last executing test programs: 10.483307762s ago: executing program 4 (id=746): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x14, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc0405602, &(0x7f0000000480)=@multiplanar_userptr={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "023d2134"}, 0x0, 0x2, {0x0}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) r2 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) readv(r4, &(0x7f0000000780)=[{&(0x7f0000000580)=""/225, 0xe1}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000040)='ceph\x00', 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$procfs(0xffffffffffffff9c, &(0x7f0000002280)='/proc/cpuinfo\x00', 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r8 = timerfd_create(0x0, 0x80000) r9 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa402, 0x0) fallocate(r9, 0x0, 0x4, 0x100000000000009) ioctl$TFD_IOC_SET_TICKS(r8, 0x40085400, 0x0) lseek(r7, 0xfffd, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f000000000000000000", 0x19) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x89ff, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) 9.215482434s ago: executing program 4 (id=749): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000980)=ANY=[@ANYBLOB="e6bf049d51e61f8dc06efe03001e7bdac916ed8df2f7182d5aafb1d1756c4b514543", @ANYRES16, @ANYBLOB="000128bd7000fedbdf", @ANYBLOB="0500180127"], 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x4004840) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 8.185840113s ago: executing program 0 (id=751): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xffffffff}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) 8.049727813s ago: executing program 0 (id=754): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4404c880) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 7.91148748s ago: executing program 3 (id=755): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r0 = socket$kcm(0x23, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4) listen(r0, 0x800) 7.888909973s ago: executing program 0 (id=756): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, 0x0, 0x0) 6.903483788s ago: executing program 3 (id=758): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x3, @multicast, 'macvlan1\x00'}}, 0x1e) sendmmsg$sock(r0, &(0x7f0000001dc0), 0x40000a6, 0x48850) sendmmsg(r0, &(0x7f0000002780)=[{{0x0, 0x0, &(0x7f0000000e00)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8000) 6.902905369s ago: executing program 0 (id=759): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x14, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc0405602, &(0x7f0000000480)=@multiplanar_userptr={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "023d2134"}, 0x0, 0x2, {0x0}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) r2 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) readv(r4, &(0x7f0000000780)=[{&(0x7f0000000580)=""/225, 0xe1}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000040)='ceph\x00', 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$procfs(0xffffffffffffff9c, &(0x7f0000002280)='/proc/cpuinfo\x00', 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r8 = timerfd_create(0x0, 0x80000) r9 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa402, 0x0) fallocate(r9, 0x0, 0x4, 0x100000000000009) ioctl$TFD_IOC_SET_TICKS(r8, 0x40085400, 0x0) lseek(r7, 0xfffd, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f000000000000000000", 0x19) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x89ff, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) 5.803305158s ago: executing program 4 (id=760): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5"}, 0x3c) r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r2, 0x40106f52, 0x0) r3 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$NILFS_IOCTL_GET_SUSTAT(r3, 0x80306e85, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r4, &(0x7f0000000440), 0x10) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x2010, r0, 0x8aa19000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r4, 0x28, 0x2, &(0x7f0000000200)=0x8, 0x8) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r5, 0x0) r6 = accept4$unix(r4, 0x0, 0x0, 0x80800) sendto$packet(r3, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847689e7fd3f3fe7bf05ddc63ff512d4074687760a5fbd1fc97777a6e55123f04cc8437b15f4b2c6f5027dcea15b6658d", 0x44, 0x20040881, 0x0, 0x0) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$PTP_ENABLE_PPS(r7, 0x40043d04, 0x1) recvmsg(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)=""/74, 0xffffff78}], 0x1}, 0x10012) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000080)={@dev={0xac, 0x14, 0x14, 0x41}, @multicast1, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a015a", 0x0, 0x0, 0x200000}, 0x3c) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, &(0x7f0000000180)=ANY=[]) 5.659162455s ago: executing program 0 (id=761): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015", 0x1f}], 0x1}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff00}, 0x48) 5.535828723s ago: executing program 3 (id=764): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x4}}, 0x10) bind$tipc(r1, 0x0, 0x0) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) bind$tipc(r0, 0x0, 0x0) 5.398537353s ago: executing program 1 (id=766): socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a69000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5.356304941s ago: executing program 3 (id=767): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000e40)={0x1c, &(0x7f0000000900)={0x40, 0x16}, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac3(r0, 0x0, 0x0) 5.278337587s ago: executing program 2 (id=768): r0 = syz_open_dev$dmmidi(&(0x7f0000000040), 0x1, 0x92a02) pwritev2(r0, &(0x7f0000001c40), 0x0, 0x7ff, 0x6, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x2000008c}, 0x80) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004855) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000001800)={0x0, 0x0, 0x0}, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000300)) keyctl$search(0xa, r6, 0x0, 0x0, r6) keyctl$setperm(0x5, r6, 0x101008) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000) r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) 4.980695334s ago: executing program 4 (id=769): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r0 = socket$kcm(0x23, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4) listen(r0, 0x800) 4.132408584s ago: executing program 0 (id=770): socket$inet_udp(0x2, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x4040800}, 0x40080) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ipvlan1\x00'}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x2d, 0x20040040) dup3(r3, r4, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write(r0, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f00", 0x20) r5 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r5, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r7 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', r6}) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r7) keyctl$read(0xb, r7, &(0x7f0000000340)=""/131, 0x83) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r8 = getpid() syz_pidfd_open(r8, 0x0) syz_open_procfs(r8, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000015c0)={&(0x7f0000001480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xc, [@fwd={0xa}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0xffd}}]}, {0x0, [0x5f, 0x30, 0x61, 0x30, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x48, 0x0, 0x1, 0x2000000}, 0x28) syz_usb_connect(0x0, 0x164, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007af28810d30b55055b000000000109025201010000000009044000000e010000082406"], 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 4.13089357s ago: executing program 3 (id=771): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x14, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc0405602, &(0x7f0000000480)=@multiplanar_userptr={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "023d2134"}, 0x0, 0x2, {0x0}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) r2 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) readv(r4, &(0x7f0000000780)=[{&(0x7f0000000580)=""/225, 0xe1}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000040)='ceph\x00', 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$procfs(0xffffffffffffff9c, &(0x7f0000002280)='/proc/cpuinfo\x00', 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r8 = timerfd_create(0x0, 0x80000) r9 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa402, 0x0) fallocate(r9, 0x0, 0x4, 0x100000000000009) ioctl$TFD_IOC_SET_TICKS(r8, 0x40085400, 0x0) lseek(r7, 0xfffd, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f000000000000000000", 0x19) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x89ff, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) 4.081127939s ago: executing program 2 (id=772): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x13, 0xffffffffffffffff, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000000440)="b25b", 0x2}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)='\b', 0x1}, {&(0x7f0000000100)="2a1b1a4552a31452d5c73c376f8a", 0xe}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce", 0x1}, {&(0x7f00000007c0)="f2", 0xfea9}, {&(0x7f0000002e40)="d4"}], 0x3}}, {{0x0, 0x0, &(0x7f0000000b40), 0x3}}, {{0x0, 0x57, &(0x7f0000000a40)=[{&(0x7f0000000340)='\x00', 0xffffffb6}], 0x1}}], 0x4, 0x4000084) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) 3.964331573s ago: executing program 2 (id=773): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x112}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='/', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.914463521s ago: executing program 2 (id=774): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2000000002) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_gettime(0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000000000000000000000000000061194c0000040000950000000000000047b7fbc828a3574ded64ddae01a2808503666c91d321e2175fcc1ffb2cde599f3d5b08cbb144dfb2d1359acd8ce8c4bf8ef06a4fa6754d63bffe40d843c5fd4a8618457f4bf97fe6ba30876d695e05e331fdacc738061c2222192d0d7c04"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x1000}, 0x14}, 0x1, 0x0, 0x0, 0x24040000}, 0x4800) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00') 2.870141589s ago: executing program 1 (id=775): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x32, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x80854}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa}, {}, {0x1c, 0xfff9}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000004}, 0x44040) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.659305274s ago: executing program 3 (id=776): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe, 0x0, 0x8000}}}}}}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) unshare(0x24060400) socket(0x1e, 0x4, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91cfdf", 0x3}], 0x1}, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x9, 0x0, 0x80000001, 0x7fb, 0x8, 0x100200}, 0x0, &(0x7f0000000240)={0x1e, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0xa}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 1.728591844s ago: executing program 2 (id=777): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r1, 0x0, 0x0) bind$tipc(r0, 0x0, 0x0) 1.595443481s ago: executing program 1 (id=778): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff00}, 0x48) 1.50295228s ago: executing program 1 (id=779): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2000000002) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_gettime(0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000000000000000000000000000061194c0000040000950000000000000047b7fbc828a3574ded64ddae01a2808503666c91d321e2175fcc1ffb2cde599f3d5b08cbb144dfb2d1359acd8ce8c4bf8ef06a4fa6754d63bffe40d843c5fd4a8618457f4bf97fe6ba30876d695e05e331fdacc738061c2222192d0d7c04"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) socket$kcm(0x10, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x1000}, 0x14}, 0x1, 0x0, 0x0, 0x24040000}, 0x4800) ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00') 449.094465ms ago: executing program 1 (id=780): socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 448.694582ms ago: executing program 4 (id=781): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}}], 0x1, 0x4404c880) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 383.08633ms ago: executing program 2 (id=782): r0 = syz_open_dev$dmmidi(&(0x7f0000000040), 0x1, 0x92a02) pwritev2(r0, &(0x7f0000001c40), 0x0, 0x7ff, 0x6, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x2000008c}, 0x80) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004855) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000001800)={0x0, 0x0, 0x0}, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000300)) keyctl$search(0xa, r6, 0x0, 0x0, r6) keyctl$setperm(0x5, r6, 0x101008) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000) r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) 189.878381ms ago: executing program 4 (id=783): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000000480)=0xffff8001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x13, 0xffffffffffffffff, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000000440)="b25b", 0x2}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)='\b', 0x1}, {&(0x7f0000000100)="2a1b1a4552a31452d5c73c376f8a", 0xe}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce", 0x1}, {&(0x7f00000007c0)="f2", 0xfea9}, {&(0x7f0000002e40)="d4"}], 0x3}}, {{0x0, 0x0, &(0x7f0000000b40), 0x3}}, {{0x0, 0x57, &(0x7f0000000a40)=[{&(0x7f0000000340)='\x00', 0xffffffb6}], 0x1}}], 0x4, 0x4000084) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) 0s ago: executing program 1 (id=784): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='mountinfo\x00') ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f00000001c0)) unshare(0x6020400) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts. [ 70.239266][ T5575] cgroup: Unknown subsys name 'net' [ 70.481682][ T5575] cgroup: Unknown subsys name 'cpuset' [ 70.525390][ T5575] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.291130][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.291223][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.196091][ T5575] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.937891][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.946829][ T5596] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.962312][ T5597] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.971348][ T5597] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.983546][ T5605] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.993040][ T5605] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.012238][ T5605] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.016813][ T5605] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.039125][ T5605] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.041983][ T5605] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.042479][ T5605] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.044438][ T5605] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.045682][ T5605] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.047958][ T5605] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.049514][ T5605] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.053786][ T4910] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.058668][ T4910] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.059042][ T4910] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.059223][ T5600] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.060614][ T5607] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.065196][ T4910] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.073795][ T5607] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.074360][ T4910] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.076206][ T5607] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.086966][ T5593] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.166002][ T5607] Bluetooth: hci1: command tx timeout [ 78.166002][ T59] Bluetooth: hci3: command tx timeout [ 78.166150][ T59] Bluetooth: hci4: command tx timeout [ 78.166162][ T5607] Bluetooth: hci2: command tx timeout [ 78.245096][ T5597] Bluetooth: hci0: command tx timeout [ 78.311048][ T5590] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.311852][ T5590] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.312344][ T5590] bridge_slave_0: entered allmulticast mode [ 78.313807][ T5590] bridge_slave_0: entered promiscuous mode [ 78.364502][ T5591] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.364604][ T5591] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.364865][ T5591] bridge_slave_0: entered allmulticast mode [ 78.367805][ T5591] bridge_slave_0: entered promiscuous mode [ 78.396188][ T5590] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.396298][ T5590] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.396439][ T5590] bridge_slave_1: entered allmulticast mode [ 78.398483][ T5590] bridge_slave_1: entered promiscuous mode [ 78.431969][ T5587] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.432084][ T5587] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.432259][ T5587] bridge_slave_0: entered allmulticast mode [ 78.433952][ T5587] bridge_slave_0: entered promiscuous mode [ 78.442099][ T5591] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.442206][ T5591] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.442705][ T5591] bridge_slave_1: entered allmulticast mode [ 78.445218][ T5591] bridge_slave_1: entered promiscuous mode [ 78.494651][ T5588] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.494720][ T5588] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.494816][ T5588] bridge_slave_0: entered allmulticast mode [ 78.506275][ T5588] bridge_slave_0: entered promiscuous mode [ 78.509101][ T5587] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.509209][ T5587] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.510064][ T5587] bridge_slave_1: entered allmulticast mode [ 78.513442][ T5587] bridge_slave_1: entered promiscuous mode [ 78.571899][ T5588] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.571985][ T5588] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.572241][ T5588] bridge_slave_1: entered allmulticast mode [ 78.573603][ T5588] bridge_slave_1: entered promiscuous mode [ 78.622859][ T5590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.670042][ T5591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.673059][ T5590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.706505][ T5587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.711046][ T5591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.742298][ T5589] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.742367][ T5589] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.742453][ T5589] bridge_slave_0: entered allmulticast mode [ 78.746298][ T5589] bridge_slave_0: entered promiscuous mode [ 78.754460][ T5588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.760587][ T5587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.948446][ T5589] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.948546][ T5589] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.948684][ T5589] bridge_slave_1: entered allmulticast mode [ 78.950062][ T5589] bridge_slave_1: entered promiscuous mode [ 78.953012][ T5588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.000615][ T5590] team0: Port device team_slave_0 added [ 79.039814][ T5591] team0: Port device team_slave_0 added [ 79.041844][ T5590] team0: Port device team_slave_1 added [ 79.070712][ T5587] team0: Port device team_slave_0 added [ 79.072555][ T5591] team0: Port device team_slave_1 added [ 79.091028][ T5589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.093108][ T5588] team0: Port device team_slave_0 added [ 79.104164][ T5587] team0: Port device team_slave_1 added [ 79.132667][ T5589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.134177][ T5588] team0: Port device team_slave_1 added [ 79.172135][ T5590] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.172149][ T5590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.172173][ T5590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.238138][ T5591] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.238153][ T5591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.238177][ T5591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.239419][ T5590] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.239432][ T5590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.239455][ T5590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.284854][ T5587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.284866][ T5587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.284889][ T5587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.302673][ T5591] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.302686][ T5591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.302710][ T5591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.331519][ T5589] team0: Port device team_slave_0 added [ 79.332691][ T5587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.332702][ T5587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.332733][ T5587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.338924][ T5588] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.338936][ T5588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.338959][ T5588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.365602][ T5589] team0: Port device team_slave_1 added [ 79.377669][ T5588] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.377681][ T5588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.377704][ T5588] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.537494][ T5589] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.537508][ T5589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.537531][ T5589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.586940][ T5590] hsr_slave_0: entered promiscuous mode [ 79.588323][ T5590] hsr_slave_1: entered promiscuous mode [ 79.590741][ T5589] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.590753][ T5589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.590777][ T5589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.604077][ T5591] hsr_slave_0: entered promiscuous mode [ 79.605987][ T5591] hsr_slave_1: entered promiscuous mode [ 79.606947][ T5591] debugfs: 'hsr0' already exists in 'hsr' [ 79.607458][ T5591] Cannot create hsr debugfs directory [ 79.685604][ T5587] hsr_slave_0: entered promiscuous mode [ 79.686302][ T5587] hsr_slave_1: entered promiscuous mode [ 79.687495][ T5587] debugfs: 'hsr0' already exists in 'hsr' [ 79.687515][ T5587] Cannot create hsr debugfs directory [ 79.729833][ T5588] hsr_slave_0: entered promiscuous mode [ 79.730556][ T5588] hsr_slave_1: entered promiscuous mode [ 79.731035][ T5588] debugfs: 'hsr0' already exists in 'hsr' [ 79.731051][ T5588] Cannot create hsr debugfs directory [ 79.857063][ T5589] hsr_slave_0: entered promiscuous mode [ 79.857772][ T5589] hsr_slave_1: entered promiscuous mode [ 79.858321][ T5589] debugfs: 'hsr0' already exists in 'hsr' [ 79.858338][ T5589] Cannot create hsr debugfs directory [ 80.246055][ T59] Bluetooth: hci4: command tx timeout [ 80.246087][ T59] Bluetooth: hci1: command tx timeout [ 80.246214][ T5597] Bluetooth: hci2: command tx timeout [ 80.255144][ T5597] Bluetooth: hci3: command tx timeout [ 80.325366][ T5597] Bluetooth: hci0: command tx timeout [ 80.836582][ T5590] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.886585][ T5590] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.898012][ T5590] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.946963][ T5590] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.950650][ T5590] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.978704][ T5590] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.001174][ T5590] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.029254][ T5590] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.122104][ T5591] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.168331][ T5591] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.173728][ T5591] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.220870][ T5591] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.222907][ T5591] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.250193][ T5591] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.276151][ T5591] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.308613][ T5591] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.434623][ T5587] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.458658][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.462674][ T5587] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.490674][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.493884][ T5587] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.532352][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.591817][ T1244] cfg80211: failed to load regulatory.db [ 81.624110][ T5587] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.654769][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.968784][ T5588] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 81.998593][ T5588] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.013810][ T5588] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.037952][ T5588] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.044516][ T5588] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.071346][ T5588] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.097298][ T5588] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.128807][ T5588] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.238123][ T5590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.277692][ T5589] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.307978][ T5589] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.311687][ T5589] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.325348][ T5597] Bluetooth: hci3: command tx timeout [ 82.325379][ T5607] Bluetooth: hci2: command tx timeout [ 82.325383][ T5597] Bluetooth: hci1: command tx timeout [ 82.325403][ T5607] Bluetooth: hci4: command tx timeout [ 82.357919][ T5589] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.361721][ T5589] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.397178][ T5589] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.402479][ T5589] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.405341][ T5607] Bluetooth: hci0: command tx timeout [ 82.457810][ T5589] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.489427][ T5591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.492315][ T5590] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.536592][ T1184] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.536926][ T1184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.582497][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.582603][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.606786][ T5591] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.649136][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.649719][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.660905][ T5587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.702995][ T1184] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.703064][ T1184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.771138][ T5587] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.827462][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.827535][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.858740][ T5588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.866476][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.866653][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.974607][ T5588] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.083350][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.086014][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.117655][ T5589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.140038][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.142264][ T4279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.306960][ T5589] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.383899][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.384102][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.441706][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.441830][ T4279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.994891][ T5590] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.348471][ T5591] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.383852][ T5590] veth0_vlan: entered promiscuous mode [ 84.405939][ T5607] Bluetooth: hci2: command tx timeout [ 84.405966][ T5607] Bluetooth: hci4: command tx timeout [ 84.405985][ T5607] Bluetooth: hci1: command tx timeout [ 84.406004][ T5607] Bluetooth: hci3: command tx timeout [ 84.456494][ T5590] veth1_vlan: entered promiscuous mode [ 84.488354][ T59] Bluetooth: hci0: command tx timeout [ 84.614866][ T5587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.724378][ T5591] veth0_vlan: entered promiscuous mode [ 84.750785][ T5588] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.773967][ T5590] veth0_macvtap: entered promiscuous mode [ 84.793901][ T5591] veth1_vlan: entered promiscuous mode [ 84.797228][ T5590] veth1_macvtap: entered promiscuous mode [ 84.896043][ T5590] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.917798][ T5587] veth0_vlan: entered promiscuous mode [ 84.947367][ T5590] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.012478][ T5587] veth1_vlan: entered promiscuous mode [ 85.019388][ T56] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.036364][ T56] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.040292][ T5591] veth0_macvtap: entered promiscuous mode [ 85.070020][ T56] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.075184][ T56] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.140033][ T5591] veth1_macvtap: entered promiscuous mode [ 85.256992][ T5589] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.494530][ T5591] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.578374][ T5587] veth0_macvtap: entered promiscuous mode [ 85.583175][ T5591] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.637090][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.637107][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.668630][ T5587] veth1_macvtap: entered promiscuous mode [ 85.711508][ T43] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.727548][ T43] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.747943][ T43] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.777542][ T43] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.863790][ T5588] veth0_vlan: entered promiscuous mode [ 85.868012][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.868029][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.892214][ T5587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.995328][ T5589] veth0_vlan: entered promiscuous mode [ 86.017115][ T5587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.112574][ T5588] veth1_vlan: entered promiscuous mode [ 86.132156][ T4279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.140400][ T5589] veth1_vlan: entered promiscuous mode [ 86.149368][ T4279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.153820][ T4279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.210057][ T4279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.530914][ T5787] syz.2.3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 86.639819][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.639836][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.105180][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.105197][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.114597][ T5588] veth0_macvtap: entered promiscuous mode [ 87.142844][ T5589] veth0_macvtap: entered promiscuous mode [ 87.203497][ T5588] veth1_macvtap: entered promiscuous mode [ 87.266078][ T5589] veth1_macvtap: entered promiscuous mode [ 87.308126][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.308141][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.440767][ T5588] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.479033][ T5589] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.593787][ T5588] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.595873][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.595888][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.600554][ T5589] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.696942][ T4279] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.710626][ T4279] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.713112][ T4279] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.714634][ T4279] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.740718][ T4279] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.758617][ T4279] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.763109][ T4279] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.792579][ T4279] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.894444][ T5795] loop2: detected capacity change from 0 to 7 [ 88.082850][ T5795] Dev loop2: unable to read RDB block 7 [ 88.082885][ T5795] loop2: AHDI p1 p2 p3 [ 88.082910][ T5795] loop2: partition table partially beyond EOD, truncated [ 88.137865][ T5795] loop2: p1 start 1601398130 is beyond EOD, truncated [ 88.137888][ T5795] loop2: p2 start 1702059890 is beyond EOD, truncated [ 88.658103][ T5802] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.059778][ T4279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.059796][ T4279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.466190][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.466208][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.477057][ T4279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.477073][ T4279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.613766][ T5809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9'. [ 89.781066][ T1023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.781085][ T1023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.569804][ T5824] IPv6: syztnl0: Disabled Multicast RS [ 91.552197][ T5602] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 91.815543][ T5602] usb 3-1: Using ep0 maxpacket: 32 [ 91.909769][ T5602] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.909805][ T5602] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.909844][ T5602] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 91.909866][ T5602] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.002941][ T5602] usb 3-1: config 0 descriptor?? [ 92.197259][ T5602] usbhid 3-1:0.0: fixing wrong optional hid class descriptors count [ 92.522665][ T5831] bridge0: port 2(bridge_slave_1) entered listening state [ 92.708650][ T5838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 92.708683][ T5838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 92.853809][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.800003][ T5602] usbhid 3-1:0.0: can't add hid device: -71 [ 93.836862][ T5602] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 93.981964][ T37] audit: type=1326 audit(1777243865.400:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 93.981999][ T37] audit: type=1326 audit(1777243865.400:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.006739][ T5857] binder: 5854:5857 ioctl c0306201 200000000080 returned -14 [ 94.037564][ T5602] usb 3-1: USB disconnect, device number 2 [ 94.073053][ T5855] ======================================================= [ 94.073053][ T5855] WARNING: The mand mount option has been deprecated and [ 94.073053][ T5855] and is ignored by this kernel. Remove the mand [ 94.073053][ T5855] option from the mount to silence this warning. [ 94.073053][ T5855] ======================================================= [ 94.088515][ T5859] binder: 5854:5859 ioctl c0306201 2000000003c0 returned -14 [ 94.088585][ T37] audit: type=1326 audit(1777243865.500:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088625][ T37] audit: type=1326 audit(1777243865.500:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088660][ T37] audit: type=1326 audit(1777243865.500:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088694][ T37] audit: type=1326 audit(1777243865.500:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088728][ T37] audit: type=1326 audit(1777243865.500:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088777][ T37] audit: type=1326 audit(1777243865.500:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088812][ T37] audit: type=1326 audit(1777243865.500:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.088846][ T37] audit: type=1326 audit(1777243865.500:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5856 comm="syz.4.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 94.948032][ T5873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'. [ 94.948073][ T5873] netlink: 20 bytes leftover after parsing attributes in process `syz.0.25'. [ 95.158253][ T5873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'. [ 95.158285][ T5873] netlink: 20 bytes leftover after parsing attributes in process `syz.0.25'. [ 95.159577][ T1128] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.217223][ T5873] Zero length message leads to an empty skb [ 95.217278][ T1128] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.232543][ T1128] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.236945][ T1128] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.682637][ T5884] syz.0.29: vmalloc error: size 17179873280, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 95.682907][ T5884] CPU: 0 UID: 0 PID: 5884 Comm: syz.0.29 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 95.682935][ T5884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 95.682954][ T5884] Call Trace: [ 95.682961][ T5884] [ 95.682969][ T5884] dump_stack_lvl+0xe8/0x150 [ 95.683005][ T5884] warn_alloc+0x263/0x3e0 [ 95.683037][ T5884] ? __pfx_warn_alloc+0x10/0x10 [ 95.683058][ T5884] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 95.683098][ T5884] ? kasan_save_track+0x4f/0x80 [ 95.683117][ T5884] ? kasan_save_track+0x3e/0x80 [ 95.683135][ T5884] ? __kasan_kmalloc+0x93/0xb0 [ 95.683155][ T5884] ? xskq_create+0x56/0x170 [ 95.683180][ T5884] ? xsk_init_queue+0x8a/0xe0 [ 95.683204][ T5884] ? xsk_setsockopt+0x603/0x990 [ 95.683234][ T5884] ? do_sock_setsockopt+0x17c/0x1b0 [ 95.683261][ T5884] __vmalloc_node_range_noprof+0x132/0x1750 [ 95.683316][ T5884] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 95.683348][ T5884] ? __kasan_kmalloc+0x93/0xb0 [ 95.683374][ T5884] vmalloc_user_noprof+0xad/0xe0 [ 95.683396][ T5884] ? xskq_create+0xbf/0x170 [ 95.683424][ T5884] xskq_create+0xbf/0x170 [ 95.683455][ T5884] xsk_init_queue+0x8a/0xe0 [ 95.683485][ T5884] xsk_setsockopt+0x603/0x990 [ 95.683513][ T5884] ? __pfx_xsk_setsockopt+0x10/0x10 [ 95.683546][ T5884] ? __fget_files+0x2a/0x420 [ 95.683578][ T5884] ? __fget_files+0x2a/0x420 [ 95.683606][ T5884] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 95.683627][ T5884] ? __pfx_xsk_setsockopt+0x10/0x10 [ 95.683654][ T5884] do_sock_setsockopt+0x17c/0x1b0 [ 95.683681][ T5884] __x64_sys_setsockopt+0x143/0x1b0 [ 95.683705][ T5884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.683727][ T5884] do_syscall_64+0x15f/0xf80 [ 95.683745][ T5884] ? trace_irq_disable+0x3b/0x140 [ 95.683768][ T5884] ? clear_bhb_loop+0x40/0x90 [ 95.683793][ T5884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.683813][ T5884] RIP: 0033:0x7f59039ecdd9 [ 95.683836][ T5884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.683853][ T5884] RSP: 002b:00007f5901c25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 95.683873][ T5884] RAX: ffffffffffffffda RBX: 00007f5903c66090 RCX: 00007f59039ecdd9 [ 95.683888][ T5884] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000003 [ 95.683901][ T5884] RBP: 00007f5903a82d69 R08: 0000000000000004 R09: 0000000000000000 [ 95.683913][ T5884] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 95.683926][ T5884] R13: 00007f5903c66128 R14: 00007f5903c66090 R15: 00007ffe26e35288 [ 95.683958][ T5884] [ 95.925719][ T5884] Mem-Info: [ 95.925731][ T5884] active_anon:182 inactive_anon:14384 isolated_anon:0 [ 95.925731][ T5884] active_file:5113 inactive_file:44402 isolated_file:0 [ 95.925731][ T5884] unevictable:768 dirty:628 writeback:0 [ 95.925731][ T5884] slab_reclaimable:11427 slab_unreclaimable:101927 [ 95.925731][ T5884] mapped:36901 shmem:8068 pagetables:1177 [ 95.925731][ T5884] sec_pagetables:0 bounce:0 [ 95.925731][ T5884] kernel_misc_reclaimable:0 [ 95.925731][ T5884] free:1316767 free_pcp:8134 free_cma:0 [ 95.925790][ T5884] Node 0 active_anon:728kB inactive_anon:57536kB active_file:20252kB inactive_file:177608kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:147604kB dirty:2508kB writeback:0kB shmem:30736kB kernel_stack:12868kB pagetables:4556kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 95.925841][ T5884] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 95.925905][ T5884] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 95.925990][ T5884] lowmem_reserve[]: 0 2506 2506 2506 2506 [ 95.926024][ T5884] Node 0 DMA32 free:1321728kB boost:0kB min:3928kB low:6464kB high:9000kB reserved_highatomic:0KB free_highatomic:0KB active_anon:728kB inactive_anon:57536kB active_file:20252kB inactive_file:177608kB unevictable:1536kB writepending:2508kB zspages:0kB present:3129332kB managed:2566640kB mlocked:0kB bounce:0kB free_pcp:32536kB local_pcp:13456kB free_cma:0kB [ 95.926086][ T5884] lowmem_reserve[]: 0 0 0 0 0 [ 95.926117][ T5884] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:216kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 95.926172][ T5884] lowmem_reserve[]: 0 0 0 0 0 [ 95.926202][ T5884] Node 1 Normal free:3929980kB boost:0kB min:6368kB low:10476kB high:14584kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 95.926260][ T5884] lowmem_reserve[]: 0 0 0 0 0 [ 95.926291][ T5884] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 95.926524][ T5884] Node 0 DMA32: 1329*4kB (UE) 409*8kB (UE) 59*16kB (U) 8*32kB (UM) 2*64kB (UM) 2*128kB (UM) 2*256kB (UM) 2*512kB (ME) 1*1024kB (U) 3*2048kB (UME) 318*4096kB (M) = 1321404kB [ 96.070843][ T5884] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 96.070940][ T5884] Node 1 Normal: 5*4kB (UM) 11*8kB (UM) 3*16kB (UM) 7*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 958*4096kB (M) = 3929980kB [ 96.071099][ T5884] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 96.071116][ T5884] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 96.071132][ T5884] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 96.071147][ T5884] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 96.071163][ T5884] 57680 total pagecache pages [ 96.071175][ T5884] 1 pages in swap cache [ 96.071181][ T5884] Free swap = 124992kB [ 96.071188][ T5884] Total swap = 124996kB [ 96.071194][ T5884] 2097051 pages RAM [ 96.071201][ T5884] 0 pages HighMem/MovableOnly [ 96.071208][ T5884] 423722 pages reserved [ 96.071214][ T5884] 0 pages cma reserved [ 96.872061][ T5896] binder: 5895:5896 ioctl c0306201 200000000080 returned -14 [ 96.875502][ T5896] binder: 5895:5896 ioctl c0306201 2000000003c0 returned -14 [ 97.737212][ T5910] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 98.022833][ T59] Bluetooth: hci2: unexpected subevent 0x01 length: 2 < 18 [ 98.560627][ T5928] binder: 5926:5928 ioctl c0306201 200000000080 returned -14 [ 98.561817][ T5928] binder: 5926:5928 ioctl c0306201 2000000003c0 returned -14 [ 98.795488][ T5935] binder: 5933:5935 ioctl c0306201 200000000080 returned -14 [ 98.803891][ T5935] binder: 5933:5935 ioctl c0306201 2000000003c0 returned -14 [ 99.075695][ T59] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 99.075719][ T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 99.075743][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 99.075756][ T59] Workqueue: hci3 hci_rx_work [ 99.075780][ T59] Call Trace: [ 99.075787][ T59] [ 99.075796][ T59] dump_stack_lvl+0xe8/0x150 [ 99.075825][ T59] sysfs_create_dir_ns+0x271/0x2a0 [ 99.075855][ T59] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 99.075883][ T59] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 99.075924][ T59] ? rt_spin_unlock+0x160/0x200 [ 99.075951][ T59] kobject_add_internal+0x631/0xd10 [ 99.075981][ T59] kobject_add+0x163/0x240 [ 99.076008][ T59] ? __pfx_kobject_add+0x10/0x10 [ 99.076036][ T59] ? get_device_parent+0x370/0x3a0 [ 99.076062][ T59] device_add+0x408/0xbb0 [ 99.076088][ T59] hci_conn_add_sysfs+0xd5/0x210 [ 99.076120][ T59] le_conn_complete_evt+0x10e6/0x16b0 [ 99.076154][ T59] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 99.076178][ T59] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 99.076207][ T59] ? lockdep_hardirqs_on+0x7a/0x110 [ 99.076238][ T59] ? skb_pull_data+0xfb/0x200 [ 99.076267][ T59] hci_le_conn_complete_evt+0x187/0x470 [ 99.076299][ T59] hci_event_packet+0x659/0xef0 [ 99.076336][ T59] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 99.076361][ T59] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 99.076382][ T59] ? __pfx_hci_event_packet+0x10/0x10 [ 99.076411][ T59] ? rt_spin_unlock+0x14f/0x200 [ 99.076446][ T59] ? hci_send_to_monitor+0xe2/0x590 [ 99.076474][ T59] hci_rx_work+0x3ee/0x1040 [ 99.076505][ T59] ? process_scheduled_works+0xa70/0x1860 [ 99.076529][ T59] process_scheduled_works+0xb5d/0x1860 [ 99.076583][ T59] ? __pfx_process_scheduled_works+0x10/0x10 [ 99.076611][ T59] ? assign_work+0x3d5/0x5e0 [ 99.076637][ T59] worker_thread+0xa53/0xfc0 [ 99.076687][ T59] kthread+0x388/0x470 [ 99.076715][ T59] ? __pfx_worker_thread+0x10/0x10 [ 99.076735][ T59] ? __pfx_kthread+0x10/0x10 [ 99.076763][ T59] ret_from_fork+0x514/0xb70 [ 99.076789][ T59] ? __pfx_ret_from_fork+0x10/0x10 [ 99.076811][ T59] ? __switch_to+0xc79/0x1410 [ 99.076844][ T59] ? __pfx_kthread+0x10/0x10 [ 99.076872][ T59] ret_from_fork_asm+0x1a/0x30 [ 99.076919][ T59] [ 99.077552][ T59] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 99.077597][ T59] Bluetooth: hci3: failed to register connection device [ 99.150446][ T5729] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.345166][ T5729] usb 2-1: Using ep0 maxpacket: 16 [ 99.364736][ T5729] usb 2-1: config 6 has an invalid interface number: 5 but max is 0 [ 99.364759][ T5729] usb 2-1: config 6 has no interface number 0 [ 99.364799][ T5729] usb 2-1: config 6 interface 5 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 99.364821][ T5729] usb 2-1: config 6 interface 5 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 99.364844][ T5729] usb 2-1: config 6 interface 5 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 99.370720][ T5729] usb 2-1: New USB device found, idVendor=05c6, idProduct=9037, bcdDevice=66.55 [ 99.370745][ T5729] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.370763][ T5729] usb 2-1: Product: â  [ 99.370776][ T5729] usb 2-1: Manufacturer: 倊 [ 99.370789][ T5729] usb 2-1: SerialNumber: ᩩ䤾᫳删톣 [ 99.510963][ T5937] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 99.898175][ T5729] usb 2-1: USB disconnect, device number 2 [ 99.990748][ T37] kauditd_printk_skb: 76 callbacks suppressed [ 99.990764][ T37] audit: type=1804 audit(1777243871.400:88): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.57" name="/newroot/13/file0" dev="tmpfs" ino=91 res=1 errno=0 [ 100.027357][ T5607] Bluetooth: hci3: unexpected subevent 0x01 length: 2 < 18 [ 100.626380][ T5970] loop2: detected capacity change from 0 to 7 [ 100.653143][ T5970] Dev loop2: unable to read RDB block 7 [ 100.653172][ T5970] loop2: AHDI p1 p2 p3 [ 100.653197][ T5970] loop2: partition table partially beyond EOD, truncated [ 100.653399][ T5970] loop2: p1 start 1601398130 is beyond EOD, truncated [ 100.653417][ T5970] loop2: p2 start 1702059890 is beyond EOD, truncated [ 100.700173][ T5713] Dev loop2: unable to read RDB block 7 [ 100.700203][ T5713] loop2: AHDI p1 p2 p3 [ 100.700230][ T5713] loop2: partition table partially beyond EOD, truncated [ 100.700472][ T5713] loop2: p1 start 1601398130 is beyond EOD, truncated [ 100.700489][ T5713] loop2: p2 start 1702059890 is beyond EOD, truncated [ 102.719505][ T5607] Bluetooth: hci1: unexpected subevent 0x01 length: 2 < 18 [ 102.752096][ T37] audit: type=1326 audit(1777243874.170:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.752232][ T37] audit: type=1326 audit(1777243874.170:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.802117][ T37] audit: type=1326 audit(1777243874.210:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.802161][ T37] audit: type=1326 audit(1777243874.220:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.802512][ T37] audit: type=1326 audit(1777243874.220:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.817736][ T37] audit: type=1326 audit(1777243874.240:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.817779][ T37] audit: type=1326 audit(1777243874.240:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.818282][ T37] audit: type=1326 audit(1777243874.240:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.819161][ T37] audit: type=1326 audit(1777243874.240:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6002 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831f14cdd9 code=0x7ffc0000 [ 102.994877][ T6012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'. [ 102.994910][ T6012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'. [ 103.188738][ T6007] bridge0: port 2(bridge_slave_1) entered listening state [ 103.360716][ T6007] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.464159][ T5607] Bluetooth: hci3: unexpected subevent 0x01 length: 2 < 18 [ 104.854555][ T6059] binder: 6058:6059 ioctl c0306201 2000000003c0 returned -14 [ 105.358384][ T5607] Bluetooth: hci3: command 0x0406 tx timeout [ 106.142971][ T37] kauditd_printk_skb: 138 callbacks suppressed [ 106.142989][ T37] audit: type=1804 audit(1777243877.560:236): pid=6075 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.96" name="/newroot/14/file0" dev="tmpfs" ino=91 res=1 errno=0 [ 106.379868][ T6085] binder: 6084:6085 ioctl c0306201 2000000003c0 returned -14 [ 106.453602][ T6088] overlayfs: missing 'lowerdir' [ 107.263851][ T6075] uprobe: syz.1.96:6075 failed to unregister, leaking uprobe [ 107.263923][ T6075] uprobe: syz.1.96:6075 failed to unregister, leaking uprobe [ 108.211552][ T6106] serio: Serial port ttyprintk [ 108.723513][ T6117] input: syz1 as /devices/virtual/input/input5 [ 108.853467][ T6125] CIFS: VFS: UNC: missing share name [ 108.854299][ T6125] CIFS: VFS: Malformed UNC in devname [ 110.075067][ T1244] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 110.238475][ T1244] usb 4-1: Using ep0 maxpacket: 16 [ 110.253183][ T1244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 110.276683][ T1244] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 110.276709][ T1244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.276727][ T1244] usb 4-1: Product: syz [ 110.276741][ T1244] usb 4-1: Manufacturer: syz [ 110.276755][ T1244] usb 4-1: SerialNumber: syz [ 111.160153][ T1244] usb 4-1: config 0 descriptor?? [ 111.201264][ T1244] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 111.203149][ T1244] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 111.843411][ T6160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.124'. [ 111.877773][ T6160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.124'. [ 112.411465][ T1244] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 112.783946][ T6164] overlayfs: failed to set uuid (24/file1, err=-1); falling back to uuid=null. [ 112.784008][ T6164] overlayfs: failed to verify upper root origin [ 113.016257][ T6165] serio: Serial port ttyprintk [ 113.425050][ T5721] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 113.559102][ T1244] em28xx 4-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 113.559131][ T1244] em28xx 4-1:0.0: board has no eeprom [ 113.600237][ T5721] usb 3-1: Using ep0 maxpacket: 16 [ 113.629500][ T5721] usb 3-1: config 6 has an invalid interface number: 5 but max is 0 [ 113.629526][ T5721] usb 3-1: config 6 has no interface number 0 [ 113.629570][ T5721] usb 3-1: config 6 interface 5 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 113.629591][ T5721] usb 3-1: config 6 interface 5 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 113.629617][ T5721] usb 3-1: config 6 interface 5 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 113.639883][ T5721] usb 3-1: New USB device found, idVendor=05c6, idProduct=9037, bcdDevice=66.55 [ 113.639907][ T5721] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.639925][ T5721] usb 3-1: Product: â  [ 113.639937][ T5721] usb 3-1: Manufacturer: 倊 [ 113.639950][ T5721] usb 3-1: SerialNumber: ᩩ䤾᫳删톣 [ 113.664998][ T1244] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 113.665028][ T1244] em28xx 4-1:0.0: dvb set to bulk mode. [ 113.750951][ T9] em28xx 4-1:0.0: Binding DVB extension [ 113.866535][ T6187] netlink: 'syz.4.137': attribute type 16 has an invalid length. [ 113.866561][ T6187] netlink: 8 bytes leftover after parsing attributes in process `syz.4.137'. [ 113.871567][ T6170] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 113.959758][ T9] em28xx 4-1:0.0: Registering input extension [ 114.024885][ T1244] usb 4-1: USB disconnect, device number 2 [ 114.038160][ T1244] em28xx 4-1:0.0: Disconnecting em28xx [ 114.038320][ T1244] em28xx 4-1:0.0: Closing input extension [ 114.057016][ T5712] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 114.235184][ T1244] em28xx 4-1:0.0: Freeing device [ 114.275091][ T5712] usb 1-1: Using ep0 maxpacket: 32 [ 114.278777][ T5712] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.278806][ T5712] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.278841][ T5712] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 114.278863][ T5712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.282308][ T6194] syz.1.140: vmalloc error: size 17179873280, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 114.282370][ T6194] CPU: 1 UID: 0 PID: 6194 Comm: syz.1.140 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 114.282393][ T6194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 114.282404][ T6194] Call Trace: [ 114.282411][ T6194] [ 114.282419][ T6194] dump_stack_lvl+0xe8/0x150 [ 114.282448][ T6194] warn_alloc+0x263/0x3e0 [ 114.282477][ T6194] ? stack_trace_save+0xa9/0x100 [ 114.282503][ T6194] ? __pfx_warn_alloc+0x10/0x10 [ 114.282533][ T6194] ? kasan_save_track+0x4f/0x80 [ 114.282550][ T6194] ? kasan_save_track+0x3e/0x80 [ 114.282566][ T6194] ? __kasan_kmalloc+0x93/0xb0 [ 114.282584][ T6194] ? xskq_create+0x56/0x170 [ 114.282610][ T6194] ? xsk_init_queue+0x8a/0xe0 [ 114.282634][ T6194] ? xsk_setsockopt+0x603/0x990 [ 114.282657][ T6194] ? do_sock_setsockopt+0x17c/0x1b0 [ 114.282682][ T6194] __vmalloc_node_range_noprof+0x132/0x1750 [ 114.282733][ T6194] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 114.282763][ T6194] ? __kasan_kmalloc+0x93/0xb0 [ 114.282788][ T6194] vmalloc_user_noprof+0xad/0xe0 [ 114.282811][ T6194] ? xskq_create+0xbf/0x170 [ 114.282839][ T6194] xskq_create+0xbf/0x170 [ 114.282867][ T6194] xsk_init_queue+0x8a/0xe0 [ 114.282895][ T6194] xsk_setsockopt+0x603/0x990 [ 114.282923][ T6194] ? __pfx_xsk_setsockopt+0x10/0x10 [ 114.282955][ T6194] ? __fget_files+0x2a/0x420 [ 114.282986][ T6194] ? __fget_files+0x2a/0x420 [ 114.283013][ T6194] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 114.283033][ T6194] ? __pfx_xsk_setsockopt+0x10/0x10 [ 114.283058][ T6194] do_sock_setsockopt+0x17c/0x1b0 [ 114.283085][ T6194] __x64_sys_setsockopt+0x143/0x1b0 [ 114.283109][ T6194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.283131][ T6194] do_syscall_64+0x15f/0xf80 [ 114.283148][ T6194] ? trace_irq_disable+0x3b/0x140 [ 114.283170][ T6194] ? clear_bhb_loop+0x40/0x90 [ 114.283192][ T6194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.283211][ T6194] RIP: 0033:0x7f831f14cdd9 [ 114.283229][ T6194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.283245][ T6194] RSP: 002b:00007f831d39e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 114.283273][ T6194] RAX: ffffffffffffffda RBX: 00007f831f3c5fa0 RCX: 00007f831f14cdd9 [ 114.283287][ T6194] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000003 [ 114.283299][ T6194] RBP: 00007f831f1e2d69 R08: 0000000000000004 R09: 0000000000000000 [ 114.283311][ T6194] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 114.283322][ T6194] R13: 00007f831f3c6038 R14: 00007f831f3c5fa0 R15: 00007fff9eb457a8 [ 114.283352][ T6194] [ 114.283359][ T6194] Mem-Info: [ 114.283367][ T6194] active_anon:181 inactive_anon:24311 isolated_anon:0 [ 114.283367][ T6194] active_file:5715 inactive_file:47161 isolated_file:0 [ 114.283367][ T6194] unevictable:768 dirty:220 writeback:0 [ 114.283367][ T6194] slab_reclaimable:11599 slab_unreclaimable:102865 [ 114.283367][ T6194] mapped:29784 shmem:18214 pagetables:1169 [ 114.283367][ T6194] sec_pagetables:0 bounce:0 [ 114.283367][ T6194] kernel_misc_reclaimable:0 [ 114.283367][ T6194] free:1296305 free_pcp:11330 free_cma:0 [ 114.283422][ T6194] Node 0 active_anon:724kB inactive_anon:97244kB active_file:22660kB inactive_file:188644kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119136kB dirty:876kB writeback:0kB shmem:71320kB kernel_stack:12980kB pagetables:4524kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 114.283472][ T6194] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 114.283534][ T6194] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 114.283593][ T6194] lowmem_reserve[]: 0 2506 2506 2506 2506 [ 114.283627][ T6194] Node 0 DMA32 free:1239880kB boost:0kB min:3928kB low:6464kB high:9000kB reserved_highatomic:0KB free_highatomic:0KB active_anon:724kB inactive_anon:97244kB active_file:22660kB inactive_file:188644kB unevictable:1536kB writepending:876kB zspages:0kB present:3129332kB managed:2566640kB mlocked:0kB bounce:0kB free_pcp:45320kB local_pcp:29260kB free_cma:0kB [ 114.283688][ T6194] lowmem_reserve[]: 0 0 0 0 0 [ 114.283719][ T6194] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:216kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 114.292773][ T6194] lowmem_reserve[]: 0 0 0 0 0 [ 114.292808][ T6194] Node 1 Normal free:3929980kB boost:0kB min:6368kB low:10476kB high:14584kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 114.292870][ T6194] lowmem_reserve[]: 0 0 0 0 0 [ 114.292901][ T6194] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 114.293010][ T6194] Node 0 DMA32: 1640*4kB (UME) 819*8kB (UM) 189*16kB (UM) 7*32kB (UM) 13*64kB (UME) 30*128kB (UME) 19*256kB (M) 13*512kB (ME) 9*1024kB (UME) 5*2048kB (M) 290*4096kB (M) = 1239848kB [ 114.293157][ T6194] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 114.293250][ T6194] Node 1 Normal: 5*4kB (UM) 11*8kB (UM) 3*16kB (UM) 7*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 958*4096kB (M) = 3929980kB [ 114.293399][ T6194] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 114.293415][ T6194] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 114.293431][ T6194] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 114.293447][ T6194] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 114.293462][ T6194] 71086 total pagecache pages [ 114.293470][ T6194] 0 pages in swap cache [ 114.293476][ T6194] Free swap = 124996kB [ 114.293483][ T6194] Total swap = 124996kB [ 114.293490][ T6194] 2097051 pages RAM [ 114.293496][ T6194] 0 pages HighMem/MovableOnly [ 114.293503][ T6194] 423722 pages reserved [ 114.293509][ T6194] 0 pages cma reserved [ 114.680927][ T6196] loop2: detected capacity change from 0 to 7 [ 114.797288][ T5721] usb 3-1: USB disconnect, device number 3 [ 114.843393][ T6196] Dev loop2: unable to read RDB block 7 [ 114.843424][ T6196] loop2: AHDI p1 p2 p3 [ 114.843449][ T6196] loop2: partition table partially beyond EOD, truncated [ 114.843669][ T6196] loop2: p1 start 1601398130 is beyond EOD, truncated [ 114.843686][ T6196] loop2: p2 start 1702059890 is beyond EOD, truncated [ 114.950404][ T5712] usb 1-1: config 0 descriptor?? [ 115.018579][ T5712] usbhid 1-1:0.0: fixing wrong optional hid class descriptors count [ 115.153784][ T59] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 115.518002][ T6213] +: renamed from syzkaller0 [ 116.149048][ T5712] ft260 0003:0403:6030.0001: item fetching failed at offset 0/2 [ 116.173865][ T5712] ft260 0003:0403:6030.0001: failed to parse HID [ 116.175128][ T5712] ft260 0003:0403:6030.0001: probe with driver ft260 failed with error -22 [ 116.380540][ T1244] usb 1-1: USB disconnect, device number 2 [ 116.794821][ T6243] netlink: 212 bytes leftover after parsing attributes in process `syz.2.155'. [ 116.975138][ T5729] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 117.371875][ T5729] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.371906][ T5729] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.371941][ T5729] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 117.371961][ T5729] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.395864][ T5729] usb 4-1: config 0 descriptor?? [ 118.687564][ T5712] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 118.858558][ T5712] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.858588][ T5712] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.858624][ T5712] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 118.858646][ T5712] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.883278][ T5712] usb 2-1: config 0 descriptor?? [ 118.951333][ T5729] hid-led 0003:1D34:000A.0002: unknown main item tag 0x5 [ 119.023501][ T5729] hid-led 0003:1D34:000A.0002: probe with driver hid-led failed with error -71 [ 119.091048][ T5729] usb 4-1: USB disconnect, device number 3 [ 119.207188][ T59] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 119.207358][ T59] Bluetooth: hci3: Injecting HCI hardware error event [ 119.209105][ T5607] Bluetooth: hci3: hardware error 0x00 [ 119.421825][ T6279] overlayfs: failed to resolve './file0': -2 [ 120.299242][ T6282] loop2: detected capacity change from 0 to 7 [ 120.336745][ T6282] Dev loop2: unable to read RDB block 7 [ 120.336786][ T6282] loop2: unable to read partition table [ 120.336975][ T6282] loop2: partition table beyond EOD, truncated [ 120.337016][ T6282] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 121.268455][ T5729] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 121.454282][ T59] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 121.475604][ T59] Bluetooth: hci0: Injecting HCI hardware error event [ 121.501458][ T59] Bluetooth: hci0: hardware error 0x00 [ 122.004899][ T5712] usbhid 2-1:0.0: can't add hid device: -71 [ 122.005099][ T5712] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 122.054067][ T5712] usb 2-1: USB disconnect, device number 3 [ 122.195068][ T5729] usb 3-1: Using ep0 maxpacket: 32 [ 122.248749][ T5729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.248788][ T5729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.248824][ T5729] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 122.248846][ T5729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.312588][ T5729] usb 3-1: config 0 descriptor?? [ 122.357745][ T5729] usbhid 3-1:0.0: fixing wrong optional hid class descriptors count [ 122.645056][ T5607] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 122.883360][ T5729] ft260 0003:0403:6030.0003: item fetching failed at offset 0/2 [ 122.884086][ T5729] ft260 0003:0403:6030.0003: failed to parse HID [ 122.884186][ T5729] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -22 [ 123.086918][ T1244] usb 3-1: USB disconnect, device number 4 [ 123.255653][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 123.405030][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 123.408907][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 123.408934][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 123.408972][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 123.408994][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 123.409033][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 123.409056][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.743096][ T10] usb 5-1: GET_CAPABILITIES returned 0 [ 123.743142][ T10] usbtmc 5-1:16.0: can't read capabilities [ 124.108041][ T10] usb 5-1: USB disconnect, device number 2 [ 124.409258][ T59] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 124.419672][ T5729] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 125.394167][ T5729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.394200][ T5729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.394244][ T5729] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 125.394267][ T5729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.631554][ T6357] loop2: detected capacity change from 0 to 7 [ 125.647548][ T5729] usb 3-1: config 0 descriptor?? [ 125.651032][ T6357] Dev loop2: unable to read RDB block 7 [ 125.651061][ T6357] loop2: AHDI p1 p2 p3 [ 125.651086][ T6357] loop2: partition table partially beyond EOD, truncated [ 125.651263][ T6357] loop2: p1 start 1601398130 is beyond EOD, truncated [ 125.651279][ T6357] loop2: p2 start 1702059890 is beyond EOD, truncated [ 126.287499][ T6371] overlayfs: failed to resolve './file0': -2 [ 128.105088][ T5729] usbhid 3-1:0.0: can't add hid device: -71 [ 128.105203][ T5729] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 128.135387][ T5729] usb 3-1: USB disconnect, device number 5 [ 128.436602][ T6400] binder: 6394:6400 ioctl c0306201 2000000003c0 returned -14 [ 128.595522][ T6396] binder: 6394:6396 ioctl c0306201 200000000080 returned -14 [ 128.605994][ T6402] netlink: 'syz.0.202': attribute type 25 has an invalid length. [ 128.606010][ T6402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.202'. [ 132.043601][ T59] Bluetooth: hci2: unexpected subevent 0x01 length: 2 < 18 [ 132.752889][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.753107][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.865045][ T37] audit: type=1804 audit(1777243904.280:237): pid=6447 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.216" name="/newroot/52/file0" dev="tmpfs" ino=308 res=1 errno=0 [ 133.020450][ T6451] overlayfs: overlapping lowerdir path [ 134.294536][ T59] Bluetooth: hci1: unexpected subevent 0x01 length: 2 < 18 [ 134.663723][ T6487] overlayfs: overlapping lowerdir path [ 135.066263][ T6497] input: syz1 as /devices/virtual/input/input7 [ 135.915372][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 136.126276][ T10] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 136.126302][ T10] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 136.126320][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 136.126426][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 136.126452][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 136.128735][ T10] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 136.128759][ T10] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 136.128778][ T10] usb 4-1: Product: syz [ 136.128791][ T10] usb 4-1: Manufacturer: syz [ 136.207692][ T6526] overlayfs: overlapping lowerdir path [ 136.260987][ T10] cdc_wdm 4-1:1.0: skipping garbage [ 136.261004][ T10] cdc_wdm 4-1:1.0: skipping garbage [ 136.331139][ T10] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 136.331166][ T10] cdc_wdm 4-1:1.0: Unknown control protocol [ 136.765484][ T5729] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 136.925168][ T5729] usb 1-1: Using ep0 maxpacket: 32 [ 136.993128][ T5729] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.993154][ T5729] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 136.993167][ T5729] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.125341][ T5729] usb 1-1: config 0 descriptor?? [ 137.218928][ T5729] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 137.426354][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 137.556611][ T10] usb 5-1: device descriptor read/64, error -71 [ 137.865054][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 138.005176][ T10] usb 5-1: device descriptor read/64, error -71 [ 138.116033][ T10] usb usb5-port1: attempt power cycle [ 138.526601][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 138.546390][ T10] usb 5-1: device descriptor read/8, error -71 [ 138.652845][ T1244] usb 4-1: USB disconnect, device number 4 [ 138.785776][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 138.864759][ T10] usb 5-1: device descriptor read/8, error -71 [ 138.881962][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.1.256'. [ 138.970355][ T10] usb usb5-port1: unable to enumerate USB device [ 139.215037][ T5729] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 139.215160][ T36] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 139.385069][ T36] usb 2-1: Using ep0 maxpacket: 16 [ 139.390039][ T36] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 139.390062][ T36] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 139.390080][ T36] usb 2-1: config 0 has no interface number 0 [ 139.390124][ T36] usb 2-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 139.390146][ T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.392368][ T5729] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 139.392392][ T5729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.418765][ T36] usb 2-1: config 0 descriptor?? [ 139.487756][ T10] usb 1-1: USB disconnect, device number 3 [ 139.508268][ T36] uvcvideo 2-1:0.64: probe with driver uvcvideo failed with error -22 [ 139.514877][ T5729] usb 3-1: config 0 descriptor?? [ 139.591956][ T5729] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 139.688675][ T36] usb 2-1: USB disconnect, device number 4 [ 139.745355][ T5729] gp8psk: usb in 128 operation failed. [ 139.779817][ T6572] input: syz1 as /devices/virtual/input/input8 [ 139.951826][ T5729] gp8psk: usb in 146 operation failed. [ 139.951842][ T5729] gp8psk: failed to get FW version [ 140.025205][ T5729] gp8psk: FPGA Version = 32 [ 140.270475][ T6582] trusted_key: syz.0.263 sent an empty control message without MSG_MORE. [ 140.555590][ T5729] gp8psk: usb out operation failed. [ 140.555617][ T5729] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 140.555658][ T5729] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 140.593387][ T5729] usb 3-1: USB disconnect, device number 6 [ 142.125407][ T6609] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 142.219148][ T6615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.275'. [ 142.535034][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 142.686314][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 142.688177][ T10] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 142.688201][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.688219][ T10] usb 1-1: config 0 has no interface number 0 [ 142.688254][ T10] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 142.688266][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.729198][ T10] usb 1-1: config 0 descriptor?? [ 142.769077][ T10] uvcvideo 1-1:0.64: probe with driver uvcvideo failed with error -22 [ 142.919324][ T6623] tipc: Enabling of bearer rejected, failed to enable media [ 143.063477][ T820] usb 1-1: USB disconnect, device number 4 [ 143.365833][ T36] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 144.137039][ T36] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 144.137069][ T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.170226][ T36] usb 2-1: config 0 descriptor?? [ 144.235158][ T59] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 144.278822][ T36] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 144.370543][ T6649] input: syz1 as /devices/virtual/input/input9 [ 144.401547][ T36] gp8psk: usb in 128 operation failed. [ 144.614376][ T36] gp8psk: usb in 146 operation failed. [ 144.614394][ T36] gp8psk: failed to get FW version [ 145.694176][ T819] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 145.748168][ T36] gp8psk: FPGA Version = 32 [ 145.845102][ T819] usb 1-1: Using ep0 maxpacket: 8 [ 145.975325][ T819] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 145.975365][ T819] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 145.975389][ T819] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 145.975409][ T819] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.975449][ T819] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 145.975471][ T819] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.163662][ T6668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.291'. [ 146.163693][ T6668] netlink: 20 bytes leftover after parsing attributes in process `syz.2.291'. [ 146.271381][ T819] usb 1-1: GET_CAPABILITIES returned 0 [ 146.271417][ T819] usbtmc 1-1:16.0: can't read capabilities [ 146.315154][ T36] gp8psk: usb out operation failed. [ 146.315169][ T36] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 146.315206][ T36] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 146.382195][ T36] usb 2-1: USB disconnect, device number 5 [ 146.401881][ T6668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.291'. [ 146.401912][ T6668] netlink: 20 bytes leftover after parsing attributes in process `syz.2.291'. [ 146.415103][ T1128] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.433546][ T1128] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.433584][ T1128] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.433616][ T1128] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.491051][ T819] usb 1-1: USB disconnect, device number 5 [ 146.774090][ T6684] overlayfs: overlapping lowerdir path [ 146.937823][ T37] audit: type=1326 audit(1777243918.360:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.938052][ T37] audit: type=1326 audit(1777243918.360:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.942001][ T37] audit: type=1326 audit(1777243918.360:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.942214][ T37] audit: type=1326 audit(1777243918.360:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.942587][ T37] audit: type=1326 audit(1777243918.360:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.942887][ T37] audit: type=1326 audit(1777243918.360:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.943142][ T37] audit: type=1326 audit(1777243918.360:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.943756][ T37] audit: type=1326 audit(1777243918.360:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.943798][ T37] audit: type=1326 audit(1777243918.360:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 146.943835][ T37] audit: type=1326 audit(1777243918.360:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 147.295229][ T819] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 147.451988][ T819] usb 2-1: Using ep0 maxpacket: 16 [ 147.474012][ T819] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 147.487440][ T819] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 147.487466][ T819] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.487485][ T819] usb 2-1: Product: syz [ 147.487499][ T819] usb 2-1: Manufacturer: syz [ 147.487513][ T819] usb 2-1: SerialNumber: syz [ 147.572358][ T819] usb 2-1: config 0 descriptor?? [ 147.609922][ T819] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 147.609941][ T819] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 147.709337][ T6707] loop2: detected capacity change from 0 to 7 [ 147.768851][ T6707] Dev loop2: unable to read RDB block 7 [ 147.768890][ T6707] loop2: unable to read partition table [ 147.769095][ T6707] loop2: partition table beyond EOD, truncated [ 147.769112][ T6707] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 148.239943][ T6698] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 148.241027][ T6698] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 148.244624][ T819] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 148.324143][ T6698] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 148.324322][ T6698] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 148.387234][ T6698] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 148.470508][ T6698] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 148.470601][ T6698] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 148.558657][ T6698] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 148.836659][ T819] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 148.836688][ T819] em28xx 2-1:0.0: board has no eeprom [ 148.927281][ T819] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 148.927307][ T819] em28xx 2-1:0.0: dvb set to bulk mode. [ 148.928639][ T1244] em28xx 2-1:0.0: Binding DVB extension [ 149.039572][ T819] usb 2-1: USB disconnect, device number 6 [ 149.096861][ T819] em28xx 2-1:0.0: Disconnecting em28xx [ 149.132727][ T1244] em28xx 2-1:0.0: Registering input extension [ 149.132961][ T819] em28xx 2-1:0.0: Closing input extension [ 149.249906][ T6735] netlink: 8 bytes leftover after parsing attributes in process `syz.3.317'. [ 149.596018][ T819] em28xx 2-1:0.0: Freeing device [ 149.704784][ T6749] loop2: detected capacity change from 0 to 7 [ 149.715480][ T6749] Dev loop2: unable to read RDB block 7 [ 149.715520][ T6749] loop2: unable to read partition table [ 149.715714][ T6749] loop2: partition table beyond EOD, truncated [ 149.715731][ T6749] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 150.325920][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 150.374372][ T6771] netlink: 36 bytes leftover after parsing attributes in process `syz.2.330'. [ 150.485110][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 150.727192][ T6756] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 150.728421][ T6756] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 150.728599][ T6756] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 150.986336][ T819] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 151.136347][ T819] usb 4-1: Using ep0 maxpacket: 8 [ 151.138479][ T819] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 151.138501][ T819] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 151.138542][ T819] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 151.138562][ T819] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 151.138585][ T819] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 151.138621][ T819] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 151.138642][ T819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.177333][ T819] usbtmc 4-1:16.0: bulk endpoints not found [ 151.438028][ T6798] overlayfs: overlapping lowerdir path [ 152.584398][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 152.878101][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 152.878113][ T5607] Bluetooth: hci1: command 0x0c1a tx timeout [ 153.015012][ T31] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 153.175206][ T31] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 153.175235][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.222272][ T31] usb 3-1: config 0 descriptor?? [ 153.263040][ T31] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 153.448666][ T31] gp8psk: usb in 128 operation failed. [ 153.571705][ T6828] input: syz1 as /devices/virtual/input/input11 [ 153.657682][ T31] gp8psk: usb in 146 operation failed. [ 153.657697][ T31] gp8psk: failed to get FW version [ 153.747236][ T31] gp8psk: FPGA Version = 32 [ 153.809245][ T1244] usb 4-1: USB disconnect, device number 5 [ 154.158315][ T31] gp8psk: usb out operation failed. [ 154.158332][ T31] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 154.158369][ T31] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 154.211653][ T31] usb 3-1: USB disconnect, device number 7 [ 154.893188][ T5607] Bluetooth: hci2: command 0x0c1a tx timeout [ 154.896944][ T5607] Bluetooth: hci1: command 0x0c1a tx timeout [ 154.916216][ T6869] netlink: 36 bytes leftover after parsing attributes in process `syz.2.364'. [ 155.156254][ T6851] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 155.156476][ T6851] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 155.160628][ T6851] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.337745][ T6893] IPv6: syztnl0: Disabled Multicast RS [ 156.485036][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 156.644503][ T6900] netlink: 'syz.2.377': attribute type 4 has an invalid length. [ 157.206836][ T5607] Bluetooth: hci2: command 0x0c1a tx timeout [ 157.206874][ T5607] Bluetooth: hci1: command 0x0c1a tx timeout [ 159.282477][ T37] kauditd_printk_skb: 570 callbacks suppressed [ 159.282493][ T37] audit: type=1326 audit(1777243930.710:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.282640][ T37] audit: type=1326 audit(1777243930.710:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.336817][ T37] audit: type=1326 audit(1777243930.760:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.337232][ T37] audit: type=1326 audit(1777243930.760:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.342135][ T37] audit: type=1326 audit(1777243930.760:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.342375][ T37] audit: type=1326 audit(1777243930.760:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.342502][ T37] audit: type=1326 audit(1777243930.760:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.356020][ T37] audit: type=1326 audit(1777243930.770:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.356065][ T37] audit: type=1326 audit(1777243930.770:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 159.356101][ T37] audit: type=1326 audit(1777243930.770:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f367936cdd9 code=0x7ffc0000 [ 161.157481][ T6979] batadv0: entered promiscuous mode [ 161.170920][ T6979] gretap0: entered promiscuous mode [ 161.323826][ T6979] batadv0: left promiscuous mode [ 161.387721][ T6979] gretap0: left promiscuous mode [ 161.580643][ T6995] overlayfs: overlapping lowerdir path [ 161.672399][ T6997] +: renamed from syzkaller0 [ 163.048609][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.532852][ T7033] overlayfs: failed to clone upperpath [ 164.595725][ T7033] overlayfs: missing 'lowerdir' [ 165.407786][ T7029] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 165.408904][ T7029] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.409096][ T7029] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.746302][ T7045] syz.4.427 uses obsolete (PF_INET,SOCK_PACKET) [ 166.085166][ T820] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 166.235640][ T820] usb 1-1: Using ep0 maxpacket: 16 [ 166.240823][ T820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 166.272556][ T820] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 166.272582][ T820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.272601][ T820] usb 1-1: Product: syz [ 166.272614][ T820] usb 1-1: Manufacturer: syz [ 166.272627][ T820] usb 1-1: SerialNumber: syz [ 166.316398][ T820] usb 1-1: config 0 descriptor?? [ 166.360855][ T820] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 166.360884][ T820] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 166.645046][ T5607] Bluetooth: hci4: command 0x0406 tx timeout [ 167.002051][ T820] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 167.452412][ T5607] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.457186][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 168.680031][ T820] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 168.680060][ T820] em28xx 1-1:0.0: board has no eeprom [ 168.775053][ T820] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 168.775078][ T820] em28xx 1-1:0.0: dvb set to bulk mode. [ 168.775809][ T36] em28xx 1-1:0.0: Binding DVB extension [ 168.842678][ T820] usb 1-1: USB disconnect, device number 6 [ 168.857725][ T820] em28xx 1-1:0.0: Disconnecting em28xx [ 168.966660][ T7081] netlink: 28 bytes leftover after parsing attributes in process `syz.3.440'. [ 169.121273][ T36] em28xx 1-1:0.0: Registering input extension [ 169.134445][ T820] em28xx 1-1:0.0: Closing input extension [ 169.153888][ T7085] netlink: 'syz.4.444': attribute type 4 has an invalid length. [ 169.237921][ T820] em28xx 1-1:0.0: Freeing device [ 170.519304][ T7107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.451'. [ 170.770869][ T7112] netlink: 'syz.2.455': attribute type 4 has an invalid length. [ 170.783221][ T7113] input: syz1 as /devices/virtual/input/input14 [ 171.065063][ T820] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 171.218773][ T820] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 171.218799][ T820] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 171.218818][ T820] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 171.218865][ T820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.218890][ T820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.222607][ T37] kauditd_printk_skb: 137 callbacks suppressed [ 171.222621][ T37] audit: type=1804 audit(1777243942.640:965): pid=7135 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.463" name="/newroot/83/file0" dev="tmpfs" ino=471 res=1 errno=0 [ 171.223063][ T820] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 171.223088][ T820] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 171.223107][ T820] usb 1-1: Product: syz [ 171.223120][ T820] usb 1-1: Manufacturer: syz [ 171.344983][ T820] cdc_wdm 1-1:1.0: skipping garbage [ 171.345000][ T820] cdc_wdm 1-1:1.0: skipping garbage [ 171.347803][ T820] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 171.347820][ T820] cdc_wdm 1-1:1.0: Unknown control protocol [ 171.601313][ T7140] +: renamed from syzkaller0 [ 171.924335][ T7154] cdc_wdm 1-1:1.0: Error submitting int urb - -90 [ 172.270142][ T7163] overlayfs: failed to clone upperpath [ 172.342612][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 172.342721][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 172.342756][ T7164] netlink: 20 bytes leftover after parsing attributes in process `syz.4.473'. [ 172.356293][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 172.356403][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 172.356439][ T7164] netlink: 20 bytes leftover after parsing attributes in process `syz.4.473'. [ 173.241002][ T7166] netlink: 20 bytes leftover after parsing attributes in process `syz.4.475'. [ 173.877039][ T819] usb 1-1: USB disconnect, device number 7 [ 175.067481][ T7196] overlayfs: failed to resolve './file1/file0': -2 [ 175.238719][ T37] audit: type=1804 audit(1777243946.660:966): pid=7207 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.490" name="/newroot/94/file0" dev="tmpfs" ino=527 res=1 errno=0 [ 176.034705][ T7225] overlayfs: failed to resolve './file0': -2 [ 177.049036][ T7221] syz.0.496: vmalloc error: size 17179873280, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 177.049118][ T7221] CPU: 0 UID: 0 PID: 7221 Comm: syz.0.496 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 177.049141][ T7221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 177.049153][ T7221] Call Trace: [ 177.049160][ T7221] [ 177.049168][ T7221] dump_stack_lvl+0xe8/0x150 [ 177.049208][ T7221] warn_alloc+0x263/0x3e0 [ 177.049239][ T7221] ? stack_trace_save+0xa9/0x100 [ 177.049264][ T7221] ? __pfx_warn_alloc+0x10/0x10 [ 177.049294][ T7221] ? kasan_save_track+0x4f/0x80 [ 177.049311][ T7221] ? kasan_save_track+0x3e/0x80 [ 177.049326][ T7221] ? __kasan_kmalloc+0x93/0xb0 [ 177.049345][ T7221] ? xskq_create+0x56/0x170 [ 177.049370][ T7221] ? xsk_init_queue+0x8a/0xe0 [ 177.049395][ T7221] ? xsk_setsockopt+0x603/0x990 [ 177.049418][ T7221] ? do_sock_setsockopt+0x17c/0x1b0 [ 177.049445][ T7221] __vmalloc_node_range_noprof+0x132/0x1750 [ 177.049488][ T7221] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 177.049516][ T7221] ? __kasan_kmalloc+0x93/0xb0 [ 177.049540][ T7221] vmalloc_user_noprof+0xad/0xe0 [ 177.049562][ T7221] ? xskq_create+0xbf/0x170 [ 177.049589][ T7221] xskq_create+0xbf/0x170 [ 177.049617][ T7221] xsk_init_queue+0x8a/0xe0 [ 177.049645][ T7221] xsk_setsockopt+0x603/0x990 [ 177.049672][ T7221] ? __pfx_xsk_setsockopt+0x10/0x10 [ 177.049701][ T7221] ? __fget_files+0x2a/0x420 [ 177.049733][ T7221] ? __fget_files+0x2a/0x420 [ 177.049766][ T7221] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 177.049786][ T7221] ? __pfx_xsk_setsockopt+0x10/0x10 [ 177.049806][ T7221] do_sock_setsockopt+0x17c/0x1b0 [ 177.049829][ T7221] __x64_sys_setsockopt+0x143/0x1b0 [ 177.049848][ T7221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.049869][ T7221] do_syscall_64+0x15f/0xf80 [ 177.049886][ T7221] ? trace_irq_disable+0x3b/0x140 [ 177.049907][ T7221] ? clear_bhb_loop+0x40/0x90 [ 177.049930][ T7221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.049949][ T7221] RIP: 0033:0x7f59039ecdd9 [ 177.049974][ T7221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.049990][ T7221] RSP: 002b:00007f5901c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 177.050010][ T7221] RAX: ffffffffffffffda RBX: 00007f5903c65fa0 RCX: 00007f59039ecdd9 [ 177.050025][ T7221] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000003 [ 177.050037][ T7221] RBP: 00007f5903a82d69 R08: 0000000000000004 R09: 0000000000000000 [ 177.050050][ T7221] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 177.050063][ T7221] R13: 00007f5903c66038 R14: 00007f5903c65fa0 R15: 00007ffe26e35288 [ 177.050094][ T7221] [ 177.051727][ T7221] Mem-Info: [ 177.051737][ T7221] active_anon:181 inactive_anon:31090 isolated_anon:0 [ 177.051737][ T7221] active_file:5847 inactive_file:47059 isolated_file:0 [ 177.051737][ T7221] unevictable:768 dirty:215 writeback:0 [ 177.051737][ T7221] slab_reclaimable:11643 slab_unreclaimable:102208 [ 177.051737][ T7221] mapped:32885 shmem:21084 pagetables:1274 [ 177.051737][ T7221] sec_pagetables:0 bounce:0 [ 177.051737][ T7221] kernel_misc_reclaimable:0 [ 177.051737][ T7221] free:1286140 free_pcp:3976 free_cma:0 [ 177.051796][ T7221] Node 0 active_anon:724kB inactive_anon:124360kB active_file:23188kB inactive_file:188236kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131540kB dirty:856kB writeback:0kB shmem:82800kB kernel_stack:13044kB pagetables:4944kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 177.051847][ T7221] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 177.051897][ T7221] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 177.051953][ T7221] lowmem_reserve[]: 0 2506 2506 2506 2506 [ 177.051986][ T7221] Node 0 DMA32 free:1199220kB boost:0kB min:3928kB low:6464kB high:9000kB reserved_highatomic:0KB free_highatomic:0KB active_anon:724kB inactive_anon:124360kB active_file:23188kB inactive_file:188236kB unevictable:1536kB writepending:856kB zspages:0kB present:3129332kB managed:2566640kB mlocked:0kB bounce:0kB free_pcp:15904kB local_pcp:9884kB free_cma:0kB [ 177.053688][ T7221] lowmem_reserve[]: 0 0 0 0 0 [ 177.053728][ T7221] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:216kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 177.053792][ T7221] lowmem_reserve[]: 0 0 0 0 0 [ 177.053826][ T7221] Node 1 Normal free:3929980kB boost:0kB min:6368kB low:10476kB high:14584kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 177.053890][ T7221] lowmem_reserve[]: 0 0 0 0 0 [ 177.053923][ T7221] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 177.054041][ T7221] Node 0 DMA32: 1455*4kB (UME) 1645*8kB (UME) 1041*16kB (UME) 184*32kB (UME) 29*64kB (ME) 6*128kB (ME) 4*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 6*2048kB (ME) 278*4096kB (M) = 1199220kB [ 177.054195][ T7221] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 177.054295][ T7221] Node 1 Normal: 5*4kB (UM) 11*8kB (UM) 3*16kB (UM) 7*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 958*4096kB (M) = 3929980kB [ 177.054455][ T7221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 177.054472][ T7221] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 177.054489][ T7221] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 177.054505][ T7221] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 177.054522][ T7221] 73986 total pagecache pages [ 177.054529][ T7221] 0 pages in swap cache [ 177.054536][ T7221] Free swap = 124996kB [ 177.054543][ T7221] Total swap = 124996kB [ 177.054551][ T7221] 2097051 pages RAM [ 177.054558][ T7221] 0 pages HighMem/MovableOnly [ 177.054565][ T7221] 423722 pages reserved [ 177.054572][ T7221] 0 pages cma reserved [ 177.605072][ T5607] Bluetooth: hci4: command 0x0406 tx timeout [ 180.535441][ T7290] IPv6: syztnl0: Disabled Multicast RS [ 181.040734][ T7300] batadv0: entered promiscuous mode [ 181.798026][ T7300] batadv0: left promiscuous mode [ 182.055868][ T5721] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 182.207181][ T5721] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.207213][ T5721] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.207248][ T5721] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 182.207270][ T5721] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.283849][ T5721] usb 5-1: config 0 descriptor?? [ 182.803234][ T7323] overlayfs: failed to resolve './file0': -2 [ 183.525067][ T7318] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 183.556137][ T7318] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 183.572315][ T7318] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 183.985132][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.534'. [ 183.985165][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.534'. [ 184.051150][ T7335] bridge0: port 2(bridge_slave_1) entered listening state [ 184.091679][ T7335] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.485061][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 184.573319][ T5721] usbhid 5-1:0.0: can't add hid device: -71 [ 184.573433][ T5721] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 184.596424][ T5721] usb 5-1: USB disconnect, device number 7 [ 184.691564][ T37] audit: type=1804 audit(1777243956.120:967): pid=7351 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.539" name="/newroot/108/file0" dev="tmpfs" ino=600 res=1 errno=0 [ 185.605065][ T5607] Bluetooth: hci1: command 0x0c1a tx timeout [ 185.605117][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 185.920478][ T7388] overlayfs: failed to resolve './file1/file0': -2 [ 186.713502][ T7399] netlink: 27 bytes leftover after parsing attributes in process `syz.0.559'. [ 186.755454][ T7394] IPv6: syztnl0: Disabled Multicast RS [ 187.014258][ T7407] fuse: Bad value for 'fd' [ 187.163506][ T7415] input: syz1 as /devices/virtual/input/input16 [ 187.509727][ T7422] overlayfs: failed to resolve './file1/file0': -2 [ 188.472560][ T7450] overlayfs: failed to resolve './file1/file0': -2 [ 190.349511][ T7475] batadv0: entered promiscuous mode [ 191.019147][ T7475] batadv0: left promiscuous mode [ 191.978680][ T7502] IPv6: syztnl0: Disabled Multicast RS [ 193.232366][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 193.237789][ T5593] Bluetooth: hci4: command 0x0406 tx timeout [ 194.169295][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.169358][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.872293][ T7568] fuse: Unknown parameter '0x0000000000000005' [ 196.910363][ T7571] netlink: 27 bytes leftover after parsing attributes in process `syz.4.622'. [ 197.200956][ T7578] batadv0: entered promiscuous mode [ 198.319510][ T7578] batadv0: left promiscuous mode [ 198.415849][ T37] audit: type=1326 audit(1777243969.840:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.417718][ T37] audit: type=1326 audit(1777243969.840:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.418733][ T37] audit: type=1326 audit(1777243969.840:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.419029][ T37] audit: type=1326 audit(1777243969.840:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.419616][ T37] audit: type=1326 audit(1777243969.840:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.419657][ T37] audit: type=1326 audit(1777243969.840:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.420267][ T37] audit: type=1326 audit(1777243969.840:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.420307][ T37] audit: type=1326 audit(1777243969.840:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.420557][ T37] audit: type=1326 audit(1777243969.840:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 198.420979][ T37] audit: type=1326 audit(1777243969.840:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7583 comm="syz.2.628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f8fc5cdd9 code=0x7ffc0000 [ 199.873973][ T7595] ±ÿþ€: renamed from team_slave_1 (while UP) [ 201.806166][ T7604] batadv0: entered promiscuous mode [ 202.285010][ T7604] batadv0: left promiscuous mode [ 203.703791][ T7626] fuse: Unknown parameter '0x0000000000000005' [ 204.769588][ T7637] input: syz1 as /devices/virtual/input/input17 [ 205.718633][ T7653] ±ÿþ€: renamed from team_slave_1 (while UP) [ 206.905900][ T7667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'. [ 206.905933][ T7667] netlink: 20 bytes leftover after parsing attributes in process `syz.2.653'. [ 206.907993][ T7667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'. [ 206.908021][ T7667] netlink: 20 bytes leftover after parsing attributes in process `syz.2.653'. [ 210.339473][ T7704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.666'. [ 210.352366][ T7704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.666'. [ 211.207846][ T36] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 211.210446][ T31] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 211.394959][ T36] usb 1-1: Using ep0 maxpacket: 8 [ 211.397486][ T36] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 211.397536][ T36] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 211.397563][ T36] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 211.397592][ T36] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 211.397652][ T36] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 211.397674][ T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.474566][ T31] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 211.474603][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.507472][ T36] usbtmc 1-1:16.0: bulk endpoints not found [ 211.531762][ T31] usb 5-1: config 0 descriptor?? [ 211.704004][ T31] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 212.606484][ T31] gp8psk: usb in 128 operation failed. [ 212.810103][ T31] gp8psk: usb in 146 operation failed. [ 212.810121][ T31] gp8psk: failed to get FW version [ 212.880482][ T31] gp8psk: FPGA Version = 32 [ 213.209481][ T5597] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 214.620302][ T1244] usb 1-1: USB disconnect, device number 8 [ 214.640656][ T31] gp8psk: usb out operation failed. [ 214.640670][ T31] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 214.640706][ T31] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 214.823255][ T31] usb 5-1: USB disconnect, device number 8 [ 215.308006][ T7757] overlayfs: failed to resolve './file0': -2 [ 217.285055][ T5597] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 217.285223][ T5597] Bluetooth: hci4: Injecting HCI hardware error event [ 217.288042][ T5597] Bluetooth: hci4: hardware error 0x00 [ 219.365043][ T5597] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 219.376463][ T7791] input: syz1 as /devices/virtual/input/input18 [ 220.621983][ T7842] loop2: detected capacity change from 0 to 7 [ 220.640400][ T7842] Dev loop2: unable to read RDB block 7 [ 220.640440][ T7842] loop2: unable to read partition table [ 220.640641][ T7842] loop2: partition table beyond EOD, truncated [ 220.640670][ T7842] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 220.878457][ T7845] syz.0.719: vmalloc error: size 17179873280, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 220.878517][ T7845] CPU: 0 UID: 0 PID: 7845 Comm: syz.0.719 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 220.878538][ T7845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 220.878548][ T7845] Call Trace: [ 220.878555][ T7845] [ 220.878563][ T7845] dump_stack_lvl+0xe8/0x150 [ 220.878590][ T7845] warn_alloc+0x263/0x3e0 [ 220.878619][ T7845] ? stack_trace_save+0xa9/0x100 [ 220.878644][ T7845] ? __pfx_warn_alloc+0x10/0x10 [ 220.878677][ T7845] ? kasan_save_track+0x4f/0x80 [ 220.878695][ T7845] ? kasan_save_track+0x3e/0x80 [ 220.878721][ T7845] ? __kasan_kmalloc+0x93/0xb0 [ 220.878740][ T7845] ? xskq_create+0x56/0x170 [ 220.878765][ T7845] ? xsk_init_queue+0x8a/0xe0 [ 220.878790][ T7845] ? xsk_setsockopt+0x603/0x990 [ 220.878812][ T7845] ? do_sock_setsockopt+0x17c/0x1b0 [ 220.878837][ T7845] __vmalloc_node_range_noprof+0x132/0x1750 [ 220.878892][ T7845] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 220.878925][ T7845] ? __kasan_kmalloc+0x93/0xb0 [ 220.878949][ T7845] vmalloc_user_noprof+0xad/0xe0 [ 220.878972][ T7845] ? xskq_create+0xbf/0x170 [ 220.878999][ T7845] xskq_create+0xbf/0x170 [ 220.879027][ T7845] xsk_init_queue+0x8a/0xe0 [ 220.879054][ T7845] xsk_setsockopt+0x603/0x990 [ 220.879080][ T7845] ? __pfx_xsk_setsockopt+0x10/0x10 [ 220.879113][ T7845] ? __fget_files+0x2a/0x420 [ 220.879146][ T7845] ? __fget_files+0x2a/0x420 [ 220.879173][ T7845] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 220.879194][ T7845] ? __pfx_xsk_setsockopt+0x10/0x10 [ 220.879222][ T7845] do_sock_setsockopt+0x17c/0x1b0 [ 220.879249][ T7845] __x64_sys_setsockopt+0x143/0x1b0 [ 220.879274][ T7845] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.879296][ T7845] do_syscall_64+0x15f/0xf80 [ 220.879314][ T7845] ? trace_irq_disable+0x3b/0x140 [ 220.879338][ T7845] ? clear_bhb_loop+0x40/0x90 [ 220.879366][ T7845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.879386][ T7845] RIP: 0033:0x7f59039ecdd9 [ 220.879405][ T7845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.879422][ T7845] RSP: 002b:00007f5901c25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 220.879443][ T7845] RAX: ffffffffffffffda RBX: 00007f5903c66090 RCX: 00007f59039ecdd9 [ 220.879458][ T7845] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000003 [ 220.879470][ T7845] RBP: 00007f5903a82d69 R08: 0000000000000004 R09: 0000000000000000 [ 220.879483][ T7845] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 220.879496][ T7845] R13: 00007f5903c66128 R14: 00007f5903c66090 R15: 00007ffe26e35288 [ 220.879529][ T7845] [ 220.879548][ T7845] Mem-Info: [ 220.879556][ T7845] active_anon:3372 inactive_anon:29117 isolated_anon:0 [ 220.879556][ T7845] active_file:5890 inactive_file:47034 isolated_file:0 [ 220.879556][ T7845] unevictable:768 dirty:270 writeback:0 [ 220.879556][ T7845] slab_reclaimable:11773 slab_unreclaimable:102215 [ 220.879556][ T7845] mapped:30045 shmem:21462 pagetables:1307 [ 220.879556][ T7845] sec_pagetables:0 bounce:0 [ 220.879556][ T7845] kernel_misc_reclaimable:0 [ 220.879556][ T7845] free:1282035 free_pcp:7576 free_cma:0 [ 220.879614][ T7845] Node 0 active_anon:13488kB inactive_anon:116468kB active_file:23360kB inactive_file:188136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120180kB dirty:1080kB writeback:0kB shmem:84312kB kernel_stack:13180kB pagetables:5076kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 220.879668][ T7845] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 220.879723][ T7845] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 220.879783][ T7845] lowmem_reserve[]: 0 2506 2506 2506 2506 [ 220.879819][ T7845] Node 0 DMA32 free:1182800kB boost:0kB min:3928kB low:6464kB high:9000kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13488kB inactive_anon:116468kB active_file:23360kB inactive_file:188136kB unevictable:1536kB writepending:1080kB zspages:0kB present:3129332kB managed:2566640kB mlocked:0kB bounce:0kB free_pcp:30304kB local_pcp:13288kB free_cma:0kB [ 220.883610][ T7845] lowmem_reserve[]: 0 0 0 0 0 [ 220.883649][ T7845] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:216kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 220.883716][ T7845] lowmem_reserve[]: 0 0 0 0 0 [ 220.883750][ T7845] Node 1 Normal free:3929980kB boost:0kB min:6368kB low:10476kB high:14584kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 220.883809][ T7845] lowmem_reserve[]: 0 0 0 0 0 [ 220.883842][ T7845] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 220.883959][ T7845] Node 0 DMA32: 226*4kB (U) 315*8kB (UM) 688*16kB (UE) 219*32kB (UME) 13*64kB (UME) 14*128kB (M) 18*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 4*2048kB (ME) 279*4096kB (M) = 1182720kB [ 220.884112][ T7845] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 220.884210][ T7845] Node 1 Normal: 5*4kB (UM) 11*8kB (UM) 3*16kB (UM) 7*32kB (UM) 4*64kB (UM) 4*128kB (UM) 5*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 958*4096kB (M) = 3929980kB [ 220.884361][ T7845] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 220.884378][ T7845] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 220.884394][ T7845] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 220.884411][ T7845] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 220.884426][ T7845] 74407 total pagecache pages [ 220.884434][ T7845] 0 pages in swap cache [ 220.884453][ T7845] Free swap = 124996kB [ 220.884461][ T7845] Total swap = 124996kB [ 220.884469][ T7845] 2097051 pages RAM [ 220.884475][ T7845] 0 pages HighMem/MovableOnly [ 220.884481][ T7845] 423722 pages reserved [ 220.884488][ T7845] 0 pages cma reserved [ 221.578321][ T7858] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 221.578374][ T7858] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 221.638631][ T7862] input: syz1 as /devices/virtual/input/input19 [ 226.478048][ T7932] batadv0: entered promiscuous mode [ 227.305183][ T7932] batadv0: left promiscuous mode [ 232.715282][ T1244] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 233.822468][ T1244] usb 1-1: Using ep0 maxpacket: 16 [ 233.825836][ T1244] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 233.825859][ T1244] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.825878][ T1244] usb 1-1: config 0 has no interface number 0 [ 233.825921][ T1244] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 233.825943][ T1244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.836690][ T1244] usb 1-1: config 0 descriptor?? [ 233.860306][ T1244] uvcvideo 1-1:0.64: probe with driver uvcvideo failed with error -22 [ 234.072734][ T31] usb 1-1: USB disconnect, device number 9 [ 234.074647][ T8014] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 234.177346][ T8016] bridge0: port 3(netdevsim0) entered blocking state [ 234.181831][ T8016] bridge0: port 3(netdevsim0) entered disabled state [ 234.196875][ T8016] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 234.272841][ T8016] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 234.302217][ T8016] bridge0: port 3(netdevsim0) entered blocking state [ 234.302930][ T8016] bridge0: port 3(netdevsim0) entered forwarding state [ 235.551453][ T7986] ------------[ cut here ]------------ [ 235.551466][ T7986] kcov->t != t [ 235.551480][ T7986] WARNING: kernel/kcov.c:483 at kcov_task_exit+0xf5/0x160, CPU#0: syz.0.770/7986 [ 235.551519][ T7986] Modules linked in: [ 235.551536][ T7986] CPU: 0 UID: 0 PID: 7986 Comm: syz.0.770 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 235.551559][ T7986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 235.551570][ T7986] RIP: 0010:kcov_task_exit+0xf5/0x160 [ 235.551593][ T7986] Code: 10 00 00 48 8b bb 90 00 00 00 e8 c6 b0 55 00 48 89 df 5b 41 5e 41 5f e9 e9 6d 5b 00 7c 1c 5b 41 5e 41 5f c3 cc cc cc cc cc 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 0b d0 59 09 48 89 df be 03 00 [ 235.551610][ T7986] RSP: 0018:ffffc9001c98fd20 EFLAGS: 00010283 [ 235.551627][ T7986] RAX: 4ef3839755970c00 RBX: ffff888029776000 RCX: 0000000000000000 [ 235.551642][ T7986] RDX: 00000000b2f71164 RSI: ffffffff8ba74b40 RDI: 00000000ffffffff [ 235.551655][ T7986] RBP: ffffc9001c98fe78 R08: ffffffff8b1e3760 R09: ffffffff8dfc8140 [ 235.551670][ T7986] R10: dffffc0000000000 R11: fffffbfff1f11a3f R12: dffffc0000000000 [ 235.551686][ T7986] R13: 0000000000000000 R14: ffff888029776008 R15: ffff888031cc5c40 [ 235.551700][ T7986] FS: 000055558e5bb500(0000) GS:ffff88812617d000(0000) knlGS:0000000000000000 [ 235.551718][ T7986] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 235.551732][ T7986] CR2: 00007f3e6f697770 CR3: 000000003bad2000 CR4: 00000000003526f0 [ 235.551749][ T7986] Call Trace: [ 235.551757][ T7986] [ 235.551767][ T7986] do_exit+0x150/0x22c0 [ 235.551795][ T7986] ? lockdep_hardirqs_on+0x7a/0x110 [ 235.551827][ T7986] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 235.551860][ T7986] ? reacquire_held_locks+0x104/0x190 [ 235.551890][ T7986] ? rt_spin_lock+0x1e0/0x400 [ 235.551914][ T7986] ? __pfx_do_exit+0x10/0x10 [ 235.551941][ T7986] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 235.551977][ T7986] ? rt_spin_unlock+0x160/0x200 [ 235.552006][ T7986] do_group_exit+0x21b/0x2d0 [ 235.552035][ T7986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.552058][ T7986] __x64_sys_exit_group+0x3f/0x40 [ 235.552085][ T7986] x64_sys_call+0x221a/0x2240 [ 235.552109][ T7986] do_syscall_64+0x15f/0xf80 [ 235.552127][ T7986] ? trace_irq_disable+0x3b/0x140 [ 235.552150][ T7986] ? clear_bhb_loop+0x40/0x90 [ 235.552175][ T7986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.552195][ T7986] RIP: 0033:0x7f59039ecdd9 [ 235.552213][ T7986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 235.552251][ T7986] RSP: 002b:00007ffe26e355c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 235.552272][ T7986] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f59039ecdd9 [ 235.552286][ T7986] RDX: 0000001b31a24000 RSI: 0000000000000024 RDI: 0000000000000000 [ 235.552299][ T7986] RBP: 00007ffe26e3562c R08: 0000000000000006 R09: 00000000000927c0 [ 235.552312][ T7986] R10: 00000000003ff5f0 R11: 0000000000000246 R12: 0000000000000096 [ 235.552325][ T7986] R13: 00000000000927c0 R14: 0000000000038418 R15: 00007ffe26e35680 [ 235.552365][ T7986] [ 235.552375][ T7986] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 235.552390][ T7986] CPU: 0 UID: 0 PID: 7986 Comm: syz.0.770 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 235.552411][ T7986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 235.552422][ T7986] Call Trace: [ 235.552429][ T7986] [ 235.552437][ T7986] vpanic+0x56c/0xa60 [ 235.552461][ T7986] ? __pfx__printk+0x10/0x10 [ 235.552489][ T7986] ? __pfx_vpanic+0x10/0x10 [ 235.552509][ T7986] ? is_bpf_text_address+0x292/0x2b0 [ 235.552534][ T7986] ? is_bpf_text_address+0x26/0x2b0 [ 235.552567][ T7986] panic+0xc5/0xd0 [ 235.552589][ T7986] ? __pfx_panic+0x10/0x10 [ 235.552631][ T7986] __warn+0x315/0x4c0 [ 235.552655][ T7986] ? kcov_task_exit+0xf5/0x160 [ 235.552677][ T7986] ? kcov_task_exit+0xf5/0x160 [ 235.552699][ T7986] __report_bug+0x29a/0x540 [ 235.552735][ T7986] ? kcov_task_exit+0xf5/0x160 [ 235.552757][ T7986] ? __pfx___report_bug+0x10/0x10 [ 235.552790][ T7986] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 235.552821][ T7986] ? rt_spin_lock+0x1e0/0x400 [ 235.552847][ T7986] ? rt_spin_lock+0x1e0/0x400 [ 235.552875][ T7986] ? kcov_task_exit+0xf5/0x160 [ 235.552896][ T7986] report_bug+0x16a/0x220 [ 235.552926][ T7986] ? kcov_task_exit+0xf5/0x160 [ 235.552945][ T7986] ? kcov_task_exit+0xf7/0x160 [ 235.552964][ T7986] handle_bug+0x9c/0x200 [ 235.552988][ T7986] exc_invalid_op+0x1a/0x50 [ 235.553010][ T7986] asm_exc_invalid_op+0x1a/0x20 [ 235.553029][ T7986] RIP: 0010:kcov_task_exit+0xf5/0x160 [ 235.553050][ T7986] Code: 10 00 00 48 8b bb 90 00 00 00 e8 c6 b0 55 00 48 89 df 5b 41 5e 41 5f e9 e9 6d 5b 00 7c 1c 5b 41 5e 41 5f c3 cc cc cc cc cc 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 0b d0 59 09 48 89 df be 03 00 [ 235.553067][ T7986] RSP: 0018:ffffc9001c98fd20 EFLAGS: 00010283 [ 235.553084][ T7986] RAX: 4ef3839755970c00 RBX: ffff888029776000 RCX: 0000000000000000 [ 235.553098][ T7986] RDX: 00000000b2f71164 RSI: ffffffff8ba74b40 RDI: 00000000ffffffff [ 235.553112][ T7986] RBP: ffffc9001c98fe78 R08: ffffffff8b1e3760 R09: ffffffff8dfc8140 [ 235.553128][ T7986] R10: dffffc0000000000 R11: fffffbfff1f11a3f R12: dffffc0000000000 [ 235.553143][ T7986] R13: 0000000000000000 R14: ffff888029776008 R15: ffff888031cc5c40 [ 235.553165][ T7986] ? rt_spin_lock+0x1e0/0x400 [ 235.553200][ T7986] do_exit+0x150/0x22c0 [ 235.553226][ T7986] ? lockdep_hardirqs_on+0x7a/0x110 [ 235.553256][ T7986] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 235.553288][ T7986] ? reacquire_held_locks+0x104/0x190 [ 235.553317][ T7986] ? rt_spin_lock+0x1e0/0x400 [ 235.553342][ T7986] ? __pfx_do_exit+0x10/0x10 [ 235.553373][ T7986] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 235.553410][ T7986] ? rt_spin_unlock+0x160/0x200 [ 235.553438][ T7986] do_group_exit+0x21b/0x2d0 [ 235.553468][ T7986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.553490][ T7986] __x64_sys_exit_group+0x3f/0x40 [ 235.553518][ T7986] x64_sys_call+0x221a/0x2240 [ 235.553542][ T7986] do_syscall_64+0x15f/0xf80 [ 235.553560][ T7986] ? trace_irq_disable+0x3b/0x140 [ 235.553583][ T7986] ? clear_bhb_loop+0x40/0x90 [ 235.553609][ T7986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.553628][ T7986] RIP: 0033:0x7f59039ecdd9 [ 235.553645][ T7986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 235.553662][ T7986] RSP: 002b:00007ffe26e355c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 235.553681][ T7986] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f59039ecdd9 [ 235.553695][ T7986] RDX: 0000001b31a24000 RSI: 0000000000000024 RDI: 0000000000000000 [ 235.553708][ T7986] RBP: 00007ffe26e3562c R08: 0000000000000006 R09: 00000000000927c0 [ 235.553721][ T7986] R10: 00000000003ff5f0 R11: 0000000000000246 R12: 0000000000000096 [ 235.553734][ T7986] R13: 00000000000927c0 R14: 0000000000038418 R15: 00007ffe26e35680 [ 235.553766][ T7986] [ 235.554094][ T7986] Kernel Offset: disabled