0x3389, 0x4, 0x600, 0x2]}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x5}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x5}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x7}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x7}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}]}}]}, 0xe0}}, 0x4000010) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r5, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000003c0)=""/234, 0xea}, {&(0x7f00000006c0)=""/116, 0x74}, {&(0x7f0000000840)=""/165, 0xa5}, {&(0x7f0000000740)=""/232, 0xe8}, {&(0x7f00000072c0)=""/4108, 0x100c}, {&(0x7f00000001c0)=""/61, 0x3d}, {&(0x7f0000000b80)=""/209, 0xd1}, {&(0x7f0000000c80)=""/154, 0x9a}, {&(0x7f0000000e80)=""/103, 0x67}], 0x9}, 0x70004}, {{0x0, 0x0, 0x0}, 0x9}], 0x2, 0x100, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2}, 0x1c) r7 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r7, 0xc05c6104, &(0x7f00000001c0)={"1b000500", 0x1100, 0x5, 0x2, 0x800, 0x40, "f759e100edc710000000d9fc6300", '\x00', "0300", "e8cc1304", ["8b59b4d766cbd6e4af000700", "c2fed6e1dcc98a1c907c6b40", '\x00', "0000000000000000001000"]}) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) sendto$packet(r8, &(0x7f0000000440)="cddf", 0x2, 0x20008801, &(0x7f0000000200)={0x11, 0x88a8, r9, 0x1, 0x0, 0x6, @remote}, 0x14) mq_timedsend(r1, &(0x7f0000000fc0)="983e40918ce57ca50878c82e6267a96a8c2526a1cff7b34c2a1ca4de08ae69e42a944efdfb88d91ef7ac9bdb6d503b099ba4da4647d339a0fec392f6f7cdc6295dc0912c5e9778e8db5f6bd0d362defc20d60fe2a279fa7a63a38339c0dbaf6e9f3bbe4368fcf0e97c84f9f4f77f7bb571b10781d364a15190ae330186228d6db9506e7c512bed83d4efc70d4830d388fd3678995effb6f1663f9967ca91834c6f634d094dad896c0def44a5b9bb53109545d74c", 0xb4, 0x0, &(0x7f0000001080)={0x77359400}) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) r10 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r10, 0x0, 0x60, &(0x7f00000008c0)={'filter\x00', 0x7, 0x4, 0x3e0, 0x1e8, 0x1e8, 0x1e8, 0x2f8, 0x2f8, 0x1e8, 0x4, 0x0, {[{{@arp={@broadcast, @dev={0xac, 0x14, 0x14, 0x13}, 0x3b8cce7e0d3c366d, 0xffffff00, 0xd, 0xe, {@mac, {[0x0, 0xff, 0xff, 0x0, 0xff]}}, {@mac=@local, {[0xff, 0x0, 0x0, 0xff, 0xff]}}, 0x4, 0x8, 0x1, 0x10, 0x8000, 0x4, 'pim6reg1\x00', 'veth0_to_team\x00', {0xff}, {0xff}, 0x0, 0x2}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0xc0, 0x4, {0xbc84}}}}, {{@arp={@local, @multicast1, 0xffffff00, 0xff000000, 0xc, 0x8, {@mac=@local, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff, 0xff]}}, 0x3, 0x8, 0x100, 0x2f, 0x0, 0x4, 'vxcan1\x00', 'wg2\x00', {}, {0xff}, 0x0, 0x340}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x7}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, 0xf, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x7, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000000000000000000000000000000000400", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x7ffffffffffffffc]}}) 2.33395349s ago: executing program 3 (id=2004): r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x40084504, &(0x7f0000ffcffc)) mremap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83c00288000000000000000000000000000aaff02000000000000000000000000000106"], 0xffe) 2.208202613s ago: executing program 2 (id=2005): eventfd2(0x74a6, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) connect$can_j1939(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x4}, 0x4) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close(0x4) 2.008044614s ago: executing program 4 (id=2006): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$XFS_IOC_FSGEOMETRY_V1(r0, 0x80705864, &(0x7f0000000300)) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0xfffffffffffffea6) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r3, 0x7, 0x8000}, 0xc) r4 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@remote, @in6=@dev}}, {{@in6=@local}, 0x0, @in6=@local}}, &(0x7f0000000500)=0xe8) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast2}, 0x10) r5 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r5, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x3f, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x401, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2000a, 0x600a8}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x24008040) ioctl$SIOCSIFHWADDR(r1, 0x89b1, &(0x7f0000000000)={'ip_vti0\x00', @local}) r7 = socket$inet_udp(0x2, 0x2, 0x0) getpeername(r1, &(0x7f00000001c0)=@nfc, &(0x7f0000000240)=0x80) getsockopt$inet_mreq(r7, 0x0, 0x20, &(0x7f0000000140)={@loopback, @loopback}, 0x0) r8 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r8, &(0x7f0000000100)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e21, @local}}, 0x24) 1.839710357s ago: executing program 3 (id=2007): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) sendmmsg(r0, &(0x7f00000017c0)=[{{&(0x7f00000018c0)=@l2tp6={0xa, 0x500, 0x4000000, @empty, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0) 1.752723621s ago: executing program 3 (id=2008): r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc040564a, &(0x7f0000000140)={0x0, 0xfff7fffe, @name="4ad1fb9972f42cd74f1d3044dcd7afafc9608891f51d12811f98be33ca50b197"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = fsopen(&(0x7f0000000480)='adfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000040)='uid', &(0x7f0000000180)='\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x89\x81{\xfc$\xc4\xbcF\xf8H\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\x80\xf2a\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\xc3T6\x94\n\xa4\x9cU\xc4\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR- X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f\xb1:K2v\xdb\xdd\xa6\xd0\x1d\x0e\x12\x13,*oP\x178-\x1cj\x16Q\"\x01\x02&0;\xf3j\xa7\xc0\xed\x8d\x9b}aK\xdcb7\xf8\xd6\xads\\\a\xae\xb0\v\xef\xe2\b\xcfB\xe68\xe5\xa4\xda\x97\xf8\xe2:\xae\x16\x97tZ\xc5\xa4z.PL_\xda\x1f\xbd\x9e\x16q\xb7E-\x10/\x85\x01\xbc\x8b~\xd4i\xbf\xf9\t\xb5', 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000340)=ANY=[@ANYRES8=r2], 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r4, @ANYRES16], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0) 1.663860523s ago: executing program 4 (id=2009): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x3, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x800) syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r2 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000240)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x11, 0x660f537f, 0x5e}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @multicast2, 0x4f29, 0x3, 'nq\x00', 0x5, 0xc, 0x6c}, {@loopback, 0x4e23, 0x0, 0x1, 0x1}}, 0x44) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.491763231s ago: executing program 1 (id=2010): socket$netlink(0x10, 0x3, 0x8) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1a8043, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = eventfd(0xf9) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xfec00000, 0x0, r2}) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d682db9, 0x800) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3007, 0x6, 0x805, 0x100000, 0x10001}) r4 = syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x810042, 0x0, 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=0x0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x89100) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80c81, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x7, r7, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1004000}) ioctl$IOMMU_HWPT_ALLOC$TEST(r6, 0x3b89, &(0x7f0000000140)={0x28, 0x0, r8, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000100)}) ioctl$KVM_CAP_PTP_KVM(r5, 0x4068aea3, &(0x7f0000000180)) r9 = socket(0x2a, 0x2, 0x8) getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=@newtfilter={0x370, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {}, {0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, '.,\\-\\}d'}, @TCA_DEF_PARMS={0x18, 0x2, {0x55b, 0x2, 0x10000000, 0x7, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @filter_kind_options=@f_u32={{0x8}, {0x2d8, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0xf}, @TCA_U32_ACT={0x2c4, 0x7, [@m_simple={0x144, 0xa, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x8, 0x0, 0xffffffffdffffff7, 0x9, 0x7}}, @TCA_DEF_DATA={0xb, 0x3, '.,*UN\xccD'}, @TCA_DEF_DATA={0xc, 0x3, '+(:},{]\x00'}]}, {0xe8, 0x6, "515f19d866b5ab9b545769fd5eedf5d16a811630bdd8fa7596b005fcf615dc6235b36849f3d26715bdd4df3eeb54e1988cd1e1c37a2d7a245348e7c96b94f021459f188b0a2731191060a05187dfdc189f9538ee2db6fa5d0aa84382b40bea9a505d71e59761ba560f76c5c95010f09d239bb707d2ea15a762c9dee069f8d3c4bb994b60e38f656f2639badbe8ce1f88ce1434a25db5bb2d2f1d90f228ea03ee0bc2f94a5d8a4a72b36ec418916bcd6235475f5108f7281177faaf52bb1319e1d2d6770e810cf4fbaaae3dada22c83522148fc02c3eaeb64d4d80af569b9b0f3d9bfbcb8"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_bpf={0x17c, 0x15, 0x0, 0x0, {{0x8}, {0x68, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_OPS={0x4c, 0x4, [{0x2, 0xb0, 0x8, 0x4}, {0x7, 0x5, 0x8, 0x5}, {0x3ff, 0x3, 0xf9, 0x8}, {0x6, 0x3, 0x7f, 0x4}, {0xfffe, 0x5, 0x6, 0x10001}, {0xfffe, 0x6, 0x3}, {0xb, 0x7a, 0xdf, 0x800}, {0x5, 0x2, 0x44, 0x7}, {0x1, 0x0, 0xfd, 0x1843}]}]}, {0xf0, 0x6, "f9fc58c683a9b267e9a1d3031e6dc6553526973375858a095da07480b6ddddccd9dcb0e3e8521fff4593d87e71567c44d6da629c42b7cc791a818c4a12531f0392869b5ac3ab81a4c4460c5ec58b0f5086d4af24cd744c1bd29fa8fe29bc30aa1bab428baeb1cc531395b7e76fb180ebb942d18fcea2775aef77782940b9a0f425d39e5659b8f261d7abae4efe33e221c96edd8298dcfdd4c8cb323a7df2513d9392cb7b1cd58781a9647f5204143f3bc7111f0660dcddc9a5c1c062a023c39aa60a5b92545ce2085d526bd0e7a35a72aecc46c57d28a157b69df72eb250117712fa4a797330c9c8d6384d93"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_U32_CLASSID={0x8, 0x1, {0xfff1, 0x1d}}]}}]}, 0x370}, 0x1, 0x0, 0x0, 0x48805}, 0x40801) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.272290419s ago: executing program 2 (id=2011): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_clone3(&(0x7f0000001b40)={0x20001200, &(0x7f0000000000), &(0x7f00000000c0)=0x0, &(0x7f0000000100), {0x2}, &(0x7f0000000140)=""/156, 0x9c, &(0x7f0000000b00)=""/4096, &(0x7f0000001b00)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_uring_setup(0x1028, 0x0) process_vm_writev(r3, &(0x7f0000000500), 0x0, &(0x7f0000002c80)=[{&(0x7f0000000540)=""/19, 0x13}, {&(0x7f0000000580)=""/84, 0x54}, {&(0x7f0000000600)=""/102, 0x66}, {0x0}], 0x4, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000300)={{0xeeef0000, 0x70000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x10}, {0x6000, 0xd000, 0xc, 0x8, 0x0, 0x3, 0x6, 0xb2, 0x8, 0x7, 0x0, 0xff}, {0x3000, 0x0, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0xe2, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4}, {0xdddd0000, 0xd000, 0xd, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x8000000, 0x0, 0x6, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x4000}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x4, 0x0, 0x1]}) close(0x5) close(0x4) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001) r6 = socket(0x40000000015, 0x5, 0x0) r7 = syz_open_dev$dvb_demux(0x0, 0x0, 0x20000) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, &(0x7f00000000c0)={0x100, 0x0, 0x2, 0x15, 0x4}) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 871.002281ms ago: executing program 1 (id=2012): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0xd) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) dup(r3) r4 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000040)={0xc0002009}) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x52f}) getpid() r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x6, 0x3}, 0x4) r6 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r6, &(0x7f0000000040)={0x18, 0x0, {0x4001, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r6, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) 0s ago: executing program 4 (id=2013): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_clone3(&(0x7f0000001b40)={0x20001200, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x2}, &(0x7f0000000140)=""/156, 0x9c, 0x0, &(0x7f0000001b00)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) io_uring_setup(0x1028, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}}, 0xc800) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(r5, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}, 0x29c}], 0x1, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000000301019e"], 0x38}}, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, 0x0) close(0x5) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) kernel console output (not intermixed with test programs): 1272][T11059] usb 2-1: Product: syz [ 442.170382][T11059] usb 2-1: Manufacturer: syz [ 442.181681][T11059] usb 2-1: SerialNumber: syz [ 442.313305][ T5704] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.339635][ T5704] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.361616][ T5704] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 442.391604][ T5704] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.418453][ T5704] usb 3-1: config 0 descriptor?? [ 442.535321][T11059] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 442.559856][T11059] usb 2-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 442.581003][T11059] usb 2-1: 2:1 : invalid channels 0 [ 442.658776][T11059] usb 2-1: USB disconnect, device number 82 [ 443.069041][ T5704] usb 3-1: language id specifier not provided by device, defaulting to English [ 443.234282][T12098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1762'. [ 443.266670][T12098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1762'. [ 443.281679][T12097] syzkaller0: entered promiscuous mode [ 443.293285][T12097] syzkaller0: entered allmulticast mode [ 443.307606][T12098] bridge0: port 4(veth0_to_bridge) entered blocking state [ 443.316553][T12098] bridge0: port 4(veth0_to_bridge) entered disabled state [ 443.324041][T12098] veth0_to_bridge: entered allmulticast mode [ 443.331441][T12098] veth0_to_bridge: entered promiscuous mode [ 443.337545][T12098] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 443.350737][T12098] bridge0: port 4(veth0_to_bridge) entered blocking state [ 443.358003][T12098] bridge0: port 4(veth0_to_bridge) entered forwarding state [ 443.682258][T12074] openvswitch: netlink: IP tunnel dst address not specified [ 443.689916][T12074] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 443.744657][T12119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 443.777668][T12119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 443.793529][ T5704] uclogic 0003:256C:006D.0013: failed retrieving string descriptor #100: -71 [ 443.813325][T12119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 443.821889][ T5704] uclogic 0003:256C:006D.0013: failed retrieving pen parameters: -71 [ 443.840426][ T5704] uclogic 0003:256C:006D.0013: failed probing pen v1 parameters: -71 [ 443.849577][T12119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 443.871943][ T5704] uclogic 0003:256C:006D.0013: failed probing parameters: -71 [ 443.897176][ T5704] uclogic 0003:256C:006D.0013: probe with driver uclogic failed with error -71 [ 443.943757][ T5704] usb 3-1: USB disconnect, device number 63 [ 444.269053][T12129] netlink: 'syz.1.1769': attribute type 1 has an invalid length. [ 444.310664][T12129] 8021q: adding VLAN 0 to HW filter on device bond2 [ 444.363817][T12129] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1769'. [ 444.379561][T12129] bond2: entered promiscuous mode [ 444.417095][T12129] bond2: (slave dummy0): making interface the new active one [ 444.433463][T12136] FAULT_INJECTION: forcing a failure. [ 444.433463][T12136] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 444.455816][T12129] dummy0: entered promiscuous mode [ 444.480327][T12129] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 444.504200][T12136] CPU: 0 UID: 0 PID: 12136 Comm: syz.2.1770 Tainted: G L syzkaller #0 PREEMPT(full) [ 444.504235][T12136] Tainted: [L]=SOFTLOCKUP [ 444.504243][T12136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 444.504256][T12136] Call Trace: [ 444.504265][T12136] [ 444.504274][T12136] dump_stack_lvl+0xe8/0x150 [ 444.504303][T12136] should_fail_ex+0x40c/0x560 [ 444.504338][T12136] _copy_from_iter+0x1d3/0x1660 [ 444.504364][T12136] ? rcu_is_watching+0x15/0xb0 [ 444.504388][T12136] ? __pfx__copy_from_iter+0x10/0x10 [ 444.504409][T12136] ? kmem_cache_alloc_node_noprof+0x3ca/0x680 [ 444.504438][T12136] ? netlink_sendmsg+0x650/0xb40 [ 444.504469][T12136] ? skb_put+0x112/0x210 [ 444.504496][T12136] netlink_sendmsg+0x6c0/0xb40 [ 444.504529][T12136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.504559][T12136] ? aa_sock_msg_perm+0xf1/0x1b0 [ 444.504590][T12136] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 444.504621][T12136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.504651][T12136] ____sys_sendmsg+0x9b9/0xa20 [ 444.504683][T12136] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.504712][T12136] ? lock_release+0x4b/0x3c0 [ 444.504745][T12136] ? import_iovec+0x73/0xa0 [ 444.504770][T12136] ___sys_sendmsg+0x2a5/0x360 [ 444.504821][T12136] ? rcu_is_watching+0x15/0xb0 [ 444.504841][T12136] ? get_pid_task+0x20/0x1f0 [ 444.504862][T12136] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.504892][T12136] ? rcu_is_watching+0x15/0xb0 [ 444.504926][T12136] ? __fget_files+0x2a/0x420 [ 444.504946][T12136] ? __fget_files+0x3a2/0x420 [ 444.504972][T12136] __x64_sys_sendmsg+0x1b1/0x290 [ 444.505001][T12136] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 444.505036][T12136] ? rcu_is_watching+0x15/0xb0 [ 444.505058][T12136] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.505080][T12136] do_syscall_64+0x174/0x580 [ 444.505105][T12136] ? trace_irq_disable+0x3b/0x140 [ 444.505134][T12136] ? clear_bhb_loop+0x40/0x90 [ 444.505158][T12136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.505179][T12136] RIP: 0033:0x7fdfd8d9ce59 [ 444.505198][T12136] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 444.505217][T12136] RSP: 002b:00007fdfd9cc3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.505239][T12136] RAX: ffffffffffffffda RBX: 00007fdfd9015fa0 RCX: 00007fdfd8d9ce59 [ 444.505255][T12136] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 444.505269][T12136] RBP: 00007fdfd9cc3090 R08: 0000000000000000 R09: 0000000000000000 [ 444.505283][T12136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.505296][T12136] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 444.505320][T12136] [ 444.875693][T12142] FAULT_INJECTION: forcing a failure. [ 444.875693][T12142] name failslab, interval 1, probability 0, space 0, times 0 [ 444.903687][T12142] CPU: 1 UID: 0 PID: 12142 Comm: syz.2.1772 Tainted: G L syzkaller #0 PREEMPT(full) [ 444.903722][T12142] Tainted: [L]=SOFTLOCKUP [ 444.903730][T12142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 444.903742][T12142] Call Trace: [ 444.903751][T12142] [ 444.903760][T12142] dump_stack_lvl+0xe8/0x150 [ 444.903788][T12142] should_fail_ex+0x40c/0x560 [ 444.903823][T12142] should_failslab+0xa8/0x100 [ 444.903852][T12142] ? skb_clone+0x212/0x3a0 [ 444.903882][T12142] kmem_cache_alloc_noprof+0x87/0x650 [ 444.903909][T12142] skb_clone+0x212/0x3a0 [ 444.903938][T12142] __netlink_deliver_tap+0x413/0x860 [ 444.903974][T12142] ? netlink_deliver_tap+0x2e/0x1b0 [ 444.904003][T12142] netlink_deliver_tap+0x19c/0x1b0 [ 444.904032][T12142] netlink_unicast+0x77f/0x940 [ 444.904063][T12142] netlink_sendmsg+0x813/0xb40 [ 444.904105][T12142] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.904136][T12142] ? aa_sock_msg_perm+0xf1/0x1b0 [ 444.904168][T12142] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 444.904192][T12142] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.904222][T12142] ____sys_sendmsg+0x9b9/0xa20 [ 444.904254][T12142] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.904284][T12142] ? lock_release+0x4b/0x3c0 [ 444.904316][T12142] ? import_iovec+0x73/0xa0 [ 444.904343][T12142] ___sys_sendmsg+0x2a5/0x360 [ 444.904369][T12142] ? rcu_is_watching+0x15/0xb0 [ 444.904391][T12142] ? get_pid_task+0x20/0x1f0 [ 444.904412][T12142] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.904442][T12142] ? rcu_is_watching+0x15/0xb0 [ 444.904475][T12142] ? __fget_files+0x2a/0x420 [ 444.904496][T12142] ? __fget_files+0x3a2/0x420 [ 444.904521][T12142] __x64_sys_sendmsg+0x1b1/0x290 [ 444.904550][T12142] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 444.904585][T12142] ? rcu_is_watching+0x15/0xb0 [ 444.904607][T12142] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.904629][T12142] do_syscall_64+0x174/0x580 [ 444.904654][T12142] ? trace_irq_disable+0x3b/0x140 [ 444.904682][T12142] ? clear_bhb_loop+0x40/0x90 [ 444.904709][T12142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.904729][T12142] RIP: 0033:0x7fdfd8d9ce59 [ 444.904770][T12142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 444.904789][T12142] RSP: 002b:00007fdfd9cc3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.904812][T12142] RAX: ffffffffffffffda RBX: 00007fdfd9015fa0 RCX: 00007fdfd8d9ce59 [ 444.904828][T12142] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 444.904841][T12142] RBP: 00007fdfd9cc3090 R08: 0000000000000000 R09: 0000000000000000 [ 444.904854][T12142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.904866][T12142] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 444.904890][T12142] [ 445.255817][T12147] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 445.281040][T12149] syzkaller0: entered promiscuous mode [ 445.286579][T12149] syzkaller0: entered allmulticast mode [ 445.390445][T12152] tipc: Enabled bearer , priority 10 [ 445.485622][T12158] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1778'. [ 445.706525][T12162] syzkaller0: entered promiscuous mode [ 445.712375][T12162] syzkaller0: entered allmulticast mode [ 446.258624][T12170] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1780'. [ 446.679720][ T9] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 446.869805][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 446.924412][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 446.950213][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 446.995200][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 447.028571][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 447.040049][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 447.050282][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 447.060565][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.076552][ T9] usb 2-1: config 0 descriptor?? [ 447.088008][T12173] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 447.432003][ C1] Bluetooth: hci5: Unexpected continuation: 1 bytes [ 447.432902][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.446108][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.453036][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.459940][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.466811][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.474889][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.481914][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.488798][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.495700][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.502597][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.509441][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.516491][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.523903][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.530810][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.537689][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.544803][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.551792][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.558660][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.566667][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.573553][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.580460][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.587372][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.594258][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.601179][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.608140][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.615318][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.622308][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.629165][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.636085][ T4936] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 447.764833][ T9] usb 2-1: USB disconnect, device number 83 [ 447.770954][ T5624] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 448.480470][T12206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1789'. [ 448.957156][T12224] syzkaller0: entered promiscuous mode [ 448.987689][T12224] syzkaller0: entered allmulticast mode [ 449.018266][T12227] FAULT_INJECTION: forcing a failure. [ 449.018266][T12227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 449.085752][T12227] CPU: 1 UID: 0 PID: 12227 Comm: syz.4.1794 Tainted: G L syzkaller #0 PREEMPT(full) [ 449.085796][T12227] Tainted: [L]=SOFTLOCKUP [ 449.085805][T12227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 449.085819][T12227] Call Trace: [ 449.085827][T12227] [ 449.085836][T12227] dump_stack_lvl+0xe8/0x150 [ 449.085866][T12227] should_fail_ex+0x40c/0x560 [ 449.085901][T12227] _copy_from_user+0x2d/0xb0 [ 449.085929][T12227] __sys_sendto+0x28d/0x6c0 [ 449.085959][T12227] ? __pfx___sys_sendto+0x10/0x10 [ 449.085984][T12227] ? __mutex_unlock_slowpath+0x724/0x8e0 [ 449.086024][T12227] ? __pfx_ksys_write+0x10/0x10 [ 449.086054][T12227] __x64_sys_sendto+0xde/0x100 [ 449.086080][T12227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.086102][T12227] do_syscall_64+0x174/0x580 [ 449.086126][T12227] ? trace_irq_disable+0x3b/0x140 [ 449.086155][T12227] ? clear_bhb_loop+0x40/0x90 [ 449.086179][T12227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.086200][T12227] RIP: 0033:0x7f97f339ce59 [ 449.086218][T12227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 449.086237][T12227] RSP: 002b:00007f97f4219028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 449.086259][T12227] RAX: ffffffffffffffda RBX: 00007f97f3616090 RCX: 00007f97f339ce59 [ 449.086275][T12227] RDX: 0000000000000071 RSI: 00002000000002c0 RDI: 0000000000000005 [ 449.086289][T12227] RBP: 00007f97f4219090 R08: 00002000000001c0 R09: 0000000000000014 [ 449.086304][T12227] R10: 0000000000040009 R11: 0000000000000246 R12: 0000000000000001 [ 449.086317][T12227] R13: 00007f97f3616128 R14: 00007f97f3616090 R15: 00007f97f373fa48 [ 449.086341][T12227] [ 450.099672][T11059] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 450.259649][T11059] usb 2-1: Using ep0 maxpacket: 8 [ 450.279887][T11059] usb 2-1: unable to get BOS descriptor or descriptor too short [ 450.322754][T11059] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 450.346771][T11059] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 450.447449][T11059] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 450.506398][T11059] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 450.535671][T11059] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 450.548018][T12259] FAULT_INJECTION: forcing a failure. [ 450.548018][T12259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 450.567443][T11059] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0 [ 450.632896][T11059] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 450.663392][T12259] CPU: 1 UID: 0 PID: 12259 Comm: syz.3.1803 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.663427][T12259] Tainted: [L]=SOFTLOCKUP [ 450.663435][T12259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 450.663448][T12259] Call Trace: [ 450.663456][T12259] [ 450.663465][T12259] dump_stack_lvl+0xe8/0x150 [ 450.663493][T12259] should_fail_ex+0x40c/0x560 [ 450.663530][T12259] _copy_from_user+0x2d/0xb0 [ 450.663582][T12259] ___sys_recvmsg+0x173/0x5a0 [ 450.663616][T12259] ? __pfx____sys_recvmsg+0x10/0x10 [ 450.663648][T12259] ? __fget_files+0x2a/0x420 [ 450.663669][T12259] ? rcu_is_watching+0x15/0xb0 [ 450.663699][T12259] ? rcu_is_watching+0x15/0xb0 [ 450.663719][T12259] ? lock_release+0x4b/0x3c0 [ 450.663750][T12259] ? __might_fault+0xcb/0x130 [ 450.663776][T12259] do_recvmmsg+0x31a/0x7f0 [ 450.663800][T12259] ? __pfx_do_recvmmsg+0x10/0x10 [ 450.663825][T12259] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 450.663845][T12259] ? __fget_files+0x3a2/0x420 [ 450.663863][T12259] __x64_sys_recvmmsg+0x198/0x250 [ 450.663884][T12259] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 450.663907][T12259] ? rcu_is_watching+0x15/0xb0 [ 450.663922][T12259] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.663937][T12259] do_syscall_64+0x174/0x580 [ 450.663954][T12259] ? trace_irq_disable+0x3b/0x140 [ 450.663979][T12259] ? clear_bhb_loop+0x40/0x90 [ 450.663996][T12259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.664010][T12259] RIP: 0033:0x7fecb619ce59 [ 450.664024][T12259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 450.664037][T12259] RSP: 002b:00007fecb7081028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 450.664054][T12259] RAX: ffffffffffffffda RBX: 00007fecb6416090 RCX: 00007fecb619ce59 [ 450.664071][T12259] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000004 [ 450.664081][T12259] RBP: 00007fecb7081090 R08: 0000000000000000 R09: 0000000000000000 [ 450.664091][T12259] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 450.664100][T12259] R13: 00007fecb6416128 R14: 00007fecb6416090 R15: 00007fecb653fa48 [ 450.664118][T12259] [ 450.888138][T11059] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 451.023576][T11059] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 451.032752][T11059] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.040919][T11059] usb 2-1: Product: syz [ 451.045122][T11059] usb 2-1: Manufacturer: syz [ 451.049874][T11059] usb 2-1: SerialNumber: syz [ 451.058234][T11059] usb 2-1: config 0 descriptor?? [ 451.068148][T11059] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 451.107144][T11059] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 451.143286][ T8384] udevd[8384]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 451.271058][T11059] usb 2-1: USB disconnect, device number 84 [ 452.102369][ T24] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 452.269807][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 452.278231][ T24] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 452.299104][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.360245][ T24] usb 2-1: config 0 descriptor?? [ 452.388294][ T24] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 452.406989][T12287] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1810'. [ 452.675774][T12293] ip6erspan0: entered promiscuous mode [ 452.725583][T12291] syzkaller0: entered promiscuous mode [ 452.745100][T12291] syzkaller0: entered allmulticast mode [ 452.936866][T12301] loop9: detected capacity change from 0 to 7 [ 452.945647][T12301] Dev loop9: unable to read RDB block 7 [ 452.956625][T12301] loop9: unable to read partition table [ 452.970896][T12301] loop9: partition table beyond EOD, truncated [ 452.978224][T12301] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 453.212670][T12307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 453.240132][T12307] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 453.309902][ T24] gspca_sonixj: reg_w1 err -110 [ 453.314929][ T24] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 453.440460][T12311] FAULT_INJECTION: forcing a failure. [ 453.440460][T12311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 453.463792][T12311] CPU: 1 UID: 0 PID: 12311 Comm: syz.2.1816 Tainted: G L syzkaller #0 PREEMPT(full) [ 453.463839][T12311] Tainted: [L]=SOFTLOCKUP [ 453.463847][T12311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 453.463861][T12311] Call Trace: [ 453.463870][T12311] [ 453.463881][T12311] dump_stack_lvl+0xe8/0x150 [ 453.463913][T12311] should_fail_ex+0x40c/0x560 [ 453.463951][T12311] _copy_from_iter+0x1d3/0x1660 [ 453.463978][T12311] ? rcu_is_watching+0x15/0xb0 [ 453.464016][T12311] ? __pfx__copy_from_iter+0x10/0x10 [ 453.464039][T12311] ? kmem_cache_alloc_node_noprof+0x3ca/0x680 [ 453.464069][T12311] ? netlink_sendmsg+0x650/0xb40 [ 453.464099][T12311] ? skb_put+0x112/0x210 [ 453.464126][T12311] netlink_sendmsg+0x6c0/0xb40 [ 453.464162][T12311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.464192][T12311] ? aa_sock_msg_perm+0xf1/0x1b0 [ 453.464224][T12311] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 453.464246][T12311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.464275][T12311] ____sys_sendmsg+0x9b9/0xa20 [ 453.464306][T12311] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.464336][T12311] ? lock_release+0x4b/0x3c0 [ 453.464369][T12311] ? import_iovec+0x73/0xa0 [ 453.464394][T12311] ___sys_sendmsg+0x2a5/0x360 [ 453.464422][T12311] ? rcu_is_watching+0x15/0xb0 [ 453.464443][T12311] ? get_pid_task+0x20/0x1f0 [ 453.464464][T12311] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.464495][T12311] ? rcu_is_watching+0x15/0xb0 [ 453.464528][T12311] ? __fget_files+0x2a/0x420 [ 453.464549][T12311] ? __fget_files+0x3a2/0x420 [ 453.464573][T12311] __x64_sys_sendmsg+0x1b1/0x290 [ 453.464603][T12311] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 453.464637][T12311] ? rcu_is_watching+0x15/0xb0 [ 453.464659][T12311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.464682][T12311] do_syscall_64+0x174/0x580 [ 453.464707][T12311] ? trace_irq_disable+0x3b/0x140 [ 453.464736][T12311] ? clear_bhb_loop+0x40/0x90 [ 453.464760][T12311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.464781][T12311] RIP: 0033:0x7fdfd8d9ce59 [ 453.464800][T12311] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.464827][T12311] RSP: 002b:00007fdfd9cc3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.464849][T12311] RAX: ffffffffffffffda RBX: 00007fdfd9015fa0 RCX: 00007fdfd8d9ce59 [ 453.464865][T12311] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 453.464878][T12311] RBP: 00007fdfd9cc3090 R08: 0000000000000000 R09: 0000000000000000 [ 453.464891][T12311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.464903][T12311] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 453.464926][T12311] [ 453.821933][T12314] FAULT_INJECTION: forcing a failure. [ 453.821933][T12314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 453.838591][T12314] CPU: 0 UID: 0 PID: 12314 Comm: syz.0.1817 Tainted: G L syzkaller #0 PREEMPT(full) [ 453.838626][T12314] Tainted: [L]=SOFTLOCKUP [ 453.838634][T12314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 453.838647][T12314] Call Trace: [ 453.838656][T12314] [ 453.838665][T12314] dump_stack_lvl+0xe8/0x150 [ 453.838694][T12314] should_fail_ex+0x40c/0x560 [ 453.838728][T12314] _copy_from_iter+0x1d3/0x1660 [ 453.838753][T12314] ? rcu_is_watching+0x15/0xb0 [ 453.838778][T12314] ? __pfx__copy_from_iter+0x10/0x10 [ 453.838799][T12314] ? kmem_cache_alloc_node_noprof+0x3ca/0x680 [ 453.838829][T12314] ? netlink_sendmsg+0x650/0xb40 [ 453.838860][T12314] ? skb_put+0x112/0x210 [ 453.838887][T12314] netlink_sendmsg+0x6c0/0xb40 [ 453.838920][T12314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.838950][T12314] ? aa_sock_msg_perm+0xf1/0x1b0 [ 453.838982][T12314] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 453.839005][T12314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.839035][T12314] ____sys_sendmsg+0x9b9/0xa20 [ 453.839068][T12314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.839095][T12314] ? lock_release+0x4b/0x3c0 [ 453.839127][T12314] ? import_iovec+0x73/0xa0 [ 453.839153][T12314] ___sys_sendmsg+0x2a5/0x360 [ 453.839179][T12314] ? rcu_is_watching+0x15/0xb0 [ 453.839199][T12314] ? get_pid_task+0x20/0x1f0 [ 453.839221][T12314] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.839251][T12314] ? rcu_is_watching+0x15/0xb0 [ 453.839292][T12314] ? __fget_files+0x2a/0x420 [ 453.839313][T12314] ? __fget_files+0x3a2/0x420 [ 453.839338][T12314] __x64_sys_sendmsg+0x1b1/0x290 [ 453.839368][T12314] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 453.839414][T12314] ? rcu_is_watching+0x15/0xb0 [ 453.839449][T12314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.839478][T12314] do_syscall_64+0x174/0x580 [ 453.839504][T12314] ? trace_irq_disable+0x3b/0x140 [ 453.839531][T12314] ? clear_bhb_loop+0x40/0x90 [ 453.839555][T12314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.839578][T12314] RIP: 0033:0x7f1a5139ce59 [ 453.839597][T12314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.839615][T12314] RSP: 002b:00007f1a5221a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.839638][T12314] RAX: ffffffffffffffda RBX: 00007f1a51615fa0 RCX: 00007f1a5139ce59 [ 453.839654][T12314] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 453.839668][T12314] RBP: 00007f1a5221a090 R08: 0000000000000000 R09: 0000000000000000 [ 453.839682][T12314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.839695][T12314] R13: 00007f1a51616038 R14: 00007f1a51615fa0 R15: 00007f1a5173fa48 [ 453.839720][T12314] [ 454.292433][T12316] FAULT_INJECTION: forcing a failure. [ 454.292433][T12316] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 454.332508][T12316] CPU: 1 UID: 0 PID: 12316 Comm: syz.2.1818 Tainted: G L syzkaller #0 PREEMPT(full) [ 454.332533][T12316] Tainted: [L]=SOFTLOCKUP [ 454.332539][T12316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 454.332548][T12316] Call Trace: [ 454.332555][T12316] [ 454.332561][T12316] dump_stack_lvl+0xe8/0x150 [ 454.332582][T12316] should_fail_ex+0x40c/0x560 [ 454.332608][T12316] prepare_alloc_pages+0x230/0x650 [ 454.332631][T12316] __alloc_frozen_pages_noprof+0x12f/0x380 [ 454.332652][T12316] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 454.332674][T12316] ? __pfx_policy_nodemask+0x10/0x10 [ 454.332694][T12316] ? rcu_is_watching+0x15/0xb0 [ 454.332710][T12316] ? lock_release+0x4b/0x3c0 [ 454.332733][T12316] alloc_pages_mpol+0x212/0x380 [ 454.332755][T12316] folio_alloc_mpol_noprof+0x39/0x160 [ 454.332776][T12316] vma_alloc_folio_noprof+0xe1/0x1e0 [ 454.332797][T12316] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 454.332817][T12316] ? lock_release+0x4b/0x3c0 [ 454.332841][T12316] do_wp_page+0x1163/0x4c70 [ 454.332858][T12316] ? __pte_offset_map+0x29/0x240 [ 454.332904][T12316] ? __pfx_do_wp_page+0x10/0x10 [ 454.332917][T12316] ? do_raw_spin_lock+0x12b/0x2f0 [ 454.332955][T12316] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 454.332978][T12316] ? __pte_offset_map+0x45/0x240 [ 454.333007][T12316] handle_mm_fault+0x1490/0x3080 [ 454.333027][T12316] ? handle_mm_fault+0xec/0x3080 [ 454.333045][T12316] ? __pfx_handle_mm_fault+0x10/0x10 [ 454.333064][T12316] ? __pfx___up_read+0x10/0x10 [ 454.333082][T12316] ? lock_mm_and_find_vma+0xa7/0x340 [ 454.333101][T12316] do_user_addr_fault+0x744/0x1340 [ 454.333123][T12316] exc_page_fault+0x6a/0xc0 [ 454.333141][T12316] asm_exc_page_fault+0x26/0x30 [ 454.333155][T12316] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 454.333180][T12316] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 454.333192][T12316] RSP: 0018:ffffc9000510fac8 EFLAGS: 00050206 [ 454.333207][T12316] RAX: ffffffff84b3ed01 RBX: 0000000000000090 RCX: 0000000000000090 [ 454.333218][T12316] RDX: 0000000000000000 RSI: ffffc9000510fb60 RDI: 0000200000000000 [ 454.333228][T12316] RBP: ffffc9000510fc90 R08: ffffc9000510fbef R09: 1ffff92000a21f7d [ 454.333239][T12316] R10: dffffc0000000000 R11: fffff52000a21f7e R12: 0000200000000090 [ 454.333251][T12316] R13: 00007ffffffff000 R14: ffffc9000510fb60 R15: 0000200000000000 [ 454.333264][T12316] ? _copy_from_user+0x91/0xb0 [ 454.333286][T12316] _copy_to_user+0x8a/0xb0 [ 454.333305][T12316] sctp_getsockopt_paddr_thresholds+0x5ae/0x790 [ 454.333442][T12316] ? get_pid_task+0x20/0x1f0 [ 454.333456][T12316] ? __pfx_sctp_getsockopt_paddr_thresholds+0x10/0x10 [ 454.333478][T12316] ? rcu_is_watching+0x15/0xb0 [ 454.333492][T12316] ? sctp_getsockopt+0x12f/0xb90 [ 454.333528][T12316] ? rcu_is_watching+0x15/0xb0 [ 454.333573][T12316] ? trace_irq_enable+0x3b/0x140 [ 454.333603][T12316] sctp_getsockopt+0x94a/0xb90 [ 454.333634][T12316] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 454.333651][T12316] do_sock_getsockopt+0x51d/0x7e0 [ 454.333674][T12316] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 454.333692][T12316] ? rcu_is_watching+0x15/0xb0 [ 454.333711][T12316] ? lock_release+0x4b/0x3c0 [ 454.333735][T12316] ? __fget_files+0x3a2/0x420 [ 454.333749][T12316] ? __fget_files+0x2a/0x420 [ 454.333765][T12316] __x64_sys_getsockopt+0x1a4/0x240 [ 454.333787][T12316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.333802][T12316] do_syscall_64+0x174/0x580 [ 454.333819][T12316] ? trace_irq_disable+0x3b/0x140 [ 454.333839][T12316] ? clear_bhb_loop+0x40/0x90 [ 454.333855][T12316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.333869][T12316] RIP: 0033:0x7fdfd8d9ce59 [ 454.333888][T12316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 454.333900][T12316] RSP: 002b:00007fdfd9cc3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 454.333916][T12316] RAX: ffffffffffffffda RBX: 00007fdfd9015fa0 RCX: 00007fdfd8d9ce59 [ 454.333927][T12316] RDX: 0000000000000025 RSI: 0000000000000084 RDI: 0000000000000003 [ 454.333936][T12316] RBP: 00007fdfd9cc3090 R08: 0000200000001040 R09: 0000000000000000 [ 454.333946][T12316] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.333955][T12316] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 454.333972][T12316] [ 454.926399][ T9] usb 2-1: USB disconnect, device number 85 [ 454.952664][T12323] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1820'. [ 455.275745][T12337] loop9: detected capacity change from 0 to 7 [ 455.317836][T12337] Dev loop9: unable to read RDB block 7 [ 455.334570][T12337] loop9: unable to read partition table [ 455.355009][T12337] loop9: partition table beyond EOD, truncated [ 455.378284][T12337] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 455.399388][T12343] FAULT_INJECTION: forcing a failure. [ 455.399388][T12343] name failslab, interval 1, probability 0, space 0, times 0 [ 455.454317][T12343] CPU: 1 UID: 0 PID: 12343 Comm: syz.0.1826 Tainted: G L syzkaller #0 PREEMPT(full) [ 455.454344][T12343] Tainted: [L]=SOFTLOCKUP [ 455.454350][T12343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 455.454359][T12343] Call Trace: [ 455.454366][T12343] [ 455.454372][T12343] dump_stack_lvl+0xe8/0x150 [ 455.454396][T12343] should_fail_ex+0x40c/0x560 [ 455.454422][T12343] should_failslab+0xa8/0x100 [ 455.454444][T12343] __kmalloc_noprof+0xe8/0x750 [ 455.454470][T12343] ? tomoyo_encode+0x2ad/0x570 [ 455.454486][T12343] tomoyo_encode+0x2ad/0x570 [ 455.454501][T12343] tomoyo_realpath_from_path+0x5fa/0x640 [ 455.454518][T12343] ? tomoyo_path_number_perm+0x219/0x5f0 [ 455.454537][T12343] tomoyo_path_number_perm+0x246/0x5f0 [ 455.454556][T12343] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 455.454575][T12343] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 455.454594][T12343] ? preempt_count_add+0x91/0x190 [ 455.454617][T12343] ? rcu_is_watching+0x15/0xb0 [ 455.454634][T12343] ? hook_file_ioctl+0x1f0/0x5c0 [ 455.454661][T12343] ? lock_release+0x4b/0x3c0 [ 455.454690][T12343] ? __fget_files+0x2a/0x420 [ 455.454705][T12343] ? __fget_files+0x3a2/0x420 [ 455.454718][T12343] ? __fget_files+0x2a/0x420 [ 455.454734][T12343] security_file_ioctl+0xc3/0x2a0 [ 455.454754][T12343] __se_sys_ioctl+0x47/0x170 [ 455.454773][T12343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.454788][T12343] do_syscall_64+0x174/0x580 [ 455.454808][T12343] ? trace_irq_disable+0x3b/0x140 [ 455.454828][T12343] ? clear_bhb_loop+0x40/0x90 [ 455.454845][T12343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.454859][T12343] RIP: 0033:0x7f1a5139ce59 [ 455.454873][T12343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.454886][T12343] RSP: 002b:00007f1a5221a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 455.454902][T12343] RAX: ffffffffffffffda RBX: 00007f1a51615fa0 RCX: 00007f1a5139ce59 [ 455.454913][T12343] RDX: 0000200000000040 RSI: 00000000c040565e RDI: 0000000000000003 [ 455.454924][T12343] RBP: 00007f1a5221a090 R08: 0000000000000000 R09: 0000000000000000 [ 455.454933][T12343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.454942][T12343] R13: 00007f1a51616038 R14: 00007f1a51615fa0 R15: 00007f1a5173fa48 [ 455.454958][T12343] [ 455.455320][T12343] ERROR: Out of memory at tomoyo_realpath_from_path. [ 455.778359][T12345] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1827'. [ 456.002424][T12349] syzkaller0: entered promiscuous mode [ 456.010038][T12349] syzkaller0: entered allmulticast mode [ 458.189718][ T24] usb 1-1: new full-speed USB device number 67 using dummy_hcd [ 458.411016][ T24] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 458.436821][ T24] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 458.490736][ T24] usb 1-1: config 0 has no interface number 0 [ 458.627975][ T24] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 458.742872][ T24] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 458.820481][ T24] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 459.123986][ T24] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 459.215469][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.261343][T12363] FAULT_INJECTION: forcing a failure. [ 459.261343][T12363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.302404][ T24] usb 1-1: config 0 descriptor?? [ 459.380165][T12363] CPU: 0 UID: 0 PID: 12363 Comm: syz.4.1831 Tainted: G L syzkaller #0 PREEMPT(full) [ 459.380202][T12363] Tainted: [L]=SOFTLOCKUP [ 459.380208][T12363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 459.380217][T12363] Call Trace: [ 459.380223][T12363] [ 459.380231][T12363] dump_stack_lvl+0xe8/0x150 [ 459.380254][T12363] should_fail_ex+0x40c/0x560 [ 459.380280][T12363] copy_fpstate_to_sigframe+0xa83/0xd20 [ 459.380326][T12363] ? copy_fpstate_to_sigframe+0x188/0xd20 [ 459.380349][T12363] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 459.380373][T12363] ? do_raw_spin_unlock+0xf5/0x210 [ 459.380394][T12363] ? rcu_is_watching+0x15/0xb0 [ 459.380409][T12363] ? fpu__alloc_mathframe+0xac/0x130 [ 459.380430][T12363] get_sigframe+0x603/0x830 [ 459.380453][T12363] ? __pfx_get_sigframe+0x10/0x10 [ 459.380477][T12363] x64_setup_rt_frame+0x163/0xc50 [ 459.380498][T12363] ? rcu_is_watching+0x15/0xb0 [ 459.380513][T12363] ? _raw_spin_unlock_irq+0x2e/0x50 [ 459.380529][T12363] ? get_signal+0x10dd/0x12c0 [ 459.380550][T12363] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 459.380573][T12363] arch_do_signal_or_restart+0x456/0x860 [ 459.380595][T12363] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 459.380620][T12363] ? rcu_is_watching+0x15/0xb0 [ 459.380636][T12363] exit_to_user_mode_loop+0x104/0x730 [ 459.380664][T12363] ? rcu_is_watching+0x15/0xb0 [ 459.380678][T12363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.380693][T12363] do_syscall_64+0x353/0x580 [ 459.380712][T12363] ? clear_bhb_loop+0x40/0x90 [ 459.380762][T12363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.380777][T12363] RIP: 0033:0x7f97f339ce59 [ 459.380790][T12363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.380803][T12363] RSP: 002b:00007f97f423a028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 459.380820][T12363] RAX: fffffffffffffffc RBX: 00007f97f3615fa0 RCX: 00007f97f339ce59 [ 459.380831][T12363] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 459.380841][T12363] RBP: 00007f97f423a090 R08: 0000000000000000 R09: 0000000000000000 [ 459.380850][T12363] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 459.380860][T12363] R13: 00007f97f3616038 R14: 00007f97f3615fa0 R15: 00007f97f373fa48 [ 459.380876][T12363] [ 459.383130][T12361] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 459.490558][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 459.779729][T11059] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 460.879749][T11059] usb 3-1: Using ep0 maxpacket: 16 [ 460.914619][T11059] usb 3-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.198832][ T24] usb 1-1: USB disconnect, device number 67 [ 461.521668][T11059] usb 3-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 461.624183][T11059] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 461.634359][ T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!! [ 461.653417][T11059] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.713095][T12373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.870730][T12373] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.014664][T12373] FAULT_INJECTION: forcing a failure. [ 462.014664][T12373] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 462.134906][T12373] CPU: 0 UID: 0 PID: 12373 Comm: syz.4.1834 Tainted: G L syzkaller #0 PREEMPT(full) [ 462.134942][T12373] Tainted: [L]=SOFTLOCKUP [ 462.134949][T12373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 462.134961][T12373] Call Trace: [ 462.134970][T12373] [ 462.134979][T12373] dump_stack_lvl+0xe8/0x150 [ 462.135010][T12373] should_fail_ex+0x40c/0x560 [ 462.135078][T12373] _copy_from_user+0x2d/0xb0 [ 462.135104][T12373] video_usercopy+0x359/0x1430 [ 462.135246][T12373] ? hook_file_ioctl+0x1f0/0x5c0 [ 462.135272][T12373] ? __pfx___video_do_ioctl+0x10/0x10 [ 462.135298][T12373] ? __pfx_video_usercopy+0x10/0x10 [ 462.135329][T12373] ? __fget_files+0x2a/0x420 [ 462.135349][T12373] ? __fget_files+0x3a2/0x420 [ 462.135368][T12373] v4l2_ioctl+0x18d/0x1e0 [ 462.135393][T12373] ? __pfx_v4l2_ioctl+0x10/0x10 [ 462.135416][T12373] __se_sys_ioctl+0xfc/0x170 [ 462.135442][T12373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.135463][T12373] do_syscall_64+0x174/0x580 [ 462.135488][T12373] ? clear_bhb_loop+0x40/0x90 [ 462.135509][T12373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.135527][T12373] RIP: 0033:0x7f97f339ce59 [ 462.135546][T12373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 462.135563][T12373] RSP: 002b:00007f97f423a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 462.135586][T12373] RAX: ffffffffffffffda RBX: 00007f97f3615fa0 RCX: 00007f97f339ce59 [ 462.135600][T12373] RDX: 0000200000000100 RSI: 00000000c0d05640 RDI: 000000000000000d [ 462.135613][T12373] RBP: 00007f97f423a090 R08: 0000000000000000 R09: 0000000000000000 [ 462.135626][T12373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 462.135638][T12373] R13: 00007f97f3616038 R14: 00007f97f3615fa0 R15: 00007f97f373fa48 [ 462.135658][T12373] [ 462.150202][T11059] usbhid 3-1:128.0: can't add hid device: -71 [ 462.798629][T12379] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1836'. [ 463.182498][T11059] usbhid 3-1:128.0: probe with driver usbhid failed with error -71 [ 463.220923][T11059] usb 3-1: USB disconnect, device number 64 [ 463.506294][T12381] loop9: detected capacity change from 0 to 7 [ 463.561564][T12382] blk_print_req_error: 10 callbacks suppressed [ 463.561582][T12382] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 463.742784][T12382] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.462041][T12382] buffer_io_error: 10 callbacks suppressed [ 464.462063][T12382] Buffer I/O error on dev loop9, logical block 0, async page read [ 464.878740][T12381] Dev loop9: unable to read RDB block 7 [ 464.892765][T12381] loop9: unable to read partition table [ 464.898557][T12381] loop9: partition table beyond EOD, truncated [ 465.465314][T12381] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 465.819837][T12392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.118057][T12392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 466.324595][T12389] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1839'. [ 468.890646][T12409] fuse: Unknown parameter 'group_iêUÊÔd' [ 468.902752][ T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!! [ 469.156649][T12410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1841'. [ 469.188043][T12409] sctp: [Deprecated]: syz.3.1843 (pid 12409) Use of struct sctp_assoc_value in delayed_ack socket option. [ 469.188043][T12409] Use struct sctp_sack_info instead [ 469.216998][T12404] AppArmor: change_hat: Invalid input '0x000­}HíQ' [ 469.381110][T12412] sctp: [Deprecated]: syz.3.1843 (pid 12412) Use of struct sctp_assoc_value in delayed_ack socket option. [ 469.381110][T12412] Use struct sctp_sack_info instead [ 469.474563][T12411] netlink: 'syz.1.1842': attribute type 10 has an invalid length. [ 469.576613][T12413] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1842'. [ 469.820638][T12411] team0: Port device netdevsim1 removed [ 469.912676][T12411] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 469.921269][T12411] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 470.369697][T11059] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 470.413236][T12417] netlink: 204 bytes leftover after parsing attributes in process `syz.0.1845'. [ 470.573942][T11059] usb 4-1: device descriptor read/64, error -71 [ 471.039739][T11059] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 471.195440][T11059] usb 4-1: device descriptor read/64, error -71 [ 471.347668][T11059] usb usb4-port1: attempt power cycle [ 471.449231][T12429] netlink: 'syz.0.1849': attribute type 1 has an invalid length. [ 471.709788][T11059] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 471.762091][T11059] usb 4-1: device descriptor read/8, error -71 [ 471.988894][T12433] loop9: detected capacity change from 0 to 7 [ 472.016028][T12433] Dev loop9: unable to read RDB block 7 [ 472.084617][T12433] loop9: unable to read partition table [ 472.173351][T11059] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 472.216657][T12433] loop9: partition table beyond EOD, truncated [ 472.240728][T11059] usb 4-1: device descriptor read/8, error -71 [ 472.257978][T12433] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 472.360397][T11059] usb usb4-port1: unable to enumerate USB device [ 473.887714][T12439] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1852'. [ 474.767335][T12447] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1855'. [ 476.188326][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 476.459729][T11060] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 476.916028][T11060] usb 2-1: config index 0 descriptor too short (expected 25183, got 144) [ 476.986885][T11060] usb 2-1: config 116 has too many interfaces: 121, using maximum allowed: 32 [ 477.012875][T11060] usb 2-1: config 116 has an invalid descriptor of length 0, skipping remainder of the config [ 477.174479][T11060] usb 2-1: config 116 has 0 interfaces, different from the descriptor's value: 121 [ 477.331542][T12470] loop9: detected capacity change from 0 to 7 [ 477.418007][T11060] usb 2-1: New USB device found, idVendor=2a39, idProduct=3fd4, bcdDevice= 0.40 [ 477.427911][T12470] Dev loop9: unable to read RDB block 7 [ 477.442195][T12470] loop9: unable to read partition table [ 477.451294][T11060] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.466946][T12464] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1859'. [ 477.504515][T12470] loop9: partition table beyond EOD, truncated [ 477.512708][T11060] usb 2-1: Product: syz [ 477.542786][T11060] usb 2-1: Manufacturer: syz [ 477.556860][T11060] usb 2-1: SerialNumber: syz [ 477.573071][T12470] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 478.901090][T11060] usb 2-1: USB disconnect, device number 86 [ 479.315607][T12486] program syz.2.1862 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 479.497758][T12486] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 482.598502][T12516] fuse: Invalid rootmode [ 484.609116][T12528] syzkaller0: entered promiscuous mode [ 484.624028][T12528] syzkaller0: entered allmulticast mode [ 484.829655][T11060] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 484.981447][T11060] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 485.048164][T12535] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1875'. [ 485.112197][T11060] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 485.316879][T11060] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 485.416009][T11060] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.477304][T11060] usb 2-1: config 0 descriptor?? [ 486.084566][T12539] netlink: 'syz.3.1876': attribute type 10 has an invalid length. [ 486.102068][T11060] ath6kl: Failed to submit usb control message: -71 [ 486.169248][T11060] ath6kl: unable to send the bmi data to the device: -71 [ 486.400578][T11060] ath6kl: Unable to send get target info: -71 [ 486.501405][T11060] ath6kl: Failed to init ath6kl core: -71 [ 486.517760][T11060] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 486.967947][T11060] usb 2-1: USB disconnect, device number 87 [ 487.364428][T12546] FAULT_INJECTION: forcing a failure. [ 487.364428][T12546] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 487.377835][T12546] CPU: 1 UID: 0 PID: 12546 Comm: syz.1.1877 Tainted: G L syzkaller #0 PREEMPT(full) [ 487.377870][T12546] Tainted: [L]=SOFTLOCKUP [ 487.377879][T12546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 487.377892][T12546] Call Trace: [ 487.377901][T12546] [ 487.377910][T12546] dump_stack_lvl+0xe8/0x150 [ 487.377939][T12546] should_fail_ex+0x40c/0x560 [ 487.377973][T12546] prepare_alloc_pages+0x230/0x650 [ 487.378006][T12546] __alloc_frozen_pages_noprof+0x12f/0x380 [ 487.378036][T12546] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 487.378067][T12546] ? __pfx_policy_nodemask+0x10/0x10 [ 487.378097][T12546] ? rcu_is_watching+0x15/0xb0 [ 487.378120][T12546] ? lock_release+0x4b/0x3c0 [ 487.378152][T12546] alloc_pages_mpol+0x212/0x380 [ 487.378184][T12546] alloc_pages_noprof+0xac/0x2a0 [ 487.378214][T12546] pte_alloc_one+0x22/0x370 [ 487.378239][T12546] __do_fault+0xd1/0x2a0 [ 487.378266][T12546] do_pte_missing+0x6e1/0x3540 [ 487.378294][T12546] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 487.378321][T12546] ? tomoyo_check_open_permission+0x38e/0x470 [ 487.378353][T12546] handle_mm_fault+0x1b36/0x3080 [ 487.378382][T12546] ? handle_mm_fault+0xec/0x3080 [ 487.378405][T12546] ? mtree_load+0x6c0/0x780 [ 487.378574][T12546] ? __pfx_handle_mm_fault+0x10/0x10 [ 487.378595][T12546] ? mtree_load+0x12a/0x780 [ 487.378628][T12546] ? rcu_is_watching+0x15/0xb0 [ 487.378653][T12546] __get_user_pages+0x1678/0x2720 [ 487.378701][T12546] faultin_page_range+0x26a/0x8f0 [ 487.378735][T12546] ? blk_start_plug+0x6e/0x1b0 [ 487.378802][T12546] madvise_do_behavior+0x2e4/0x540 [ 487.378831][T12546] ? rcu_is_watching+0x15/0xb0 [ 487.378855][T12546] ? __pfx_madvise_do_behavior+0x10/0x10 [ 487.378887][T12546] ? down_read+0x2be/0x330 [ 487.378913][T12546] ? rcu_is_watching+0x15/0xb0 [ 487.378937][T12546] do_madvise+0x1fa/0x2e0 [ 487.378965][T12546] ? __pfx_do_madvise+0x10/0x10 [ 487.379002][T12546] ? __pfx_ksys_write+0x10/0x10 [ 487.379030][T12546] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.379052][T12546] __x64_sys_madvise+0xa6/0xc0 [ 487.379080][T12546] do_syscall_64+0x174/0x580 [ 487.379106][T12546] ? trace_irq_disable+0x3b/0x140 [ 487.379134][T12546] ? clear_bhb_loop+0x40/0x90 [ 487.379158][T12546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.379180][T12546] RIP: 0033:0x7f137bd9ce59 [ 487.379200][T12546] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 487.379218][T12546] RSP: 002b:00007f137cc5e028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 487.379241][T12546] RAX: ffffffffffffffda RBX: 00007f137c016180 RCX: 00007f137bd9ce59 [ 487.379256][T12546] RDX: 0000000000000017 RSI: 0000000000600000 RDI: 0000200000000000 [ 487.379270][T12546] RBP: 00007f137cc5e090 R08: 0000000000000000 R09: 0000000000000000 [ 487.379283][T12546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.379295][T12546] R13: 00007f137c016218 R14: 00007f137c016180 R15: 00007f137c13fa48 [ 487.379318][T12546] [ 487.490984][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 487.935552][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 491.610257][T12564] fuse: Invalid rootmode [ 492.128662][T12574] xt_l2tp: missing protocol rule (udp|l2tpip) [ 492.161538][T11060] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 492.321619][T11060] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 492.331438][T11060] usb 1-1: config 0 has no interface number 0 [ 492.337754][T11060] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.350020][T11060] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.360601][T11060] usb 1-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 492.371212][T11060] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.389848][ T24] usb 2-1: new full-speed USB device number 88 using dummy_hcd [ 492.406740][T11060] usb 1-1: config 0 descriptor?? [ 492.439960][T11059] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 492.619791][T11059] usb 4-1: Using ep0 maxpacket: 16 [ 492.637960][T11059] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 492.678524][ T24] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 492.695030][T11059] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 492.729400][ T24] usb 2-1: can't read configurations, error -71 [ 492.746860][T11059] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 492.766900][T11059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.785445][T11059] usb 4-1: Product: syz [ 492.799595][T11059] usb 4-1: Manufacturer: syz [ 492.815734][T11059] usb 4-1: SerialNumber: syz [ 492.875844][T11059] usb 4-1: 0:2 : does not exist [ 492.926724][T11060] usbhid 1-1:0.2: can't add hid device: -71 [ 492.948153][T11060] usbhid 1-1:0.2: probe with driver usbhid failed with error -71 [ 492.988256][T11060] usb 1-1: USB disconnect, device number 68 [ 493.063995][T12575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 493.099206][T12575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 493.154576][T11059] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 493.201420][T12580] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1888'. [ 493.375677][T12592] loop5: detected capacity change from 0 to 7 [ 493.524464][T12592] Dev loop5: unable to read RDB block 7 [ 493.544101][T11059] usb 4-1: USB disconnect, device number 63 [ 493.555219][T12592] loop5: unable to read partition table [ 493.642881][T12592] loop5: partition table beyond EOD, truncated [ 493.735639][T12592] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 493.987616][ T5633] udevd[5633]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 494.607456][T12609] fuse: Bad value for 'fd' [ 494.750122][T12610] netlink: 'syz.3.1895': attribute type 10 has an invalid length. [ 494.892679][T12604] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 496.001939][T12623] input: syz0 as /devices/virtual/input/input26 [ 496.328184][T12623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 496.385744][T12623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.228757][T12636] FAULT_INJECTION: forcing a failure. [ 499.228757][T12636] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.288988][T12636] CPU: 0 UID: 0 PID: 12636 Comm: syz.2.1903 Tainted: G L syzkaller #0 PREEMPT(full) [ 499.289014][T12636] Tainted: [L]=SOFTLOCKUP [ 499.289019][T12636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 499.289029][T12636] Call Trace: [ 499.289034][T12636] [ 499.289041][T12636] dump_stack_lvl+0xe8/0x150 [ 499.289063][T12636] should_fail_ex+0x40c/0x560 [ 499.289088][T12636] _copy_to_user+0x31/0xb0 [ 499.289108][T12636] simple_read_from_buffer+0xe1/0x170 [ 499.289126][T12636] proc_fail_nth_read+0x1bb/0x230 [ 499.289145][T12636] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 499.289163][T12636] ? rw_verify_area+0x24a/0x4c0 [ 499.289181][T12636] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 499.289197][T12636] vfs_read+0x213/0xa80 [ 499.289216][T12636] ? __pfx___mutex_lock+0x10/0x10 [ 499.289236][T12636] ? __pfx_vfs_read+0x10/0x10 [ 499.289255][T12636] ? __fget_files+0x3a2/0x420 [ 499.289270][T12636] ? __fget_files+0x2a/0x420 [ 499.289287][T12636] ksys_read+0x150/0x270 [ 499.289304][T12636] ? __pfx_ksys_read+0x10/0x10 [ 499.289323][T12636] ? rcu_is_watching+0x15/0xb0 [ 499.289349][T12636] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.289364][T12636] do_syscall_64+0x174/0x580 [ 499.289381][T12636] ? trace_irq_disable+0x3b/0x140 [ 499.289402][T12636] ? clear_bhb_loop+0x40/0x90 [ 499.289419][T12636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.289433][T12636] RIP: 0033:0x7fdfd8d5d68e [ 499.289446][T12636] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 499.289459][T12636] RSP: 002b:00007fdfd9cc2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 499.289476][T12636] RAX: ffffffffffffffda RBX: 00007fdfd9cc36c0 RCX: 00007fdfd8d5d68e [ 499.289487][T12636] RDX: 000000000000000f RSI: 00007fdfd9cc30a0 RDI: 0000000000000006 [ 499.289497][T12636] RBP: 00007fdfd9cc3090 R08: 0000000000000000 R09: 0000000000000000 [ 499.289506][T12636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 499.289515][T12636] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 499.289532][T12636] [ 499.554118][T12633] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1901'. [ 500.108071][T12639] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1904'. [ 501.561138][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.237877][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.538473][T12651] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1907'. [ 504.889684][T11059] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 505.069770][T11059] usb 4-1: Using ep0 maxpacket: 16 [ 505.173353][T11059] usb 4-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 505.255306][T11059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.509716][T11059] usb 4-1: Product: syz [ 505.554273][T11059] usb 4-1: Manufacturer: syz [ 505.611365][T11059] usb 4-1: SerialNumber: syz [ 505.652267][T11059] usb 4-1: config 0 descriptor?? [ 505.721507][T11059] gspca_main: spca508-2.14.0 probing 041e:4018 [ 506.196015][T11059] gspca_spca508: reg_read err -32 [ 506.242424][T11059] gspca_spca508: reg_read err -32 [ 506.250182][T12678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1914'. [ 506.273528][T11059] gspca_spca508: reg_read err -32 [ 506.383221][T11059] gspca_spca508: reg_read err -32 [ 506.412182][T12662] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 506.434976][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 506.434996][ T30] audit: type=1326 audit(1781698334.355:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12677 comm="syz.0.1914" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a5139ce59 code=0x0 [ 506.486480][T12662] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 506.557093][T12678] macvlan2: entered allmulticast mode [ 506.565233][T11059] gspca_spca508: reg_read err -71 [ 506.581342][T11059] gspca_spca508: reg write: error -71 [ 506.617277][T12678] hsr0: entered allmulticast mode [ 506.631204][ T30] audit: type=1326 audit(1781698334.395:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12681 comm="syz.4.1917" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f97f339ce59 code=0x0 [ 506.822489][T12679] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1915'. [ 506.835189][T11059] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 506.868499][T12678] hsr_slave_0: entered allmulticast mode [ 506.928316][T11059] usb 4-1: USB disconnect, device number 64 [ 507.159829][T12678] hsr_slave_1: entered allmulticast mode [ 507.339024][T12678] hsr0: entered promiscuous mode [ 507.392067][T12691] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1918'. [ 507.412347][T12693] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1917'. [ 507.794951][T12696] FAULT_INJECTION: forcing a failure. [ 507.794951][T12696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 507.895940][T12698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.930869][T12696] CPU: 1 UID: 0 PID: 12696 Comm: syz.2.1919 Tainted: G L syzkaller #0 PREEMPT(full) [ 507.930904][T12696] Tainted: [L]=SOFTLOCKUP [ 507.930912][T12696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 507.930925][T12696] Call Trace: [ 507.930933][T12696] [ 507.930943][T12696] dump_stack_lvl+0xe8/0x150 [ 507.930972][T12696] should_fail_ex+0x40c/0x560 [ 507.931006][T12696] _copy_to_user+0x31/0xb0 [ 507.931034][T12696] simple_read_from_buffer+0xe1/0x170 [ 507.931058][T12696] proc_fail_nth_read+0x1bb/0x230 [ 507.931086][T12696] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 507.931112][T12696] ? rw_verify_area+0x24a/0x4c0 [ 507.931138][T12696] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 507.931162][T12696] vfs_read+0x213/0xa80 [ 507.931188][T12696] ? rcu_is_watching+0x15/0xb0 [ 507.931212][T12696] ? __pfx_vfs_read+0x10/0x10 [ 507.931236][T12696] ? nf_setsockopt+0x288/0x290 [ 507.931264][T12696] ? rawv6_setsockopt+0x276/0x5e0 [ 507.931394][T12696] ksys_read+0x150/0x270 [ 507.931421][T12696] ? __pfx_ksys_read+0x10/0x10 [ 507.931447][T12696] ? rcu_is_watching+0x15/0xb0 [ 507.931469][T12696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.931492][T12696] do_syscall_64+0x174/0x580 [ 507.931519][T12696] ? trace_irq_disable+0x3b/0x140 [ 507.931548][T12696] ? clear_bhb_loop+0x40/0x90 [ 507.931572][T12696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.931593][T12696] RIP: 0033:0x7fdfd8d5d68e [ 507.931621][T12696] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 507.931640][T12696] RSP: 002b:00007fdfd9cc2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 507.931662][T12696] RAX: ffffffffffffffda RBX: 00007fdfd9cc36c0 RCX: 00007fdfd8d5d68e [ 507.931677][T12696] RDX: 000000000000000f RSI: 00007fdfd9cc30a0 RDI: 0000000000000004 [ 507.931689][T12696] RBP: 00007fdfd9cc3090 R08: 0000000000000000 R09: 0000000000000000 [ 507.931702][T12696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 507.931714][T12696] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 507.931737][T12696] [ 508.335226][T12698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 508.669082][T12706] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1920'. [ 508.713238][T12705] fuse: Bad value for 'fd' [ 508.986948][T12707] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 510.826457][T12716] fuse: Bad value for 'fd' [ 510.841365][T12716] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.570885][ T24] usb 1-1: new full-speed USB device number 69 using dummy_hcd [ 511.761332][ T24] usb 1-1: config 0 has an invalid interface number: 205 but max is 0 [ 512.043268][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 512.201466][ T24] usb 1-1: config 0 has no interface number 0 [ 513.301582][ T24] usb 1-1: config 0 interface 205 has no altsetting 0 [ 513.393156][ T24] usb 1-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 513.408641][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.430302][T12732] FAULT_INJECTION: forcing a failure. [ 513.430302][T12732] name failslab, interval 1, probability 0, space 0, times 0 [ 513.430340][T12732] CPU: 1 UID: 0 PID: 12732 Comm: syz.3.1930 Tainted: G L syzkaller #0 PREEMPT(full) [ 513.430369][T12732] Tainted: [L]=SOFTLOCKUP [ 513.430377][T12732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 513.430390][T12732] Call Trace: [ 513.430398][T12732] [ 513.430407][T12732] dump_stack_lvl+0xe8/0x150 [ 513.430436][T12732] should_fail_ex+0x40c/0x560 [ 513.430471][T12732] should_failslab+0xa8/0x100 [ 513.430500][T12732] __kmalloc_noprof+0xe8/0x750 [ 513.430526][T12732] ? drm_atomic_state_init+0x9e/0x370 [ 513.430561][T12732] drm_atomic_state_init+0x9e/0x370 [ 513.430591][T12732] drm_atomic_state_alloc+0xbc/0x100 [ 513.430621][T12732] drm_client_modeset_commit_atomic+0x122/0x7e0 [ 513.430644][T12732] ? rcu_is_watching+0x15/0xb0 [ 513.430667][T12732] ? trace_contention_end+0x3d/0x140 [ 513.430693][T12732] ? __mutex_lock+0x30d/0x1550 [ 513.430721][T12732] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 513.430755][T12732] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 513.430784][T12732] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 513.430809][T12732] drm_fb_helper_pan_display+0x3e9/0xbe0 [ 513.430853][T12732] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 513.430881][T12732] fb_pan_display+0x3a3/0x6a0 [ 513.430914][T12732] bit_update_start+0x4c/0x1e0 [ 513.430998][T12732] fbcon_modechanged+0xb30/0x1140 [ 513.431030][T12732] fb_set_var_from_user+0x99/0xc0 [ 513.431060][T12732] do_fb_ioctl+0x5d9/0x750 [ 513.431084][T12732] ? __pfx_do_fb_ioctl+0x10/0x10 [ 513.431128][T12732] ? lock_release+0x4b/0x3c0 [ 513.431162][T12732] ? __fget_files+0x3a2/0x420 [ 513.431183][T12732] ? __fget_files+0x2a/0x420 [ 513.431205][T12732] ? bpf_lsm_file_ioctl+0x9/0x20 [ 513.431232][T12732] ? __pfx_fb_ioctl+0x10/0x10 [ 513.431252][T12732] __se_sys_ioctl+0xfc/0x170 [ 513.431279][T12732] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.431301][T12732] do_syscall_64+0x174/0x580 [ 513.431327][T12732] ? trace_irq_disable+0x3b/0x140 [ 513.431356][T12732] ? clear_bhb_loop+0x40/0x90 [ 513.431378][T12732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.431399][T12732] RIP: 0033:0x7fecb619ce59 [ 513.431418][T12732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.431437][T12732] RSP: 002b:00007fecb70a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.431459][T12732] RAX: ffffffffffffffda RBX: 00007fecb6415fa0 RCX: 00007fecb619ce59 [ 513.431475][T12732] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003 [ 513.431489][T12732] RBP: 00007fecb70a2090 R08: 0000000000000000 R09: 0000000000000000 [ 513.431503][T12732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.431516][T12732] R13: 00007fecb6416038 R14: 00007fecb6415fa0 R15: 00007fecb653fa48 [ 513.431540][T12732] [ 513.457697][ T24] usb 1-1: Product: syz [ 513.457722][ T24] usb 1-1: Manufacturer: syz [ 513.457739][ T24] usb 1-1: SerialNumber: syz [ 513.467443][ T24] usb 1-1: config 0 descriptor?? [ 513.521591][ T24] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 513.521661][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 513.544818][ T24] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 513.567114][ T24] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 513.567175][ T24] usb 1-1: media controller created [ 513.574901][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 513.638133][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 513.638203][ T24] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 513.682239][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input27 [ 513.687405][ T24] dvb-usb: schedule remote query interval to 150 msecs. [ 513.687450][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 513.700086][ T24] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 513.802789][ T24] usb 1-1: USB disconnect, device number 69 [ 513.938316][T12729] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.067102][ T24] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 514.530963][T12735] FAULT_INJECTION: forcing a failure. [ 514.530963][T12735] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 514.531004][T12735] CPU: 0 UID: 0 PID: 12735 Comm: syz.2.1931 Tainted: G L syzkaller #0 PREEMPT(full) [ 514.531033][T12735] Tainted: [L]=SOFTLOCKUP [ 514.531042][T12735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 514.531054][T12735] Call Trace: [ 514.531071][T12735] [ 514.531082][T12735] dump_stack_lvl+0xe8/0x150 [ 514.531109][T12735] should_fail_ex+0x40c/0x560 [ 514.531144][T12735] _copy_to_user+0x31/0xb0 [ 514.531172][T12735] simple_read_from_buffer+0xe1/0x170 [ 514.531196][T12735] proc_fail_nth_read+0x1bb/0x230 [ 514.531223][T12735] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 514.531248][T12735] ? rw_verify_area+0x24a/0x4c0 [ 514.531272][T12735] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 514.531296][T12735] vfs_read+0x213/0xa80 [ 514.531322][T12735] ? __pfx___mutex_lock+0x10/0x10 [ 514.531348][T12735] ? __pfx_vfs_read+0x10/0x10 [ 514.531376][T12735] ? __fget_files+0x3a2/0x420 [ 514.531397][T12735] ? __fget_files+0x2a/0x420 [ 514.531419][T12735] ksys_read+0x150/0x270 [ 514.531443][T12735] ? __pfx_ksys_read+0x10/0x10 [ 514.531467][T12735] ? rcu_is_watching+0x15/0xb0 [ 514.531489][T12735] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.531509][T12735] do_syscall_64+0x174/0x580 [ 514.531533][T12735] ? trace_irq_disable+0x3b/0x140 [ 514.531561][T12735] ? clear_bhb_loop+0x40/0x90 [ 514.531583][T12735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.531604][T12735] RIP: 0033:0x7fdfd8d5d68e [ 514.531619][T12735] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 514.531634][T12735] RSP: 002b:00007fdfd9cc2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 514.531653][T12735] RAX: ffffffffffffffda RBX: 00007fdfd9cc36c0 RCX: 00007fdfd8d5d68e [ 514.531666][T12735] RDX: 000000000000000f RSI: 00007fdfd9cc30a0 RDI: 0000000000000004 [ 514.531677][T12735] RBP: 00007fdfd9cc3090 R08: 0000000000000000 R09: 0000000000000000 [ 514.531687][T12735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 514.531698][T12735] R13: 00007fdfd9016038 R14: 00007fdfd9015fa0 R15: 00007fdfd913fa48 [ 514.531716][T12735] [ 514.562693][T12736] loop4: detected capacity change from 0 to 2640 [ 514.575025][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575111][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575185][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575271][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575344][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575432][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575512][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575593][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575612][T12736] ldm_validate_partition_table(): Disk read failed. [ 514.575682][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575753][T12736] Buffer I/O error on dev loop4, logical block 0, async page read [ 514.575880][T12736] Dev loop4: unable to read RDB block 0 [ 514.591839][T12736] loop4: unable to read partition table [ 514.591987][T12736] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾‚³˜) failed (rc=-5) [ 514.705671][T12738] netlink: 'syz.0.1933': attribute type 10 has an invalid length. [ 514.705709][T12738] ipvlan0: entered allmulticast mode [ 514.705746][T12738] veth0_vlan: entered allmulticast mode [ 515.404862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!! [ 515.476769][T12746] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 515.666696][T12746] netlink: 'syz.2.1934': attribute type 4 has an invalid length. [ 515.876363][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 516.575814][T12745] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1935'. [ 516.695164][T12751] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1936'. [ 517.002665][ T24] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 517.242436][ T24] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 253 [ 517.242478][ T24] usb 2-1: can't read configurations, error -22 [ 517.370784][ T24] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 517.532186][ T24] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 253 [ 517.532235][ T24] usb 2-1: can't read configurations, error -22 [ 517.532633][ T24] usb usb2-port1: attempt power cycle [ 517.910097][ T24] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 517.971156][ T24] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 253 [ 517.971198][ T24] usb 2-1: can't read configurations, error -22 [ 518.243724][ T24] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 518.275938][ T24] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 253 [ 518.275977][ T24] usb 2-1: can't read configurations, error -22 [ 518.277703][ T24] usb usb2-port1: unable to enumerate USB device [ 519.209718][ T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 519.429011][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 519.429042][ T24] usb 3-1: config 0 has no interfaces? [ 519.429071][ T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 519.429096][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.430895][ T24] usb 3-1: config 0 descriptor?? [ 519.768342][T12768] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1940'. [ 519.999632][T12774] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1942'. [ 522.135021][ T24] usb 3-1: USB disconnect, device number 65 [ 522.860467][T12788] FAULT_INJECTION: forcing a failure. [ 522.860467][T12788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.860525][T12788] CPU: 1 UID: 0 PID: 12788 Comm: syz.0.1945 Tainted: G L syzkaller #0 PREEMPT(full) [ 522.860555][T12788] Tainted: [L]=SOFTLOCKUP [ 522.860563][T12788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 522.860576][T12788] Call Trace: [ 522.860584][T12788] [ 522.860594][T12788] dump_stack_lvl+0xe8/0x150 [ 522.860621][T12788] should_fail_ex+0x40c/0x560 [ 522.860657][T12788] fpu__restore_sig+0x207/0x1200 [ 522.860689][T12788] ? __might_fault+0xaf/0x130 [ 522.860716][T12788] ? __pfx_fpu__restore_sig+0x10/0x10 [ 522.860745][T12788] ? _copy_from_user+0x94/0xb0 [ 522.860787][T12788] ? __might_fault+0xaf/0x130 [ 522.860810][T12788] ? __might_fault+0xcb/0x130 [ 522.860835][T12788] __ia32_sys_rt_sigreturn+0x756/0x8c0 [ 522.860871][T12788] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 522.860901][T12788] ? _raw_spin_unlock_irq+0x2e/0x50 [ 522.860936][T12788] ? lock_release+0x4b/0x3c0 [ 522.860967][T12788] ? rcu_is_watching+0x15/0xb0 [ 522.860991][T12788] ? rcu_is_watching+0x15/0xb0 [ 522.861013][T12788] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.861035][T12788] do_syscall_64+0x174/0x580 [ 522.861061][T12788] ? clear_bhb_loop+0x40/0x90 [ 522.861084][T12788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.861105][T12788] RIP: 0033:0x7f1a5135d68e [ 522.861124][T12788] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 522.861143][T12788] RSP: 002b:00007f1a52219fe8 EFLAGS: 00000246 [ 522.861163][T12788] RAX: 0000000000000001 RBX: 00007f1a5221a6c0 RCX: 00007f1a5135d68e [ 522.861178][T12788] RDX: 0000000000000001 RSI: 00007f1a5221a090 RDI: 0000000000000007 [ 522.861192][T12788] RBP: 00007f1a5221a090 R08: 0000000000000000 R09: 0000000000000000 [ 522.861205][T12788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 522.861218][T12788] R13: 00007f1a51616038 R14: 00007f1a51615fa0 R15: 00007f1a5173fa48 [ 522.861242][T12788] [ 523.673141][T12791] tipc: Enabled bearer , priority 0 [ 523.674092][T12791] syzkaller0: entered promiscuous mode [ 523.674115][T12791] syzkaller0: entered allmulticast mode [ 523.759115][T12791] tipc: Resetting bearer [ 523.804365][T12790] tipc: Resetting bearer [ 523.887862][T12796] openvswitch: netlink: Duplicate or invalid key (type 0). [ 523.887893][T12796] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 524.154497][T12790] tipc: Disabling bearer [ 525.583205][T12811] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1954'. [ 525.624006][T12811] loop5: detected capacity change from 0 to 7 [ 525.631178][T12811] Dev loop5: unable to read RDB block 7 [ 525.631221][T12811] loop5: unable to read partition table [ 525.631371][T12811] loop5: partition table beyond EOD, truncated [ 525.631393][T12811] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 525.834639][T12815] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1956'. [ 526.057216][T12822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1959'. [ 526.094095][T12825] syz_tun: entered allmulticast mode [ 526.125623][T12825] pimreg: entered allmulticast mode [ 526.139903][T12825] FAULT_INJECTION: forcing a failure. [ 526.139903][T12825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 526.139941][T12825] CPU: 1 UID: 0 PID: 12825 Comm: syz.4.1961 Tainted: G L syzkaller #0 PREEMPT(full) [ 526.139969][T12825] Tainted: [L]=SOFTLOCKUP [ 526.139977][T12825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 526.139991][T12825] Call Trace: [ 526.139999][T12825] [ 526.140008][T12825] dump_stack_lvl+0xe8/0x150 [ 526.140036][T12825] should_fail_ex+0x40c/0x560 [ 526.140070][T12825] _copy_to_user+0x31/0xb0 [ 526.140097][T12825] simple_read_from_buffer+0xe1/0x170 [ 526.140123][T12825] proc_fail_nth_read+0x1bb/0x230 [ 526.140150][T12825] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 526.140177][T12825] ? rw_verify_area+0x24a/0x4c0 [ 526.140202][T12825] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 526.140225][T12825] vfs_read+0x213/0xa80 [ 526.140260][T12825] ? __pfx___mutex_lock+0x10/0x10 [ 526.140288][T12825] ? __pfx_vfs_read+0x10/0x10 [ 526.140315][T12825] ? __fget_files+0x3a2/0x420 [ 526.140335][T12825] ? __fget_files+0x2a/0x420 [ 526.140360][T12825] ksys_read+0x150/0x270 [ 526.140385][T12825] ? __pfx_ksys_read+0x10/0x10 [ 526.140414][T12825] ? rcu_is_watching+0x15/0xb0 [ 526.140436][T12825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.140458][T12825] do_syscall_64+0x174/0x580 [ 526.140482][T12825] ? trace_irq_disable+0x3b/0x140 [ 526.140511][T12825] ? clear_bhb_loop+0x40/0x90 [ 526.140534][T12825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.140554][T12825] RIP: 0033:0x7f97f335d68e [ 526.140573][T12825] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 526.140591][T12825] RSP: 002b:00007f97f4239fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 526.140613][T12825] RAX: ffffffffffffffda RBX: 00007f97f423a6c0 RCX: 00007f97f335d68e [ 526.140629][T12825] RDX: 000000000000000f RSI: 00007f97f423a0a0 RDI: 0000000000000006 [ 526.140643][T12825] RBP: 00007f97f423a090 R08: 0000000000000000 R09: 0000000000000000 [ 526.140657][T12825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 526.140670][T12825] R13: 00007f97f3616038 R14: 00007f97f3615fa0 R15: 00007f97f373fa48 [ 526.140694][T12825] [ 526.254498][T12825] syz_tun: left allmulticast mode [ 526.524936][T12834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 526.525231][T12834] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.559359][T12836] netlink: 'syz.2.1967': attribute type 1 has an invalid length. [ 526.559417][T12836] netlink: 'syz.2.1967': attribute type 2 has an invalid length. [ 526.559433][T12836] netlink: 'syz.2.1967': attribute type 1 has an invalid length. [ 526.559448][T12836] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1967'. [ 526.929654][ T24] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 527.117059][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 527.127478][ T24] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 527.127520][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 527.127562][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 527.127597][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.129251][ T24] usb 4-1: config 0 descriptor?? [ 527.133451][ T24] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 527.471403][T12845] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1969'. [ 527.772220][T12851] FAULT_INJECTION: forcing a failure. [ 527.772220][T12851] name failslab, interval 1, probability 0, space 0, times 0 [ 527.809618][T12851] CPU: 1 UID: 0 PID: 12851 Comm: syz.1.1971 Tainted: G L syzkaller #0 PREEMPT(full) [ 527.809654][T12851] Tainted: [L]=SOFTLOCKUP [ 527.809662][T12851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 527.809675][T12851] Call Trace: [ 527.809684][T12851] [ 527.809693][T12851] dump_stack_lvl+0xe8/0x150 [ 527.809722][T12851] should_fail_ex+0x40c/0x560 [ 527.809757][T12851] should_failslab+0xa8/0x100 [ 527.809787][T12851] __kmalloc_noprof+0xe8/0x750 [ 527.809812][T12851] ? lock_release+0x4b/0x3c0 [ 527.809843][T12851] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 527.809884][T12851] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 527.809912][T12851] genl_family_rcv_msg_doit+0xda/0x340 [ 527.809939][T12851] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 527.809966][T12851] ? apparmor_capable+0x126/0x170 [ 527.809991][T12851] ? bpf_lsm_capable+0x9/0x20 [ 527.810020][T12851] ? security_capable+0x7e/0x2c0 [ 527.810116][T12851] genl_rcv_msg+0x614/0x7a0 [ 527.810141][T12851] ? __pfx_genl_rcv_msg+0x10/0x10 [ 527.810162][T12851] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 527.810256][T12851] ? __pfx_nl80211_set_interface+0x10/0x10 [ 527.810277][T12851] ? __pfx_nl80211_post_doit+0x10/0x10 [ 527.810308][T12851] ? __netlink_lookup+0xc6/0x8b0 [ 527.810337][T12851] ? rcu_is_watching+0x15/0xb0 [ 527.810364][T12851] netlink_rcv_skb+0x226/0x4a0 [ 527.810428][T12851] ? __pfx_genl_rcv_msg+0x10/0x10 [ 527.810451][T12851] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 527.810486][T12851] ? down_read+0x2be/0x330 [ 527.810515][T12851] genl_rcv+0x28/0x40 [ 527.810538][T12851] netlink_unicast+0x7bb/0x940 [ 527.810569][T12851] netlink_sendmsg+0x813/0xb40 [ 527.810598][T12851] ? trace_irq_enable+0x3b/0x140 [ 527.810629][T12851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 527.810659][T12851] ? aa_sock_msg_perm+0xf1/0x1b0 [ 527.810690][T12851] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 527.810714][T12851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 527.810744][T12851] ____sys_sendmsg+0x9b9/0xa20 [ 527.810777][T12851] ? __pfx_____sys_sendmsg+0x10/0x10 [ 527.810807][T12851] ? lock_release+0x4b/0x3c0 [ 527.810839][T12851] ? import_iovec+0x73/0xa0 [ 527.810865][T12851] ___sys_sendmsg+0x2a5/0x360 [ 527.810893][T12851] ? rcu_is_watching+0x15/0xb0 [ 527.810914][T12851] ? get_pid_task+0x20/0x1f0 [ 527.810934][T12851] ? __pfx____sys_sendmsg+0x10/0x10 [ 527.810965][T12851] ? rcu_is_watching+0x15/0xb0 [ 527.810999][T12851] ? __fget_files+0x2a/0x420 [ 527.811020][T12851] ? __fget_files+0x3a2/0x420 [ 527.811046][T12851] __x64_sys_sendmsg+0x1b1/0x290 [ 527.811075][T12851] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 527.811111][T12851] ? rcu_is_watching+0x15/0xb0 [ 527.811133][T12851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.811156][T12851] do_syscall_64+0x174/0x580 [ 527.811180][T12851] ? trace_irq_disable+0x3b/0x140 [ 527.811208][T12851] ? clear_bhb_loop+0x40/0x90 [ 527.811232][T12851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.811253][T12851] RIP: 0033:0x7f137bd9ce59 [ 527.811273][T12851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 527.811290][T12851] RSP: 002b:00007f137cca0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 527.811313][T12851] RAX: ffffffffffffffda RBX: 00007f137c015fa0 RCX: 00007f137bd9ce59 [ 527.811329][T12851] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 527.811342][T12851] RBP: 00007f137cca0090 R08: 0000000000000000 R09: 0000000000000000 [ 527.811355][T12851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.811367][T12851] R13: 00007f137c016038 R14: 00007f137c015fa0 R15: 00007f137c13fa48 [ 527.811402][T12851] [ 528.255491][T12854] loop2: detected capacity change from 0 to 7 [ 528.342878][T12854] Dev loop2: unable to read RDB block 7 [ 528.348552][T12854] loop2: unable to read partition table [ 528.399619][ T24] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 528.639837][T12854] loop2: partition table beyond EOD, truncated [ 528.646367][T12854] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 528.914439][ T4986] Dev loop2: unable to read RDB block 7 [ 528.924522][ T4986] loop2: unable to read partition table [ 528.987746][ T4986] loop2: partition table beyond EOD, truncated [ 529.698648][T11059] usb 4-1: USB disconnect, device number 65 [ 530.015430][T12875] fuse: Bad value for 'fd' [ 531.667049][ T30] audit: type=1326 audit(1781698359.585:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f339ce59 code=0x7ffc0000 [ 531.712335][T12895] fuse: Bad value for 'fd' [ 531.833107][T12895] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 531.880286][T11060] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 531.891936][T12887] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1980'. [ 531.958985][ T30] audit: type=1326 audit(1781698359.615:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f339ce59 code=0x7ffc0000 [ 532.389004][T11060] usb 4-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.02 [ 532.415583][ T30] audit: type=1326 audit(1781698359.615:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f339ce59 code=0x7ffc0000 [ 532.467396][T11060] usb 4-1: New USB device strings: Mfr=0, Product=232, SerialNumber=255 [ 532.585934][T11060] usb 4-1: Product: syz [ 532.616321][T11060] usb 4-1: SerialNumber: syz [ 532.634170][T11060] usb 4-1: config 0 descriptor?? [ 532.641622][ T30] audit: type=1326 audit(1781698359.615:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f339ce59 code=0x7ffc0000 [ 532.817470][ T30] audit: type=1326 audit(1781698359.625:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f97f339e6c7 code=0x7ffc0000 [ 532.909760][T12892] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1982'. [ 532.939368][ T30] audit: type=1326 audit(1781698359.625:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f97f335d68e code=0x7ffc0000 [ 532.980417][ T30] audit: type=1326 audit(1781698359.625:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f97f335d68e code=0x7ffc0000 [ 533.317514][ T30] audit: type=1326 audit(1781698359.625:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f97f335d68e code=0x7ffc0000 [ 533.751236][ T30] audit: type=1326 audit(1781698359.625:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f97f335d68e code=0x7ffc0000 [ 533.980953][ T30] audit: type=1326 audit(1781698359.625:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.1983" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f339ce59 code=0x7ffc0000 [ 535.393182][T12894] tipc: Enabled bearer , priority 0 [ 535.400101][T11060] ldusb 4-1:0.0: Interrupt in endpoint not found [ 535.777315][T11060] usb 4-1: USB disconnect, device number 66 [ 535.892113][T12893] tipc: Disabling bearer [ 536.388278][T12918] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1990'. [ 536.452689][T11060] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 536.469465][T12918] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1990'. [ 536.573672][T12913] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1988'. [ 536.680759][T11060] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 536.722565][T11060] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 536.873941][T11060] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 536.991238][T11060] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.161101][T11060] usb 4-1: config 0 descriptor?? [ 537.375118][T12929] fuse: Bad value for 'fd' [ 539.669798][T12942] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1995'. [ 539.712331][T11060] usb 4-1: USB disconnect, device number 67 [ 540.409864][T11060] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 540.717000][T11060] usb 1-1: config index 0 descriptor too short (expected 804, got 36) [ 540.732987][T11060] usb 1-1: config 5 has too many interfaces: 253, using maximum allowed: 32 [ 540.813696][T11060] usb 1-1: config 5 has an invalid descriptor of length 229, skipping remainder of the config [ 540.848671][T12956] fuse: Bad value for 'fd' [ 541.149439][T11060] usb 1-1: config 5 has 0 interfaces, different from the descriptor's value: 253 [ 541.168208][T12957] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 541.193207][T11060] usb 1-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 541.509205][T11060] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.642683][T11060] usb 1-1: Product: syz [ 541.776651][T12960] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 541.859819][T11060] usb 1-1: Manufacturer: syz [ 542.496610][T11060] usb 1-1: SerialNumber: syz [ 542.522430][T12960] block device autoloading is deprecated and will be removed. [ 542.711567][T11060] usb 1-1: can't set config #5, error -71 [ 542.972607][T12961] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2000'. [ 543.986652][T11060] usb 1-1: USB disconnect, device number 71 [ 544.981134][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2000'. [ 545.068345][T12965] fuse: Bad value for 'fd' [ 545.251962][T12968] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2003'. [ 545.296811][T12968] loop5: detected capacity change from 0 to 7 [ 545.303471][T11060] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 545.327587][T12968] Dev loop5: unable to read RDB block 7 [ 545.348839][T12968] loop5: unable to read partition table [ 545.365694][T12968] loop5: partition table beyond EOD, truncated [ 545.390332][T12968] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 545.495348][T11060] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 545.532375][T11060] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 545.570690][T11060] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 545.611878][T11060] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.646811][T11060] usb 1-1: config 0 descriptor?? [ 545.958413][T12987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 545.982435][T12987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 546.069723][T11060] usb 4-1: new full-speed USB device number 68 using dummy_hcd [ 546.220725][T11060] usb 4-1: device descriptor read/64, error -71 [ 546.236752][T12991] fuse: Bad value for 'fd' [ 546.327833][T12989] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 546.470158][T11060] usb 4-1: new full-speed USB device number 69 using dummy_hcd [ 546.619955][T11060] usb 4-1: device descriptor read/64, error -71 [ 546.740682][T11060] usb usb4-port1: attempt power cycle [ 547.139745][T11060] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 547.184687][T11060] usb 4-1: device descriptor read/8, error -71 [ 547.449715][T11060] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 548.928734][T11060] usb 4-1: device descriptor read/8, error -71 [ 548.946854][ T5683] usb 1-1: USB disconnect, device number 72 [ 549.783775][T11060] usb usb4-port1: unable to enumerate USB device [ 551.899562][ C0] sched: DL replenish lagged too much [ 563.001869][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.014227][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.027459][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.039813][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.053495][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.065823][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.079561][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.091873][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.105581][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 563.117921][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 564.125937][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.339307][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.010567][ C1] net_ratelimit: 4890 callbacks suppressed [ 568.010670][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.028840][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.042535][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.054912][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.068617][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.081010][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.094721][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.107026][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.120750][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 568.133109][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.019955][ C1] net_ratelimit: 4925 callbacks suppressed [ 573.019978][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.040383][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.052817][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.067622][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.079946][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.094255][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.106586][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.120310][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.132637][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 573.146187][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 578.029853][ C1] net_ratelimit: 7813 callbacks suppressed [ 578.029875][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 578.031206][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 578.040195][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 578.061259][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 578.072749][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 578.088787][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 578.100048][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 578.112624][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 578.120552][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 578.136223][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 583.040166][ C1] net_ratelimit: 6171 callbacks suppressed [ 583.040190][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 583.040442][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 583.046948][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 583.072204][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 583.088008][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 583.098772][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 583.106701][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 583.122602][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 583.135691][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 583.147235][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 588.050310][ C1] net_ratelimit: 6118 callbacks suppressed [ 588.050333][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 588.051055][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 588.057096][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 588.080048][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 588.098187][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 588.108605][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 588.117035][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 588.132823][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 588.145968][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 588.156731][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 593.060811][ C0] net_ratelimit: 6165 callbacks suppressed [ 593.060837][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 593.062709][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 593.071432][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 593.079751][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 593.095516][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 593.108389][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 593.119409][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 593.127327][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 593.143160][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 593.156991][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 598.069576][ C0] net_ratelimit: 6251 callbacks suppressed [ 598.069600][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 598.070844][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 598.080659][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 598.088469][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 598.103853][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 598.117313][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 598.127772][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 598.136171][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 598.151942][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 598.165293][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 603.080088][ C1] net_ratelimit: 6508 callbacks suppressed [ 603.080111][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 603.080139][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 603.087179][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 603.102575][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 603.116196][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 603.126153][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 603.134915][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 603.150271][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 603.164233][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 603.174135][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 608.089557][ C0] net_ratelimit: 6516 callbacks suppressed [ 608.089580][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 608.095216][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 608.099689][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 608.108333][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 608.123554][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 608.137016][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 608.147343][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 608.156058][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 608.171380][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 608.185135][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 613.099678][ C1] net_ratelimit: 6553 callbacks suppressed [ 613.099702][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 613.102912][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 613.111971][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 613.122402][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 613.130600][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 613.145648][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 613.159704][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 613.169765][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 613.178379][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 613.193528][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 618.110283][ C0] net_ratelimit: 6444 callbacks suppressed [ 618.110306][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 618.110335][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 618.121037][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 618.129138][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 618.144200][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 618.158064][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 618.167888][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 618.176959][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 618.192037][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 618.205782][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 623.120071][ C0] net_ratelimit: 6262 callbacks suppressed [ 623.120095][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 623.129693][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 623.142406][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 623.150789][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 623.165815][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 623.180102][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 623.189823][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 623.198562][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 623.213720][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 623.227908][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 624.566982][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.583817][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.130361][ C0] net_ratelimit: 5864 callbacks suppressed [ 628.130384][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 628.133069][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 628.140467][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 628.149111][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 628.164361][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 628.178272][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 628.188143][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 628.196851][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 628.212125][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 628.225840][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 633.140652][ C0] net_ratelimit: 5809 callbacks suppressed [ 633.140669][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 633.153347][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 633.162854][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 633.171314][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 633.186487][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 633.200567][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 633.210784][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 633.219330][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 633.234610][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 633.248570][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.149860][ C0] net_ratelimit: 5747 callbacks suppressed [ 638.149883][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 638.161788][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.172443][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 638.180509][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.196161][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 638.210029][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.220166][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 638.228423][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 638.243990][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 638.257677][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.159902][ C0] net_ratelimit: 6039 callbacks suppressed [ 643.159924][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 643.160896][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.170073][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 643.178764][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.193785][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 643.207863][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.218100][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 643.226635][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 643.241806][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 643.256880][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.169591][ C1] net_ratelimit: 6670 callbacks suppressed [ 648.169614][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.170723][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 648.181285][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.192594][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 648.200781][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.216623][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 648.230729][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.240858][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 648.248723][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 648.263951][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 653.179579][ C1] net_ratelimit: 6701 callbacks suppressed [ 653.179602][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.183426][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 653.186586][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.201965][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 653.216961][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.225692][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 653.234413][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.250118][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 653.264789][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 653.273592][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.189726][ C1] net_ratelimit: 6601 callbacks suppressed [ 658.189749][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.191617][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.202091][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.219887][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.232792][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.248536][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.262295][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.272705][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 658.280641][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 658.296468][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.199546][ C0] net_ratelimit: 6135 callbacks suppressed [ 663.199569][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.202093][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.210149][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.218391][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.233931][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.247320][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.258259][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.266207][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 663.281863][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 663.295265][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.210482][ C0] net_ratelimit: 7291 callbacks suppressed [ 668.210505][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.212154][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 668.220782][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.230057][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.244879][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.253360][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 668.268546][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.281766][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 668.292495][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 668.301690][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.221135][ C0] net_ratelimit: 7770 callbacks suppressed [ 673.221160][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.222172][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 673.231735][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.240601][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.255366][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.263909][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 673.279407][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.292335][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 673.303191][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 673.312250][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 677.989559][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 677.996576][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5638/1:b..l [ 678.004533][ C0] rcu: (detected by 0, t=10502 jiffies, g=81037, q=1036 ncpus=2) [ 678.012395][ C0] task:syz-executor state:R running task stack:23128 pid:5638 tgid:5638 ppid:5614 task_flags:0x400140 flags:0x00080000 [ 678.025981][ C0] Call Trace: [ 678.029294][ C0] [ 678.032262][ C0] __schedule+0x17d9/0x56c0 [ 678.036820][ C0] ? do_syscall_64+0x174/0x580 [ 678.041627][ C0] ? __pfx___schedule+0x10/0x10 [ 678.046522][ C0] ? stack_trace_save+0xa9/0x100 [ 678.051502][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 678.056921][ C0] preempt_schedule_irq+0x4d/0xa0 [ 678.061986][ C0] irqentry_exit+0x14f/0x8f0 [ 678.066614][ C0] ? trace_irq_disable+0x3b/0x140 [ 678.071694][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 678.077730][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x70 [ 678.083931][ C0] Code: f8 16 00 00 83 fa 02 75 21 48 8b 91 00 17 00 00 48 8b 32 48 8d 7e 01 8b 89 fc 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 cc cc cc cc cc 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 [ 678.103661][ C0] RSP: 0018:ffffc9000405f430 EFLAGS: 00000293 [ 678.109768][ C0] RAX: ffffffff823e95ba RBX: ffffffff823e9312 RCX: ffff88803700be00 [ 678.117776][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 678.125786][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 678.133843][ C0] R10: dffffc0000000000 R11: fffff940001a40d7 R12: ffffea0000d20680 [ 678.141853][ C0] R13: dffffc0000000000 R14: 000000000003481a R15: 0000000000000000 [ 678.149903][ C0] ? page_ext_get+0x22/0x2e0 [ 678.154584][ C0] ? page_ext_get+0x2ca/0x2e0 [ 678.159302][ C0] page_ext_get+0x2ca/0x2e0 [ 678.163842][ C0] __reset_page_owner+0x28/0x1f0 [ 678.168825][ C0] __free_frozen_pages+0xc0d/0xd20 [ 678.174067][ C0] ? __free_slab+0x172/0x280 [ 678.178711][ C0] __slab_free+0x274/0x2c0 [ 678.183182][ C0] qlist_free_all+0x99/0x100 [ 678.187907][ C0] kasan_quarantine_reduce+0x148/0x160 [ 678.193419][ C0] __kasan_slab_alloc+0x22/0x80 [ 678.198310][ C0] __kmalloc_noprof+0x312/0x750 [ 678.203242][ C0] ? tomoyo_realpath_from_path+0xef/0x640 [ 678.209022][ C0] ? __kmalloc_noprof+0x1b4/0x750 [ 678.214092][ C0] tomoyo_realpath_from_path+0xef/0x640 [ 678.219678][ C0] tomoyo_check_open_permission+0x229/0x470 [ 678.225640][ C0] ? tomoyo_check_open_permission+0x1d3/0x470 [ 678.231765][ C0] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 678.238231][ C0] ? __asan_memset+0x22/0x50 [ 678.242885][ C0] ? rcu_is_watching+0x15/0xb0 [ 678.247698][ C0] security_file_open+0xa9/0x240 [ 678.252716][ C0] do_dentry_open+0x4a0/0x1380 [ 678.253333][ C1] net_ratelimit: 7549 callbacks suppressed [ 678.253375][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 678.257519][ C0] vfs_open+0x3b/0x340 [ 678.265125][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.275313][ C0] ? path_openat+0x2e2d/0x3830 [ 678.275348][ C0] path_openat+0x2e44/0x3830 [ 678.280452][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.291317][ C0] ? kasan_save_track+0x3e/0x80 [ 678.291350][ C0] ? do_getname+0x2e/0x250 [ 678.301342][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 678.312684][ C0] ? do_sys_openat2+0xcc/0x200 [ 678.312711][ C0] ? __x64_sys_openat+0x138/0x170 [ 678.319185][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.322037][ C0] do_file_open+0x23e/0x4a0 [ 678.322072][ C0] ? __pfx_do_file_open+0x10/0x10 [ 678.335146][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.338818][ C0] ? _raw_spin_unlock+0x28/0x50 [ 678.349207][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 678.355743][ C0] ? alloc_fd+0x651/0x6c0 [ 678.355774][ C0] do_sys_openat2+0x115/0x200 [ 678.355797][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 678.362072][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.365333][ C0] ? __se_sys_clock_nanosleep+0x35b/0x3b0 [ 678.378419][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 678.382254][ C0] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 678.382288][ C0] __x64_sys_openat+0x138/0x170 [ 678.399651][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 678.403286][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.467249][ C0] do_syscall_64+0x174/0x580 [ 678.471888][ C0] ? trace_irq_disable+0x3b/0x140 [ 678.476960][ C0] ? clear_bhb_loop+0x40/0x90 [ 678.481682][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.487701][ C0] RIP: 0033:0x7fdfd8d9c17c [ 678.492161][ C0] RSP: 002b:00007fdfd913fd40 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 678.500698][ C0] RAX: ffffffffffffffda RBX: 0000000000000571 RCX: 00007fdfd8d9c17c [ 678.508720][ C0] RDX: 0000000000090800 RSI: 00007fdfd8e326b1 RDI: 00000000ffffff9c [ 678.516730][ C0] RBP: 00007fdfd913fdec R08: 0000000000000000 R09: 0000000000000000 [ 678.524738][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000018f [ 678.532742][ C0] R13: 0000000000000000 R14: 000000000008598c R15: 00007fdfd913fe40 [ 678.540759][ C0] [ 678.543813][ C0] rcu: rcu_preempt kthread starved for 1438 jiffies! g81037 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 678.554946][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 678.564969][ C0] rcu: RCU grace-period kthread stack dump: [ 678.570887][ C0] task:rcu_preempt state:R running task stack:28120 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 678.584425][ C0] Call Trace: [ 678.587736][ C0] [ 678.590696][ C0] __schedule+0x17d9/0x56c0 [ 678.595238][ C0] ? rcu_is_watching+0x15/0xb0 [ 678.600045][ C0] ? rcu_is_watching+0x15/0xb0 [ 678.604881][ C0] ? __pfx___schedule+0x10/0x10 [ 678.609802][ C0] ? schedule+0x90/0x360 [ 678.614089][ C0] ? rcu_is_watching+0x15/0xb0 [ 678.618919][ C0] ? lock_release+0x4b/0x3c0 [ 678.623559][ C0] schedule+0x164/0x360 [ 678.627765][ C0] schedule_timeout+0x152/0x2c0 [ 678.632672][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 678.638094][ C0] ? __pfx_process_timeout+0x10/0x10 [ 678.643430][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 678.649279][ C0] ? prepare_to_swait_event+0x322/0x350 [ 678.654870][ C0] rcu_gp_fqs_loop+0x30c/0x11f0 [ 678.659807][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 678.666085][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 678.671429][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 678.676674][ C0] ? trace_irq_enable+0x3b/0x140 [ 678.681703][ C0] rcu_gp_kthread+0x9e/0x2b0 [ 678.686340][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 678.691581][ C0] ? __kthread_parkme+0x71/0x1f0 [ 678.696568][ C0] ? __kthread_parkme+0x196/0x1f0 [ 678.701633][ C0] kthread+0x388/0x470 [ 678.705732][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 678.710973][ C0] ? __pfx_kthread+0x10/0x10 [ 678.715597][ C0] ret_from_fork+0x514/0xb70 [ 678.720221][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 678.725370][ C0] ? __switch_to+0xc89/0x1420 [ 678.730090][ C0] ? __pfx_kthread+0x10/0x10 [ 678.734718][ C0] ret_from_fork_asm+0x1a/0x30 [ 678.739527][ C0] [ 678.742572][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 678.748928][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 678.759464][ C0] Tainted: [L]=SOFTLOCKUP [ 678.763815][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 678.773904][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 678.779589][ C0] Code: 4c 7e 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 b7 1f 00 fb f4 7c 03 03 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 678.799228][ C0] RSP: 0018:ffffffff8e607de0 EFLAGS: 00000246 [ 678.805339][ C0] RAX: ffff888125272000 RBX: ffffffff819a5f8c RCX: 0000000080000001 [ 678.813343][ C0] RDX: 0000000000000001 RSI: ffffffff8c292100 RDI: ffffffff819a5f8c [ 678.821347][ C0] RBP: ffffffff8e607eb8 R08: ffff8880b86338db R09: 1ffff110170c671b [ 678.829356][ C0] R10: dffffc0000000000 R11: ffffed10170c671c R12: 0000000000000000 [ 678.837451][ C0] R13: 1ffffffff1cd1de8 R14: 1ffffffff1cc0fc4 R15: dffffc0000000000 [ 678.845462][ C0] FS: 0000000000000000(0000) GS:ffff888125272000(0000) knlGS:0000000000000000 [ 678.854420][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 678.861030][ C0] CR2: 0000200000170030 CR3: 000000000e746000 CR4: 00000000003526f0 [ 678.869053][ C0] DR0: 0000000000000006 DR1: 0000000000000000 DR2: 0000000000000002 [ 678.877069][ C0] DR3: 0000800000000005 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 678.885075][ C0] Call Trace: [ 678.888383][ C0] [ 678.891358][ C0] default_idle+0x9/0x20 [ 678.895644][ C0] default_idle_call+0x72/0xb0 [ 678.900450][ C0] do_idle+0x1cc/0x540 [ 678.904564][ C0] ? __pfx_do_idle+0x10/0x10 [ 678.909223][ C0] cpu_startup_entry+0x43/0x60 [ 678.914041][ C0] rest_init+0x2de/0x300 [ 678.918326][ C0] start_kernel+0x38a/0x3e0 [ 678.923027][ C0] x86_64_start_reservations+0x24/0x30 [ 678.928594][ C0] x86_64_start_kernel+0x137/0x1b0 [ 678.933749][ C0] common_startup_64+0x13e/0x157 [ 678.938752][ C0] [ 683.259588][ C1] net_ratelimit: 7010 callbacks suppressed [ 683.259612][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 683.260926][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 683.266461][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 683.289819][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 683.306794][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:a3:f1:9d:21:45, vlan:0) [ 683.317914][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 683.326776][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 683.342272][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 683.350188][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 683.365956][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)