last executing test programs: 14.244383254s ago: executing program 1 (id=285): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = accept$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast2}, &(0x7f00000002c0)=0x10) shutdown(r2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, "ff00"}) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x8, 0x4, 0x0, 0x3, 0x28, 0x66, 0x0, 0x0, 0x11, 0x0, @empty=0xe0, @multicast1, {[@cipso={0x86, 0xb, 0x3, [{0x1, 0x5, "35fa15"}]}]}}, {0x4e20, 0x4e20, 0x8}}}}}, 0x0) r4 = syz_open_pts(r1, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000440)=0x16) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000000) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYRESOCT=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @empty, 0x3}, 0x1c) listen(r6, 0x3) setsockopt$inet6_int(r6, 0x29, 0x8, &(0x7f0000000000)=0x3, 0x4) r7 = syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="80000000d0c9cfd4c7cc3936ddda5a2439ce7940d4561704ed4ceb26b996f6c84c73b3c8486d5004ae26c3d2b439271f32493983ddac3975fd02eae6480feb357eb3570076d6252dbb26c5", @ANYRES16=r7, @ANYBLOB="200029bd7000ffdbdf25070000000800040001003ff7f12c289c21673f0f700000080002000700000008000700ac"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40004) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000006340)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000bc0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) ioctl$TCSETA(r4, 0x5406, &(0x7f0000000200)={0xfffe, 0x80, 0xe000, 0xb3, 0x17, "041000"}) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000b40)=0x9) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb962a102c0a0800cfe8010203010902120001000000000904"], 0x0) 14.133057399s ago: executing program 3 (id=286): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0xa, 0x922000000003, 0x11) bpf$PROG_LOAD(0x5, 0x0, 0xfffffe16) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$dri(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x4b, 0x41, 0x46, 0x8, 0x1660, 0x932, 0x80ea, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5, 0x10, 0xf}}]}}]}}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="fdd22d57b662178f4308e821360c28c1b7a5cd551bc9d50f05559124e5d8b8fc32988c51587bd2e27c94ce37675124e603176e05750790f4238185d369d94d42f967227c6e58de24cafef81f9cfd", 0x4e}], 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="9a", 0x1}], 0x1}}], 0x1, 0x4000000) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000814000580080001"], 0x5c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200), 0x0}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$loop(&(0x7f00000001c0), 0xfffffffffffffff9, 0x8001) ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) 12.904318083s ago: executing program 0 (id=287): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0xa, 0x922000000003, 0x11) bpf$PROG_LOAD(0x5, 0x0, 0xfffffe16) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$dri(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x4b, 0x41, 0x46, 0x8, 0x1660, 0x932, 0x80ea, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5, 0x10, 0xf}}]}}]}}, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="9a", 0x1}], 0x1}}], 0x1, 0x4000000) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000814000580080001"], 0x5c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200), 0x0}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$loop(&(0x7f00000001c0), 0xfffffffffffffff9, 0x8001) ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) 11.462822196s ago: executing program 3 (id=290): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0xa4}}, 0x40000844) socket(0x10, 0x3, 0x0) close(0xffffffffffffffff) socket(0x10, 0x3, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000400)="a38d1ebaa67401aa83cea1a04052671e5687f8e3516041a71afa8e21b1b77d7f00764f0000604e03c30ab9948dd0f840e98c69febbcf358320ab61770c480fdf791feb9259ac97428ab35a663658a6c7be0250e82302c3a49ef7f584cd219f0062bd3c7429168c2ada56720bc3994c03d68d4d94ef5dde7b1dce376d47514d785fd513cb9695ead24de25f4dd027c5ff024add6679b6b25c22b79047f328d64f947d086f5f09490b56530093099f506efa155f65bbdcb8cb948eb23536c90ca6a399497977939d285c1eabcb70906b41c9affd7aa7761841d66a8b43e437b500"/236, 0xec) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) 9.585294044s ago: executing program 1 (id=293): poll(0x0, 0x0, 0x24) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, 0x0, 0x0) kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x30000) syz_io_uring_setup(0xc8, &(0x7f00000000c0)={0x0, 0x4d46, 0x10000, 0x1, 0x386}, &(0x7f0000000140), &(0x7f0000000180)) r0 = getpid() r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r2, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000}) ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000280)={0x28, 0x7, r2, r2, 0x1c, 0x14d, 0xa}) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) timer_create(0x0, &(0x7f0000000080)={0x0, 0x40010, 0x2, @tid=r0}, &(0x7f00000003c0)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_settime(r3, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r4 = syz_open_procfs(r0, &(0x7f0000000280)='net\x00') getdents64(r4, &(0x7f0000000080)=""/46, 0x2e) getdents64(r4, &(0x7f0000002080)=""/170, 0xaa) 9.483867215s ago: executing program 3 (id=295): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0) getdents64(r2, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_int(r5, 0x1, 0x2c, 0x0, &(0x7f00000001c0)) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a0000000600010017"], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) r7 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x38, 0x2c, 0xd2b, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x9, 0xfff0}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x6}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x24040084) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000140)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1f}}, 0x3e}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040850) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/zoneinfo\x00', 0x0, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000100)) setsockopt$packet_int(r8, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r8, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r10}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 9.180488895s ago: executing program 4 (id=297): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$usbfs(0x0, 0x76, 0x101b01) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300), 0x13f, 0x9}}, 0x20) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x34, r6, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0xfffffffd}]}, 0x34}}, 0x0) 9.179901942s ago: executing program 1 (id=298): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x10c4, 0x40, 0x0, 0x190}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0xc0, &(0x7f0000000080)=0x3, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x0, &(0x7f0000006680)=0x4) inotify_init() bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000040)={'gre0\x00'}) pipe2(&(0x7f0000000300), 0x80000) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) r6 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/doi\x00', 0x2, 0x0) write$smackfs_cipsonum(r6, &(0x7f00000000c0), 0x14) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, r7}) 8.819933265s ago: executing program 2 (id=299): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x4df00, 0x800, 0x0, 0x356}, &(0x7f00000008c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x70a, 0x41e3, 0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}]}], {0x14}}, 0xd4}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0x22, 0x0, &(0x7f0000000380)="f6f4e9a1d78ad62ceef1884386dd78bb3fb7dbfc8180ca8395ccfda2e499b3dcf581", 0x0, 0xa1b, 0x0, 0x2f, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50) r6 = timerfd_create(0x0, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r8, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r8, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) write$FUSE_POLL(r10, &(0x7f00000000c0)={0x18, 0x0, r9, {0x7}}, 0x18) write$FUSE_INIT(r7, &(0x7f0000000140)={0x50, 0x0, r9, {0x7, 0x2b, 0x0, 0x8000000, 0x100, 0x2, 0x800, 0x3ed9, 0x0, 0x0, 0x8, 0x40}}, 0x50) read(r6, &(0x7f0000000380)=""/162, 0xa2) 8.04496227s ago: executing program 4 (id=300): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) symlinkat(&(0x7f0000000300)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00') r1 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) write$binfmt_script(r1, &(0x7f0000000a40)={'#! ', './file0'}, 0xb) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r3, 0x89e3, 0x0) gettid() r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f024}) r5 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x86c}}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000100)={0x2, @vbi={0x9, 0x7, 0x80000000, 0x34524742, [0x1000, 0x7], [0x9, 0xfff], 0x108}}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x17, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1802000000000000ab0000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r7}, 0x18) 7.477932766s ago: executing program 0 (id=301): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = accept$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast2}, &(0x7f00000002c0)=0x10) shutdown(r2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, "ff00"}) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x8, 0x4, 0x0, 0x3, 0x28, 0x66, 0x0, 0x0, 0x11, 0x0, @empty=0xe0, @multicast1, {[@cipso={0x86, 0xb, 0x3, [{0x1, 0x5, "35fa15"}]}]}}, {0x4e20, 0x4e20, 0x8}}}}}, 0x0) 7.161677245s ago: executing program 1 (id=302): r0 = syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e002300"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r3 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000780)={0x0, &(0x7f0000000a80)=[@uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0xfffffffeffffffff}, @cpuid={0x2, 0x18, {0x3}}, @cpuid={0x2, 0x18, {0x7}}, @cpuid={0x2, 0x18, {0x9, 0x9}}, @code={0x1, 0x66, {"66440f38810848b800700000000000000f23c00f21f83503000c000f23f866400f38813966400f3830b73f2a5eb30fae22c744240007010000c744240272718e16ff2c2466b835018ed00f32430f088f8918024aab"}}, @uexit={0x0, 0x18, 0x5}, @cpuid={0x2, 0x18, {0x2, 0x7}}, @code={0x1, 0x5b, {"c4417f117f0165d95bfd440f20c03507000000440f22c00f21dec4e2359db4b2008000000f01be2b000000c744240092000000c7442402fb060000ff2c2466f244a741380064460f01cf"}}, @code={0x1, 0x4a, {"c48278f5c466baa100b0ccee66f3646484c7ab420f01c166baf80cb8fcb89987ef66bafc0c66ed666526430f35c4e27d9720460f07430f7901"}}, @cpuid={0x2, 0x18, {0x1000, 0x2}}, @uexit={0x0, 0x18, 0x4}], 0x1e3}) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f00000007c0)={0xeeee0000, 0x11d000}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r4, 0x29, 0x7, 0x0, 0x0) write(r2, &(0x7f0000000000)="47000000010081", 0x7) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x3, [@restrict={0xb}, @var={0x10, 0x0, 0x0, 0xe, 0x5, 0x1}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x1, 0x4}]}]}, {0x0, [0x2e]}}, &(0x7f0000000500)=""/147, 0x4b, 0x93, 0x1, 0x16, 0x10000}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff0000000dbfa200000000000007020000f8ffffffb70300e508000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x47, 0x8, 0x3f8, 0x5, {{0x13, 0x4, 0x2, 0x7, 0x4c, 0x68, 0x0, 0x2, 0x4, 0x0, @broadcast, @loopback, {[@rr={0x7, 0x13, 0x2b, [@multicast2, @private=0xa010100, @loopback, @private=0xa010102]}, @rr={0x7, 0x7, 0xd3, [@loopback]}, @timestamp_addr={0x44, 0xc, 0x6b, 0x1, 0x2, [{@multicast2, 0xc24}]}, @generic={0x88, 0xf, "a11686b612a7ac0075f54ff66f"}]}}}}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0xa, &(0x7f0000000380)=@framed={{}, [@ldst={0x3, 0x3, 0x6, 0x6, 0x7, 0x1, 0xfffffffffffffff7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', r6, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff97, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) socket$netlink(0x10, 0x3, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7, 0x0, 0x9}, 0x18) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000004c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 6.448426006s ago: executing program 2 (id=303): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) readv(r1, &(0x7f0000000040)=[{0x0}], 0x1) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001e0001eb25bd70000000000001"], 0x114}], 0x1}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window], 0x3) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xce) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000477337570000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, @sock_ops=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17fe}, 0x94) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) bind$ax25(r5, &(0x7f0000000380)={{0x3, @default, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48) 6.438173909s ago: executing program 0 (id=304): r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000080)=0x6e) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0xd000, 0x10000}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_batadv\x00'}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000001200252100000000000000d019688a8cc3743e1461880028001a00fe80000000000000000000000000003000000000008000fc560a1fffac1414aa0a008e6105a896910d51509642a8779aa1632d8d2a69b19a93a403fe7b10f9c04bbea2e937ff90360000000000004bf2eee2558c57badcda2700548bb4e393947a8f576539055b69d13bdfedfdf28c304af9a5f191a103ba1637ad97a56b8e1acabca4531f6d4e8304173ea109b1476acaf3dbad1bee5ae1a93a7004d5e6c22a698910527814870be8261826e2a9b91ad361e19627d2c6a926492c5b172b2248770941df64028aaf4931506e08ba992a104dbfce4c0224654ab6aa8fa81f6885a72e3ab0b8"], 0x38}}, 0x4000800) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$tipc(0x1e, 0x2, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f0000000100), 0x200800c, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c626c6b73697a84c5fc7e9f9530313038632c00a340f1599fd1e84ee4421b0f00"]) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x10004, 0x6, 0x2, 0x1000, &(0x7f000015f000/0x1000)=nil}) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10) sendmsg$tipc(r7, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80) r8 = dup3(r1, 0xffffffffffffffff, 0x80000) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r8, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r8, 0x10f, 0x88) io_uring_register$IORING_REGISTER_MEM_REGION(r8, 0x22, &(0x7f0000000340)={&(0x7f0000000300)={&(0x7f0000000280), 0x0, 0x0, 0x5, 0x2}}, 0x1) memfd_secret(0x0) r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x180, 0x0) capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) ioctl$BTRFS_IOC_SUBVOL_CREATE(r4, 0x5000940e, &(0x7f0000001380)={{r9}, "0648d028380878a375196feabc61c68894cf54d1a352468ca5424c5154199d151e574d38b5d81a8418e5666477c39351f9bfa5985833cf628cc61fb03628e38b563f45fce1e5f09ecfd986fbf9bb6856b0eafc5b5eb637a030e5e3c50a99943461998ceb325d4f9bf58cfd4d641fe327c1698a12bf78d31a1302c6ef40dedea4f4f25d71c7bf7a585d2bead34e30d36d767137799d237d65ad2c0c33094ffd7b429f0db718f88d8e6c92f1994494b377fbcaa7cb56bbaf3b253460cb8cd49b7c81f35bd385a683c378d67b3b38ff233435844f9a107c1cdfffcbf1607221a1e70fdaaa28de4f8a80a567c03b6e311bd253fc67b1020b9766201e2e1392da7f583f7b6bc64722701c39f16be1b104b687598e87eac9a3c3912c1f917da2d46c100909ec2978dc887b05cde619962830caad9a43d233d709f28a24ac560ff21f76639ad21b6fa87dd8d3817e33841326477bbff7ccd2f2b58c87f41481ae64bac4e261074c93e0a622ebf2774168ab262334e50887d2aa644163ef0373a9a92a2ddb02316dacede64c2944c678bcf55d0793ea56606821f96d27aa3476036cacf5234205273eba635ec274f5b0d4dd11f486fbd5c87bb4739600fcec934fcfce2284d9c2b0a4f9880d0043576c846cdbb9100aade027cd42e69009c2842507e917429cabdb7ed9aeac9709b512c19f76c3aac01da30d63bec141960892da742af6848e20493905e73f5cbd6a88ab351b234d750cb2d0a71dc923d527ff7ac6abe8d72da823bf8d20ee0f3cb3271da2e4a8834f7f15b9935734d1c83d0892fd076402886c2631f54c7537575b934d32a227b8e84131683e8b2d9672892cbfee762c8f4ce730d44b962aa6f6dfd0e375ed4f943733aa9fd96c4b643744cb5a05c1447b821ebe5fec2f7d27c9537a363dfb24ec819a8aa17b50731248f5fda09f80b347d8e6384558c0c947aea52d316bc25ce01f9d64de765a9444a63900496812728e12e70825cb4f6823fd4950b233f68f8c0eeb812877139c0fc633984a6210cfab6e7c74a0a1259f127adc10b5f97460897a1549fffb3f5cd8a33dbf62bf1ab862b877369c9bf12a53322f4c278deb26c12b597704e8410c74bd89f65d46b29d17a8499259546b95a09f1060ff9dfae16d27c7b8a0db6c20ba019d2648be8af3832d785d644313fc9c9204ac3aadcf5a606a396f31c95b6c94656aed6dcc8be2a324ae8953d95bc41f01533b307675cfbb1636b1d398dcc24a377381a44f85f7598060ab86275471184b51daf48ad06edfbe54519669deb9a2d41f636d56b35ebfbe9c0a321f5323f4917b7910c6e6fc733fa4b92afae548bd5b2f5492eb30a5bee76c304584984587bbe8a2ab6f8c4757979ab9b28a0cb3582670f3fadd60d292be7c986f0fc43ce1d63eef8ea86aa4b902cfe4969a0f4d4a46f1e07d61ef98a28fa25303635a02d0ce53119c73b3a1b43880f3ea0f31f12740c67f1bf5b0700084dbfe708df64150cc290d633800c2a8c489705f9b3bfb9f62243667e9b53d7d190346924f87042a6f135fc5be8134b4a0d186c123055492a525df2065a454e981b373751908b82afeee162389f0d857b0d77f3071a37e9a4701ce01dc5f4cfc633af53ef487ecfffe5e912489f70847d8951a3ede5c263a5653e3d8fcefd2f64ce58646e2df1511fd676d96107d6c4701ef0549bd4cea967ebd3b6786f375485b6f7904c0258c3f9c2b13c97f3bc4dcf1920b0ab1d0fd7dcb8743a86cb407ca7555f9a5e208347daca0a731f5024d532d481d13bf82d684d6d3df8f0e5bb27da03a153d576356fbef74224b3fbecfb740f380ca5df89ea80ace9c7aafe542b39b40a6be3a7854ef719178b312853d7fec05047584290508836474707407ab3124392a12853b4d767c73d930db493eb793620241d1ab60a7672e761ee077e4ec2bd76d21b24d5887c2f14c6c0c8c667f43f9b85cb6267d75b3f44b5dd5260780a04230d49b07431daba7016bfcbdcc74c41cdad0ab1441ed9d24a750ae7d7a36c035fa5d52daf9b83e028e90a7574f3c30bb174fa24f737b7cebd53a21f22190f68a43dea4826ceceab9edb1dd56ae8c7f0c4311e18370c3b31ed0624f7694453d9c19335e23e948cea67cce78da93c61ec6ec63849caa089c100dfde553c20bf0387b3c67e37768004fe4a6760bcff12159651023a020b12b44060e7be47cb72470390562a3805a91ad790c06f63cd94d54f331cbeed07a60658b5614e418fbfb8475143ac00adc4673f21cdb18c1ae0108d0c421d28593675cf03b1f73eccd5ae765669cd37c2efb79cbe9d2812b1c6d1ec27d53a475994d410d421d7c8cea5b41694652f876499fc158845d98cecb0a10a1cc0f97a6a541e10eea20393ae5770aaf2a58af3eb001fce966d1e2311b0846f61d63a76d9ede1e23f435fc41d1efa43130585a797269920e5f2af949d16775bbb481231cb3eeb8bbca11295312c6744a3798cd836e214442595a58bd6cdb57daf790845e3f9cb27e78bd4ad1dfaca50dce4299ada87009a61e7b519bc3fbf5823989527af6253cb76a99eb542a619a5e2536afdfbddc3e0e854940c16e49307aead65f214ce1d455e6c00ec1b22f47fad639ff6b7c1b0796805961384643199735961145e1af260301788d9561e81646282878ce75078aa830f9ee2b2cc1dbb1c35f3a7c86fc98f37bcf1435c75d14dcfcf5a794e62ac6f51fc85afc78f060b7ed6f5800faae1331cc8c09caf305342226085c0e23191b12ea345ff1ce477a4c81d5b857a6df771acaddb6cf5cf27568a96bbc2e2f8f2a8a2f809b7b85caa800e856d6cf2d67b5efe485317ae913984a57bbc441c75aef24b787dd9d172fa145f54bdaba2092c994f0d6d48e7ea2d5b52dd28a3d9d422a4326d00d86029bc3f4af1eb61529934543c7109ce2914e3ed327bbf53e65af13ee94c14878d336a4ac3fa9a67292dbada05dfcdd85fe0a6364d90ebfa7f0f35ea2cdc153d5df791bab7e72e408078c29057cd41b6d287fbe55ff180e79463094cc790c477eb7bb4d2669c84929f9ba0e98241476a5509cfae01467df950e3376a4fa720cee831b5145a7eac522f44cb51c0904e155f7fd6574f2ae7a34476ea02f0ce44db7cbfcd6f944f98ef076800a56315e202d4cb5ade0e85451e6521faa61ed4b09d23d7ab4f2bb4de1557b719d6da8ac0d85d7c734ee53e0cd1f6eeebf394c7c54fd85fab56459ef626a83a968da44f1c2c31521decb9ea58a8bbc1c7c2f66d307ef96c499f318d43f281cbb651f782211de76a6cdf34d0a98297ebba2a46dc1596e4a060af3544bd8a82c1e6bdeffbe145b3e4880db450d2c1594d61e06fab6ba4a6055e55af45e6cff44a271d760189333818586eaee181f8c7811334780cd6fdf681d02f7df5193049f82e8fe66646171df5219735c18a7060637c893e264d6e5ef8017e5b774882b77e2895d640833bf1dcb15277fa755423dfce336766b3c279910959b0b03f35be46d71a2a89a7aafa0e142fe21bcc703f800283a50208a4cee2767703f22d1d8e3ea1325310281d0305157b1e763e2c77f4266bc3503a88676377e215eace0c7ce82208bc555464803ba1ddc6cb6fd86849fbc530fa3e3900b8f6e5fa156fc316a3337460c1ca363e20c2d435ed4026eb84646949f139e96a81ea7b54a23d9c59034ab862a9f3b4382e25061ae198da0031c422365dc5c2c8be08e762720c74da85d6b0fdccf4438ed350a122c7e9b09416ee698a76d9f96cf44793608a52d4920bd55fa571cb0002ea6f12ab3d48ff8b4b3707cc0afdd34a883fe591d038b39e2b3d82690c0e9d4ef53e4f0f3761c791ed585571eb8dd12383976949963af5dcf67015f0a92d865a7586694b4197c398c783aeaafef18316aee08abc76ae6c0be06984c4fc7c6dae9e9077bd81fb8df0c5a8f0d973df004eb8196ff9cad86d714355f70c11659a083dcab71cfd8e028366eb12d70120d1244d9b361d5fba673068ef5edb12fd02f46b86f56b4f23d4f501595249216efe0de97ffe9913f297edf55b4ee40ad99755ddc0dfa95174348b4506df7037f9cc13d3747aa51118411496bf6871427a0714d6aab2c1cb27c39c59a0e1b8d14bfdbfd862923e76ca7b7c4a68d5fbbb84b163d9c00000000ceab04c261c3bcb18afa07389945758b7dbc161f916f3ad40a1b7d295f44664a181f1000bad3dc4a0a4a2ad5add94e6075601c90ace56fb2eb5f97bf2364acb9f0286f02ae812d7a714083a95045e5471e1cbb7477a14f1061f883846165c46f71ecf8869a7ab125acb65a00cfbef0604a2fc295b7f316cafd0ecf01a815a6f1efc3d3f76bd5dcfe3ef2b11877b674c334c595a71159c7eac2aef486d8d51d9dfe9e742ec8460e3b7cbf56ad29af7986cb203a643bc62613e620323648e74d7307a9c04612eaf2e9330facdcfe6ba776de11cad5dc324d4ac79f7b5b14b4604e9708b005be052bf7b7ab00bcc94d8218e315b7a06b9aee8648a2e82aca87f7e9da60fe0b3a2d72594ff435e45282eb1a665fdfaf498c62f8f50ddc589a485f022b80d85942f64c960096fc0c9f86642e97c17d7b0f97a32182f88034e8da58ea69b6cf022954520f48bba311f52b09d90210e6c4fd069edd7ba0e774d4031a753fd2cf2cf137502c45097c82de7f694fa953a0d1ad2a3a9bf99b093ff1c3350cda690447ecd6abf3dd354746954279564fbf2bd5567567b463e64a17ac2bd0f1fcc03ed092c049e01b2d9cfc329f3f035dbca50c7b170dd41565a95e2901ce3166d77ac971d2041718d2a1c935e495d34a1cde1fb7d3004b89b6eb574dce44889e15807c024c455b5c0b782ebce9af06c29e96a5f37035fc27fe6470127e40c068342a4cc5feb0de672639e7145bc72168bab5b3fa7bda0cceacd142dfe7992e631aaf4da74c0bffb933442303eb5ae31375eccfe0571eed084e00a838bc390fb201e60b4df27b62fc807ea958cf46ffa22e5d5d61e40d9e258558dbd936ccd78507d34888b9b829d783d980ba498e973256f2609c2b0c5b48c232dcc744c9826fb9535ba4897445e52471b7184023ab6cf6fab12c5b88975275f46aaa41fb6a7ebec1d95783f0d9f5e6909b5d9272ee0db835b672e2d0aad99fb1fe62f60eb0f056433f872d3db98b7066791d1a621960286c32bc879d0125e8d44adfdcd684971e1349f593d23f3d3acf620ec191784d34bc91d6ca36080950925104d986aea536cc5feb02abb1bc7dac8e208b050be0a2986513eb1197fe995d82cf61cecfca2800c89dec640e1c7b89cfad865e783f2df08b80f596d29e348e58d8633af1ebc47babd50b4fd599090acaf5bbd51c256aa251a53c78c304e5aa48314fb9215fa13a978ad43d5c925a6aaa5dc451323765b71cd4ebb1ad36b4dc73c9194cba170baf3557e9c20df144cfd2632b736043ec3563f248abf73d66595991712a8d623bf823057f6bd153f687ea96b41bfd7a6483bfe0f6616b79dc5a649e7708b2c1dce426eec20f15b45522907dcb45b7039127f069c2c8375594b0573c52263c8265705808687b7b376d2f698c58322644c2f36abf5c48352588527b8edeb28e398c054f511faa5235a54dc4f043dde46a4a434877f8d7c11766dbd68feebd6be25b6b093818022a69a0629266643418eba848b89c9e37eec507d3d69ef10efd8dc0aaf2d8c650f2de17634a42876afd8f82696f1b0b0876d4fd791d48357b3d5050b7674f551bdfea3eccbea4f97021db15"}) 6.411750594s ago: executing program 4 (id=305): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0) getsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000003280)=""/76, &(0x7f00000002c0)=0x4c) 5.420507066s ago: executing program 2 (id=306): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0xa4}}, 0x40000844) socket(0x10, 0x3, 0x0) close(0xffffffffffffffff) socket(0x10, 0x3, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000400)="a38d1ebaa67401aa83cea1a04052671e5687f8e3516041a71afa8e21b1b77d7f00764f0000604e03c30ab9948dd0f840e98c69febbcf358320ab61770c480fdf791feb9259ac97428ab35a663658a6c7be0250e82302c3a49ef7f584cd219f0062bd3c7429168c2ada56720bc3994c03d68d4d94ef5dde7b1dce376d47514d785fd513cb9695ead24de25f4dd027c5ff024add6679b6b25c22b79047f328d64f947d086f5f09490b56530093099f506efa155f65bbdcb8cb948eb23536c90ca6a399497977939d285c1eabcb70906b41c9affd7aa7761841d66a8b43e437b500"/236, 0xec) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) 4.792743272s ago: executing program 4 (id=307): openat(0xffffffffffffffff, 0x0, 0x201880, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r4 = open$dir(0x0, 0x101000, 0xa2) mknodat(r4, &(0x7f0000000300)='./file0\x00', 0x10, 0x8) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, 0x0, 0x1) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r5, 0xffffffffffffffff, 0x6, 0x0, @val=@tracing}, 0x40) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000065f9bfff00000000fdffffff850000002c00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000540)="64b61d9b104c99176403699c7d94", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 4.620037802s ago: executing program 0 (id=308): r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={r0, 0x20, &(0x7f0000000200)={&(0x7f00000000c0)=""/207, 0xcf, 0x0, &(0x7f00000001c0)=""/51, 0x33}}, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r2, &(0x7f0000000580)='1\x00', 0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$sysctl(r2, &(0x7f0000000000)='2\x00', 0x2) getsockopt$sock_buf(r1, 0x1, 0x3b, &(0x7f0000000000)=""/57, &(0x7f0000000040)=0x39) 3.627831019s ago: executing program 4 (id=309): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0xa4}}, 0x40000844) socket(0x10, 0x3, 0x0) close(0xffffffffffffffff) socket(0x10, 0x3, 0x0) syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000400)="a38d1ebaa67401aa83cea1a04052671e5687f8e3516041a71afa8e21b1b77d7f00764f0000604e03c30ab9948dd0f840e98c69febbcf358320ab61770c480fdf791feb9259ac97428ab35a663658a6c7be0250e82302c3a49ef7f584cd219f0062bd3c7429168c2ada56720bc3994c03d68d4d94ef5dde7b1dce376d47514d785fd513cb9695ead24de25f4dd027c5ff024add6679b6b25c22b79047f328d64f947d086f5f09490b56530093099f506efa155f65bbdcb8cb948eb23536c90ca6a399497977939d285c1eabcb70906b41c9affd7aa7761841d66a8b43e437b500"/236, 0xec) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) 3.539578654s ago: executing program 2 (id=310): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$usbfs(0x0, 0x76, 0x101b01) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300), 0x13f, 0x9}}, 0x20) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x34, r6, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0xfffffffd}]}, 0x34}}, 0x0) 3.428387561s ago: executing program 1 (id=311): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x8000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5, 0x0, 0x1e0000}, 0x18) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e657720646566617500002074727573746564aaaf7bb320303030303030303030303030303030303337323400e96d72917316b228108c56176cf9bf2cd0137293489cbd47963334da4d7268403a5c7c49b0e315ac98cb6e962ded0637c5be0f0b65160bf5d78fcfb63827a87f8acbe3dae71133e40d9eb3ce56a63648c255866523fc157388ba2c16b495126268d7afdb0eb74620769e1601"], 0x2d, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c00078018000180140002400000000000f5"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x3ff, 0xffffffff, 0x34325241, 0x3, 0x0, [{0x8, 0xf}, {0x8, 0x29f6ebcd}, {0xd, 0x8}, {0x5, 0x8}, {0x2, 0x3}, {0x1ff, 0x3}, {0x6, 0x409}, {0x10001, 0x1800000}], 0x0, 0xd, 0x2, 0x3078182a3427730f, 0x1}}) read$FUSE(0xffffffffffffffff, &(0x7f00000009c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={0x70, r8, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy3\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x20044001}, 0x10) quotactl_fd$Q_GETQUOTA(r6, 0xffffffff80000702, r7, &(0x7f00000004c0)) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) 3.410876842s ago: executing program 0 (id=312): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x10c4, 0x40, 0x0, 0x190}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0xc0, &(0x7f0000000080)=0x3, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x0, &(0x7f0000006680)=0x4) inotify_init() bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89b0, &(0x7f0000000040)={'gre0\x00'}) pipe2(&(0x7f0000000300), 0x80000) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) r6 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/doi\x00', 0x2, 0x0) write$smackfs_cipsonum(r6, &(0x7f00000000c0), 0x14) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, r7}) 2.543540857s ago: executing program 3 (id=313): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x9, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) ioprio_set$pid(0x2, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000033c0)={0x0, 0x0, &(0x7f0000003380)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x40800) 2.469747097s ago: executing program 2 (id=314): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = accept$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast2}, &(0x7f00000002c0)=0x10) shutdown(r2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, "ff00"}) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x8, 0x4, 0x0, 0x3, 0x28, 0x66, 0x0, 0x0, 0x11, 0x0, @empty=0xe0, @multicast1, {[@cipso={0x86, 0xb, 0x3, [{0x1, 0x5, "35fa15"}]}]}}, {0x4e20, 0x4e20, 0x8}}}}}, 0x0) 1.348454321s ago: executing program 1 (id=315): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, 0x4, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x1) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e24, 0x1ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x6}, 0x1c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f00000000c0)={0x14, 0x5, 0xd}) r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, 0x0}) ioctl$KVM_GET_VCPU_EVENTS(r5, 0x8040ae9f, &(0x7f00000001c0)=@arm64) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008f02"]) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r9 = socket(0x10, 0x3, 0x0) write(r9, &(0x7f0000000280)="240000001a005f0014f9e407000904000a00000074000000000e000008001b0001000000", 0x24) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x2400}, 0xa5, 0x4, 0x10100000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x800) r10 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r10, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r10, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63d, 0x1, 0x2, 0xd59f83, 0x19f2, 0x8, 0x19ef, 0x3, 0x6a, 0x4, 0x2800, 0x2, 0xba2, 0x2800, 0x38, {0x8, 0xffffffff}, 0xd1, 0xa}}) socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.284797891s ago: executing program 3 (id=316): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) readv(r1, &(0x7f0000000040)=[{0x0}], 0x1) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001e0001eb25bd70000000000001"], 0x114}], 0x1}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window], 0x3) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xce) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000477337570000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, @sock_ops=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17fe}, 0x94) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) bind$ax25(r5, &(0x7f0000000380)={{0x3, @default, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48) 44.153446ms ago: executing program 4 (id=317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x8000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5, 0x0, 0x1e0000}, 0x18) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e657720646566617500002074727573746564aaaf7bb320303030303030303030303030303030303337323400e96d72917316b228108c56176cf9bf2cd0137293489cbd47963334da4d7268403a5c7c49b0e315ac98cb6e962ded0637c5be0f0b65160bf5d78fcfb63827a87f8acbe3dae71133e40d9eb3ce56a63648c255866523fc157388ba2c16b495126268d7afdb0eb74620769e1601"], 0x2d, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c00078018000180140002400000000000f5"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x3ff, 0xffffffff, 0x34325241, 0x3, 0x0, [{0x8, 0xf}, {0x8, 0x29f6ebcd}, {0xd, 0x8}, {0x5, 0x8}, {0x2, 0x3}, {0x1ff, 0x3}, {0x6, 0x409}, {0x10001, 0x1800000}], 0x0, 0xd, 0x2, 0x3078182a3427730f, 0x1}}) read$FUSE(0xffffffffffffffff, &(0x7f00000009c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={0x70, r8, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy3\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x20044001}, 0x10) quotactl_fd$Q_GETQUOTA(r6, 0xffffffff80000702, r7, &(0x7f00000004c0)) 41.847982ms ago: executing program 0 (id=318): syz_emit_vhci(&(0x7f00000002c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x406}}}, 0x7) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet_sctp(0x2, 0x5, 0x84) socket(0x1e, 0x805, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 41.052993ms ago: executing program 3 (id=319): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) mount(0x0, &(0x7f0000000800)='.\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000006c0)='=\n\x9b\xa1Q\a\x00\n@\xf6\"2a\xd7\x1fch\x1a}#\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nR\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|\xd8ZE\x92\xb4\x18|\x14\xc8\x14\xab\xe3\xd2\xb8\xf9J\x13\xbc\xea\xccp;\xa5\xe8\r=\n\x9e\xfb\x17\"\xc4QJ\xdf\xa9\x02BQ\x11\b\xab\x14\xf7\x16\xde\xc3\x89\xc6d\xdd\x18\x01\xdd\xf3\xe2\xa5\xef\x02\x17T\x94\xb9\xd4v\xb1\xe3\xb7L\xe6>*\x11e\x18\xe7-\b\xe9\x87\x81,N\x1f\x94\xa4\xe5\xd6\xd4m\x92\xccg3jNvd\xd2O|c\xb3\xa0\xf2\xc6\\\x8a\'\xb3\x81S\x9b6\xf5\xb7\x93\v\xb0\aD\xb9\xf7>\xcf?\xea\xfb\xfc\xb9\x9d\xa5\xb5\xbc\xe2\xddUJN\xb2\xb7\x9c\xc3qk\x06\xdb\xd69\x8b\x00'/288) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000640)='pagemap\x00') lseek(r1, 0x1, 0x3) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x4008800) write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) 0s ago: executing program 2 (id=320): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000002000003500000000"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000000)={0x0, 0x29, 0x1000}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r0], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) creat(0x0, 0x5c) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x10000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x0, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000140)={'dummy0\x00', &(0x7f0000000100)=@ethtool_gfeatures}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.170' (ED25519) to the list of known hosts. [ 83.503819][ T5824] cgroup: Unknown subsys name 'net' [ 83.613977][ T5824] cgroup: Unknown subsys name 'cpuset' [ 83.623445][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.339401][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.134431][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.143154][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.151055][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.158972][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.166417][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.175127][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.182587][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.186097][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.200739][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.209910][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.210626][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.219948][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.224364][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.238608][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.247457][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.247975][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.256246][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.269547][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.278287][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.279883][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.287537][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.295039][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.307330][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.326256][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.334566][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.956720][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 89.161290][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 89.181827][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 89.303693][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 89.338683][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.346248][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.353959][ T5834] bridge_slave_0: entered allmulticast mode [ 89.362173][ T5834] bridge_slave_0: entered promiscuous mode [ 89.389096][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 89.407850][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.415158][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.422597][ T5834] bridge_slave_1: entered allmulticast mode [ 89.430058][ T5834] bridge_slave_1: entered promiscuous mode [ 89.552931][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.560215][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.567389][ T5846] bridge_slave_0: entered allmulticast mode [ 89.575599][ T5846] bridge_slave_0: entered promiscuous mode [ 89.620952][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.644448][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.652196][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.659395][ T5846] bridge_slave_1: entered allmulticast mode [ 89.666954][ T5846] bridge_slave_1: entered promiscuous mode [ 89.700798][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.724925][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.732384][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.739640][ T5836] bridge_slave_0: entered allmulticast mode [ 89.746920][ T5836] bridge_slave_0: entered promiscuous mode [ 89.802708][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.810440][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.817620][ T5836] bridge_slave_1: entered allmulticast mode [ 89.825456][ T5836] bridge_slave_1: entered promiscuous mode [ 89.834998][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.847910][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.882472][ T5834] team0: Port device team_slave_0 added [ 89.949164][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.958902][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.966165][ T5835] bridge_slave_0: entered allmulticast mode [ 89.974169][ T5835] bridge_slave_0: entered promiscuous mode [ 89.983284][ T5834] team0: Port device team_slave_1 added [ 89.992251][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.028189][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.035552][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.043202][ T5835] bridge_slave_1: entered allmulticast mode [ 90.050585][ T5835] bridge_slave_1: entered promiscuous mode [ 90.073812][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.100292][ T5846] team0: Port device team_slave_0 added [ 90.106544][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.113917][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.121259][ T5838] bridge_slave_0: entered allmulticast mode [ 90.128543][ T5838] bridge_slave_0: entered promiscuous mode [ 90.178302][ T5846] team0: Port device team_slave_1 added [ 90.184596][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.196040][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.203516][ T5838] bridge_slave_1: entered allmulticast mode [ 90.213389][ T5838] bridge_slave_1: entered promiscuous mode [ 90.232844][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.240065][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.266671][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.282261][ T5836] team0: Port device team_slave_0 added [ 90.340500][ T5847] Bluetooth: hci0: command tx timeout [ 90.340742][ T5848] Bluetooth: hci1: command tx timeout [ 90.346103][ T5853] Bluetooth: hci2: command tx timeout [ 90.362999][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.376665][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.386647][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.394097][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.420839][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.431751][ T5847] Bluetooth: hci4: command tx timeout [ 90.437475][ T5847] Bluetooth: hci3: command tx timeout [ 90.446630][ T5836] team0: Port device team_slave_1 added [ 90.468221][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.475258][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.501395][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.514731][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.521978][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.548354][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.562788][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.627098][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.678047][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.688317][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.715059][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.744190][ T5835] team0: Port device team_slave_0 added [ 90.753683][ T5835] team0: Port device team_slave_1 added [ 90.766178][ T5834] hsr_slave_0: entered promiscuous mode [ 90.773815][ T5834] hsr_slave_1: entered promiscuous mode [ 90.782653][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.790091][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.816388][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.880028][ T5838] team0: Port device team_slave_0 added [ 90.930607][ T5838] team0: Port device team_slave_1 added [ 90.943052][ T5846] hsr_slave_0: entered promiscuous mode [ 90.949399][ T5846] hsr_slave_1: entered promiscuous mode [ 90.955782][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.963592][ T5846] Cannot create hsr debugfs directory [ 90.970349][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.977322][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.003353][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.059297][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.069034][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.095402][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.155914][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.163881][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.190132][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.203164][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.210192][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.238526][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.342184][ T5836] hsr_slave_0: entered promiscuous mode [ 91.348756][ T5836] hsr_slave_1: entered promiscuous mode [ 91.355207][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.362988][ T5836] Cannot create hsr debugfs directory [ 91.451633][ T5835] hsr_slave_0: entered promiscuous mode [ 91.458014][ T5835] hsr_slave_1: entered promiscuous mode [ 91.465257][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.472955][ T5835] Cannot create hsr debugfs directory [ 91.537019][ T5838] hsr_slave_0: entered promiscuous mode [ 91.543845][ T5838] hsr_slave_1: entered promiscuous mode [ 91.550705][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.558321][ T5838] Cannot create hsr debugfs directory [ 91.782100][ T10] cfg80211: failed to load regulatory.db [ 92.028642][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.044975][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.076952][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.103263][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.175554][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.187456][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.204841][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.227427][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.296181][ T5835] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.307764][ T5835] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.327238][ T5835] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.346325][ T5835] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.420263][ T5853] Bluetooth: hci0: command tx timeout [ 92.420413][ T5848] Bluetooth: hci2: command tx timeout [ 92.425782][ T5847] Bluetooth: hci1: command tx timeout [ 92.447945][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.482297][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.495075][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.500524][ T5847] Bluetooth: hci3: command tx timeout [ 92.503043][ T5848] Bluetooth: hci4: command tx timeout [ 92.534711][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.620299][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.637284][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.656429][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.669487][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.692213][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.730612][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.771416][ T194] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.778687][ T194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.793605][ T194] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.800826][ T194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.894376][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.958277][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.018445][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.044212][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.076383][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.098680][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.106004][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.117582][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.124756][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.184341][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.191566][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.206278][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.213570][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.296812][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.338449][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.345675][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.404209][ T194] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.411461][ T194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.456567][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.509361][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.575390][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.671630][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.678839][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.693906][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.701144][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.835299][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.906339][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.949292][ T5834] veth0_vlan: entered promiscuous mode [ 93.996907][ T5834] veth1_vlan: entered promiscuous mode [ 94.113873][ T5846] veth0_vlan: entered promiscuous mode [ 94.171599][ T5846] veth1_vlan: entered promiscuous mode [ 94.198953][ T5834] veth0_macvtap: entered promiscuous mode [ 94.236774][ T5834] veth1_macvtap: entered promiscuous mode [ 94.351289][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.366710][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.408403][ T5846] veth0_macvtap: entered promiscuous mode [ 94.427042][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.448906][ T5846] veth1_macvtap: entered promiscuous mode [ 94.473077][ T5834] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.487058][ T5834] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.497346][ T5834] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.506366][ T5848] Bluetooth: hci1: command tx timeout [ 94.506412][ T5848] Bluetooth: hci0: command tx timeout [ 94.513592][ T5847] Bluetooth: hci2: command tx timeout [ 94.524490][ T5834] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.563413][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.580658][ T5847] Bluetooth: hci3: command tx timeout [ 94.586133][ T5847] Bluetooth: hci4: command tx timeout [ 94.632584][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.643853][ T5836] veth0_vlan: entered promiscuous mode [ 94.673532][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.686328][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.695586][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.704447][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.714011][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.778648][ T5836] veth1_vlan: entered promiscuous mode [ 94.854815][ T5838] veth0_vlan: entered promiscuous mode [ 94.866100][ T5835] veth0_vlan: entered promiscuous mode [ 94.891292][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.900495][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.924090][ T5835] veth1_vlan: entered promiscuous mode [ 94.948859][ T5836] veth0_macvtap: entered promiscuous mode [ 94.983081][ T5838] veth1_vlan: entered promiscuous mode [ 94.992835][ T5836] veth1_macvtap: entered promiscuous mode [ 95.020624][ T2901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.033863][ T2901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.071052][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.104053][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.117566][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.128184][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.138081][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.148689][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.164056][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.178855][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.206541][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.253495][ T5835] veth0_macvtap: entered promiscuous mode [ 95.263267][ T5838] veth0_macvtap: entered promiscuous mode [ 95.298924][ T5835] veth1_macvtap: entered promiscuous mode [ 95.302141][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.332173][ T5838] veth1_macvtap: entered promiscuous mode [ 95.343964][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.387948][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.415223][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.485686][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.505333][ T5835] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.529721][ T5835] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.538486][ T5835] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.564555][ T5835] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.603777][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.626518][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.641841][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.651202][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.661510][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.964878][ T2901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.989131][ T2901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.246003][ T5964] netlink: 'syz.3.4': attribute type 15 has an invalid length. [ 96.292492][ T5964] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4'. [ 96.623039][ T5853] Bluetooth: hci0: command tx timeout [ 96.629023][ T5853] Bluetooth: hci1: command tx timeout [ 96.638146][ T5847] Bluetooth: hci2: command tx timeout [ 96.660269][ T5853] Bluetooth: hci3: command tx timeout [ 96.666144][ T5847] Bluetooth: hci4: command tx timeout [ 96.730590][ T2901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.758130][ T2901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.174512][ T2901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.203030][ T2901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.944882][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.970932][ T5980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.978831][ T5980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.016871][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.066521][ T5983] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.148209][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.183346][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.474050][ T5995] Zero length message leads to an empty skb [ 98.521234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.828169][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.035618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.135254][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.135557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.237903][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.309993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 99.340192][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.540449][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.560049][ T5996] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 99.720539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.841792][ T6000] input: syz1 as /devices/virtual/input/input5 [ 100.048193][ T6007] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 102.468549][ T6020] netlink: 'syz.1.18': attribute type 2 has an invalid length. [ 102.763710][ T6025] 9pnet_fd: Insufficient options for proto=fd [ 102.893431][ T6027] FAULT_INJECTION: forcing a failure. [ 102.893431][ T6027] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 102.929689][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.1.21 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(full) [ 102.929722][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.929743][ T6027] Call Trace: [ 102.929755][ T6027] [ 102.929764][ T6027] dump_stack_lvl+0x189/0x250 [ 102.929802][ T6027] ? __pfx____ratelimit+0x10/0x10 [ 102.929831][ T6027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.929848][ T6027] ? __pfx__printk+0x10/0x10 [ 102.929878][ T6027] should_fail_ex+0x414/0x560 [ 102.929904][ T6027] _copy_from_user+0x2d/0xb0 [ 102.929924][ T6027] __copy_msghdr+0x3c5/0x5b0 [ 102.929947][ T6027] ___sys_sendmsg+0x1a5/0x2a0 [ 102.929969][ T6027] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.930022][ T6027] ? __might_fault+0xb0/0x130 [ 102.930048][ T6027] __sys_sendmmsg+0x227/0x430 [ 102.930072][ T6027] ? __pfx___sys_sendmmsg+0x10/0x10 [ 102.930091][ T6027] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 102.930125][ T6027] ? ksys_write+0x22a/0x250 [ 102.930150][ T6027] ? __pfx_ksys_write+0x10/0x10 [ 102.930169][ T6027] ? rcu_is_watching+0x15/0xb0 [ 102.930192][ T6027] __x64_sys_sendmmsg+0xa0/0xc0 [ 102.930214][ T6027] do_syscall_64+0xfa/0x3b0 [ 102.930228][ T6027] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.930252][ T6027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.930276][ T6027] ? clear_bhb_loop+0x60/0xb0 [ 102.930295][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.930309][ T6027] RIP: 0033:0x7fee0f18e929 [ 102.930327][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.930340][ T6027] RSP: 002b:00007fee0cff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 102.930357][ T6027] RAX: ffffffffffffffda RBX: 00007fee0f3b5fa0 RCX: 00007fee0f18e929 [ 102.930368][ T6027] RDX: 0000000000000002 RSI: 0000200000000b00 RDI: 0000000000000004 [ 102.930378][ T6027] RBP: 00007fee0cff6090 R08: 0000000000000000 R09: 0000000000000000 [ 102.930387][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.930396][ T6027] R13: 0000000000000000 R14: 00007fee0f3b5fa0 R15: 00007ffcf779acb8 [ 102.930418][ T6027] [ 103.658309][ T6034] netlink: 36 bytes leftover after parsing attributes in process `syz.3.22'. [ 103.691766][ T6029] input: syz1 as /devices/virtual/input/input6 [ 103.746968][ T6035] netlink: 'syz.2.24': attribute type 27 has an invalid length. [ 103.800136][ T6034] bridge0: entered promiscuous mode [ 103.808509][ T6034] macvlan2: entered promiscuous mode [ 103.847487][ T6035] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 104.137273][ T6042] netlink: 'syz.4.29': attribute type 1 has an invalid length. [ 104.267864][ T6047] netlink: 'syz.3.30': attribute type 18 has an invalid length. [ 104.405374][ T6050] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[6050] [ 104.563318][ T6050] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 104.574421][ T6050] overlayfs: failed to set xattr on upper [ 104.584034][ T6050] overlayfs: ...falling back to redirect_dir=nofollow. [ 104.591172][ T6050] overlayfs: ...falling back to index=off. [ 104.597158][ T6050] overlayfs: ...falling back to uuid=null. [ 104.603507][ T6050] overlayfs: maximum fs stacking depth exceeded [ 105.062122][ T6052] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 106.448381][ T6072] netlink: 'syz.0.38': attribute type 21 has an invalid length. [ 106.510688][ T6072] netlink: 132 bytes leftover after parsing attributes in process `syz.0.38'. [ 106.734386][ T6072] x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 [ 110.129392][ T30] audit: type=1326 audit(1751795063.451:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6041 comm="syz.4.29" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f600358e929 code=0x0 [ 110.179052][ T5902] libceph: connect (1)[c::]:6789 error -101 [ 110.192279][ T5902] libceph: mon0 (1)[c::]:6789 connect error [ 110.209003][ T6085] ceph: No mds server is up or the cluster is laggy [ 110.218568][ T5902] libceph: connect (1)[c::]:6789 error -101 [ 110.225144][ T5902] libceph: mon0 (1)[c::]:6789 connect error [ 110.560097][ T6097] netlink: 'syz.1.44': attribute type 18 has an invalid length. [ 113.110915][ T5957] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 113.223325][ T6115] process 'syz.2.48' launched '/dev/fd/6' with NULL argv: empty string added [ 113.432320][ T6114] netlink: 116 bytes leftover after parsing attributes in process `syz.0.50'. [ 113.619779][ T5957] usb 2-1: Using ep0 maxpacket: 32 [ 113.654154][ T5957] usb 2-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 113.691913][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.729637][ T5957] usb 2-1: Product: syz [ 113.739800][ T5957] usb 2-1: Manufacturer: syz [ 113.757730][ T5957] usb 2-1: SerialNumber: syz [ 114.015555][ T6129] FAULT_INJECTION: forcing a failure. [ 114.015555][ T6129] name failslab, interval 1, probability 0, space 0, times 1 [ 114.028460][ T6129] CPU: 1 UID: 0 PID: 6129 Comm: syz.3.53 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(full) [ 114.028490][ T6129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.028503][ T6129] Call Trace: [ 114.028511][ T6129] [ 114.028520][ T6129] dump_stack_lvl+0x189/0x250 [ 114.028551][ T6129] ? __pfx____ratelimit+0x10/0x10 [ 114.028587][ T6129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.028620][ T6129] ? __pfx__printk+0x10/0x10 [ 114.028656][ T6129] ? __pfx___might_resched+0x10/0x10 [ 114.028680][ T6129] ? fs_reclaim_acquire+0x7d/0x100 [ 114.028709][ T6129] should_fail_ex+0x414/0x560 [ 114.028746][ T6129] should_failslab+0xa8/0x100 [ 114.028769][ T6129] __kmalloc_cache_noprof+0x70/0x3d0 [ 114.028802][ T6129] ? bpf_xdp_link_attach+0x168/0x8c0 [ 114.028838][ T6129] bpf_xdp_link_attach+0x168/0x8c0 [ 114.028868][ T6129] ? __lock_acquire+0xab9/0xd20 [ 114.028898][ T6129] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 114.028949][ T6129] ? __fget_files+0x3a0/0x420 [ 114.028969][ T6129] ? __fget_files+0x2a/0x420 [ 114.028993][ T6129] ? attach_type_to_prog_type+0x40a/0x470 [ 114.029018][ T6129] ? bpf_prog_attach_check_attach_type+0x39c/0x540 [ 114.029048][ T6129] link_create+0x461/0x8a0 [ 114.029076][ T6129] __sys_bpf+0x599/0x860 [ 114.029112][ T6129] ? __pfx___sys_bpf+0x10/0x10 [ 114.029161][ T6129] ? ksys_write+0x22a/0x250 [ 114.029195][ T6129] ? __pfx_ksys_write+0x10/0x10 [ 114.029235][ T6129] __x64_sys_bpf+0x7c/0x90 [ 114.029274][ T6129] do_syscall_64+0xfa/0x3b0 [ 114.029298][ T6129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.029319][ T6129] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 114.029340][ T6129] ? clear_bhb_loop+0x60/0xb0 [ 114.029367][ T6129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.029389][ T6129] RIP: 0033:0x7f580b58e929 [ 114.029408][ T6129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.029426][ T6129] RSP: 002b:00007f580c3a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 114.029450][ T6129] RAX: ffffffffffffffda RBX: 00007f580b7b6160 RCX: 00007f580b58e929 [ 114.029466][ T6129] RDX: 0000000000000010 RSI: 0000200000000400 RDI: 000000000000001c [ 114.029480][ T6129] RBP: 00007f580c3a9090 R08: 0000000000000000 R09: 0000000000000000 [ 114.029493][ T6129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.029506][ T6129] R13: 0000000000000000 R14: 00007f580b7b6160 R15: 00007ffe204e6288 [ 114.029543][ T6129] [ 114.274772][ C1] vkms_vblank_simulate: vblank timer overrun [ 115.962061][ T5957] visor 2-1:1.0: Handspring Visor / Palm OS converter detected [ 115.980499][ T5957] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 115.995432][ T5957] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 116.367112][ T5902] usb 2-1: USB disconnect, device number 2 [ 116.436160][ T6137] FAULT_INJECTION: forcing a failure. [ 116.436160][ T6137] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.463322][ T5902] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 116.504912][ T6137] CPU: 0 UID: 0 PID: 6137 Comm: syz.2.58 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(full) [ 116.504940][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.504950][ T6137] Call Trace: [ 116.504957][ T6137] [ 116.504965][ T6137] dump_stack_lvl+0x189/0x250 [ 116.504989][ T6137] ? __pfx____ratelimit+0x10/0x10 [ 116.505017][ T6137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.505036][ T6137] ? __pfx__printk+0x10/0x10 [ 116.505061][ T6137] ? __pfx___mutex_lock+0x10/0x10 [ 116.505085][ T6137] should_fail_ex+0x414/0x560 [ 116.505126][ T6137] _copy_to_user+0x31/0xb0 [ 116.505149][ T6137] xsk_getsockopt+0x7a8/0x870 [ 116.505178][ T6137] ? __pfx_xsk_getsockopt+0x10/0x10 [ 116.505208][ T6137] ? __lock_acquire+0xab9/0xd20 [ 116.505233][ T6137] ? __might_fault+0xb0/0x130 [ 116.505280][ T6137] do_sock_getsockopt+0x35d/0x650 [ 116.505305][ T6137] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 116.505326][ T6137] ? do_syscall_64+0x40/0x3b0 [ 116.505344][ T6137] ? __fget_files+0x3a0/0x420 [ 116.505360][ T6137] ? __fget_files+0x2a/0x420 [ 116.505386][ T6137] __x64_sys_getsockopt+0x1a5/0x250 [ 116.505411][ T6137] ? do_syscall_64+0x40/0x3b0 [ 116.505433][ T6137] ? do_syscall_64+0x40/0x3b0 [ 116.505458][ T6137] do_syscall_64+0xfa/0x3b0 [ 116.505478][ T6137] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.505512][ T6137] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.505532][ T6137] ? clear_bhb_loop+0x60/0xb0 [ 116.505565][ T6137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.505585][ T6137] RIP: 0033:0x7f2f2f38e929 [ 116.505604][ T6137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.505622][ T6137] RSP: 002b:00007f2f30235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 116.505644][ T6137] RAX: ffffffffffffffda RBX: 00007f2f2f5b5fa0 RCX: 00007f2f2f38e929 [ 116.505659][ T6137] RDX: 0000000000000007 RSI: 000000000000011b RDI: 0000000000000003 [ 116.505672][ T6137] RBP: 00007f2f30235090 R08: 0000200000000300 R09: 0000000000000000 [ 116.505686][ T6137] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 116.505699][ T6137] R13: 0000000000000000 R14: 00007f2f2f5b5fa0 R15: 00007ffe2ebf5d68 [ 116.505732][ T6137] [ 116.580524][ T5902] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 116.774478][ T5902] visor 2-1:1.0: device disconnected [ 116.775962][ T6141] netlink: 'syz.3.57': attribute type 18 has an invalid length. [ 116.927489][ T6145] mmap: syz.0.60 (6145) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 117.835146][ T6153] netlink: 36 bytes leftover after parsing attributes in process `syz.3.63'. [ 118.466768][ T6157] smk_cipso_doi:692 cipso add rc = -22 [ 119.079337][ T6163] netlink: 116 bytes leftover after parsing attributes in process `syz.2.65'. [ 121.229763][ T30] audit: type=1326 audit(1751795072.981:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 121.379676][ T30] audit: type=1326 audit(1751795072.981:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 121.432571][ T30] audit: type=1326 audit(1751795072.981:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 121.558656][ T30] audit: type=1326 audit(1751795072.981:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 121.579835][ C1] vkms_vblank_simulate: vblank timer overrun [ 121.633741][ T30] audit: type=1326 audit(1751795072.981:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 122.193366][ T30] audit: type=1326 audit(1751795072.981:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 122.214515][ C1] vkms_vblank_simulate: vblank timer overrun [ 122.421862][ T30] audit: type=1326 audit(1751795072.981:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 122.518134][ T30] audit: type=1326 audit(1751795072.981:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 122.614009][ T6201] xt_HMARK: spi-set and port-set can't be combined [ 122.835181][ T30] audit: type=1326 audit(1751795072.981:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 123.478463][ T30] audit: type=1326 audit(1751795072.981:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6139 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fee0f18e929 code=0x7ffc0000 [ 125.209929][ T6215] netlink: 36 bytes leftover after parsing attributes in process `syz.2.77'. [ 125.365560][ T6216] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 125.649869][ T5956] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 125.669768][ T5902] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 125.832723][ T5956] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 125.863605][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 125.886842][ T5956] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 125.899714][ T5956] usb 2-1: config 0 has no interface number 0 [ 125.905889][ T5956] usb 2-1: config 0 interface 128 altsetting 6 endpoint 0x5 has invalid maxpacket 1024, setting to 1023 [ 125.922215][ T5956] usb 2-1: config 0 interface 128 altsetting 6 endpoint 0xF has invalid wMaxPacketSize 0 [ 125.932936][ T5956] usb 2-1: config 0 interface 128 altsetting 6 has 3 endpoint descriptors, different from the interface descriptor's value: 6 [ 125.975233][ T5956] usb 2-1: config 0 interface 128 has no altsetting 0 [ 125.999677][ T5902] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 126.010069][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.013205][ T5956] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91 [ 126.028963][ T5957] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 126.030611][ T5902] usb 3-1: config 0 descriptor?? [ 126.065305][ T5902] pwc: Askey VC010 type 2 USB webcam detected. [ 126.072752][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.072783][ T5956] usb 2-1: Product: syz [ 126.072800][ T5956] usb 2-1: Manufacturer: syz [ 126.072817][ T5956] usb 2-1: SerialNumber: syz [ 126.130890][ T5956] usb 2-1: config 0 descriptor?? [ 126.167249][ T5956] radio-si470x 2-1:0.128: could not find interrupt in endpoint [ 126.193421][ T5956] radio-si470x 2-1:0.128: probe with driver radio-si470x failed with error -5 [ 126.204523][ T5956] usbhid 2-1:0.128: couldn't find an input interrupt endpoint [ 126.237730][ T5957] usb 1-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=e8.cf [ 126.273843][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.303212][ T5957] usb 1-1: Product: syz [ 126.307487][ T5957] usb 1-1: Manufacturer: syz [ 126.329938][ T5957] usb 1-1: SerialNumber: syz [ 126.353176][ T5956] usb 2-1: USB disconnect, device number 3 [ 126.374972][ T5957] usb 1-1: config 0 descriptor?? [ 126.484517][ T5957] cypress_cy7c63 1-1:0.0: Cypress CY7C63xxx device now attached [ 126.524687][ T5902] pwc: recv_control_msg error -32 req 02 val 2b00 [ 126.549746][ T5902] pwc: recv_control_msg error -32 req 02 val 2700 [ 126.570881][ T5902] pwc: recv_control_msg error -32 req 02 val 2c00 [ 126.672477][ T5902] pwc: recv_control_msg error -32 req 04 val 1000 [ 126.778184][ T5902] pwc: recv_control_msg error -32 req 04 val 1300 [ 126.947741][ T5902] pwc: recv_control_msg error -32 req 04 val 1400 [ 127.149982][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.190246][ T5902] pwc: recv_control_msg error -32 req 02 val 2000 [ 127.211965][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.228893][ T5902] pwc: recv_control_msg error -32 req 02 val 2100 [ 127.279161][ T5902] pwc: recv_control_msg error -32 req 04 val 1500 [ 127.305964][ T5902] pwc: recv_control_msg error -32 req 02 val 2500 [ 127.317815][ T5902] pwc: recv_control_msg error -32 req 02 val 2400 [ 127.391937][ T5902] pwc: recv_control_msg error -32 req 02 val 2600 [ 127.432904][ T5902] pwc: recv_control_msg error -32 req 02 val 2900 [ 127.843055][ T5956] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 127.907462][ T5902] pwc: recv_control_msg error -71 req 04 val 1100 [ 127.954920][ T5902] pwc: recv_control_msg error -71 req 04 val 1200 [ 128.016004][ T5902] pwc: Registered as video103. [ 128.024194][ T5956] usb 5-1: Using ep0 maxpacket: 16 [ 128.064501][ T5902] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input7 [ 128.070562][ T5956] usb 5-1: config 64 has an invalid descriptor of length 0, skipping remainder of the config [ 128.105794][ T5956] usb 5-1: New USB device found, idVendor=9e88, idProduct=9e8f, bcdDevice=9b.e4 [ 128.154758][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.176522][ T5902] usb 3-1: USB disconnect, device number 2 [ 128.196441][ T5956] usb 5-1: Product: syz [ 128.222395][ T6246] netlink: 'syz.3.87': attribute type 2 has an invalid length. [ 128.230680][ T5956] usb 5-1: Manufacturer: syz [ 128.239340][ T6248] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 128.261872][ T5956] usb 5-1: SerialNumber: syz [ 128.487221][ T6238] netlink: 164 bytes leftover after parsing attributes in process `syz.4.86'. [ 128.561526][ T6250] netlink: 36 bytes leftover after parsing attributes in process `syz.1.90'. [ 128.612692][ T5956] ftdi_sio 5-1:64.0: Ignoring interface reserved for JTAG [ 128.628758][ T5929] usb 1-1: USB disconnect, device number 2 [ 128.652571][ T5929] cypress_cy7c63 1-1:0.0: Cypress CY7C63xxx device now disconnected [ 128.690870][ T5956] usb 5-1: USB disconnect, device number 2 [ 128.719769][ T5841] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 128.738887][ T6257] netlink: 'syz.1.92': attribute type 18 has an invalid length. [ 128.910591][ T5841] usb 4-1: Using ep0 maxpacket: 16 [ 129.129656][ T5841] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 129.310866][ T5841] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 129.391682][ T5841] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 129.410804][ T5841] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.436017][ T5841] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 129.492601][ T5841] usb 4-1: config 0 has no interface number 0 [ 129.550873][ T5841] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 130.035183][ T5841] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 130.074786][ T5841] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 130.112367][ T6268] ======================================================= [ 130.112367][ T6268] WARNING: The mand mount option has been deprecated and [ 130.112367][ T6268] and is ignored by this kernel. Remove the mand [ 130.112367][ T6268] option from the mount to silence this warning. [ 130.112367][ T6268] ======================================================= [ 130.200361][ T5841] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 130.277904][ T5841] usb 4-1: config 0 interface 125 has no altsetting 0 [ 130.294133][ T5841] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 130.337398][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.368132][ T5841] usb 4-1: Product: syz [ 130.390332][ T5841] usb 4-1: Manufacturer: syz [ 130.415381][ T5841] usb 4-1: SerialNumber: syz [ 130.441800][ T5841] usb 4-1: config 0 descriptor?? [ 130.543200][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 130.543219][ T30] audit: type=1326 audit(1751795083.941:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6275 comm="syz.1.99" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fee0f18e929 code=0x0 [ 130.789711][ T30] audit: type=1326 audit(1751795084.181:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6279 comm="syz.2.101" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f2f38e929 code=0x0 [ 131.438371][ T6292] Bluetooth: MGMT ver 1.23 [ 131.613174][ T6291] netlink: 'syz.0.102': attribute type 10 has an invalid length. [ 131.696736][ T6005] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 131.731163][ T6291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.742479][ T6291] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 132.341068][ T6005] usb 3-1: Using ep0 maxpacket: 16 [ 132.369781][ T6005] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.414604][ T6005] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.438507][ T6303] netlink: 'syz.0.105': attribute type 18 has an invalid length. [ 132.444051][ T6005] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 132.483510][ T6005] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 132.520523][ T6305] FAULT_INJECTION: forcing a failure. [ 132.520523][ T6305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.555002][ T6005] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.575571][ T6305] CPU: 0 UID: 0 PID: 6305 Comm: syz.4.106 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(full) [ 132.575602][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.575615][ T6305] Call Trace: [ 132.575624][ T6305] [ 132.575633][ T6305] dump_stack_lvl+0x189/0x250 [ 132.575662][ T6305] ? __pfx____ratelimit+0x10/0x10 [ 132.575697][ T6305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.575721][ T6305] ? __pfx__printk+0x10/0x10 [ 132.575749][ T6305] ? __might_fault+0xb0/0x130 [ 132.575794][ T6305] should_fail_ex+0x414/0x560 [ 132.575830][ T6305] _copy_from_user+0x2d/0xb0 [ 132.575857][ T6305] input_event_from_user+0xb2/0x280 [ 132.575891][ T6305] ? __pfx_input_event_from_user+0x10/0x10 [ 132.575927][ T6305] ? input_inject_event+0xbc/0x320 [ 132.575955][ T6305] evdev_write+0x2a6/0x480 [ 132.575991][ T6305] ? __pfx_evdev_write+0x10/0x10 [ 132.576030][ T6305] ? bpf_lsm_file_permission+0x9/0x20 [ 132.576052][ T6305] ? security_file_permission+0x75/0x290 [ 132.576088][ T6305] ? rw_verify_area+0x258/0x650 [ 132.576121][ T6305] ? __pfx_evdev_write+0x10/0x10 [ 132.576152][ T6305] vfs_write+0x27b/0xa90 [ 132.576193][ T6305] ? __pfx_vfs_write+0x10/0x10 [ 132.576227][ T6305] ? __fget_files+0x2a/0x420 [ 132.576252][ T6305] ? __fget_files+0x2a/0x420 [ 132.576271][ T6305] ? __fget_files+0x3a0/0x420 [ 132.576291][ T6305] ? __fget_files+0x2a/0x420 [ 132.576322][ T6305] ksys_write+0x145/0x250 [ 132.576355][ T6305] ? __pfx_ksys_write+0x10/0x10 [ 132.576384][ T6305] ? rcu_is_watching+0x15/0xb0 [ 132.576414][ T6305] ? do_syscall_64+0xbe/0x3b0 [ 132.576440][ T6305] do_syscall_64+0xfa/0x3b0 [ 132.576460][ T6305] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.576494][ T6305] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.576515][ T6305] ? clear_bhb_loop+0x60/0xb0 [ 132.576542][ T6305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.576563][ T6305] RIP: 0033:0x7f600358e929 [ 132.576582][ T6305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.576605][ T6305] RSP: 002b:00007f60044a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 132.576628][ T6305] RAX: ffffffffffffffda RBX: 00007f60037b5fa0 RCX: 00007f600358e929 [ 132.576643][ T6305] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000005 [ 132.576656][ T6305] RBP: 00007f60044a0090 R08: 0000000000000000 R09: 0000000000000000 [ 132.576668][ T6305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 132.576679][ T6305] R13: 0000000000000000 R14: 00007f60037b5fa0 R15: 00007ffeb9b34bf8 [ 132.576712][ T6305] [ 132.855432][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.862268][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.910821][ T6309] syz.1.108 uses obsolete (PF_INET,SOCK_PACKET) [ 132.930021][ T6005] usb 3-1: config 0 descriptor?? [ 133.004001][ T5841] usb 4-1: USB disconnect, device number 2 [ 134.166630][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.185958][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.194538][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.288357][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.314973][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.401877][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.428024][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.469631][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.521323][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.536591][ T6323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 134.558527][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.602985][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.654564][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.706385][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.813606][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 134.890481][ T6005] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 135.741481][ T6005] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input8 [ 137.203493][ T6005] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 137.224869][ T6005] usb 3-1: USB disconnect, device number 3 [ 137.849681][ T6338] fido_id[6338]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 141.596172][ T6371] netlink: 36 bytes leftover after parsing attributes in process `syz.4.127'. [ 141.753297][ T6373] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 141.770531][ T6373] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 143.523917][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.139'. [ 144.014963][ T5909] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 144.379703][ T5909] usb 4-1: Using ep0 maxpacket: 8 [ 144.469205][ T5909] usb 4-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17 [ 144.550974][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.624991][ T5909] usb 4-1: Product: syz [ 144.629222][ T5909] usb 4-1: Manufacturer: syz [ 144.663106][ T5909] usb 4-1: SerialNumber: syz [ 144.773248][ T5909] usb 4-1: config 0 descriptor?? [ 145.092142][ T5909] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 145.979811][ T5909] usb 4-1: USB disconnect, device number 3 [ 146.731429][ T6430] netlink: zone id is out of range [ 146.813992][ T6432] loop2: detected capacity change from 0 to 7 [ 146.846704][ T6432] Dev loop2: unable to read RDB block 7 [ 146.911964][ T6432] loop2: unable to read partition table [ 146.918392][ T6432] loop2: partition table beyond EOD, truncated [ 146.927243][ T6430] netlink: zone id is out of range [ 146.947717][ T6430] netlink: zone id is out of range [ 146.964680][ T6432] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 146.975069][ T6430] netlink: zone id is out of range [ 146.982414][ T6430] netlink: zone id is out of range [ 146.987750][ T6430] netlink: zone id is out of range [ 146.994341][ T6430] netlink: zone id is out of range [ 147.000451][ T6430] netlink: zone id is out of range [ 147.005830][ T6430] netlink: zone id is out of range [ 147.033605][ T6430] netlink: zone id is out of range [ 147.190432][ T6005] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 147.357523][ T6005] usb 4-1: Using ep0 maxpacket: 8 [ 147.643406][ T6005] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.659722][ T6005] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 147.696114][ T6005] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 147.777909][ T6005] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.084779][ T6005] hub 4-1:1.0: bad descriptor, ignoring hub [ 148.092819][ T6005] hub 4-1:1.0: probe with driver hub failed with error -5 [ 148.677150][ T6005] usb 4-1: reset high-speed USB device number 4 using dummy_hcd [ 150.616415][ T5928] usb 4-1: USB disconnect, device number 4 [ 150.763141][ T6469] smk_cipso_doi:679 remove rc = -2 [ 150.768502][ T6469] smk_cipso_doi:692 cipso add rc = -22 [ 151.929682][ T6478] netlink: 20 bytes leftover after parsing attributes in process `syz.4.160'. [ 153.024088][ T6487] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 153.659685][ T5909] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 154.413264][ T5909] usb 1-1: Using ep0 maxpacket: 16 [ 154.432840][ T5909] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 154.445792][ T5909] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 154.469659][ T5909] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 154.478014][ T5909] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 154.499207][ T5909] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 154.525951][ T5909] usb 1-1: config 0 has no interface number 0 [ 154.580660][ T5909] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 154.694962][ T5909] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 154.798722][ T5909] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 154.892181][ T5909] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 155.001224][ T6506] FAULT_INJECTION: forcing a failure. [ 155.001224][ T6506] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.014821][ T5909] usb 1-1: config 0 interface 125 has no altsetting 0 [ 155.050746][ T5909] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 155.060204][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.068242][ T5909] usb 1-1: Product: syz [ 155.082958][ T6506] CPU: 1 UID: 0 PID: 6506 Comm: syz.1.167 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(full) [ 155.082988][ T6506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.083002][ T6506] Call Trace: [ 155.083012][ T6506] [ 155.083022][ T6506] dump_stack_lvl+0x189/0x250 [ 155.083053][ T6506] ? __pfx____ratelimit+0x10/0x10 [ 155.083087][ T6506] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.083112][ T6506] ? __pfx__printk+0x10/0x10 [ 155.083151][ T6506] should_fail_ex+0x414/0x560 [ 155.083190][ T6506] _copy_to_user+0x31/0xb0 [ 155.083219][ T6506] simple_read_from_buffer+0xe1/0x170 [ 155.083259][ T6506] proc_fail_nth_read+0x1df/0x250 [ 155.083286][ T6506] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 155.083313][ T6506] ? rw_verify_area+0x258/0x650 [ 155.083344][ T6506] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 155.083369][ T6506] vfs_read+0x1fd/0x980 [ 155.083406][ T6506] ? __pfx___mutex_lock+0x10/0x10 [ 155.083429][ T6506] ? __pfx_vfs_read+0x10/0x10 [ 155.083462][ T6506] ? __fget_files+0x2a/0x420 [ 155.083488][ T6506] ? __fget_files+0x3a0/0x420 [ 155.083508][ T6506] ? __fget_files+0x2a/0x420 [ 155.083538][ T6506] ksys_read+0x145/0x250 [ 155.083567][ T6506] ? __fget_files+0x2a/0x420 [ 155.083590][ T6506] ? __pfx_ksys_read+0x10/0x10 [ 155.083626][ T6506] ? do_syscall_64+0xbe/0x3b0 [ 155.083652][ T6506] do_syscall_64+0xfa/0x3b0 [ 155.083673][ T6506] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.083706][ T6506] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.083728][ T6506] ? clear_bhb_loop+0x60/0xb0 [ 155.083754][ T6506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.083776][ T6506] RIP: 0033:0x7fee0f18d33c [ 155.083795][ T6506] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 155.083812][ T6506] RSP: 002b:00007fee0cff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 155.083835][ T6506] RAX: ffffffffffffffda RBX: 00007fee0f3b5fa0 RCX: 00007fee0f18d33c [ 155.083851][ T6506] RDX: 000000000000000f RSI: 00007fee0cff60a0 RDI: 0000000000000004 [ 155.083901][ T6506] RBP: 00007fee0cff6090 R08: 0000000000000000 R09: 0000000000000000 [ 155.083914][ T6506] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 155.083928][ T6506] R13: 0000000000000000 R14: 00007fee0f3b5fa0 R15: 00007ffcf779acb8 [ 155.083961][ T6506] [ 155.322661][ T5909] usb 1-1: Manufacturer: syz [ 155.327322][ T5909] usb 1-1: SerialNumber: syz [ 155.406981][ T5909] usb 1-1: config 0 descriptor?? [ 156.876813][ T6537] capability: warning: `syz.2.174' uses deprecated v2 capabilities in a way that may be insecure [ 156.898501][ T6535] syzkaller0: entered promiscuous mode [ 156.906746][ T6535] syzkaller0: entered allmulticast mode [ 156.933812][ T6541] netlink: 44 bytes leftover after parsing attributes in process `syz.4.178'. [ 157.914335][ T5928] usb 1-1: USB disconnect, device number 3 [ 159.040187][ T5956] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 159.234637][ T5956] usb 1-1: Using ep0 maxpacket: 8 [ 159.250251][ T5956] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 159.294610][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.327094][ T5956] usb 1-1: config 0 descriptor?? [ 159.544611][ T5956] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 160.557035][ T5956] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 160.622151][ T5956] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 160.646889][ T5956] asix 1-1:0.0: probe with driver asix failed with error -71 [ 160.862127][ T5956] usb 1-1: USB disconnect, device number 4 [ 161.151407][ T6566] smk_cipso_doi:679 remove rc = -2 [ 161.158672][ T6566] smk_cipso_doi:692 cipso add rc = -22 [ 161.311125][ T6573] netlink: 12 bytes leftover after parsing attributes in process `syz.4.188'. [ 162.446723][ T6573] xt_hashlimit: max too large, truncated to 1048576 [ 163.170070][ T5929] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 163.338783][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 163.359967][ T5929] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 163.364181][ T5928] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 163.384851][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 163.400716][ T5929] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 163.410102][ T6005] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 163.419154][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.430477][ T5929] usb 5-1: Product: syz [ 163.434789][ T5929] usb 5-1: Manufacturer: syz [ 163.439418][ T5929] usb 5-1: SerialNumber: syz [ 163.454098][ T5929] usb 5-1: config 0 descriptor?? [ 163.463052][ T6573] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 163.475582][ T6573] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 163.485546][ T5929] usb 5-1: ucan: probing device on interface #0 [ 163.529632][ T5928] usb 4-1: Using ep0 maxpacket: 32 [ 163.542267][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.557478][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.567384][ T5928] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 163.572260][ T6005] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.580630][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.599502][ T6005] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.602899][ T5928] usb 4-1: config 0 descriptor?? [ 163.629477][ T6005] usb 1-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00 [ 163.642412][ T6005] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.665685][ T6005] usb 1-1: config 0 descriptor?? [ 163.693349][ T5929] usb 5-1: ucan: device protocol version 458499 is not supported [ 163.709913][ T5929] usb 5-1: ucan: probe failed; try to update the device firmware [ 163.881818][ T6595] netlink: 24 bytes leftover after parsing attributes in process `syz.2.197'. [ 164.093796][ T6583] netlink: 'syz.3.192': attribute type 83 has an invalid length. [ 164.393526][ T6005] ntrig 0003:1B96:000F.0002: unknown main item tag 0x0 [ 164.400745][ T6005] ntrig 0003:1B96:000F.0002: unknown main item tag 0x0 [ 164.407666][ T6005] ntrig 0003:1B96:000F.0002: unknown main item tag 0x0 [ 164.418462][ T6005] ntrig 0003:1B96:000F.0002: hidraw0: USB HID v0.00 Device [HID 1b96:000f] on usb-dummy_hcd.0-1/input0 [ 164.490781][ T5929] usb 5-1: USB disconnect, device number 3 [ 164.604786][ T6005] usb 1-1: USB disconnect, device number 5 [ 164.845507][ T6606] fido_id[6606]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 165.184808][ T6611] smk_cipso_doi:679 remove rc = -2 [ 165.191684][ T6611] smk_cipso_doi:692 cipso add rc = -22 [ 165.839847][ T5928] usbhid 4-1:0.0: can't add hid device: -71 [ 165.845963][ T5928] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 165.953816][ T5928] usb 4-1: USB disconnect, device number 5 [ 166.970106][ T6615] [U]  [ 167.699952][ T6636] netlink: 'syz.4.207': attribute type 2 has an invalid length. [ 167.715229][ T6627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.204'. [ 167.762580][ T6627] netlink: 12 bytes leftover after parsing attributes in process `syz.3.204'. [ 168.049696][ T6627] tc_dump_action: action bad kind [ 170.169373][ T6649] [U]  [ 170.245927][ T43] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 170.422148][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 170.459722][ T43] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 170.487513][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 170.518364][ T43] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 170.585799][ T43] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 170.598291][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.615351][ T43] usb 2-1: Product: syz [ 170.689797][ T6005] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 170.848581][ T43] usb 2-1: Manufacturer: syz [ 170.858367][ T43] usb 2-1: SerialNumber: syz [ 170.859229][ T6671] smk_cipso_doi:679 remove rc = -2 [ 170.867577][ T43] usb 2-1: config 0 descriptor?? [ 170.875979][ T6671] smk_cipso_doi:692 cipso add rc = -22 [ 170.958250][ T43] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 171.316334][ T43] ums-isd200 2-1:0.0: probe with driver ums-isd200 failed with error -22 [ 171.361136][ T6005] usb 4-1: Using ep0 maxpacket: 16 [ 171.377949][ T6005] usb 4-1: config 0 has no interfaces? [ 171.408402][ T5929] usb 2-1: USB disconnect, device number 4 [ 171.415049][ T6005] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 171.455275][ T6005] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 171.482859][ T6005] usb 4-1: SerialNumber: syz [ 171.504786][ T6005] usb 4-1: config 0 descriptor?? [ 171.808820][ T5909] usb 4-1: USB disconnect, device number 6 [ 171.959902][ T6681] tipc: Started in network mode [ 171.965051][ T6681] tipc: Node identity 7, cluster identity 4711 [ 171.971355][ T6681] tipc: Node number set to 7 [ 174.223461][ T6692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.222'. [ 174.242921][ T6692] netlink: 'syz.1.222': attribute type 1 has an invalid length. [ 174.260845][ T6692] vlan2: entered allmulticast mode [ 174.266131][ T6692] veth1: entered allmulticast mode [ 175.030625][ T6702] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 175.038704][ T6702] batadv_slave_0: entered promiscuous mode [ 175.044704][ T6702] batadv_slave_0: entered allmulticast mode [ 175.246092][ T30] audit: type=1400 audit(1751795128.641:30): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=6704 comm="syz.0.226" saddr=0.0.0.224 src=20000 daddr=224.0.0.1 dest=20000 netif=wpan0 [ 175.495349][ T6712] smk_cipso_doi:679 remove rc = -2 [ 175.500859][ T6712] smk_cipso_doi:692 cipso add rc = -22 [ 179.417962][ T6737] netlink: 'syz.4.236': attribute type 2 has an invalid length. [ 181.023290][ T6752] 9pnet_fd: Insufficient options for proto=fd [ 182.465739][ T6767] trusted_key: encrypted_key: insufficient parameters specified [ 183.761071][ T6773] net_ratelimit: 241 callbacks suppressed [ 183.761094][ T6773] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 183.984150][ T6780] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 184.070685][ T5902] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 184.435860][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 185.082124][ T5902] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 185.096960][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 185.109668][ T5902] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 185.139497][ T5902] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 185.150016][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.163447][ T5902] usb 4-1: Product: syz [ 185.164572][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'. [ 185.167745][ T5902] usb 4-1: Manufacturer: syz [ 185.185678][ T5902] usb 4-1: SerialNumber: syz [ 185.236026][ T5902] usb 4-1: config 0 descriptor?? [ 185.244125][ T5902] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 185.595464][ T5902] scsi host1: usb-storage 4-1:0.0 [ 185.658054][ T5902] usb 4-1: USB disconnect, device number 7 [ 186.649783][ T5956] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 186.821838][ T5956] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 186.845311][ T6817] netlink: 116 bytes leftover after parsing attributes in process `syz.3.259'. [ 186.850110][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.890796][ T5956] usb 5-1: config 0 descriptor?? [ 186.920363][ T6818] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 187.109944][ T5929] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 187.250401][ T5902] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 187.271877][ T5929] usb 2-1: config 8 has an invalid interface number: 223 but max is 0 [ 187.304008][ T5929] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 187.343411][ T5929] usb 2-1: config 8 has no interface number 0 [ 187.353022][ T5929] usb 2-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 187.368190][ T6826] mkiss: ax0: crc mode is auto. [ 187.375074][ T5929] usb 2-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.393255][ T5929] usb 2-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 187.409084][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.419915][ T5902] usb 3-1: Using ep0 maxpacket: 16 [ 187.422999][ T5929] usb 2-1: Product: syz [ 187.431093][ T5902] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.433186][ T5929] usb 2-1: Manufacturer: syz [ 187.457527][ T5929] usb 2-1: SerialNumber: syz [ 187.462985][ T5902] usb 3-1: config 0 interface 0 has no altsetting 0 [ 187.481747][ T5902] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 187.491350][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.788107][ T5902] usb 3-1: config 0 descriptor?? [ 189.004320][ T5902] nzxt-smart2 0003:1E71:2009.0003: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 189.039367][ T5956] usb 5-1: Cannot set autoneg [ 189.046609][ T5956] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 189.103286][ T5902] usb 3-1: USB disconnect, device number 4 [ 189.135912][ T5956] usb 5-1: USB disconnect, device number 4 [ 189.268832][ T6835] fido_id[6835]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 189.491079][ T6005] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 189.775797][ T6005] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 189.809579][ T6005] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.834959][ T6005] usb 4-1: Product: syz [ 189.839345][ T6005] usb 4-1: Manufacturer: syz [ 189.844741][ T6005] usb 4-1: SerialNumber: syz [ 189.851988][ T6844] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 189.869352][ T6005] usb 4-1: config 0 descriptor?? [ 190.124466][ T5929] usb 2-1: USB disconnect, device number 5 [ 190.580112][ T6837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.588933][ T6837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.651839][ T6005] int51x1 4-1:0.0: probe with driver int51x1 failed with error -22 [ 190.782159][ T6854] netlink: 24 bytes leftover after parsing attributes in process `syz.0.270'. [ 190.839663][ T6854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.270'. [ 190.882915][ T5928] usb 4-1: USB disconnect, device number 8 [ 190.996844][ T6861] Illegal XDP return value 4294967274 on prog (id 79) dev N/A, expect packet loss! [ 194.184691][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.191156][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.364693][ T6887] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 195.392453][ T6887] ptrace attach of "./syz-executor exec"[5836] was attempted by "./syz-executor exec"[6887] [ 195.530199][ T6005] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 195.980722][ T6005] usb 5-1: Using ep0 maxpacket: 16 [ 195.994331][ T6005] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 196.012566][ T6005] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.035849][ T6899] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 196.449744][ T6005] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 196.479630][ T6005] usb 5-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00 [ 196.513060][ T6901] netlink: 16 bytes leftover after parsing attributes in process `syz.3.284'. [ 196.532063][ T6005] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.559729][ T6901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.284'. [ 196.588552][ T6005] usb 5-1: config 0 descriptor?? [ 196.669670][ T5929] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 196.822205][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 196.836885][ T6885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.845740][ T5929] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 196.858399][ T6885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.867255][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 196.884256][ T5929] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 196.895587][ T6885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.906859][ T6885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.919124][ T5929] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 196.930013][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.941299][ T5929] usb 3-1: Product: syz [ 196.945540][ T5929] usb 3-1: Manufacturer: syz [ 196.951397][ T5929] usb 3-1: SerialNumber: syz [ 196.972686][ T5928] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 196.980110][ T5929] usb 3-1: config 0 descriptor?? [ 196.991610][ T5929] ums-isd200 3-1:0.0: USB Mass Storage device detected [ 197.019764][ T6848] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 197.600103][ T6848] usb 4-1: Using ep0 maxpacket: 8 [ 197.627668][ T5928] usb 2-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=e8.cf [ 197.641149][ T6848] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 197.654340][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.663917][ T6848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.672621][ T5928] usb 2-1: Product: syz [ 197.676943][ T6848] usb 4-1: Product: syz [ 197.681528][ T5928] usb 2-1: Manufacturer: syz [ 197.686320][ T6848] usb 4-1: Manufacturer: syz [ 197.691876][ T5928] usb 2-1: SerialNumber: syz [ 197.696691][ T6848] usb 4-1: SerialNumber: syz [ 197.713866][ T5928] usb 2-1: config 0 descriptor?? [ 197.734616][ T6848] usb 4-1: config 0 descriptor?? [ 197.740650][ T5929] scsi host1: usb-storage 3-1:0.0 [ 197.755239][ T5928] cypress_cy7c63 2-1:0.0: Cypress CY7C63xxx device now attached [ 197.766488][ T6848] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 197.801129][ T6848] usb 4-1: setting power ON [ 197.830483][ T6848] dvb-usb: bulk message failed: -22 (2/0) [ 197.831979][ T5929] usb 3-1: USB disconnect, device number 5 [ 197.897393][ T6848] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 197.929446][ T6848] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 197.969331][ T6848] usb 4-1: media controller created [ 198.559187][ T6848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 198.635045][ T6848] usb 4-1: selecting invalid altsetting 6 [ 198.648215][ T6848] usb 4-1: digital interface selection failed (-22) [ 198.655537][ T6848] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 198.671347][ T6005] usbhid 5-1:0.0: can't add hid device: -71 [ 198.684833][ T6005] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 198.688806][ T6848] usb 4-1: setting power OFF [ 198.708602][ T6848] dvb-usb: bulk message failed: -22 (2/0) [ 198.721087][ T6005] usb 5-1: USB disconnect, device number 5 [ 198.725558][ T6848] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 198.759867][ T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 198.779902][ T6848] (NULL device *): no alternate interface [ 199.080153][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 199.307504][ T43] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 199.318592][ T6921] netlink: 'syz.2.288': attribute type 2 has an invalid length. [ 199.326907][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.349512][ T43] usb 1-1: Product: syz [ 199.368223][ T43] usb 1-1: Manufacturer: syz [ 199.405514][ T43] usb 1-1: SerialNumber: syz [ 199.411955][ T6848] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 199.444854][ T43] usb 1-1: config 0 descriptor?? [ 199.491688][ T43] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 199.500306][ T6848] usb 4-1: USB disconnect, device number 9 [ 199.536801][ T43] usb 1-1: setting power ON [ 199.550024][ T43] dvb-usb: bulk message failed: -22 (2/0) [ 199.631475][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 199.904881][ T43] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 200.526521][ T5841] usb 2-1: USB disconnect, device number 6 [ 200.537404][ T43] usb 1-1: media controller created [ 200.656015][ T5841] cypress_cy7c63 2-1:0.0: Cypress CY7C63xxx device now disconnected [ 201.255367][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 201.418514][ T43] usb 1-1: selecting invalid altsetting 6 [ 201.421687][ T30] audit: type=1804 audit(1751795154.811:31): pid=6935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.294" name="/newroot/63/cgroup.controllers" dev="tmpfs" ino=343 res=1 errno=0 [ 201.460841][ T43] usb 1-1: digital interface selection failed (-22) [ 201.467500][ T43] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 201.499927][ T30] audit: type=1800 audit(1751795154.811:32): pid=6935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.294" name="cgroup.controllers" dev="tmpfs" ino=343 res=0 errno=0 [ 201.510537][ T43] usb 1-1: setting power OFF [ 201.616510][ T43] dvb-usb: bulk message failed: -22 (2/0) [ 201.663260][ T43] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 201.777400][ T43] (NULL device *): no alternate interface [ 203.115947][ T6951] smk_cipso_doi:679 remove rc = -2 [ 203.299732][ T6951] smk_cipso_doi:692 cipso add rc = -22 [ 203.382345][ T43] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 203.493278][ T43] usb 1-1: USB disconnect, device number 6 [ 204.519645][ T5841] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 205.490831][ T5841] usb 2-1: Using ep0 maxpacket: 16 [ 205.516722][ T5841] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 206.028972][ T5841] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 206.049014][ T5841] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 206.082327][ T5841] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.123635][ T5841] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 206.143860][ T5841] usb 2-1: config 0 has no interface number 0 [ 206.163980][ T5841] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 206.211805][ T5841] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 206.449571][ T5841] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 207.133843][ T5841] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 207.148171][ T5841] usb 2-1: config 0 interface 125 has no altsetting 0 [ 207.158149][ T5841] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 207.247216][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.310409][ T5841] usb 2-1: Product: syz [ 207.314644][ T5841] usb 2-1: Manufacturer: syz [ 207.319272][ T5841] usb 2-1: SerialNumber: syz [ 207.604900][ T5841] usb 2-1: config 0 descriptor?? [ 208.250275][ T5841] usb 2-1: can't set config #0, error -71 [ 208.258181][ T5841] usb 2-1: USB disconnect, device number 7 [ 209.170614][ T6998] trusted_key: encrypted_key: insufficient parameters specified [ 209.650608][ T6999] smk_cipso_doi:679 remove rc = -2 [ 209.819766][ T6999] smk_cipso_doi:692 cipso add rc = -22 [ 210.813722][ T7007] netlink: 'syz.1.315': attribute type 27 has an invalid length. [ 210.917779][ T7003] Oops: general protection fault, probably for non-canonical address 0xdffffc000000005d: 0000 [#1] SMP KASAN PTI [ 210.929759][ T7003] KASAN: null-ptr-deref in range [0x00000000000002e8-0x00000000000002ef] [ 210.938213][ T7003] CPU: 1 UID: 0 PID: 7003 Comm: syz.1.315 Not tainted 6.16.0-rc4-syzkaller-00319-g05df91921da6 #0 PREEMPT(full) [ 210.950131][ T7003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.960206][ T7003] RIP: 0010:hfsc_qlen_notify+0x2e/0x160 [ 210.965805][ T7003] Code: 55 41 57 41 56 41 55 41 54 53 48 89 f3 49 bc 00 00 00 00 00 fc ff df e8 00 89 44 f8 4c 8d b3 ec 02 00 00 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 e8 00 00 00 41 8b 2e 31 ff 89 ee e8 19 [ 210.985444][ T7003] RSP: 0018:ffffc9001c3ef0b0 EFLAGS: 00010203 [ 210.991547][ T7003] RAX: 000000000000005d RBX: 0000000000000000 RCX: ffff88802ee98000 [ 210.999540][ T7003] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff888034a4c000 [ 211.007522][ T7003] RBP: dffffc0000000000 R08: 00000000000002aa R09: 0000000000400000 [ 211.015515][ T7003] R10: 0000000000005548 R11: ffffffff897bd460 R12: dffffc0000000000 [ 211.023508][ T7003] R13: ffff888034a4c000 R14: 00000000000002ec R15: ffff888034a4c000 [ 211.031499][ T7003] FS: 00007fee0cff66c0(0000) GS:ffff888125d50000(0000) knlGS:0000000000000000 [ 211.040447][ T7003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.047046][ T7003] CR2: 000000110c2bc7d4 CR3: 0000000033914000 CR4: 00000000003526f0 [ 211.055038][ T7003] Call Trace: [ 211.058333][ T7003] [ 211.061281][ T7003] qdisc_tree_reduce_backlog+0x299/0x480 [ 211.066950][ T7003] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 211.072700][ T7003] codel_change+0x859/0xae0 [ 211.077226][ T7003] ? is_dynamic_key+0xd6/0x1c0 [ 211.082004][ T7003] ? qdisc_alloc+0x789/0xaa0 [ 211.086613][ T7003] ? qdisc_create+0x12c/0xea0 [ 211.091302][ T7003] ? rtnetlink_rcv_msg+0x77c/0xb70 [ 211.096443][ T7003] ? netlink_rcv_skb+0x205/0x470 [ 211.101397][ T7003] ? netlink_unicast+0x758/0x8d0 [ 211.106346][ T7003] ? netlink_sendmsg+0x805/0xb30 [ 211.111304][ T7003] ? __sock_sendmsg+0x219/0x270 [ 211.116181][ T7003] ? ____sys_sendmsg+0x505/0x830 [ 211.121135][ T7003] ? ___sys_sendmsg+0x21f/0x2a0 [ 211.126008][ T7003] ? __x64_sys_sendmsg+0x19b/0x260 [ 211.131137][ T7003] ? __pfx_codel_change+0x10/0x10 [ 211.136194][ T7003] codel_init+0x1f7/0x3e0 [ 211.140539][ T7003] ? __pfx_codel_init+0x10/0x10 [ 211.145418][ T7003] qdisc_create+0x7a9/0xea0 [ 211.149968][ T7003] tc_modify_qdisc+0x1426/0x2010 [ 211.154930][ T7003] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 211.160244][ T7003] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 211.165566][ T7003] rtnetlink_rcv_msg+0x77c/0xb70 [ 211.170530][ T7003] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 211.175671][ T7003] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 211.181154][ T7003] ? ref_tracker_free+0x63a/0x7d0 [ 211.186209][ T7003] ? __copy_skb_header+0xa7/0x550 [ 211.191259][ T7003] ? __pfx_ref_tracker_free+0x10/0x10 [ 211.196659][ T7003] netlink_rcv_skb+0x205/0x470 [ 211.201442][ T7003] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 211.206923][ T7003] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 211.212245][ T7003] ? netlink_deliver_tap+0x2e/0x1b0 [ 211.217466][ T7003] ? netlink_deliver_tap+0x2e/0x1b0 [ 211.222685][ T7003] netlink_unicast+0x758/0x8d0 [ 211.227475][ T7003] netlink_sendmsg+0x805/0xb30 [ 211.232263][ T7003] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.237572][ T7003] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 211.242897][ T7003] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.248200][ T7003] __sock_sendmsg+0x219/0x270 [ 211.252912][ T7003] ____sys_sendmsg+0x505/0x830 [ 211.257697][ T7003] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.263014][ T7003] ? import_iovec+0x74/0xa0 [ 211.267545][ T7003] ___sys_sendmsg+0x21f/0x2a0 [ 211.272246][ T7003] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.277488][ T7003] ? __fget_files+0x2a/0x420 [ 211.282097][ T7003] ? __fget_files+0x3a0/0x420 [ 211.286792][ T7003] __x64_sys_sendmsg+0x19b/0x260 [ 211.291750][ T7003] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 211.297233][ T7003] ? rcu_is_watching+0x15/0xb0 [ 211.302015][ T7003] ? do_syscall_64+0xbe/0x3b0 [ 211.306705][ T7003] do_syscall_64+0xfa/0x3b0 [ 211.311227][ T7003] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.316447][ T7003] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.322537][ T7003] ? clear_bhb_loop+0x60/0xb0 [ 211.327231][ T7003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.333142][ T7003] RIP: 0033:0x7fee0f18e929 [ 211.337579][ T7003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.357193][ T7003] RSP: 002b:00007fee0cff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.365625][ T7003] RAX: ffffffffffffffda RBX: 00007fee0f3b5fa0 RCX: 00007fee0f18e929 [ 211.373612][ T7003] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000007 [ 211.381597][ T7003] RBP: 00007fee0f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 211.389589][ T7003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 211.397606][ T7003] R13: 0000000000000000 R14: 00007fee0f3b5fa0 R15: 00007ffcf779acb8 [ 211.405594][ T7003] [ 211.408618][ T7003] Modules linked in: [ 211.412697][ T7003] ---[ end trace 0000000000000000 ]--- [ 211.418208][ T7003] RIP: 0010:hfsc_qlen_notify+0x2e/0x160 [ 211.423878][ T7003] Code: 55 41 57 41 56 41 55 41 54 53 48 89 f3 49 bc 00 00 00 00 00 fc ff df e8 00 89 44 f8 4c 8d b3 ec 02 00 00 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 e8 00 00 00 41 8b 2e 31 ff 89 ee e8 19 [ 211.443535][ T7003] RSP: 0018:ffffc9001c3ef0b0 EFLAGS: 00010203 [ 211.449630][ T7003] RAX: 000000000000005d RBX: 0000000000000000 RCX: ffff88802ee98000 [ 211.457607][ T7003] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff888034a4c000 [ 211.465610][ T7003] RBP: dffffc0000000000 R08: 00000000000002aa R09: 0000000000400000 [ 211.473605][ T7003] R10: 0000000000005548 R11: ffffffff897bd460 R12: dffffc0000000000 [ 211.481611][ T7003] R13: ffff888034a4c000 R14: 00000000000002ec R15: ffff888034a4c000 [ 211.489653][ T7003] FS: 00007fee0cff66c0(0000) GS:ffff888125d50000(0000) knlGS:0000000000000000 [ 211.498593][ T7003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.505197][ T7003] CR2: 000000110c2bc7d4 CR3: 0000000033914000 CR4: 00000000003526f0 [ 211.513281][ T7003] Kernel panic - not syncing: Fatal exception in interrupt [ 211.520781][ T7003] Kernel Offset: disabled [ 211.525109][ T7003] Rebooting in 86400 seconds..