last executing test programs: 6m32.438782071s ago: executing program 3 (id=636): syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec0000000109021200"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b", 0x373}, {0x0}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebe", 0x14}], 0x3}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 6m28.739796243s ago: executing program 3 (id=644): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffb7feff1eff0086dd674a9e6c00442f8200000000000000000000000000000000ff02000000000000000000000000000104206558000000030c0008000c0086dd88ca88be1200000415030735010000000000c289080022"], 0x0) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="02000000010000000000000004000000000000001000000000"], 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000480)='./bus\x00', &(0x7f0000000400)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) rmdir(0x0) syz_open_dev$vim2m(0x0, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)=0x7) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x400000000e0381, 0x0) r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x1000000000000, 0x0, 0x0, 0x2}}, 0x20) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r5, 0xc2604111, &(0x7f0000001700)={0x72, [[0x80000000, 0x8001, 0x9, 0x0, 0x7, 0x1ff, 0x7, 0xd], [0x401, 0x6, 0x42ba, 0x0, 0x9, 0xfffffff3, 0x8001, 0x10], [0x843, 0x5, 0x5, 0x7, 0x4, 0x504, 0x3, 0x7]], '\x00', [{0x3, 0xa14d, 0x1, 0x1, 0x1, 0x1}, {0x10, 0x7, 0x1, 0x0, 0x1}, {0x9, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x2, 0x6, 0x1, 0x1, 0x0, 0x1}, {0x9, 0xfff, 0x1, 0x1, 0x1, 0x1}, {0x4, 0x3, 0x1, 0x1}, {0x8002, 0x2}, {0x10000, 0x8, 0x1, 0x1, 0x0, 0x1}, {0x9, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7, 0xffff0000, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x3, 0x0, 0x1, 0x0, 0x1}, {0x6, 0x200, 0x1, 0x1, 0x1}]}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x1, 0x0, 0x7fffffff}]}) close_range(r6, 0xffffffffffffffff, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000180)={0x2, {0x2, 0x0, 0x100, 0x3ff, 0xa1, 0x1}}) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r8 = fcntl$dupfd(r7, 0x406, r7) ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) readv(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/155, 0x6210}, {0x0, 0x30}], 0x2) io_uring_setup(0x3138, &(0x7f0000000300)={0x0, 0x2aa1, 0x40, 0x1, 0x0, 0x0, r0}) ioctl$VHOST_VDPA_GET_CONFIG(r0, 0x8008af73, &(0x7f0000000180)={0x0, 0xe9, ""/233}) 6m23.271623891s ago: executing program 0 (id=655): syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec0000000109021200"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b", 0x373}, {0x0}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebe", 0x14}], 0x3}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 6m22.238157478s ago: executing program 3 (id=660): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000380), 0x4) setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, 0x0, 0x0) dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x80010, 0xffffffffffffffff, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) epoll_create1(0x80000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) io_uring_setup(0x71b7, &(0x7f0000000040)={0x0, 0xc8ff, 0xd800, 0xe, 0x1f4}) 6m19.78691528s ago: executing program 3 (id=664): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'team_slave_1\x00', 0x0}) ptrace$peeksig(0x4209, 0xffffffffffffffff, &(0x7f00000000c0)={0x8, 0x1, 0x3}, &(0x7f0000000740)=[{}, {}, {}]) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x10, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000006080)=@newchain={0x24, 0x64, 0x1, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xd, 0xffe0}, {0x3, 0x1}, {0xd, 0xffec}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040080}, 0x24044084) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0xffffffff}, 0x26}) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) prlimit64(0x0, 0xf, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) r3 = syz_open_dev$dri(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0xffffffff, 0x81, 0xffffffff}) unshare(0x22020600) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f00000000c0)={0xfffffff9, 0x0, {}, {}, 0x3, 0x8}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) prctl$PR_MCE_KILL(0x4e, 0x0, 0x1) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00') fstat(r5, &(0x7f0000000200)) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000280)={0x1f, 0x3}, 0x6) 6m18.779269799s ago: executing program 0 (id=665): r0 = openat(0xffffffffffffffff, &(0x7f00000001c0)='.\x00', 0x440, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x111}}, 0x20) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x21}, @in=@local, 0x4e1e, 0x3, 0x4e21, 0x0, 0x565e196a2b5cf539, 0x20, 0x20, 0x33}, {0x6, 0x1, 0x400006, 0xe0d, 0xffff, 0x8, 0xfffffffd, 0x7}, {0x80000000, 0x8000000000000001, 0x1ff, 0x6}, 0x1000, 0x6e6bbd, 0x0, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d2, 0xff}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3504, 0x1, 0x1, 0x8, 0x9d, 0x9, 0xc1}}, 0xe8) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, 0x0, 0x40050) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x2) r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'pcm3724\x00', [0x8, 0x401, 0xe2, 0x5, 0x7, 0x80000001, 0x100b, 0x800101, 0x1002, 0xffffffff, 0x200, 0x87, 0x10000004, 0x1, 0x1, 0x6, 0xffff, 0x40, 0x1, 0x9, 0x10c, 0x40004002, 0x2, 0x2000000a, 0x85, 0x1, 0xb0c0, 0xe, 0x400000ff, 0x400008, 0x4000004]}) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r3, &(0x7f000001a440)=""/102400, 0x19000) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c005}, 0x40) pipe2$watch_queue(0x0, 0x80) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000140)={0x100, 0x6}, 0x4) 6m17.958400567s ago: executing program 0 (id=667): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffffd) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000005c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) write$eventfd(r1, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8) 6m16.108766039s ago: executing program 0 (id=671): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$inet6(0xa, 0x3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000d994db89513c03000000237d34d47bb9832d030000000000000000e518b100004fcd8cf971e176298ff1f5f28fb01c3ef7ffb78d37b51a237247ca", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7060000000000008500000005000000bf0900000000000035090100000000009500000000000000bf9800000000000056080000000000008500000007000000b70000000000000095000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4}) ioctl$UFFDIO_WRITEPROTECT(r5, 0xc018aa06, &(0x7f0000000100)={{&(0x7f0000eb6000/0x4000)=nil, 0x4000}, 0x1}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r4, 0x0, 0x0}, 0x10) socket$netlink(0x10, 0x3, 0x4) write(0xffffffffffffffff, 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0) 6m15.012852701s ago: executing program 0 (id=672): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000700)=ANY=[@ANYRES32, @ANYBLOB='.'], 0x20) socket$netlink(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) unshare(0x8000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs2/custom1\x00', 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000740)=[@clear_death={0x400c630f, 0x2}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 6m14.905564079s ago: executing program 3 (id=674): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() getrlimit(0x6, &(0x7f0000000040)) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) 6m13.719746705s ago: executing program 3 (id=675): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0, 0x18}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdir(&(0x7f0000001a80)='./file0\x00', 0x100) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) kexec_load(0x0, 0x0, 0x0, 0x0) getpid() ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) lsm_get_self_attr(0x64, 0x0, &(0x7f0000001280), 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) 6m13.636697971s ago: executing program 0 (id=676): syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b", 0x373}, {0x0}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebe", 0x14}], 0x3}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 5m58.591078284s ago: executing program 32 (id=675): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0, 0x18}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdir(&(0x7f0000001a80)='./file0\x00', 0x100) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) kexec_load(0x0, 0x0, 0x0, 0x0) getpid() ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) lsm_get_self_attr(0x64, 0x0, &(0x7f0000001280), 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) 5m57.670605428s ago: executing program 33 (id=676): syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b", 0x373}, {0x0}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebe", 0x14}], 0x3}, 0x800) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 3m11.082167302s ago: executing program 2 (id=1072): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000000)={'nat\x00', 0x2, [{}, {}]}, 0x48) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$FUSE(0xffffffffffffffff, &(0x7f00000040c0)={0x2020}, 0x2020) sched_setscheduler(0x0, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x8, 0x1, 0x40, 0x42}, 0x48) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e000"], 0x1c) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r5) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)={0x14, r6, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x1003, r2}, 0x38) 3m5.209412631s ago: executing program 2 (id=1084): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=@newnexthop={0x1c, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400a00c}, 0x4000080) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000007c0)=0x18) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x8, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x8001, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0x81, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x2, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) socket$nl_audit(0x10, 0x3, 0x9) r5 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r6 = syz_clone(0x8240000, &(0x7f0000000280)="acd5294beba5ffe258eb6748cc5bd91eeefd", 0x12, &(0x7f0000000340), &(0x7f0000000800), &(0x7f0000000880)="8df6c815b9f8e17941b63f258330606249d4b56038f3d0f3946af9abf88cb74f13042a709d24de10c0c60147065abb1382bbfb554ea9c71366d24b82142140965e498677cb8738c380ad41d32cab360f") wait4(r6, 0x0, 0x20000000, &(0x7f0000000900)) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001f00)={'wlan1\x00', 0x0}) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NL80211_CMD_DEL_PMKSA(r8, &(0x7f0000002180)={0x0, 0x0, &(0x7f0000002140)={&(0x7f00000020c0)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x8080) sendmsg$NL80211_CMD_START_P2P_DEVICE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf255900000008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc090}, 0x0) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 3m3.253460063s ago: executing program 2 (id=1089): open(&(0x7f00000000c0)='./file0\x00', 0x140, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={0x0, 0x0, 0x43}, 0x28) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000240), 0x8, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x601dd09f, 0x0, 0x3, 0x6c4ba42, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0xcd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x7fffffffffffffff, 0x2, 0x0, 0x0, 0x0, 0x7cdd141a, 0x3, 0x7f, 0x1, 0x0, 0x4, 0x0, 0x5, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffffffffff9, 0xd, 0x0, 0xfffffffffffffffb, 0xfffffffffffffffd, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x400000, 0x2, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x6, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x2, 0x0, 0x3, 0x10, 0x4000100000001]}) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_BLKTRACETEARDOWN(r5, 0x1276, 0x20000000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', r1}, 0x94) 3m0.056592464s ago: executing program 2 (id=1095): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x5, 0xaa, &(0x7f0000000140)=""/170, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup3(r0, r1, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000002580)=[@request_death], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x50, 0x0, &(0x7f0000000600)="56ad340dbe3163a6b5c4bc4cb3f6da3913b520da900c31578b9abc02cb6faec78f78c4e41f32c5024ffc9c83c3ec27ddcfa2a84a4a219b409f6c99dc1c05863d48b9e89935dd47619631c2397309172c"}) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socketpair(0x28, 0x2, 0x28, &(0x7f0000001400)) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0xb8, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x74, 0x12, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x8b}]}}}, {0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0xd236}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}, {0x10, 0x1, 0x0, 0x1, @payload={{0xc}, @void}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x5, 0x84}}}, 0x100}, 0x1, 0x0, 0x0, 0x4010}, 0x20050800) 2m58.857561908s ago: executing program 2 (id=1096): r0 = openat(0xffffffffffffffff, &(0x7f00000001c0)='.\x00', 0x440, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x111}}, 0x20) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x21}, @in=@local, 0x4e1e, 0x3, 0x4e21, 0x0, 0x565e196a2b5cf539, 0x20, 0x20, 0x33}, {0x6, 0x1, 0x400006, 0xe0d, 0xffff, 0x8, 0xfffffffd, 0x7}, {0x80000000, 0x8000000000000001, 0x1ff, 0x6}, 0x1000, 0x6e6bbd, 0x0, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d2, 0xff}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3504, 0x1, 0x1, 0x8, 0x9d, 0x9, 0xc1}}, 0xe8) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, 0x0, 0x40050) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x2) r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'pcm3724\x00', [0x8, 0x401, 0xe2, 0x5, 0x7, 0x80000001, 0x100b, 0x800101, 0x1002, 0xffffffff, 0x200, 0x87, 0x10000004, 0x1, 0x1, 0x6, 0xffff, 0x40, 0x1, 0x9, 0x10c, 0x40004002, 0x2, 0x2000000a, 0x85, 0x1, 0xb0c0, 0xe, 0x400000ff, 0x400008, 0x4000004]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r3, &(0x7f000001a440)=""/102400, 0x19000) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c005}, 0x40) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x100, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50, 0x1}, {0x6, 0x80, 0xfd}]}, 0x10) 2m58.656760002s ago: executing program 2 (id=1097): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x300}, 0x4008800) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/time_for_children\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f00000001c0)='X', 0xff80, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x10, &(0x7f0000000200), 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0xff, 0x6, 0xfe, 0xfd, 0xfe, 0x9, 0x5, 0x1, 0x3, 0x8, 0x20, 0xff, 0x0, 0x2}, 0xe) shutdown(r4, 0x1) 2m42.560475435s ago: executing program 34 (id=1097): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x300}, 0x4008800) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/time_for_children\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f00000001c0)='X', 0xff80, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x10, &(0x7f0000000200), 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0xff, 0x6, 0xfe, 0xfd, 0xfe, 0x9, 0x5, 0x1, 0x3, 0x8, 0x20, 0xff, 0x0, 0x2}, 0xe) shutdown(r4, 0x1) 1m28.471814932s ago: executing program 1 (id=1257): socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7, 0x400}) mkdir(&(0x7f00000020c0)='./file0\x00', 0x1c8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000001c0)='./bus\x00', &(0x7f0000000140), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') getdents(0xffffffffffffffff, 0x0, 0x0) 1m25.279099696s ago: executing program 1 (id=1262): r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) read$FUSE(r2, &(0x7f0000001b40)={0x2020}, 0x205c) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(0xffffffffffffffff, 0xdb4, 0xd070, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x4, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r3 = eventfd(0x0) read$eventfd(r3, &(0x7f0000000240), 0x8) 1m22.702254294s ago: executing program 1 (id=1267): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$kvm(0xffffffffffffff9c, 0x0, 0x200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000bc0)=@bpf_tracing={0x1a, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000180)='GPL\x00', 0x6, 0xfe, &(0x7f0000000440)=""/254, 0x41100, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000740)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000780)={0x3, 0x9, 0x2, 0x7}, 0x10, 0x1687d, 0xffffffffffffffff, 0x0, &(0x7f0000000b00)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x5}, 0x94) brk(0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r3, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e1d, 0xfffffffc, @loopback, 0x1}, 0x1c) 1m19.634144774s ago: executing program 1 (id=1273): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) writev(r0, &(0x7f0000000680)=[{&(0x7f0000000000)="abece2d4d226b486b0a1f9a926c03ad36cb13c094188a732bb73fce5f8dc9a", 0x1f}, {&(0x7f0000000240)="919f8d5bc6d82af9278cf76cbb8e73729643f3fdebd0c73e9618882cad8e0244e349719c0e4c3b5e6d76d3ea4a9c6e7008ed89ea6ff5007161c80b9ee8ddaa905c76ef93dc93e77c1a01a6418ffdd2f58ff0a151571c5b13982d1929ca1ff45ad66681c0698116c352112395456180e7450b32e54810ba1ac949cdb928e2b63233cfd30078848ed30958e2d2e396a1673858214ef5", 0x95}, {&(0x7f0000000300)="900a3e8bb88475e76452c3a89000947c727ccf23b02c19c60472da326881b7603f0349c41da8fe68b2a95d4ce55ac51d326eb2c27813e189f3e16a5b950ee7e7f9090138db02dabe29d8d2a13bb0a41b79dd09deac2f3da8fe2d416d8179bd700680954bf641268d635d66a3cd93f806728228478f0fcc0b25a39cc0cf6f784567a6a5e466cc8a3089dfc1bc1a9a42", 0x8f}, {&(0x7f00000003c0)="cc80bb79df7b7188f71af838375da17f333f3f1b5ef328d954f64da2b848f0445e22357995f8d6f01e34e30286c8a89f6c9d8824e4eca10954ceb490efed0c072aba4db754d6fc84e82b3f3c91a33ef52c0bf6c361467043b28316475a0f925ff314ffb10c027746fcc0d54d637c27f908ce9653ea5d7bf9f0c681ab60972ee153d2dc8075849330ac6f6dbe898337e36b9615cb2ba2cb963a138737b3d17c36613d", 0xa2}, {&(0x7f0000000480)="c7e15b2bc70647e69c36be04fe2df8d561734dd3f9f720bb4a9da02c15f40aab2709a36c3773cf2721272ee04d8d84cf54b4fbf4637ad607f341c42203ab30b83664bdbbf0b931ccdcbb41127ac4acc875f312c853bce4130f701bffe4bef222315eea99ebeeceb38df5361cd73fc615e14f6179710cb137be7941478d2c801e61f33e7c89b73af695ecda2bf4c4c4b40151b518a51397f747b14dec18c5bf26b8aba4e536bb08c9b9f1361295099f715bf23dac89be34f40b", 0xb9}, {&(0x7f0000000540)="2f163a2f68addf39d73cc629e0fb9a7bb592b2a853673124f4fb9293dc1ab64f2cb73364faece42f0d368c62618774edf6d55f26a139be5a426a93e82bb49a2790db66b2fa74661dfeec722721", 0x4d}, {&(0x7f00000005c0)="23efe404e968624b13539b7fa5bc86bb70339cd3918296718a19920f02ac6e6f4ed102e05106b2eec934746f2ed8fe422705449b3ff263712daa75a76a3e513caf72f36a1e9f", 0x46}], 0x7) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SIOCAX25GETINFOOLD(r0, 0x89e9, 0x0) 1m18.163841831s ago: executing program 1 (id=1276): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f00000007c0)='{\xe0e%m\"\xbb{\xf4\x01Z\xb7\xf4\x92\xb5\xcb\'\xa3\x0e!\xf1\x88]C\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x02\x00\x00\x00\xc3Dhx\x04\xd8\x17\xbcP\x8bl\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:\xec/\xb9T\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) read$msr(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4014) gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) readv(r0, &(0x7f0000000e80)=[{&(0x7f0000000500)=""/232, 0xe8}], 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0) 1m15.949339021s ago: executing program 1 (id=1283): r0 = syz_io_uring_setup(0xac9, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1103, 0x21e}, &(0x7f0000000240)=0x0, &(0x7f0000000340)=0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x40bebf54bcdbce, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) inotify_init() syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x3938700}, 0x1, 0x8}) io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x35, {0x5, 0x1}, 0x1}, 0x1) 59.591015305s ago: executing program 35 (id=1283): r0 = syz_io_uring_setup(0xac9, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1103, 0x21e}, &(0x7f0000000240)=0x0, &(0x7f0000000340)=0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x40bebf54bcdbce, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) inotify_init() syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x3938700}, 0x1, 0x8}) io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x35, {0x5, 0x1}, 0x1}, 0x1) 30.69703542s ago: executing program 7 (id=1372): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getpid() getpid() r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x82) fcntl$setlease(r1, 0x400, 0x1) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc038563c, &(0x7f0000000340)={0x0, 0x1, "119f04499489f733dcaa932034d61433a5ba43d2103eb3221503dc2984dea6e2", 0x0, 0xfffffffffffffffc, 0x44, 0x8, 0x1, 0xffffffff, 0xc8, 0x0, [0x10000009, 0x800003, 0x0, 0xfffffffe]}) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000640)={{{@in6=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@private2}}, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in=@local, @in=@private=0xa010301, 0x4e22, 0x400, 0x4e24, 0xa60, 0x2, 0x0, 0xc0, 0x10, 0x0, r2}, {0x2f56, 0x84, 0x4, 0x6, 0x9, 0x3acfecb3, 0x10, 0x1}, {0x7fffffffffffffff, 0x2, 0x3, 0x4}, 0x7, 0x6e6bb1, 0x1, 0x1, 0x2, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4d3, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3506, 0x2, 0x0, 0x40, 0x4, 0xb, 0x200}}, 0xe8) r3 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_ep_write(r3, 0x8d, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x0, 0x205, 0x70bd2b, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x20000000) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8) r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 28.830531038s ago: executing program 7 (id=1376): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f00000000c0)="89070404", 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4c21, @empty}, 0x10) syz_open_dev$sndctrl(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0)={0x200, 0x9, 0x8602, 0x7, 0x8, 0x5, 0x2, 0x2}, &(0x7f0000000280)=0x20) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001c00010028bd7000fcdbdf2507000000", @ANYRES32=r6, @ANYBLOB="8f70120b0a000200aa"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4040000) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12014000f273a440cd061501c3d90102030109021b0001000000000904000c019d0178000905", @ANYBLOB="872eb9"], 0x0) 24.201335202s ago: executing program 7 (id=1388): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a2) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2$9p(&(0x7f0000000000), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_setup(0x2a72, 0x0) fanotify_init(0x4, 0x2) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001600)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000cab000)=0xfffffffffffffe16) 15.363180767s ago: executing program 5 (id=1401): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r4, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000380)='dx\xeb\xf4\xd8&w\xef\xcd1w\xfd2\x19x\xcc\x8d\xabN\xea\xd1\xea\xfa\xc3u\xcdMB\xb2m\xe5Bq\xe3\x9a~\xbe3\xd7\xb1\x16\x8b\xb9\xb6\xc6u\x0f9S\x05\x83n\x01\xa1\x1c\x82\\fsa<\xcd\x18}=A{\x17\xd0\x95\xbd25N\b^\x8eFsTvd)\xad') sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r6 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_IOAS_UNMAP(r6, 0x3b86, &(0x7f0000000180)={0x18, r8, 0x9, 0x7}) r9 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, r5) keyctl$KEYCTL_MOVE(0x1e, r5, r5, r9, 0x0) r10 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r10, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(r10, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r10, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x81}]}, 0x10) sendto(r10, &(0x7f0000000900)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3ae52a6b2cdb77ef9af2a603a3e78e0355c09f3bdec242443011f0101251bcef800000000000000006dd50205000000a335445845ad1eaedbe2a4242113527efa170af26f1725", 0x5f, 0x4008044, 0x0, 0x0) sendto$inet(r10, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd", 0x8d, 0x0, 0x0, 0x0) 15.219355931s ago: executing program 8 (id=1316): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x40001}, 0x20008000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) r1 = syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x0, 0xfe, 0x0, &(0x7f0000000440)=""/254, 0x2f00, 0x0, 0xf3, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c077212", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x10000}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r4 = open(&(0x7f0000000040)='.\x00', 0x0, 0x6c) fcntl$notify(r4, 0x402, 0x5) preadv(r4, 0x0, 0x0, 0x0, 0x0) fcntl$getownex(r4, 0x10, &(0x7f0000000180)) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x20, &(0x7f0000000480)={&(0x7f00000003c0)=""/43, 0x2b, 0x0, &(0x7f0000000400)=""/112, 0x70}}, 0x10) fsmount(0xffffffffffffffff, 0x1, 0x86) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9715, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f00000006c0)=@o_path={&(0x7f0000000600)='./file0\x00', 0x0, 0x10, r3}, 0x18) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_lsm={0x1d, 0xb, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xe1a}, [@printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000}}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, 0x1b, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x0, 0x9, 0x9, 0x5}, 0x10, r5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94) 14.235477913s ago: executing program 5 (id=1402): r0 = io_uring_setup(0x4b55, &(0x7f00000005c0)={0x0, 0xfc7f, 0x80, 0x2, 0x1ab}) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f00000008c0)={0x1, 0x1, 0x0, &(0x7f0000000840)=[{0x0}], 0x0}, 0x20) 13.053815145s ago: executing program 7 (id=1404): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000980)=r0, 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000900000000000000", @ANYRES32=0x1, @ANYBLOB="090000000000000000000000000000000000000048343daa21e1ec00fe3a30613aac6cae9b165e23d8fe38ac2d46517e24817d362e8db1c495e76694f4125479929ac3f68ef97e9d0a0414662f6cd3600513eedb3c69e84fcdb0fe015e8019eb66274b7141a952eaa39ec809df6bf220ab40a6ccbbd3ad17f9f9f6258ac425233befe139f7004e61f9c6fc45d7fd339abe37845bd948744607af225ff64320e60c57f2325cfb060083dc7af3302b4609093f50bda2206543ee123f10b0c7e3872c72cd78bb2be7923cc67020705428ddce96d87a744d8cfa", @ANYRES32=0x0, @ANYBLOB="02000000000000000200"/28], 0x50) pipe2$watch_queue(&(0x7f0000000100), 0x80) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) unshare(0x22020600) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x14, 0x7, 0x2, 0x3, 0x100, 0xffffffffffffffff, 0x3}, 0x50) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x7, 0x2, 0x9, 0x0, r6, 0x100}, 0x50) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r7, 0xd}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r8}, &(0x7f0000000880), &(0x7f00000008c0)=r6}, 0x20) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000204e0000", 0x58}], 0x1) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r9, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r9, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) socket$netlink(0x10, 0x3, 0x0) 13.053605581s ago: executing program 5 (id=1405): syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = dup(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x4000, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) 10.775464672s ago: executing program 8 (id=1407): r0 = semget$private(0x0, 0x7, 0x191) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x1f7) r2 = syz_io_uring_complete(0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000000)={0xc}) ioctl$IOMMU_IOAS_UNMAP(r2, 0x3b86, 0x0) syz_open_dev$usbfs(0x0, 0xb, 0x101301) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) write(0xffffffffffffffff, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807000000a600", 0x16) semtimedop(r0, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x4, 0x3, 0x1800}], 0x2, 0x0) 10.754132735s ago: executing program 7 (id=1408): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000002d40)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getpid() getpid() r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x82) fcntl$setlease(r1, 0x400, 0x1) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc038563c, &(0x7f0000000340)={0x0, 0x1, "119f04499489f733dcaa932034d61433a5ba43d2103eb3221503dc2984dea6e2", 0x0, 0xfffffffffffffffc, 0x44, 0x8, 0x1, 0xffffffff, 0xc8, 0x0, [0x10000009, 0x800003, 0x0, 0xfffffffe]}) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000640)={{{@in6=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@private2}}, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in=@local, @in=@private=0xa010301, 0x4e22, 0x400, 0x4e24, 0xa60, 0x2, 0x0, 0xc0, 0x10, 0x0, r2}, {0x2f56, 0x84, 0x4, 0x6, 0x9, 0x3acfecb3, 0x10, 0x1}, {0x7fffffffffffffff, 0x2, 0x3, 0x4}, 0x7, 0x6e6bb1, 0x1, 0x1, 0x2, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4d3, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3506, 0x2, 0x0, 0x40, 0x4, 0xb, 0x200}}, 0xe8) r3 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_ep_write(r3, 0x8d, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x0, 0x205, 0x70bd2b, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x20000000) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8) r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 10.579645699s ago: executing program 5 (id=1409): socket$nl_netfilter(0x10, 0x3, 0xc) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r4, 0xfff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbda}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 8.991958489s ago: executing program 5 (id=1410): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x1) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) tkill(0x0, 0xb) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}}) fsopen(&(0x7f0000000180)='omfs\x00', 0x1) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6400000002060108000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000016000300686173683a6e65742c706f72742c6e657400000014000780080006402000000008001340"], 0x64}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 8.843970342s ago: executing program 4 (id=1411): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$kvm(0xffffffffffffff9c, 0x0, 0x200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000bc0)=@bpf_tracing={0x1a, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000180)='GPL\x00', 0x6, 0xfe, &(0x7f0000000440)=""/254, 0x41100, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000740)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000780)={0x3, 0x9, 0x2, 0x7}, 0x10, 0x1687d, 0xffffffffffffffff, 0x0, &(0x7f0000000b00)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x5}, 0x94) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x4e1d, 0xfffffffc, @loopback, 0x1}, 0x1c) 8.591340467s ago: executing program 6 (id=1412): ioctl$XFS_IOC_BULKSTAT(0xffffffffffffffff, 0x8040587f, &(0x7f0000000240)={{0x6, 0x5, 0x2, 0x0, 0x4}, &(0x7f0000000180)=[{}]}) ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f0000001e40)={0x0, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4}) r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b7c4fb9191024da8887f94ba4fb"}, 0x4, 0x5}) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f0000000080)={0x1, 0x3, 0x0, 0x8}) 6.90375465s ago: executing program 4 (id=1413): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x7fe2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000090) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() getrlimit(0x2, &(0x7f0000000040)) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r3, 0x1, 0xffffff80, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prlimit64(0x0, 0xd, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) preadv(0xffffffffffffffff, 0x0, 0x0, 0x1a, 0x20f5) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x192}}, 0x20}}, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x6000001, 0x3032, 0xffffffffffffffff, 0x0) fcntl$F_SET_RW_HINT(r7, 0x40c, &(0x7f0000000180)=0x2) 6.817889097s ago: executing program 7 (id=1414): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a2) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2$9p(&(0x7f0000000000), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_setup(0x2a72, 0x0) fanotify_init(0x4, 0x2) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001600)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000cab000)=0xfffffffffffffe16) 6.797600416s ago: executing program 6 (id=1415): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0) 5.560878724s ago: executing program 4 (id=1416): syz_usb_connect(0x2, 0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0xa0402, 0x0) io_setup(0x1, &(0x7f0000002500)=0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x20, r4, 0x1, 0x0, 0xfffffffc, {}, [@ETHTOOL_A_RINGS_HEADER={0x4}, @ETHTOOL_A_RINGS_RX_MINI={0x8}]}, 0x20}}, 0x0) io_submit(r3, 0x2, &(0x7f00000011c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x5, r2, 0x0, 0x0, 0xe3}, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x453, r2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3}]) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x80}, 0x1, 0x0, 0x0, 0x20044081}, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) 5.458448922s ago: executing program 6 (id=1417): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x189042, 0x0) setresuid(0x0, 0xee01, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f0000000040)={0x18, 0x0, 0x0, 0x0, 0x0, 0x1}) 4.885345523s ago: executing program 6 (id=1418): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000980)=r0, 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000900000000000000", @ANYRES32=0x1, @ANYBLOB="090000000000000000000000000000000000000048343daa21e1ec00fe3a30613aac6cae9b165e23d8fe38ac2d46517e24817d362e8db1c495e76694f4125479929ac3f68ef97e9d0a0414662f6cd3600513eedb3c69e84fcdb0fe015e8019eb66274b7141a952eaa39ec809df6bf220ab40a6ccbbd3ad17f9f9f6258ac425233befe139f7004e61f9c6fc45d7fd339abe37845bd948744607af225ff64320e60c57f2325cfb060083dc7af3302b4609093f50bda2206543ee123f10b0c7e3872c72cd78bb2be7923cc67020705428ddce96d87a744d8cfa", @ANYRES32=0x0, @ANYBLOB="02000000000000000200"/28], 0x50) pipe2$watch_queue(&(0x7f0000000100), 0x80) openat$nvram(0xffffffffffffff9c, &(0x7f0000000340), 0x238a00, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) unshare(0x22020600) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x14, 0x7, 0x2, 0x3, 0x100, 0xffffffffffffffff, 0x3}, 0x50) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x7, 0x2, 0x9, 0x0, r6, 0x100}, 0x50) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r7, 0xd}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r8}, &(0x7f0000000880), &(0x7f00000008c0)=r6}, 0x20) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000204e0000", 0x58}], 0x1) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r9, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r9, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) socket$netlink(0x10, 0x3, 0x0) 2.267116269s ago: executing program 8 (id=1419): syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = dup(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x4000, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) 2.164360738s ago: executing program 6 (id=1420): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.084744229s ago: executing program 4 (id=1421): mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x180}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$FUSE(0xffffffffffffffff, 0x0, 0x0) timerfd_create(0x0, 0x0) 1.99090584s ago: executing program 6 (id=1422): sched_setscheduler(0x0, 0x1, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f00000002c0)=@generic={0x1, 0xffffffffffffffff, 0x6}) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="2c235aa9c5", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 919.499345ms ago: executing program 4 (id=1423): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0344020000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) 421.307044ms ago: executing program 8 (id=1424): syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf635, 0x2000, 0x0, 0xfffffffc}, &(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4, @local}]}, &(0x7f0000000240)=0x10) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000040)={r4, 0x6}, 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000001c0)={0xc7e, 0x5, {r0}, {}, 0x7a, 0x3}) setresuid(0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB="030000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000000000000020000000000000100"/27], 0x50) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00'}) sendmsg$nl_route_sched(r6, 0x0, 0x10) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r7, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept(r7, 0x0, 0x0) 379.319409ms ago: executing program 5 (id=1425): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000002d40)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRESDEC, @ANYRESOCT], &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getpid() getpid() r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x82) fcntl$setlease(r1, 0x400, 0x1) ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc038563c, &(0x7f0000000340)={0x0, 0x1, "119f04499489f733dcaa932034d61433a5ba43d2103eb3221503dc2984dea6e2", 0x0, 0xfffffffffffffffc, 0x44, 0x8, 0x1, 0xffffffff, 0xc8, 0x0, [0x10000009, 0x800003, 0x0, 0xfffffffe]}) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000640)={{{@in6=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@private2}}, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in=@local, @in=@private=0xa010301, 0x4e22, 0x400, 0x4e24, 0xa60, 0x2, 0x0, 0xc0, 0x10, 0x0, r2}, {0x2f56, 0x84, 0x4, 0x6, 0x9, 0x3acfecb3, 0x10, 0x1}, {0x7fffffffffffffff, 0x2, 0x3, 0x4}, 0x7, 0x6e6bb1, 0x1, 0x1, 0x2, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4d3, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3506, 0x2, 0x0, 0x40, 0x4, 0xb, 0x200}}, 0xe8) r3 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_ep_write(r3, 0x8d, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x0, 0x205, 0x70bd2b, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x20000000) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8) r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 0s ago: executing program 4 (id=1426): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x7fe2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000090) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() getrlimit(0x2, &(0x7f0000000040)) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r3, 0x1, 0xffffff80, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prlimit64(0x0, 0xd, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) preadv(0xffffffffffffffff, 0x0, 0x0, 0x1a, 0x20f5) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x192}}, 0x20}}, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x6000001, 0x3032, 0xffffffffffffffff, 0x0) fcntl$F_SET_RW_HINT(r7, 0x40c, &(0x7f0000000180)=0x2) kernel console output (not intermixed with test programs): T31] IPVS: starting estimator thread 0... [ 179.931391][ T6793] netlink: 12 bytes leftover after parsing attributes in process `syz.4.263'. [ 179.980693][ T6792] IPVS: using max 15 ests per chain, 36000 per kthread [ 181.187904][ T6808] netlink: 8 bytes leftover after parsing attributes in process `syz.3.267'. [ 182.710695][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 183.240624][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 183.253312][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.253336][ T10] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 183.294411][ T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 183.294440][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.294457][ T10] usb 1-1: Product: syz [ 183.294469][ T10] usb 1-1: Manufacturer: syz [ 183.294482][ T10] usb 1-1: SerialNumber: syz [ 183.324095][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 183.324120][ T10] r8152-cfgselector 1-1: config 0 descriptor?? [ 184.553037][ T6837] netlink: 12 bytes leftover after parsing attributes in process `syz.3.276'. [ 189.256170][ T6853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.279'. [ 190.497293][ T825] r8152-cfgselector 1-1: USB disconnect, device number 6 [ 190.608385][ T6867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.615373][ T6867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.893204][ T6868] syz.3.284 (6868): drop_caches: 2 [ 192.363800][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.3.289'. [ 192.776916][ T6887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.290'. [ 194.376541][ T6892] netlink: 24 bytes leftover after parsing attributes in process `syz.1.292'. [ 194.662585][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.662625][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.423499][ T6910] loop3: detected capacity change from 0 to 1 [ 196.424759][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.424807][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.424874][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.424919][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.424949][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.424966][ T6910] ldm_validate_partition_table(): Disk read failed. [ 196.424993][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.425023][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.425053][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.425082][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.425098][ T6910] Dev loop3: unable to read RDB block 0 [ 196.425125][ T6910] Buffer I/O error on dev loop3, logical block 0, async page read [ 196.425180][ T6910] loop3: unable to read partition table [ 196.425394][ T6910] loop3: partition table beyond EOD, truncated [ 196.425412][ T6910] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 199.553384][ T6921] syz.0.299 (6921): drop_caches: 2 [ 200.142447][ T6926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.301'. [ 200.414683][ T6932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.302'. [ 202.545035][ T5796] Bluetooth: hci1: command 0x0406 tx timeout [ 202.549607][ T5796] Bluetooth: hci0: command 0x0406 tx timeout [ 202.555519][ T5796] Bluetooth: hci2: command 0x0406 tx timeout [ 205.776201][ T6966] syz.1.312 (6966): drop_caches: 2 [ 207.102794][ T6976] IPv6: NLM_F_CREATE should be specified when creating new route [ 207.103222][ T6976] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 207.103231][ T6976] IPv6: NLM_F_CREATE should be set when creating new route [ 207.677787][ T6981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 208.430799][ T825] IPVS: starting estimator thread 0... [ 208.521452][ T6984] IPVS: using max 8 ests per chain, 19200 per kthread [ 212.894999][ T7015] syz.0.325 (7015): drop_caches: 2 [ 213.253025][ T7020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.327'. [ 217.961962][ T7057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.323'. [ 219.529880][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.3.339'. [ 220.756316][ T7080] netlink: 8 bytes leftover after parsing attributes in process `syz.2.344'. [ 223.755799][ T7103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.351'. [ 224.068980][ T7109] loop5: detected capacity change from 0 to 7 [ 224.226547][ T7110] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'. [ 225.343857][ T7109] loop5: [CUMANA/ADFS] p1 [ADFS] p1 [ 225.343901][ T7109] loop5: partition table partially beyond EOD, truncated [ 225.410753][ T7109] loop5: p1 size 2989602745 extends beyond EOD, truncated [ 226.648264][ T6033] udevd[6033]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 227.411045][ T7129] netlink: 8 bytes leftover after parsing attributes in process `syz.4.355'. [ 227.572062][ T7120] netlink: 'syz.0.356': attribute type 6 has an invalid length. [ 229.269608][ T5859] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 229.364033][ T5859] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 230.030537][ T7158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.365'. [ 231.451640][ T7167] netlink: 8 bytes leftover after parsing attributes in process `syz.0.368'. [ 233.775089][ T7183] netlink: 'syz.3.372': attribute type 6 has an invalid length. [ 236.278704][ T7205] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size. [ 239.651348][ T7233] netlink: 24 bytes leftover after parsing attributes in process `syz.3.388'. [ 251.398902][ T7339] netlink: 104 bytes leftover after parsing attributes in process `syz.1.419'. [ 255.738195][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.738238][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.712337][ T7411] netlink: 12 bytes leftover after parsing attributes in process `syz.3.439'. [ 261.202596][ T7436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.203133][ T7436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.743758][ T7452] netlink: 12 bytes leftover after parsing attributes in process `syz.4.451'. [ 265.835739][ T7473] IPv6: NLM_F_CREATE should be specified when creating new route [ 265.839258][ T7473] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 265.839276][ T7473] IPv6: NLM_F_CREATE should be set when creating new route [ 265.862520][ T7473] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.871489][ T7473] batadv_slave_0: entered promiscuous mode [ 272.418692][ T7523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.418983][ T7523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.108235][ T7529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.474'. [ 274.980630][ T5859] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 275.313041][ T5859] usb 4-1: Using ep0 maxpacket: 8 [ 275.353229][ T5859] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 275.353286][ T5859] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 275.353305][ T5859] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 275.353326][ T5859] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 275.353347][ T5859] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 275.353386][ T5859] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 275.353407][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.731009][ T5859] usb 4-1: usb_control_msg returned -32 [ 275.731060][ T5859] usbtmc 4-1:16.0: can't read capabilities [ 276.067026][ T825] usb 4-1: USB disconnect, device number 4 [ 277.025539][ T7549] warning: `syz.0.481' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 278.310668][ T5903] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 278.533879][ T5903] usb 1-1: device descriptor read/64, error -71 [ 278.770907][ T5903] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 279.043907][ T7565] netlink: 8 bytes leftover after parsing attributes in process `syz.2.486'. [ 279.070667][ T5903] usb 1-1: device descriptor read/64, error -71 [ 279.108763][ T7567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.109076][ T7567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.184442][ T5903] usb usb1-port1: attempt power cycle [ 279.562398][ T5903] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 279.620645][ T5876] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 279.648850][ T5903] usb 1-1: device descriptor read/8, error -71 [ 279.850685][ T5876] usb 5-1: Using ep0 maxpacket: 32 [ 279.860886][ T5876] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 279.860912][ T5876] usb 5-1: config 0 has no interface number 0 [ 280.677934][ T5876] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 280.677962][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.677981][ T5876] usb 5-1: Product: syz [ 280.677995][ T5876] usb 5-1: Manufacturer: syz [ 280.678008][ T5876] usb 5-1: SerialNumber: syz [ 280.723821][ T5903] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 280.965185][ T5903] usb 1-1: device descriptor read/8, error -71 [ 281.077340][ T5903] usb usb1-port1: unable to enumerate USB device [ 281.188513][ T5876] usb 5-1: config 0 descriptor?? [ 281.496797][ T5876] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 283.313053][ T5876] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 283.359005][ T5876] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 284.651979][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 284.654390][ T5867] usb 5-1: USB disconnect, device number 4 [ 284.658399][ T5867] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 284.684882][ T5867] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 284.685795][ T5867] quatech2 5-1:0.51: device disconnected [ 285.188264][ T7619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.194465][ T7619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.324955][ T7621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.499'. [ 286.902184][ T7643] loop9: detected capacity change from 0 to 7 [ 287.490415][ T7648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.498392][ T7648] batadv_slave_0: entered promiscuous mode [ 287.814569][ T7643] buffer_io_error: 18 callbacks suppressed [ 287.814583][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814621][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814650][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814668][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814701][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814728][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814745][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814754][ T7643] ldm_validate_partition_table(): Disk read failed. [ 287.814770][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814795][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814813][ T7643] Buffer I/O error on dev loop9, logical block 0, async page read [ 287.814832][ T7643] Dev loop9: unable to read RDB block 0 [ 287.814874][ T7643] loop9: unable to read partition table [ 287.814999][ T7643] loop9: partition table beyond EOD, truncated [ 287.815023][ T7643] loop_reread_partitions: partition scan of loop9 ( DŸiXK׉jÌ”S{³ÑáÎ<ÚB/ŽøØc¼:Šé¦ÛßÝ¡>C(Îí¨z£ìU-1`¶\ uRtœÇOÒ¯öj) failed (rc=-5) [ 288.082825][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 288.115916][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 288.423431][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 288.456130][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 288.459235][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 288.772158][ T7661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.515'. [ 291.958347][ T7687] syz.3.523 (7687): drop_caches: 2 [ 292.349930][ T5876] libceph: connect (1)[c::]:6789 error -101 [ 292.359495][ T5876] libceph: mon0 (1)[c::]:6789 connect error [ 292.389413][ T5876] libceph: connect (1)[c::]:6789 error -101 [ 292.389538][ T5876] libceph: mon0 (1)[c::]:6789 connect error [ 292.396073][ T7691] ceph: No mds server is up or the cluster is laggy [ 293.344797][ T7700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.528'. [ 295.380701][ T5867] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 295.540925][ T5867] usb 1-1: device descriptor read/64, error -71 [ 295.800880][ T5867] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 295.942120][ T5867] usb 1-1: device descriptor read/64, error -71 [ 296.065432][ T5867] usb usb1-port1: attempt power cycle [ 296.430833][ T5867] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 296.454681][ T5867] usb 1-1: device descriptor read/8, error -71 [ 297.680881][ T5867] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 297.702935][ T5867] usb 1-1: device descriptor read/8, error -71 [ 297.812679][ T5867] usb usb1-port1: unable to enumerate USB device [ 302.298990][ T7754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.541'. [ 302.658234][ T7762] syz.4.543 (7762): drop_caches: 2 [ 304.350800][ T825] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 304.500637][ T825] usb 1-1: device descriptor read/64, error -71 [ 304.750714][ T825] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 304.880722][ T825] usb 1-1: device descriptor read/64, error -71 [ 304.991515][ T825] usb usb1-port1: attempt power cycle [ 305.340803][ T825] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 305.361475][ T825] usb 1-1: device descriptor read/8, error -71 [ 306.977620][ T825] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 307.121133][ T825] usb 1-1: device descriptor read/8, error -71 [ 307.230995][ T825] usb usb1-port1: unable to enumerate USB device [ 310.801845][ T7815] netlink: 8 bytes leftover after parsing attributes in process `syz.3.555'. [ 314.720656][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 314.841061][ T7849] syz.3.564 (7849): drop_caches: 2 [ 314.860683][ T10] usb 3-1: device descriptor read/64, error -71 [ 315.323772][ T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 316.327578][ T10] usb 3-1: device descriptor read/64, error -71 [ 316.430926][ T10] usb usb3-port1: attempt power cycle [ 317.217247][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.217289][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.307089][ T7866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.570'. [ 321.786407][ T7889] netlink: 'syz.2.577': attribute type 1 has an invalid length. [ 321.786432][ T7889] netlink: 'syz.2.577': attribute type 1 has an invalid length. [ 321.852140][ T7891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 321.852607][ T7891] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.571385][ T7903] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 323.207159][ T7908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.231339][ T7908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.285830][ T7904] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 324.506858][ T7919] blktrace: Concurrent blktraces are not allowed on sg0 [ 325.794505][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.1.591'. [ 326.000819][ T31] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 326.271292][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 327.210828][ T31] usb 5-1: no configurations [ 327.210849][ T31] usb 5-1: can't read configurations, error -22 [ 328.030633][ T31] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 328.314071][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 329.401605][ T31] usb 5-1: no configurations [ 329.401624][ T31] usb 5-1: can't read configurations, error -22 [ 329.406628][ T31] usb usb5-port1: attempt power cycle [ 329.432603][ T7952] syz.1.596 (7952): drop_caches: 2 [ 329.970758][ T31] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 329.991217][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 329.991889][ T31] usb 5-1: no configurations [ 329.991899][ T31] usb 5-1: can't read configurations, error -22 [ 330.127771][ T31] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 330.149687][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 330.166438][ T31] usb 5-1: no configurations [ 330.166461][ T31] usb 5-1: can't read configurations, error -22 [ 330.168794][ T31] usb usb5-port1: unable to enumerate USB device [ 330.310904][ T5903] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 330.555211][ T5903] usb 4-1: no configurations [ 330.555224][ T5903] usb 4-1: can't read configurations, error -22 [ 331.430654][ T5903] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 331.604144][ T5903] usb 4-1: no configurations [ 331.604166][ T5903] usb 4-1: can't read configurations, error -22 [ 331.604798][ T5903] usb usb4-port1: attempt power cycle [ 332.479605][ T7974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.604'. [ 332.480656][ T5903] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 332.548237][ T5903] usb 4-1: no configurations [ 332.548257][ T5903] usb 4-1: can't read configurations, error -22 [ 332.700712][ T5903] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 332.721983][ T5903] usb 4-1: no configurations [ 332.722013][ T5903] usb 4-1: can't read configurations, error -22 [ 332.723441][ T5903] usb usb4-port1: unable to enumerate USB device [ 335.094353][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.616'. [ 335.250664][ T5808] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 336.269524][ T5808] usb 3-1: Using ep0 maxpacket: 16 [ 336.276859][ T5808] usb 3-1: no configurations [ 336.276871][ T5808] usb 3-1: can't read configurations, error -22 [ 336.343909][ T8021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.618'. [ 336.470701][ T5808] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 336.640637][ T5808] usb 3-1: Using ep0 maxpacket: 16 [ 336.641573][ T5808] usb 3-1: no configurations [ 336.641587][ T5808] usb 3-1: can't read configurations, error -22 [ 336.641825][ T5808] usb usb3-port1: attempt power cycle [ 337.010730][ T5808] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 337.048908][ T5808] usb 3-1: Using ep0 maxpacket: 16 [ 337.049540][ T5808] usb 3-1: no configurations [ 337.049550][ T5808] usb 3-1: can't read configurations, error -22 [ 337.170844][ T5808] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 337.191542][ T5808] usb 3-1: Using ep0 maxpacket: 16 [ 337.192462][ T5808] usb 3-1: no configurations [ 337.192478][ T5808] usb 3-1: can't read configurations, error -22 [ 337.193102][ T5808] usb usb3-port1: unable to enumerate USB device [ 338.184312][ T8027] syz.0.620 (8027): drop_caches: 2 [ 338.257570][ T8034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.258115][ T8034] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.310264][ T8057] netlink: 8 bytes leftover after parsing attributes in process `syz.2.630'. [ 343.120729][ T5876] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 343.820854][ T5876] usb 3-1: Using ep0 maxpacket: 16 [ 343.823413][ T5876] usb 3-1: config index 0 descriptor too short (expected 526, got 367) [ 343.823439][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 343.823457][ T5876] usb 3-1: config 0 has no interfaces? [ 343.873239][ T5876] usb 3-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 343.873257][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.873268][ T5876] usb 3-1: Product: syz [ 343.873275][ T5876] usb 3-1: Manufacturer: syz [ 343.873282][ T5876] usb 3-1: SerialNumber: syz [ 343.930168][ T5876] usb 3-1: config 0 descriptor?? [ 345.260954][ T5876] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 345.400612][ T5808] usb 3-1: USB disconnect, device number 12 [ 345.843893][ T8093] Trying to write to read-only block-device nullb0 [ 346.265582][ T5876] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 346.265608][ T5876] usb 4-1: config 0 has no interfaces? [ 346.265637][ T5876] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 346.265659][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.324430][ T5876] usb 4-1: config 0 descriptor?? [ 346.674945][ T31] usb 4-1: USB disconnect, device number 9 [ 352.260861][ T8139] syz.2.649 (8139): drop_caches: 2 [ 352.295767][ T8140] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 352.303620][ T8142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.304602][ T8142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.350702][ T5808] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 353.503192][ T5808] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 353.503271][ T5808] usb 1-1: config 0 has no interfaces? [ 353.503302][ T5808] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 353.503322][ T5808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.572759][ T5808] usb 1-1: config 0 descriptor?? [ 353.741906][ T8155] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 353.895143][ T5808] usb 1-1: USB disconnect, device number 19 [ 357.626250][ T8182] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 358.170726][ T5808] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 358.325465][ T5808] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 358.325522][ T5808] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 358.325544][ T5808] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 358.325556][ T5808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.392648][ T8175] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 358.415793][ T5808] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 358.908476][ T5808] usb 4-1: USB disconnect, device number 10 [ 358.979587][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 361.484812][ T8211] syz.0.672 (8211): drop_caches: 2 [ 361.534674][ T8212] buffer_io_error: 19 callbacks suppressed [ 361.534695][ T8212] Buffer I/O error on dev loop9, logical block 1, async page read [ 361.538513][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 361.538549][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 361.543580][ T8212] Buffer I/O error on dev loop9, logical block 1, async page read [ 362.529589][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.529649][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 362.529799][ T8212] Buffer I/O error on dev loop9, logical block 1, async page read [ 362.533668][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.533706][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 362.618476][ T8212] Buffer I/O error on dev loop9, logical block 1, async page read [ 362.650253][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.650293][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 362.650789][ T8212] Buffer I/O error on dev loop9, logical block 1, async page read [ 362.650993][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.651020][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 362.652544][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.662758][ T8212] ldm_validate_partition_table(): Disk read failed. [ 362.670667][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.701837][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.752560][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.757655][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 362.757950][ T8212] Dev loop9: unable to read RDB block 0 [ 362.762140][ T8212] loop9: unable to read partition table [ 362.762380][ T8212] loop9: partition table beyond EOD, truncated [ 363.640647][ T5903] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 363.834661][ T5903] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 363.834687][ T5903] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 363.834722][ T5903] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 363.834745][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.844205][ T5903] usb 1-1: config 0 descriptor?? [ 368.206587][ T8255] syz.4.686 (8255): drop_caches: 2 [ 368.269967][ T8259] buffer_io_error: 18 callbacks suppressed [ 368.269980][ T8259] Buffer I/O error on dev loop9, logical block 1, async page read [ 368.286171][ C0] blk_print_req_error: 4 callbacks suppressed [ 368.286185][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.286203][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 368.286493][ T8259] Buffer I/O error on dev loop9, logical block 1, async page read [ 368.286567][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.286592][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 368.287909][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.287930][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 368.288152][ T8259] Buffer I/O error on dev loop9, logical block 1, async page read [ 368.288544][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.288572][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 368.289007][ T8259] Buffer I/O error on dev loop9, logical block 1, async page read [ 368.418521][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.418560][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 368.447819][ T8259] Buffer I/O error on dev loop9, logical block 1, async page read [ 368.460455][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.479325][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.479433][ T8259] ldm_validate_partition_table(): Disk read failed. [ 368.480042][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.523915][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.526889][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 368.527097][ T8259] Dev loop9: unable to read RDB block 0 [ 368.588707][ T8259] loop9: unable to read partition table [ 368.588894][ T8259] loop9: partition table beyond EOD, truncated [ 370.545610][ T8276] ldm_validate_partition_table(): Disk read failed. [ 370.546731][ T8276] Dev loop9: unable to read RDB block 0 [ 370.547608][ T8276] loop9: unable to read partition table [ 370.547765][ T8276] loop9: partition table beyond EOD, truncated [ 373.823523][ T8299] syz.1.698 (8299): drop_caches: 2 [ 377.353527][ C0] blk_print_req_error: 18 callbacks suppressed [ 377.353549][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.353576][ C0] buffer_io_error: 46 callbacks suppressed [ 377.353586][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 377.353718][ T8329] Buffer I/O error on dev loop9, logical block 1, async page read [ 377.353898][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.353923][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 377.354046][ T8329] Buffer I/O error on dev loop9, logical block 1, async page read [ 377.354210][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.354236][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 377.354346][ T8329] Buffer I/O error on dev loop9, logical block 1, async page read [ 377.354493][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.354518][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 377.354629][ T8329] Buffer I/O error on dev loop9, logical block 1, async page read [ 377.354889][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.354918][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 377.356411][ T8329] Buffer I/O error on dev loop9, logical block 1, async page read [ 377.356715][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.356927][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.357036][ T8329] ldm_validate_partition_table(): Disk read failed. [ 377.357164][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.357362][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.357672][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 377.357960][ T8329] Dev loop9: unable to read RDB block 0 [ 377.358737][ T8329] loop9: unable to read partition table [ 377.359045][ T8329] loop9: partition table beyond EOD, truncated [ 378.702944][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.703025][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.933201][ T8357] syz.4.714 uses old SIOCAX25GETINFO [ 381.262389][ T5798] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 381.282217][ T5798] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 381.323408][ T5798] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 381.333097][ T5798] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 381.337520][ T5798] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 381.338023][ T5798] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 381.365685][ T5798] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 381.366335][ T5798] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 381.388634][ T5794] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 381.396777][ T5794] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 381.662565][ T36] audit: type=1326 audit(1772465916.460:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662624][ T36] audit: type=1326 audit(1772465916.460:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662664][ T36] audit: type=1326 audit(1772465916.470:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662705][ T36] audit: type=1326 audit(1772465916.470:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662744][ T36] audit: type=1326 audit(1772465916.470:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662793][ T36] audit: type=1326 audit(1772465916.470:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662833][ T36] audit: type=1326 audit(1772465916.480:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662873][ T36] audit: type=1326 audit(1772465916.490:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662911][ T36] audit: type=1326 audit(1772465916.530:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 381.662950][ T36] audit: type=1326 audit(1772465916.540:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8349 comm="syz.4.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 383.862236][ T5110] Bluetooth: hci5: command tx timeout [ 383.871468][ T6922] Bluetooth: hci6: command tx timeout [ 385.890868][ T6922] Bluetooth: hci6: command tx timeout [ 385.890898][ T5110] Bluetooth: hci5: command tx timeout [ 387.988798][ T6922] Bluetooth: hci5: command tx timeout [ 387.991014][ T5110] Bluetooth: hci6: command tx timeout [ 390.050639][ T6922] Bluetooth: hci5: command tx timeout [ 390.060618][ T6922] Bluetooth: hci6: command tx timeout [ 397.767906][ T31] usb 1-1: USB disconnect, device number 20 [ 401.268550][ T5937] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.206382][ T5937] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.949762][ T5937] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.815910][ T8355] chnl_net:caif_netlink_parms(): no params data found [ 405.741972][ T5937] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.967529][ T8353] chnl_net:caif_netlink_parms(): no params data found [ 408.471888][ T8355] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.472124][ T8355] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.472363][ T8355] bridge_slave_0: entered allmulticast mode [ 408.530558][ T8355] bridge_slave_0: entered promiscuous mode [ 408.591787][ T8355] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.591907][ T8355] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.592130][ T8355] bridge_slave_1: entered allmulticast mode [ 408.605256][ T8355] bridge_slave_1: entered promiscuous mode [ 408.880704][ T5859] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 408.927454][ T8355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.993627][ T8355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.042643][ T5859] usb 3-1: Using ep0 maxpacket: 16 [ 409.045138][ T5859] usb 3-1: config index 0 descriptor too short (expected 526, got 367) [ 409.045164][ T5859] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 409.045181][ T5859] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 409.057165][ T5859] usb 3-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 409.057194][ T5859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.057213][ T5859] usb 3-1: Product: syz [ 409.057226][ T5859] usb 3-1: Manufacturer: syz [ 409.057239][ T5859] usb 3-1: SerialNumber: syz [ 409.133205][ T5859] usb 3-1: config 0 descriptor?? [ 409.205677][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.205802][ T8353] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.206248][ T8353] bridge_slave_0: entered allmulticast mode [ 409.215611][ T8353] bridge_slave_0: entered promiscuous mode [ 409.310738][ T8353] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.310852][ T8353] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.311035][ T8353] bridge_slave_1: entered allmulticast mode [ 409.314509][ T8353] bridge_slave_1: entered promiscuous mode [ 409.319265][ T8355] team0: Port device team_slave_0 added [ 409.342113][ T8355] team0: Port device team_slave_1 added [ 410.234375][ T5937] bridge_slave_1: left allmulticast mode [ 410.234648][ T5937] bridge_slave_1: left promiscuous mode [ 410.237138][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.381090][ T36] kauditd_printk_skb: 4 callbacks suppressed [ 410.381131][ T36] audit: type=1326 audit(1772465946.960:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8544 comm="syz.4.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 410.381439][ T36] audit: type=1326 audit(1772465946.970:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8544 comm="syz.4.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 410.381678][ T36] audit: type=1326 audit(1772465946.970:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8544 comm="syz.4.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 410.381936][ T36] audit: type=1326 audit(1772465946.970:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8544 comm="syz.4.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 410.382133][ T36] audit: type=1326 audit(1772465946.970:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8544 comm="syz.4.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 410.382217][ T36] audit: type=1326 audit(1772465946.970:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8544 comm="syz.4.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 412.983973][ T5937] bridge_slave_0: left allmulticast mode [ 412.984003][ T5937] bridge_slave_0: left promiscuous mode [ 412.984904][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.731634][ T5937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.792942][ T5937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.820941][ T5937] bond0 (unregistering): Released all slaves [ 417.194392][ T8579] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.194648][ T8579] batadv_slave_0: entered promiscuous mode [ 417.285000][ T8353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.293451][ T8355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 417.293469][ T8355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 417.293494][ T8355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 417.294319][ T5937] tipc: Left network mode [ 417.362619][ T8353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.386389][ T8355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 417.386405][ T8355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 417.386429][ T8355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 417.571775][ T8353] team0: Port device team_slave_0 added [ 417.647930][ T8353] team0: Port device team_slave_1 added [ 419.187758][ T8355] hsr_slave_0: entered promiscuous mode [ 419.189178][ T8355] hsr_slave_1: entered promiscuous mode [ 419.190144][ T8355] debugfs: 'hsr0' already exists in 'hsr' [ 419.190169][ T8355] Cannot create hsr debugfs directory [ 419.450759][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 419.616698][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 419.616728][ T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 419.616750][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 419.616761][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.662721][ T8602] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 419.667817][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 419.797500][ T8353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 419.797518][ T8353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 419.797531][ T8353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.152544][ T8353] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.152556][ T8353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.152571][ T8353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.290390][ T10] usb 5-1: USB disconnect, device number 9 [ 421.172178][ T5937] hsr_slave_0: left promiscuous mode [ 421.210898][ T5937] hsr_slave_1: left promiscuous mode [ 421.212721][ T5937] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 421.212908][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.284688][ T5937] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.284716][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.432839][ T5937] veth1_macvtap: left promiscuous mode [ 421.433081][ T5937] veth0_macvtap: left promiscuous mode [ 421.433358][ T5937] veth1_vlan: left promiscuous mode [ 421.433652][ T5937] veth0_vlan: left promiscuous mode [ 422.342920][ T5937] team0 (unregistering): Port device team_slave_1 removed [ 422.401289][ T5937] team0 (unregistering): Port device team_slave_0 removed [ 422.595951][ T8624] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 422.596171][ T8624] batadv_slave_0: entered promiscuous mode [ 422.911526][ T8638] netlink: 12 bytes leftover after parsing attributes in process `syz.4.785'. [ 423.113970][ T8353] hsr_slave_0: entered promiscuous mode [ 423.115306][ T8353] hsr_slave_1: entered promiscuous mode [ 423.116276][ T8353] debugfs: 'hsr0' already exists in 'hsr' [ 423.116300][ T8353] Cannot create hsr debugfs directory [ 426.014777][ T8355] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 426.278183][ T8355] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 426.512391][ T8355] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 426.524988][ T5937] IPVS: stop unused estimator thread 0... [ 426.619569][ T8355] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 428.957519][ T8353] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 430.326729][ T36] audit: type=1326 audit(1772465966.950:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 430.327089][ T36] audit: type=1326 audit(1772465966.960:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 430.327292][ T36] audit: type=1326 audit(1772465966.960:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 430.327453][ T36] audit: type=1326 audit(1772465966.960:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 431.112565][ T8353] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 431.172797][ T8353] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 431.368337][ T8718] netlink: 28 bytes leftover after parsing attributes in process `syz.1.805'. [ 431.655164][ T5937] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.851087][ T8353] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 433.449861][ T8738] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 434.295391][ T5937] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.890441][ T5937] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.508617][ T5937] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.972534][ T36] audit: type=1326 audit(1772465972.430:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8752 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 435.973349][ T36] audit: type=1326 audit(1772465972.430:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8752 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 435.973591][ T36] audit: type=1326 audit(1772465972.440:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8752 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 435.973797][ T36] audit: type=1326 audit(1772465972.440:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8752 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 437.191209][ T8355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.490908][ T8355] 8021q: adding VLAN 0 to HW filter on device team0 [ 438.556386][ T8353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.816136][ T5937] bridge_slave_1: left allmulticast mode [ 438.816173][ T5937] bridge_slave_1: left promiscuous mode [ 438.816524][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.133104][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.133162][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.543218][ T5937] bridge_slave_0: left allmulticast mode [ 440.543248][ T5937] bridge_slave_0: left promiscuous mode [ 440.543514][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.644939][ T5110] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 440.672963][ T5110] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 440.698561][ T5110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 440.743863][ T5110] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 440.744827][ T5110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 441.195301][ T5110] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 441.215626][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 441.216848][ T5110] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 441.217970][ T5110] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 441.219946][ T5110] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 442.119701][ T36] audit: type=1326 audit(1772465978.740:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8807 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 442.120023][ T36] audit: type=1326 audit(1772465978.750:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8807 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 442.120278][ T36] audit: type=1326 audit(1772465978.750:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8807 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 442.120470][ T36] audit: type=1326 audit(1772465978.750:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8807 comm="syz.2.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 442.831799][ T5937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 442.870887][ T5110] Bluetooth: hci2: command tx timeout [ 443.032495][ T5937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 443.498893][ T5937] bond0 (unregistering): Released all slaves [ 443.664884][ T5110] Bluetooth: hci3: command tx timeout [ 445.130590][ T5110] Bluetooth: hci2: command tx timeout [ 445.535058][ T8842] netlink: 12 bytes leftover after parsing attributes in process `syz.4.832'. [ 445.849488][ T5110] Bluetooth: hci3: command tx timeout [ 447.190151][ T5110] Bluetooth: hci2: command tx timeout [ 447.893039][ T5110] Bluetooth: hci3: command tx timeout [ 449.180118][ T36] audit: type=1326 audit(1772465985.790:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.217346][ T36] audit: type=1326 audit(1772465985.790:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.217696][ T36] audit: type=1326 audit(1772465985.800:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.217900][ T36] audit: type=1326 audit(1772465985.800:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.218151][ T36] audit: type=1326 audit(1772465985.800:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.218370][ T36] audit: type=1326 audit(1772465985.800:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.218570][ T36] audit: type=1326 audit(1772465985.810:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.218781][ T36] audit: type=1326 audit(1772465985.810:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8883 comm="syz.2.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 449.343824][ T5110] Bluetooth: hci2: command tx timeout [ 450.697240][ T5110] Bluetooth: hci3: command tx timeout [ 451.502804][ T5937] hsr_slave_0: left promiscuous mode [ 451.678576][ T5937] hsr_slave_1: left promiscuous mode [ 451.679940][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 451.747670][ T5937] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 451.747737][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 451.964889][ T5937] veth1_macvtap: left promiscuous mode [ 451.965005][ T5937] veth0_macvtap: left promiscuous mode [ 451.965949][ T5937] veth1_vlan: left promiscuous mode [ 451.966138][ T5937] veth0_vlan: left promiscuous mode [ 452.674697][ T5937] team0 (unregistering): Port device team_slave_1 removed [ 452.732408][ T5937] team0 (unregistering): Port device team_slave_0 removed [ 455.491594][ T8799] chnl_net:caif_netlink_parms(): no params data found [ 455.608645][ T8790] chnl_net:caif_netlink_parms(): no params data found [ 456.129955][ T8982] netlink: 24 bytes leftover after parsing attributes in process `syz.4.864'. [ 457.136933][ T5937] IPVS: stop unused estimator thread 0... [ 458.679035][ T8799] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.679102][ T8799] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.679291][ T8799] bridge_slave_0: entered allmulticast mode [ 458.707419][ T8799] bridge_slave_0: entered promiscuous mode [ 458.803758][ T8799] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.807784][ T8799] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.807987][ T8799] bridge_slave_1: entered allmulticast mode [ 458.809460][ T8799] bridge_slave_1: entered promiscuous mode [ 458.829221][ T9020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.868'. [ 458.894181][ T8790] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.894249][ T8790] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.894439][ T8790] bridge_slave_0: entered allmulticast mode [ 458.903113][ T8790] bridge_slave_0: entered promiscuous mode [ 459.009912][ T8790] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.010143][ T8790] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.010374][ T8790] bridge_slave_1: entered allmulticast mode [ 459.041335][ T8790] bridge_slave_1: entered promiscuous mode [ 459.488525][ T8799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.510898][ T8790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.518497][ T8799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 459.527475][ T8790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 463.338782][ T8799] team0: Port device team_slave_0 added [ 463.354744][ T8790] team0: Port device team_slave_0 added [ 463.365695][ T8799] team0: Port device team_slave_1 added [ 463.393529][ T9059] netlink: 12 bytes leftover after parsing attributes in process `syz.4.882'. [ 463.444427][ T8790] team0: Port device team_slave_1 added [ 463.709595][ T8799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.709613][ T8799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.709727][ T8799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.740976][ T8799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.740993][ T8799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.741018][ T8799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.791873][ T8790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.791891][ T8790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.791916][ T8790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.995098][ T8790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.995115][ T8790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 463.995137][ T8790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 465.573271][ T9097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'. [ 466.184829][ T8799] hsr_slave_0: entered promiscuous mode [ 466.196662][ T8799] hsr_slave_1: entered promiscuous mode [ 466.208351][ T8799] debugfs: 'hsr0' already exists in 'hsr' [ 466.208377][ T8799] Cannot create hsr debugfs directory [ 466.417007][ T8790] hsr_slave_0: entered promiscuous mode [ 466.418437][ T8790] hsr_slave_1: entered promiscuous mode [ 466.419513][ T8790] debugfs: 'hsr0' already exists in 'hsr' [ 466.419536][ T8790] Cannot create hsr debugfs directory [ 470.016360][ T5937] bridge_slave_1: left allmulticast mode [ 470.016381][ T5937] bridge_slave_1: left promiscuous mode [ 470.016544][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.123573][ T5937] bridge_slave_0: left allmulticast mode [ 470.123609][ T5937] bridge_slave_0: left promiscuous mode [ 470.123906][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.240407][ T5937] bridge_slave_1: left allmulticast mode [ 470.240436][ T5937] bridge_slave_1: left promiscuous mode [ 470.251153][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.323966][ T5937] bridge_slave_0: left allmulticast mode [ 470.323995][ T5937] bridge_slave_0: left promiscuous mode [ 470.324575][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.167736][ T5937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.281499][ T5937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.334390][ T5937] bond0 (unregistering): Released all slaves [ 472.675153][ T5937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.771215][ T5937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.882586][ T5937] bond0 (unregistering): Released all slaves [ 474.270834][ T5937] hsr_slave_0: left promiscuous mode [ 474.310758][ T5937] hsr_slave_1: left promiscuous mode [ 474.311715][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 474.357004][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 475.140738][ T5937] hsr_slave_0: left promiscuous mode [ 475.362392][ T5937] hsr_slave_1: left promiscuous mode [ 475.363403][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 475.419915][ T5937] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 476.251597][ T5937] team0 (unregistering): Port device team_slave_1 removed [ 476.301325][ T5937] team0 (unregistering): Port device team_slave_0 removed [ 476.811188][ T5937] team0 (unregistering): Port device team_slave_1 removed [ 476.864299][ T5937] team0 (unregistering): Port device team_slave_0 removed [ 478.237680][ T8799] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 478.413553][ T8799] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 479.094484][ T8799] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 479.165273][ T8799] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 479.974302][ T8790] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 480.212842][ T8790] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 480.321355][ T8790] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 480.426279][ T8790] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 480.793796][ T8799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.914029][ T8799] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.954004][ T8740] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.957124][ T8740] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.003399][ T8790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.004648][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.004726][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 481.495779][ T8790] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.533362][ T8740] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.541690][ T8740] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.629258][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.629466][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.899706][ T8799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.468500][ T8790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.883093][ T8799] veth0_vlan: entered promiscuous mode [ 485.921861][ T8799] veth1_vlan: entered promiscuous mode [ 486.053579][ T8799] veth0_macvtap: entered promiscuous mode [ 486.073506][ T8799] veth1_macvtap: entered promiscuous mode [ 486.152188][ T8799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.185832][ T8799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.058354][ T2369] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.059383][ T2369] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.073369][ T2369] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.105393][ T2369] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.406538][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.406559][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.540352][ T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.540372][ T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.563146][ T8790] veth0_vlan: entered promiscuous mode [ 487.615744][ T8790] veth1_vlan: entered promiscuous mode [ 487.697483][ T8790] veth0_macvtap: entered promiscuous mode [ 487.727694][ T8790] veth1_macvtap: entered promiscuous mode [ 487.777535][ T8790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.793189][ T8790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 488.099855][ T2369] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.113597][ T2369] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.140758][ T2369] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.246889][ T2369] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.664531][ T9410] netlink: 'syz.1.959': attribute type 1 has an invalid length. [ 488.664546][ T9410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.959'. [ 488.735334][ T6065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.735354][ T6065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.876823][ T9405] syz.6.711 (9405): drop_caches: 2 [ 488.926552][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.926566][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 490.502101][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.957'. [ 495.274950][ T36] audit: type=1326 audit(1772466031.870:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.275241][ T36] audit: type=1326 audit(1772466031.870:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.275495][ T36] audit: type=1326 audit(1772466031.880:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.275719][ T36] audit: type=1326 audit(1772466031.880:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.275913][ T36] audit: type=1326 audit(1772466031.880:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.276083][ T36] audit: type=1326 audit(1772466031.880:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.276332][ T36] audit: type=1326 audit(1772466031.890:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.276469][ T36] audit: type=1326 audit(1772466031.890:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.276674][ T36] audit: type=1326 audit(1772466031.890:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 495.276856][ T36] audit: type=1326 audit(1772466031.900:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9461 comm="syz.1.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 496.110950][ T9474] netlink: 'syz.1.969': attribute type 1 has an invalid length. [ 496.110973][ T9474] netlink: 16 bytes leftover after parsing attributes in process `syz.1.969'. [ 496.281679][ T10] libceph: connect (1)[c::]:6789 error -101 [ 496.281919][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 496.288264][ T10] libceph: connect (1)[c::]:6789 error -101 [ 496.288388][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 496.603905][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 497.300019][ T9476] ceph: No mds server is up or the cluster is laggy [ 497.353859][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 498.032163][ T9505] syz.4.974 (9505): drop_caches: 2 [ 500.271366][ T9527] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 500.272342][ T9527] batadv_slave_0: entered promiscuous mode [ 501.577754][ T36] audit: type=1326 audit(1772466037.600:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577805][ T36] audit: type=1326 audit(1772466037.600:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577835][ T36] audit: type=1326 audit(1772466037.610:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577865][ T36] audit: type=1326 audit(1772466037.610:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577893][ T36] audit: type=1326 audit(1772466037.610:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577923][ T36] audit: type=1326 audit(1772466037.610:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577957][ T36] audit: type=1326 audit(1772466037.620:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.577986][ T36] audit: type=1326 audit(1772466037.620:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.578016][ T36] audit: type=1326 audit(1772466037.620:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.578046][ T36] audit: type=1326 audit(1772466037.630:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9528 comm="syz.6.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 501.582824][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.582892][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.421789][ T5800] libceph: connect (1)[c::]:6789 error -101 [ 503.421989][ T5800] libceph: mon0 (1)[c::]:6789 connect error [ 503.683076][ T5800] libceph: connect (1)[c::]:6789 error -101 [ 503.683262][ T5800] libceph: mon0 (1)[c::]:6789 connect error [ 504.218167][ T5800] libceph: connect (1)[c::]:6789 error -101 [ 504.230838][ T5800] libceph: mon0 (1)[c::]:6789 connect error [ 504.260200][ T9555] ceph: No mds server is up or the cluster is laggy [ 507.551350][ T36] audit: type=1326 audit(1772466043.990:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.551680][ T36] audit: type=1326 audit(1772466043.990:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.551887][ T36] audit: type=1326 audit(1772466043.990:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.552100][ T36] audit: type=1326 audit(1772466043.990:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.552327][ T36] audit: type=1326 audit(1772466044.000:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.552539][ T36] audit: type=1326 audit(1772466044.000:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.552748][ T36] audit: type=1326 audit(1772466044.000:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 507.552949][ T36] audit: type=1326 audit(1772466044.010:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9595 comm="syz.2.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40d6c8c799 code=0x7ffc0000 [ 508.387572][ T9611] netlink: 12 bytes leftover after parsing attributes in process `syz.6.995'. [ 510.809831][ T5859] libceph: connect (1)[c::]:6789 error -101 [ 510.810009][ T5859] libceph: mon0 (1)[c::]:6789 connect error [ 510.822914][ T5859] libceph: connect (1)[c::]:6789 error -101 [ 510.823110][ T5859] libceph: mon0 (1)[c::]:6789 connect error [ 511.706167][ T8788] libceph: connect (1)[c::]:6789 error -101 [ 511.706364][ T8788] libceph: mon0 (1)[c::]:6789 connect error [ 511.713506][ T9630] ceph: No mds server is up or the cluster is laggy [ 513.264682][ T36] audit: type=1326 audit(1772466049.310:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264736][ T36] audit: type=1326 audit(1772466049.310:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264783][ T36] audit: type=1326 audit(1772466049.310:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264823][ T36] audit: type=1326 audit(1772466049.310:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264863][ T36] audit: type=1326 audit(1772466049.320:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264903][ T36] audit: type=1326 audit(1772466049.320:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264944][ T36] audit: type=1326 audit(1772466049.320:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.264983][ T36] audit: type=1326 audit(1772466049.320:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9650 comm="syz.5.1006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 513.702405][ T9673] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1008'. [ 517.179728][ T9712] 9pnet_virtio: no channels available for device 127.0.0.1 [ 519.371644][ T8788] libceph: connect (1)[c::]:6789 error -101 [ 519.371837][ T8788] libceph: mon0 (1)[c::]:6789 connect error [ 519.631054][ T8788] libceph: connect (1)[c::]:6789 error -101 [ 519.631236][ T8788] libceph: mon0 (1)[c::]:6789 connect error [ 520.036268][ T36] audit: type=1326 audit(1772466056.650:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.036514][ T36] audit: type=1326 audit(1772466056.660:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.036703][ T36] audit: type=1326 audit(1772466056.660:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.036907][ T36] audit: type=1326 audit(1772466056.660:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.037100][ T36] audit: type=1326 audit(1772466056.660:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.037361][ T36] audit: type=1326 audit(1772466056.670:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.037557][ T36] audit: type=1326 audit(1772466056.670:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.037736][ T36] audit: type=1326 audit(1772466056.670:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9731 comm="syz.4.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 520.297330][ T8788] libceph: connect (1)[c::]:6789 error -101 [ 520.707326][ T9720] ceph: No mds server is up or the cluster is laggy [ 520.726917][ T8788] libceph: mon0 (1)[c::]:6789 connect error [ 521.835383][ T9763] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 523.878483][ T9763] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 524.010924][ T9778] tipc: Enabling of bearer rejected, failed to enable media [ 524.301150][ T9786] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1033'. [ 527.074503][ T9814] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1041'. [ 528.421166][ T36] audit: type=1326 audit(1772466064.700:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.421355][ T36] audit: type=1326 audit(1772466064.700:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.421598][ T36] audit: type=1326 audit(1772466064.710:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.421784][ T36] audit: type=1326 audit(1772466064.710:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.422032][ T36] audit: type=1326 audit(1772466064.710:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.422231][ T36] audit: type=1326 audit(1772466064.710:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.422425][ T36] audit: type=1326 audit(1772466064.710:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 528.422660][ T36] audit: type=1326 audit(1772466064.720:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9825 comm="syz.4.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 531.431325][ T9857] tipc: Enabling of bearer rejected, failed to enable media [ 536.401190][ T9890] netlink: 'syz.4.1056': attribute type 1 has an invalid length. [ 536.408033][ T9890] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1056'. [ 536.615941][ T9892] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1058'. [ 536.867900][ T9894] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1059'. [ 537.233699][ T9898] tipc: Enabling of bearer rejected, failed to enable media [ 545.579475][ T9946] tipc: Enabling of bearer rejected, failed to enable media [ 551.866381][ T9990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1084'. [ 551.983206][ T9990] nbd: socks must be embedded in a SOCK_ITEM attr [ 552.241451][ T9998] tipc: Enabling of bearer rejected, failed to enable media [ 552.740271][ T9730] udevd[9730]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 559.465629][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1099'. [ 562.938070][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.938140][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.094615][T10055] nbd: socks must be embedded in a SOCK_ITEM attr [ 564.218385][T10060] udevd[10060]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 564.257773][T10059] udevd[10059]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 565.145974][T10058] Bluetooth: hci2: command 0x0406 tx timeout [ 565.146611][T10058] Bluetooth: hci3: command 0x0406 tx timeout [ 573.960885][ T5903] usb 3-1: USB disconnect, device number 13 [ 574.491715][ T5110] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 574.596003][ T5110] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 574.598792][ T5110] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 574.640574][ T5110] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 574.822496][ T5110] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 576.861377][T10156] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1129'. [ 577.415264][T10137] chnl_net:caif_netlink_parms(): no params data found [ 577.625923][T10169] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 577.663263][ T5110] Bluetooth: hci5: command tx timeout [ 578.059334][T10171] netlink: 'syz.1.1122': attribute type 1 has an invalid length. [ 578.059357][T10171] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1122'. [ 578.208312][T10172] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 578.407761][T10137] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.421192][T10137] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.421465][T10137] bridge_slave_0: entered allmulticast mode [ 578.450874][T10137] bridge_slave_0: entered promiscuous mode [ 578.457557][T10137] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.457763][T10137] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.457968][T10137] bridge_slave_1: entered allmulticast mode [ 578.500731][T10137] bridge_slave_1: entered promiscuous mode [ 579.315263][T10137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 579.319953][T10137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 579.730736][ T5110] Bluetooth: hci5: command tx timeout [ 581.810670][ T5110] Bluetooth: hci5: command tx timeout [ 582.142598][T10137] team0: Port device team_slave_0 added [ 582.145693][T10137] team0: Port device team_slave_1 added [ 583.554915][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 583.555114][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 583.573275][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 583.573400][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 583.586685][T10137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.586696][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.586711][T10137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.588386][T10137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.588400][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.588418][T10137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 583.691445][T10221] netlink: 'syz.6.1144': attribute type 1 has an invalid length. [ 583.691468][T10221] netlink: 192 bytes leftover after parsing attributes in process `syz.6.1144'. [ 583.825627][T10137] hsr_slave_0: entered promiscuous mode [ 583.826906][T10137] hsr_slave_1: entered promiscuous mode [ 583.827854][T10137] debugfs: 'hsr0' already exists in 'hsr' [ 583.827878][T10137] Cannot create hsr debugfs directory [ 583.831099][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 583.831274][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 583.854552][T10214] ceph: No mds server is up or the cluster is laggy [ 583.892232][ T5110] Bluetooth: hci5: command tx timeout [ 584.000819][T10224] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 585.082432][T10224] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 586.483546][T10137] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 586.695455][ T36] audit: type=1326 audit(1772466123.310:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.695736][ T36] audit: type=1326 audit(1772466123.310:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.695891][ T36] audit: type=1326 audit(1772466123.320:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.696348][ T36] audit: type=1326 audit(1772466123.320:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.696612][ T36] audit: type=1326 audit(1772466123.320:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.696784][ T36] audit: type=1326 audit(1772466123.320:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.696935][ T36] audit: type=1326 audit(1772466123.330:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 586.697206][ T36] audit: type=1326 audit(1772466123.330:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.6.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 587.399750][T10137] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 589.747008][ T5110] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 589.747121][ T5110] CPU: 1 UID: 0 PID: 5110 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 589.747149][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 589.747164][ T5110] Workqueue: hci0 hci_rx_work [ 589.747356][ T5110] Call Trace: [ 589.747370][ T5110] [ 589.747381][ T5110] dump_stack_lvl+0xe8/0x150 [ 589.747489][ T5110] sysfs_create_dir_ns+0x271/0x2a0 [ 589.747568][ T5110] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 589.747684][ T5110] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 589.747713][ T5110] ? __rcu_read_unlock+0x83/0xe0 [ 589.747770][ T5110] ? rt_spin_unlock+0x160/0x200 [ 589.747796][ T5110] kobject_add_internal+0x631/0xd10 [ 589.747900][ T5110] kobject_add+0x163/0x240 [ 589.747936][ T5110] ? __pfx_kobject_add+0x10/0x10 [ 589.747978][ T5110] ? get_device_parent+0x370/0x3a0 [ 589.748094][ T5110] device_add+0x408/0xb80 [ 589.748130][ T5110] hci_conn_add_sysfs+0xd5/0x210 [ 589.748216][ T5110] le_conn_complete_evt+0xf1d/0x1430 [ 589.748310][ T5110] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 589.748347][ T5110] ? le_conn_complete_evt+0x15/0x1430 [ 589.748389][ T5110] hci_le_conn_complete_evt+0x187/0x470 [ 589.748428][ T5110] hci_event_packet+0x7af/0x12c0 [ 589.748486][ T5110] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 589.748517][ T5110] ? __pfx_hci_event_packet+0x10/0x10 [ 589.748543][ T5110] ? preempt_schedule_common+0x82/0xd0 [ 589.748603][ T5110] ? preempt_schedule_thunk+0x16/0x30 [ 589.748633][ T5110] ? hci_send_to_monitor+0xe2/0x590 [ 589.748658][ T5110] hci_rx_work+0x3ee/0x1030 [ 589.748687][ T5110] ? preempt_schedule_thunk+0x16/0x30 [ 589.748724][ T5110] ? process_scheduled_works+0xa25/0x1830 [ 589.748763][ T5110] process_scheduled_works+0xb02/0x1830 [ 589.748821][ T5110] ? __pfx_process_scheduled_works+0x10/0x10 [ 589.748857][ T5110] ? assign_work+0x3d5/0x5e0 [ 589.748891][ T5110] worker_thread+0xa50/0xfc0 [ 589.748949][ T5110] kthread+0x388/0x470 [ 589.748972][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 589.748998][ T5110] ? __pfx_kthread+0x10/0x10 [ 589.749021][ T5110] ret_from_fork+0x51e/0xb90 [ 589.749067][ T5110] ? __pfx_ret_from_fork+0x10/0x10 [ 589.749094][ T5110] ? __switch_to+0xc7d/0x1450 [ 589.749132][ T5110] ? __pfx_kthread+0x10/0x10 [ 589.749154][ T5110] ret_from_fork_asm+0x1a/0x30 [ 589.749191][ T5110] [ 589.749573][ T5110] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 589.749892][ T5110] Bluetooth: hci0: failed to register connection device [ 590.449515][T10137] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 590.480546][T10277] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 591.056524][T10137] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 591.407109][T10277] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 591.882586][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.937018][ T36] audit: type=1326 audit(1772466129.050:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937072][ T36] audit: type=1326 audit(1772466129.050:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937116][ T36] audit: type=1326 audit(1772466129.050:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937157][ T36] audit: type=1326 audit(1772466129.050:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937197][ T36] audit: type=1326 audit(1772466129.060:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937239][ T36] audit: type=1326 audit(1772466129.060:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937280][ T36] audit: type=1326 audit(1772466129.060:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 592.937321][ T36] audit: type=1326 audit(1772466129.070:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10302 comm="syz.5.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37dcbdc799 code=0x7ffc0000 [ 593.407594][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.581674][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.419206][ T5110] Bluetooth: hci0: command 0x0406 tx timeout [ 597.238256][T10337] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 597.285597][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.748317][T10337] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 598.248445][T10137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 598.438709][T10137] 8021q: adding VLAN 0 to HW filter on device team0 [ 598.591213][ T36] audit: type=1326 audit(1772466135.160:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.591573][ T36] audit: type=1326 audit(1772466135.160:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.591774][ T36] audit: type=1326 audit(1772466135.160:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.592026][ T36] audit: type=1326 audit(1772466135.160:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.592241][ T36] audit: type=1326 audit(1772466135.160:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.592436][ T36] audit: type=1326 audit(1772466135.160:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.592642][ T36] audit: type=1326 audit(1772466135.160:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.592900][ T36] audit: type=1326 audit(1772466135.160:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.593172][ T36] audit: type=1326 audit(1772466135.160:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 598.593367][ T36] audit: type=1326 audit(1772466135.160:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10346 comm="syz.1.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41aa64c799 code=0x7ffc0000 [ 599.295347][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.322172][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 599.324776][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.324900][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.597138][ T13] bridge_slave_1: left allmulticast mode [ 600.597165][ T13] bridge_slave_1: left promiscuous mode [ 600.597395][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.732341][ T13] bridge_slave_0: left allmulticast mode [ 600.732369][ T13] bridge_slave_0: left promiscuous mode [ 600.736081][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.362907][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 602.432540][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 602.473769][ T13] bond0 (unregistering): Released all slaves [ 604.105411][T10384] netlink: 356 bytes leftover after parsing attributes in process `syz.6.1183'. [ 604.315271][T10388] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1182'. [ 607.964033][T10137] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 610.501529][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 610.501546][ T36] audit: type=1326 audit(1772466146.370:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501594][ T36] audit: type=1326 audit(1772466146.370:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501645][ T36] audit: type=1326 audit(1772466146.370:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501685][ T36] audit: type=1326 audit(1772466146.380:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501724][ T36] audit: type=1326 audit(1772466146.380:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501766][ T36] audit: type=1326 audit(1772466146.380:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501806][ T36] audit: type=1326 audit(1772466146.380:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501847][ T36] audit: type=1326 audit(1772466146.380:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501887][ T36] audit: type=1326 audit(1772466146.380:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 610.501927][ T36] audit: type=1326 audit(1772466146.380:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10431 comm="syz.4.1185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29703dc799 code=0x7ffc0000 [ 611.590791][ T13] hsr_slave_0: left promiscuous mode [ 611.644459][ T13] hsr_slave_1: left promiscuous mode [ 611.645501][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 611.696236][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 611.696262][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.078186][ T13] veth1_macvtap: left promiscuous mode [ 612.094545][ T13] veth0_macvtap: left promiscuous mode [ 612.243854][ T13] veth1_vlan: left promiscuous mode [ 612.413579][ T13] veth0_vlan: left promiscuous mode [ 613.465625][T10488] netlink: 'syz.4.1198': attribute type 6 has an invalid length. [ 616.656679][ T13] team0 (unregistering): Port device team_slave_1 removed [ 616.871442][ T13] team0 (unregistering): Port device team_slave_0 removed [ 617.623382][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 617.623403][ T36] audit: type=1326 audit(1772466153.570:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623449][ T36] audit: type=1326 audit(1772466153.570:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623490][ T36] audit: type=1326 audit(1772466153.570:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623531][ T36] audit: type=1326 audit(1772466153.570:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623571][ T36] audit: type=1326 audit(1772466153.570:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623611][ T36] audit: type=1326 audit(1772466153.570:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623651][ T36] audit: type=1326 audit(1772466153.570:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623691][ T36] audit: type=1326 audit(1772466153.570:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623732][ T36] audit: type=1326 audit(1772466153.570:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 617.623773][ T36] audit: type=1326 audit(1772466153.570:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 620.696576][T10137] veth0_vlan: entered promiscuous mode [ 620.926320][T10137] veth1_vlan: entered promiscuous mode [ 621.213687][T10137] veth0_macvtap: entered promiscuous mode [ 621.218818][T10137] veth1_macvtap: entered promiscuous mode [ 621.312628][T10137] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 621.726781][T10137] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 621.796800][ T164] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.799228][ T164] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.799764][ T164] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.800259][ T164] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.740103][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.740125][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.003641][ T164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.003663][ T164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.254268][ T13] IPVS: stop unused estimator thread 0... [ 624.383051][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.383130][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.548016][T10573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 626.548588][T10573] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 627.562402][ T6922] Bluetooth: hci5: link tx timeout [ 627.563419][ T6922] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 628.274538][T10584] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1218'. [ 629.035809][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1222'. [ 630.220705][ T5110] Bluetooth: hci5: command 0x0406 tx timeout [ 635.871503][ T825] libceph: connect (1)[c::]:6789 error -101 [ 635.871703][ T825] libceph: mon0 (1)[c::]:6789 connect error [ 636.131063][ T825] libceph: connect (1)[c::]:6789 error -101 [ 636.131326][ T825] libceph: mon0 (1)[c::]:6789 connect error [ 637.048949][ T825] libceph: connect (1)[c::]:6789 error -101 [ 637.049145][ T825] libceph: mon0 (1)[c::]:6789 connect error [ 637.050655][T10645] ceph: No mds server is up or the cluster is laggy [ 638.382583][ T10] libceph: connect (1)[c::]:6789 error -101 [ 638.382794][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 643.019861][T10699] bond1: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 643.085390][T10699] bond1 (unregistering): Released all slaves [ 649.746614][T10746] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 649.746642][T10746] overlayfs: fs on './file1' does not support file handles, falling back to index=off,nfs_export=off. [ 654.507976][T10786] syzkaller0: entered promiscuous mode [ 654.508014][T10786] syzkaller0: entered allmulticast mode [ 659.036937][ T5859] libceph: connect (1)[c::]:6789 error -101 [ 659.037058][ T5859] libceph: mon0 (1)[c::]:6789 connect error [ 659.277724][T10827] ceph: No mds server is up or the cluster is laggy [ 659.291053][ T5859] libceph: connect (1)[c::]:6789 error -101 [ 659.291248][ T5859] libceph: mon0 (1)[c::]:6789 connect error [ 660.097344][ T5859] libceph: connect (1)[c::]:6789 error -101 [ 660.097565][ T5859] libceph: mon0 (1)[c::]:6789 connect error [ 663.822022][T10882] loop9: detected capacity change from 7 to 0 [ 664.726340][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 664.726540][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 665.610914][ T5903] libceph: connect (1)[c::]:6789 error -101 [ 665.611119][ T5903] libceph: mon0 (1)[c::]:6789 connect error [ 665.731860][T10897] ceph: No mds server is up or the cluster is laggy [ 670.386460][T10950] binder: 10946:10950 ioctl c0306201 0 returned -14 [ 672.179962][ T6922] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 672.180017][ T6922] CPU: 1 UID: 0 PID: 6922 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 672.180044][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 672.180060][ T6922] Workqueue: hci3 hci_rx_work [ 672.180095][ T6922] Call Trace: [ 672.180105][ T6922] [ 672.180116][ T6922] dump_stack_lvl+0xe8/0x150 [ 672.180157][ T6922] sysfs_create_dir_ns+0x271/0x2a0 [ 672.180183][ T6922] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 672.180209][ T6922] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 672.180231][ T6922] ? __rcu_read_unlock+0x83/0xe0 [ 672.180273][ T6922] ? rt_spin_unlock+0x160/0x200 [ 672.180298][ T6922] kobject_add_internal+0x631/0xd10 [ 672.180342][ T6922] kobject_add+0x163/0x240 [ 672.180379][ T6922] ? __pfx_kobject_add+0x10/0x10 [ 672.180418][ T6922] ? get_device_parent+0x370/0x3a0 [ 672.180453][ T6922] device_add+0x408/0xb80 [ 672.180486][ T6922] hci_conn_add_sysfs+0xd5/0x210 [ 672.180509][ T6922] le_conn_complete_evt+0xf1d/0x1430 [ 672.180552][ T6922] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 672.180584][ T6922] ? irqentry_exit+0x59e/0x620 [ 672.180686][ T6922] ? rcu_is_watching+0x15/0xb0 [ 672.180722][ T6922] hci_le_conn_complete_evt+0x187/0x470 [ 672.180761][ T6922] hci_event_packet+0x7af/0x12c0 [ 672.180794][ T6922] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 672.180824][ T6922] ? __pfx_hci_event_packet+0x10/0x10 [ 672.180871][ T6922] ? preempt_schedule_common+0x82/0xd0 [ 672.180899][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 672.180930][ T6922] ? hci_send_to_monitor+0xe2/0x590 [ 672.180955][ T6922] hci_rx_work+0x3ee/0x1030 [ 672.180984][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 672.181011][ T6922] ? process_scheduled_works+0xa25/0x1830 [ 672.181043][ T6922] process_scheduled_works+0xb02/0x1830 [ 672.181102][ T6922] ? __pfx_process_scheduled_works+0x10/0x10 [ 672.181136][ T6922] ? assign_work+0x3d5/0x5e0 [ 672.181170][ T6922] worker_thread+0xa50/0xfc0 [ 672.181228][ T6922] kthread+0x388/0x470 [ 672.181258][ T6922] ? __pfx_worker_thread+0x10/0x10 [ 672.181284][ T6922] ? __pfx_kthread+0x10/0x10 [ 672.181308][ T6922] ret_from_fork+0x51e/0xb90 [ 672.181342][ T6922] ? __pfx_ret_from_fork+0x10/0x10 [ 672.181369][ T6922] ? __switch_to+0xc7d/0x1450 [ 672.181399][ T6922] ? __pfx_kthread+0x10/0x10 [ 672.181423][ T6922] ret_from_fork_asm+0x1a/0x30 [ 672.181460][ T6922] [ 672.238716][ T6922] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 672.239010][ T6922] Bluetooth: hci3: failed to register connection device [ 674.791234][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 674.791254][ T36] audit: type=1326 audit(1772466211.420:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791303][ T36] audit: type=1326 audit(1772466211.420:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791345][ T36] audit: type=1326 audit(1772466211.420:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791388][ T36] audit: type=1326 audit(1772466211.420:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791430][ T36] audit: type=1326 audit(1772466211.420:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791479][ T36] audit: type=1326 audit(1772466211.420:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791519][ T36] audit: type=1326 audit(1772466211.420:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791565][ T36] audit: type=1326 audit(1772466211.420:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791606][ T36] audit: type=1326 audit(1772466211.420:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 674.791648][ T36] audit: type=1326 audit(1772466211.420:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10993 comm="syz.6.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeda8c799 code=0x7ffc0000 [ 676.764459][ T5867] usb 2-1: USB disconnect, device number 3 [ 678.444742][ T5798] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 678.491182][ T5798] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 678.492531][ T5798] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 678.494626][ T5798] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 678.497158][ T5798] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 680.036240][T11021] chnl_net:caif_netlink_parms(): no params data found [ 680.610646][ T6922] Bluetooth: hci4: command tx timeout [ 682.069576][T11021] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.069690][T11021] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.069937][T11021] bridge_slave_0: entered allmulticast mode [ 682.448021][ T6922] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 682.752621][ T6922] Bluetooth: hci4: command tx timeout [ 682.860685][T11021] bridge_slave_0: entered promiscuous mode [ 682.885595][T11021] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.885779][T11021] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.886018][T11021] bridge_slave_1: entered allmulticast mode [ 682.890437][T11021] bridge_slave_1: entered promiscuous mode [ 684.780549][ T6922] Bluetooth: hci4: command tx timeout [ 684.937897][T11021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 684.940183][T11021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.011655][T11021] team0: Port device team_slave_0 added [ 685.015126][T11021] team0: Port device team_slave_1 added [ 685.083834][T11021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 685.083852][T11021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 685.083878][T11021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 685.086068][T11021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 685.086083][T11021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 685.086109][T11021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 685.268955][T11021] hsr_slave_0: entered promiscuous mode [ 685.278092][T11021] hsr_slave_1: entered promiscuous mode [ 685.279042][T11021] debugfs: 'hsr0' already exists in 'hsr' [ 685.279063][T11021] Cannot create hsr debugfs directory [ 685.818562][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.818634][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.976173][T11021] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 686.304535][T11021] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 686.391905][T11021] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 686.481814][T11021] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 686.850632][ T6922] Bluetooth: hci4: command tx timeout [ 688.455568][T11081] 9p: Could not find request transport: unyô‰Tß‚¾ 4¶-¾¦}x [ 690.265304][ T6922] Bluetooth: hci5: link tx timeout [ 691.296735][ T1228] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.720136][ T1228] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.812846][T11110] overlayfs: failed to resolve './file0': -2 [ 693.437783][ T5859] IPVS: starting estimator thread 0... [ 693.590714][T11121] IPVS: using max 15 ests per chain, 36000 per kthread [ 693.591338][ T1228] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.197392][ T1228] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.775299][T11021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 695.685156][T11021] 8021q: adding VLAN 0 to HW filter on device team0 [ 695.721812][T10015] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.722065][T10015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.013074][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.013291][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 698.273467][ T1228] bridge_slave_1: left allmulticast mode [ 698.273497][ T1228] bridge_slave_1: left promiscuous mode [ 698.273784][ T1228] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.372230][ T1228] bridge_slave_0: left allmulticast mode [ 698.372258][ T1228] bridge_slave_0: left promiscuous mode [ 698.372495][ T1228] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.890614][ T5867] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 703.040857][ T5867] usb 6-1: Using ep0 maxpacket: 8 [ 703.041379][ T1228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 703.043385][ T5867] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 703.043413][ T5867] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 703.043438][ T5867] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 703.043461][ T5867] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 703.043499][ T5867] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 703.043518][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.141346][ T1228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 703.193282][ T1228] bond0 (unregistering): Released all slaves [ 703.360392][ T5867] usb 6-1: GET_CAPABILITIES returned 0 [ 703.360441][ T5867] usbtmc 6-1:16.0: can't read capabilities [ 703.578153][ T5867] usb 6-1: USB disconnect, device number 2 [ 706.163686][ T1228] hsr_slave_0: left promiscuous mode [ 706.421976][ T1228] hsr_slave_1: left promiscuous mode [ 706.422946][ T1228] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 706.461645][ T1228] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 706.461679][ T1228] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 707.360834][ T1228] veth1_macvtap: left promiscuous mode [ 707.360908][ T1228] veth0_macvtap: left promiscuous mode [ 707.361048][ T1228] veth1_vlan: left promiscuous mode [ 707.361141][ T1228] veth0_vlan: left promiscuous mode [ 708.194150][T10387] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 708.687813][T10387] usb 8-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 185 [ 708.687859][T10387] usb 8-1: config 0 interface 0 has no altsetting 0 [ 708.708987][T10387] usb 8-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3 [ 708.709025][T10387] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.709045][T10387] usb 8-1: Product: syz [ 708.709058][T10387] usb 8-1: Manufacturer: syz [ 708.709071][T10387] usb 8-1: SerialNumber: syz [ 708.750346][T10387] usb 8-1: config 0 descriptor?? [ 708.765825][T11250] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 708.826242][T10387] keyspan 8-1:0.0: Keyspan 2 port adapter converter detected [ 708.826856][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 7 [ 708.861303][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 81 [ 708.861397][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 1 [ 708.861478][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 2 [ 708.861576][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 85 [ 708.861657][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 5 [ 708.890807][T10387] usb 8-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 709.002641][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 83 [ 709.002737][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 3 [ 709.002822][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 4 [ 709.002906][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 86 [ 709.002990][T10387] keyspan 8-1:0.0: found no endpoint descriptor for endpoint 6 [ 709.005531][T10387] usb 8-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 711.533625][ T1228] team0 (unregistering): Port device team_slave_1 removed [ 711.581523][ T1228] team0 (unregistering): Port device team_slave_0 removed [ 711.859464][T11249] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1376'. [ 711.954157][ T10] usb 8-1: USB disconnect, device number 2 [ 712.002469][ T10] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 712.024627][ T10] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 712.025249][ T10] keyspan 8-1:0.0: device disconnected [ 712.043269][T11021] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 712.680653][T11289] capability: warning: `syz.4.1387' uses deprecated v2 capabilities in a way that may be insecure [ 713.467087][ T10] libceph: connect (1)[c::]:6789 error -101 [ 713.467291][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 713.659033][T11286] ceph: No mds server is up or the cluster is laggy [ 713.723891][ T5808] libceph: connect (1)[c::]:6789 error -101 [ 713.724014][ T5808] libceph: mon0 (1)[c::]:6789 connect error [ 715.631490][ T1228] IPVS: stop unused estimator thread 0... [ 717.646996][T11021] veth0_vlan: entered promiscuous mode [ 717.687138][T11021] veth1_vlan: entered promiscuous mode [ 717.873506][T11021] veth0_macvtap: entered promiscuous mode [ 717.910471][T11021] veth1_macvtap: entered promiscuous mode [ 717.992146][T11021] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 718.013665][T11021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 718.049972][T10016] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.059465][T10016] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.059813][T10016] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.059992][T10016] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.520877][ T1228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 718.520900][ T1228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 719.541135][T10016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 719.541149][T10016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 720.791100][ T5808] libceph: connect (1)[c::]:6789 error -101 [ 720.791295][ T5808] libceph: mon0 (1)[c::]:6789 connect error [ 720.813334][ T5808] libceph: connect (1)[c::]:6789 error -101 [ 720.813497][ T5808] libceph: mon0 (1)[c::]:6789 connect error [ 721.183069][ T5808] libceph: connect (1)[c::]:6789 error -101 [ 721.183272][ T5808] libceph: mon0 (1)[c::]:6789 connect error [ 721.717169][ T5808] libceph: connect (1)[c::]:6789 error -101 [ 721.738410][ T5808] libceph: mon0 (1)[c::]:6789 connect error [ 721.860719][T11354] ceph: No mds server is up or the cluster is laggy [ 735.659885][T11459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1423'. [ 735.666858][T11459] bridge0: entered promiscuous mode [ 735.668631][T11459] bridge0: port 3(macsec1) entered blocking state [ 735.668800][T11459] bridge0: port 3(macsec1) entered disabled state [ 735.668916][T11459] macsec1: entered allmulticast mode [ 735.668926][T11459] bridge0: entered allmulticast mode [ 735.752144][T11459] macsec1: left allmulticast mode [ 735.752166][T11459] bridge0: left allmulticast mode [ 735.802696][T11459] bridge0: left promiscuous mode [ 736.381967][ T6922] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 736.382020][ T6922] CPU: 1 UID: 0 PID: 6922 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 736.382047][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 736.382062][ T6922] Workqueue: hci4 hci_rx_work [ 736.382098][ T6922] Call Trace: [ 736.382108][ T6922] [ 736.382120][ T6922] dump_stack_lvl+0xe8/0x150 [ 736.382158][ T6922] sysfs_create_dir_ns+0x271/0x2a0 [ 736.382184][ T6922] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 736.382212][ T6922] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 736.382239][ T6922] ? rt_spin_unlock+0x160/0x200 [ 736.382265][ T6922] kobject_add_internal+0x631/0xd10 [ 736.382308][ T6922] kobject_add+0x163/0x240 [ 736.382340][ T6922] ? kobject_put+0xc1/0x560 [ 736.382372][ T6922] ? __pfx_kobject_add+0x10/0x10 [ 736.382414][ T6922] ? get_device_parent+0x370/0x3a0 [ 736.382451][ T6922] device_add+0x408/0xb80 [ 736.382486][ T6922] hci_conn_add_sysfs+0xd5/0x210 [ 736.382516][ T6922] le_conn_complete_evt+0xf1d/0x1430 [ 736.382570][ T6922] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 736.382599][ T6922] ? lockdep_hardirqs_on+0x7a/0x110 [ 736.382629][ T6922] ? irqentry_exit+0x59e/0x620 [ 736.382659][ T6922] ? rcu_is_watching+0x15/0xb0 [ 736.382687][ T6922] ? skb_pull_data+0xfb/0x200 [ 736.382859][ T6922] hci_le_conn_complete_evt+0x187/0x470 [ 736.382899][ T6922] hci_event_packet+0x7af/0x12c0 [ 736.382933][ T6922] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 736.382965][ T6922] ? __pfx_hci_event_packet+0x10/0x10 [ 736.382991][ T6922] ? preempt_schedule_common+0x82/0xd0 [ 736.383019][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 736.383048][ T6922] ? hci_send_to_monitor+0xe2/0x590 [ 736.383082][ T6922] hci_rx_work+0x3ee/0x1030 [ 736.383112][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 736.383140][ T6922] ? process_scheduled_works+0xa25/0x1830 [ 736.383172][ T6922] process_scheduled_works+0xb02/0x1830 [ 736.383232][ T6922] ? __pfx_process_scheduled_works+0x10/0x10 [ 736.383267][ T6922] ? assign_work+0x3d5/0x5e0 [ 736.383301][ T6922] worker_thread+0xa50/0xfc0 [ 736.383359][ T6922] kthread+0x388/0x470 [ 736.383382][ T6922] ? __pfx_worker_thread+0x10/0x10 [ 736.383408][ T6922] ? __pfx_kthread+0x10/0x10 [ 736.383431][ T6922] ret_from_fork+0x51e/0xb90 [ 736.383464][ T6922] ? __pfx_ret_from_fork+0x10/0x10 [ 736.383491][ T6922] ? __switch_to+0xc7d/0x1450 [ 736.383521][ T6922] ? __pfx_kthread+0x10/0x10 [ 736.383550][ T6922] ret_from_fork_asm+0x1a/0x30 [ 736.383589][ T6922] [ 736.384264][ T6922] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 736.384558][ T6922] Bluetooth: hci4: failed to register connection device [ 736.929671][ T6922] ================================================================== [ 736.929752][ T6922] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.929829][ T6922] Read of size 8 at addr ffff88805b0de7b0 by task kworker/u9:5/6922 [ 736.929839][ T6922] [ 736.929873][ T6922] CPU: 1 UID: 0 PID: 6922 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 736.929887][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 736.929896][ T6922] Workqueue: hci4 hci_rx_work [ 736.929911][ T6922] Call Trace: [ 736.929918][ T6922] [ 736.929923][ T6922] dump_stack_lvl+0xe8/0x150 [ 736.929942][ T6922] print_report+0xba/0x230 [ 736.929973][ T6922] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.929986][ T6922] kasan_report+0x117/0x150 [ 736.930055][ T6922] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.930070][ T6922] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.930085][ T6922] l2cap_connect_cfm+0x368/0x1390 [ 736.930098][ T6922] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 736.930110][ T6922] ? _raw_spin_unlock_irqrestore+0x74/0x80 [ 736.930125][ T6922] ? mutex_lock_nested+0x152/0x1d0 [ 736.930134][ T6922] ? hci_connect_cfm+0x2c/0x140 [ 736.930149][ T6922] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 736.930159][ T6922] hci_connect_cfm+0x95/0x140 [ 736.930174][ T6922] le_conn_complete_evt+0xf65/0x1430 [ 736.930192][ T6922] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 736.930207][ T6922] ? lockdep_hardirqs_on+0x7a/0x110 [ 736.930220][ T6922] ? irqentry_exit+0x59e/0x620 [ 736.930233][ T6922] ? rcu_is_watching+0x15/0xb0 [ 736.930245][ T6922] ? skb_pull_data+0xfb/0x200 [ 736.930262][ T6922] hci_le_conn_complete_evt+0x187/0x470 [ 736.930279][ T6922] hci_event_packet+0x7af/0x12c0 [ 736.930294][ T6922] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 736.930308][ T6922] ? __pfx_hci_event_packet+0x10/0x10 [ 736.930320][ T6922] ? preempt_schedule_common+0x82/0xd0 [ 736.930333][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 736.930346][ T6922] ? hci_send_to_monitor+0xe2/0x590 [ 736.930357][ T6922] hci_rx_work+0x3ee/0x1030 [ 736.930372][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 736.930392][ T6922] ? process_scheduled_works+0xa25/0x1830 [ 736.930417][ T6922] process_scheduled_works+0xb02/0x1830 [ 736.930455][ T6922] ? __pfx_process_scheduled_works+0x10/0x10 [ 736.930486][ T6922] ? assign_work+0x3d5/0x5e0 [ 736.930511][ T6922] worker_thread+0xa50/0xfc0 [ 736.930552][ T6922] kthread+0x388/0x470 [ 736.930570][ T6922] ? __pfx_worker_thread+0x10/0x10 [ 736.930596][ T6922] ? __pfx_kthread+0x10/0x10 [ 736.930614][ T6922] ret_from_fork+0x51e/0xb90 [ 736.930640][ T6922] ? __pfx_ret_from_fork+0x10/0x10 [ 736.930663][ T6922] ? __switch_to+0xc7d/0x1450 [ 736.930686][ T6922] ? __pfx_kthread+0x10/0x10 [ 736.930703][ T6922] ret_from_fork_asm+0x1a/0x30 [ 736.930728][ T6922] [ 736.930735][ T6922] [ 736.930739][ T6922] Allocated by task 6922: [ 736.930797][ T6922] kasan_save_track+0x3e/0x80 [ 736.930816][ T6922] __kasan_kmalloc+0x93/0xb0 [ 736.930830][ T6922] __kmalloc_noprof+0x3e7/0x7b0 [ 736.930877][ T6922] sk_prot_alloc+0xe7/0x210 [ 736.930917][ T6922] sk_alloc+0x3a/0x390 [ 736.930927][ T6922] bt_sock_alloc+0x3b/0x310 [ 736.930970][ T6922] l2cap_sock_new_connection_cb+0xe2/0x2e0 [ 736.930982][ T6922] l2cap_connect_cfm+0x368/0x1390 [ 736.930991][ T6922] hci_connect_cfm+0x95/0x140 [ 736.931004][ T6922] le_conn_complete_evt+0xf65/0x1430 [ 736.931020][ T6922] hci_le_conn_complete_evt+0x187/0x470 [ 736.931033][ T6922] hci_event_packet+0x7af/0x12c0 [ 736.931045][ T6922] hci_rx_work+0x3ee/0x1030 [ 736.931056][ T6922] process_scheduled_works+0xb02/0x1830 [ 736.931068][ T6922] worker_thread+0xa50/0xfc0 [ 736.931081][ T6922] kthread+0x388/0x470 [ 736.931089][ T6922] ret_from_fork+0x51e/0xb90 [ 736.931101][ T6922] ret_from_fork_asm+0x1a/0x30 [ 736.931109][ T6922] [ 736.931111][ T6922] Freed by task 11468: [ 736.931116][ T6922] kasan_save_track+0x3e/0x80 [ 736.931128][ T6922] kasan_save_free_info+0x46/0x50 [ 736.931150][ T6922] __kasan_slab_free+0x5c/0x80 [ 736.931162][ T6922] kfree+0x1c1/0x6c0 [ 736.931173][ T6922] __sk_destruct+0x626/0x880 [ 736.931185][ T6922] l2cap_sock_cleanup_listen+0xe0/0x440 [ 736.931195][ T6922] l2cap_sock_release+0x6e/0x270 [ 736.931204][ T6922] sock_close+0xc3/0x240 [ 736.931211][ T6922] __fput+0x461/0xa90 [ 736.931264][ T6922] task_work_run+0x1d9/0x270 [ 736.931275][ T6922] get_signal+0x11c3/0x1310 [ 736.931292][ T6922] arch_do_signal_or_restart+0xbc/0x830 [ 736.931304][ T6922] exit_to_user_mode_loop+0x86/0x480 [ 736.931328][ T6922] do_syscall_64+0x32d/0xf80 [ 736.931368][ T6922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.931391][ T6922] [ 736.931394][ T6922] The buggy address belongs to the object at ffff88805b0de000 [ 736.931394][ T6922] which belongs to the cache kmalloc-2k of size 2048 [ 736.931404][ T6922] The buggy address is located 1968 bytes inside of [ 736.931404][ T6922] freed 2048-byte region [ffff88805b0de000, ffff88805b0de800) [ 736.931415][ T6922] [ 736.931419][ T6922] The buggy address belongs to the physical page: [ 736.931456][ T6922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b0d8 [ 736.931470][ T6922] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 736.931479][ T6922] flags: 0x80000000000040(head|node=0|zone=1) [ 736.931493][ T6922] page_type: f5(slab) [ 736.931503][ T6922] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122 [ 736.931512][ T6922] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 736.931522][ T6922] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122 [ 736.931530][ T6922] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 736.931540][ T6922] head: 0080000000000003 ffffea00016c3601 00000000ffffffff 00000000ffffffff [ 736.931549][ T6922] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 736.931555][ T6922] page dumped because: kasan: bad access detected [ 736.931564][ T6922] page_owner tracks the page as allocated [ 736.931567][ T6922] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5802, tgid 5802 (syz-executor), ts 75336649668, free_ts 0 [ 736.931587][ T6922] post_alloc_hook+0x231/0x280 [ 736.931626][ T6922] get_page_from_freelist+0x28bb/0x2950 [ 736.931659][ T6922] __alloc_frozen_pages_noprof+0x18d/0x380 [ 736.931669][ T6922] alloc_pages_mpol+0xd1/0x380 [ 736.931723][ T6922] allocate_slab+0x83/0x660 [ 736.931754][ T6922] ___slab_alloc+0x152/0x660 [ 736.931764][ T6922] __kmalloc_node_track_caller_noprof+0x29d/0x7e0 [ 736.931779][ T6922] pskb_expand_head+0x228/0x1320 [ 736.931794][ T6922] netlink_trim+0x1b3/0x2c0 [ 736.931861][ T6922] netlink_broadcast_filtered+0xd6/0x1010 [ 736.931876][ T6922] nlmsg_notify+0xf0/0x1a0 [ 736.931885][ T6922] rtnetlink_event+0x224/0x270 [ 736.931921][ T6922] notifier_call_chain+0x1be/0x400 [ 736.931931][ T6922] netif_set_mac_address+0x39f/0x4e0 [ 736.931970][ T6922] do_setlink+0x9b1/0x4590 [ 736.932002][ T6922] rtnl_newlink+0x15a9/0x1be0 [ 736.932012][ T6922] page_owner free stack trace missing [ 736.932017][ T6922] [ 736.932019][ T6922] Memory state around the buggy address: [ 736.932025][ T6922] ffff88805b0de680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.932032][ T6922] ffff88805b0de700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.932039][ T6922] >ffff88805b0de780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.932044][ T6922] ^ [ 736.932050][ T6922] ffff88805b0de800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 736.932056][ T6922] ffff88805b0de880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 736.932061][ T6922] ================================================================== [ 736.932108][ T6922] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 736.932119][ T6922] CPU: 1 UID: 0 PID: 6922 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 736.932132][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 736.932139][ T6922] Workqueue: hci4 hci_rx_work [ 736.932154][ T6922] Call Trace: [ 736.932160][ T6922] [ 736.932165][ T6922] vpanic+0x56c/0xa60 [ 736.932182][ T6922] ? __pfx_vpanic+0x10/0x10 [ 736.932197][ T6922] ? __pfx___schedule+0x10/0x10 [ 736.932212][ T6922] panic+0xc5/0xd0 [ 736.932225][ T6922] ? __pfx_panic+0x10/0x10 [ 736.932240][ T6922] ? preempt_schedule_common+0x82/0xd0 [ 736.932253][ T6922] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.932265][ T6922] check_panic_on_warn+0x89/0xb0 [ 736.932277][ T6922] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.932288][ T6922] end_report+0x73/0x180 [ 736.932303][ T6922] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.932314][ T6922] kasan_report+0x128/0x150 [ 736.932328][ T6922] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.932342][ T6922] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 736.932354][ T6922] l2cap_connect_cfm+0x368/0x1390 [ 736.932366][ T6922] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 736.932377][ T6922] ? _raw_spin_unlock_irqrestore+0x74/0x80 [ 736.932391][ T6922] ? mutex_lock_nested+0x152/0x1d0 [ 736.932400][ T6922] ? hci_connect_cfm+0x2c/0x140 [ 736.932414][ T6922] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 736.932424][ T6922] hci_connect_cfm+0x95/0x140 [ 736.932439][ T6922] le_conn_complete_evt+0xf65/0x1430 [ 736.932458][ T6922] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 736.932475][ T6922] ? lockdep_hardirqs_on+0x7a/0x110 [ 736.932488][ T6922] ? irqentry_exit+0x59e/0x620 [ 736.932500][ T6922] ? rcu_is_watching+0x15/0xb0 [ 736.932512][ T6922] ? skb_pull_data+0xfb/0x200 [ 736.932527][ T6922] hci_le_conn_complete_evt+0x187/0x470 [ 736.932543][ T6922] hci_event_packet+0x7af/0x12c0 [ 736.932557][ T6922] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 736.932571][ T6922] ? __pfx_hci_event_packet+0x10/0x10 [ 736.932582][ T6922] ? preempt_schedule_common+0x82/0xd0 [ 736.932595][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 736.932607][ T6922] ? hci_send_to_monitor+0xe2/0x590 [ 736.932618][ T6922] hci_rx_work+0x3ee/0x1030 [ 736.932630][ T6922] ? preempt_schedule_thunk+0x16/0x30 [ 736.932647][ T6922] ? process_scheduled_works+0xa25/0x1830 [ 736.932661][ T6922] process_scheduled_works+0xb02/0x1830 [ 736.932680][ T6922] ? __pfx_process_scheduled_works+0x10/0x10 [ 736.932695][ T6922] ? assign_work+0x3d5/0x5e0 [ 736.932708][ T6922] worker_thread+0xa50/0xfc0 [ 736.932727][ T6922] kthread+0x388/0x470 [ 736.932738][ T6922] ? __pfx_worker_thread+0x10/0x10 [ 736.932750][ T6922] ? __pfx_kthread+0x10/0x10 [ 736.932760][ T6922] ret_from_fork+0x51e/0xb90 [ 736.932774][ T6922] ? __pfx_ret_from_fork+0x10/0x10 [ 736.932787][ T6922] ? __switch_to+0xc7d/0x1450 [ 736.932800][ T6922] ? __pfx_kthread+0x10/0x10 [ 736.932809][ T6922] ret_from_fork_asm+0x1a/0x30 [ 736.932823][ T6922] [ 736.933122][ T6922] Kernel Offset: disabled