last executing test programs: 24m33.613528849s ago: executing program 0 (id=110): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r0, &(0x7f00000004c0)='./file0\x00', 0x0) 24m33.302801401s ago: executing program 0 (id=113): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x101}, 0x18) write$tun(0xffffffffffffffff, &(0x7f0000000840)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x8000, 0x0, 0x2}, @mpls={[], @ipv4=@igmp={{0x1c, 0x4, 0x3, 0x7, 0x136, 0x67, 0x0, 0x4, 0x2, 0x0, @multicast2, @rand_addr=0x64010104, {[@noop, @timestamp_addr={0x44, 0x2c, 0xf0, 0x1, 0x4, [{@broadcast, 0x3}, {@local, 0x9}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x9}, {@rand_addr=0x64010102, 0x7}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x8}]}, @timestamp_addr={0x44, 0x2c, 0x9d, 0x1, 0x8, [{@rand_addr=0x64010101, 0xb7c}, {@empty}, {@broadcast, 0x3ff}, {@broadcast, 0xb}, {@empty, 0xffff}]}]}}, {0x17, 0x87, 0x0, @dev={0xac, 0x14, 0x14, 0xe}, "51a6e95021d2d22149b79942a8da67cd8e3467229469420b97517c5a5aebddf2dbcd155903a9c88aee232cf1009159e0c358974d5a8da9a649741966cdce430b50bafb3accb9bd6944d13bdfe7e0f4e6d9315201256441c80ceb8747187f8975d7ef900c9687d021da9716d352917fe8033ea4310121bb0d9cec34a2fba2e05ad69f6026eec5900d557cb07615c3b89edcba7f13839a7a83bb35c6a821cd51e54a16d9cd7abd21aca9d4c092df7a0a46e0d85234276a09912d5f6f5b1965"}}}}, 0x144) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x10, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="18080000a800000000000000fcffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500200000000000b7020000000000007b9a00fe00000000b5090800000000007baaf0ff00000000be9800000000000004080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf9100000000000076080000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd4}, 0x9c) ioctl$int_in(r0, 0x5421, &(0x7f0000000580)=0x8) syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c20000000800450000b0000000000011907800000000000000004e214e20009c907801000000030000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a06883ad5c8c82b8af584cbf2600fcffffbc43efa8698d26881c51852e4451b57d037ad3c0459428242588eb17b53ae414015acd0000000000bcfd56f1375461caaa2f19935e6996c7096ffeeb03000000000000649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe09"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socket$alg(0x26, 0x5, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 24m31.198650437s ago: executing program 0 (id=116): r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "34e9309cbb8a092288d72ddcebea6c1f416164517cb8e76702eae32ba7ca3d6dbff379c7e159bd0d69bd5a345ab991343d39c89e0000000000004e00", 0x28}, 0x48, 0xfffffffffffffffe) keyctl$setperm(0x5, r0, 0x519100d) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) keyctl$setperm(0x5, r0, 0x4000000) keyctl$get_security(0x11, r0, 0x0, 0x0) 24m30.396309628s ago: executing program 0 (id=118): r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x42ba) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 24m29.064635219s ago: executing program 0 (id=120): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_clone(0xb21e0000, 0x0, 0x1e, 0x0, 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(r5, 0x3b88, &(0x7f0000000100)={0xc}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000240)={0x0, 0x20}, 0x8) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c491}, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x3e, 0x0, 0x0) getsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000200), 0x10) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=ANY=[@ANYBLOB="54000000090605fb0000002000000000010000050900020073797a30000000000500010007000000080009400000000124000880100007800a00110001"], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) 24m21.146405404s ago: executing program 0 (id=128): r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x42ba) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r5 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r6 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 24m5.467593649s ago: executing program 32 (id=128): r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0x42ba) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r5 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r6 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 22m53.954105241s ago: executing program 1 (id=210): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_io_uring_setup(0x1238, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x0, 0x40000ab9}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x0, 0x0}) r4 = landlock_create_ruleset(&(0x7f0000000000)={0x17ef, 0x2}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x26200) sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x50, 0x7, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_COMPAT={0x3c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8863}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x32}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}]}, 0x50}}, 0x40811) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, 0x0, 0x0) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, r0) 22m52.630739696s ago: executing program 1 (id=212): r0 = socket$alg(0x26, 0x5, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000080)=0x1) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prlimit64(r3, 0x9, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58) r5 = semget$private(0x0, 0x5, 0x0) semop(r5, &(0x7f00000003c0)=[{0x1}], 0x1) r6 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40040}], 0x1, 0x8040) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r6) 22m50.324706982s ago: executing program 1 (id=214): pwritev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000080)="705ae1b85c8cf816d6ad853f7af76a730b6f95d55b7107922704f442df3f2eab089b780f8acc69fd3e1835035e0e6d0ab4a6d9a0722b8c873e96b52b78c162ad67638a6b81524dc31730c1899a970bae24329584caf84108c83b32a7374f89", 0x5f}, {&(0x7f0000000100)="09cd60c682da14910a44368ded8283895486ab389f19a5f4bbbc35831341bea5d9c72134972b3946cb99f8d953fd0617cb9ff43a3b100d8b09a170cada38da6e0ed0af865fd47ec27f12844eaa31bbe7bdee0b1887d430f8d18ece2326a562bd75a8609cc059d3bf764fe8b8977797c8c6f18ad3218fc854ec916bd114609f1dcb556e004e57b403e324b089b4ef599196ab9c53ca9400df7c153515d1d8c489a3cc0b1f570b2e40ed758fabf970a201a2b7249ccbade65b30e13a42685129ca2b30ae24eff4738136684543b76dfce03ba7d649f7ee7cdf7f2d7ffb", 0xdc}, {&(0x7f00000002c0)="486da3279e2b993be0c3219349839b990e95293a8cb804293457cde1a27eaa84811315d8a78ac51f75413d985e8551ba6302c59ae0595f21e1a8185e55f59b30cbab459eb60a7fd3abeebf4b1ab2c4cd4da614429ad6479c1246a041b1f89e8eeec93380b72bb82747eee6882d54339012feb68712575114936486fc7911f81a75b4d7aae8aa4260ab3a066debb8ee00beff5e7a1cc91e3dfeb5090c849c6b192ac09fa9aff13082c1041734bb2bf2d8bf5485d5be7d6a30d4797341", 0xbc}, {&(0x7f0000000380)="0053213a017abb4b6f2c6edd7e36062b6815aea1969bea73cd183b95563ffbc1b38fccd6c4356b4cce287b7160473a7e65fab79deaa9932aa72205686564ba62f3d22b1fe0094e846e0c063b0d4e3c96103277415da5b397d6476d6121dba9f4f67bc7f2b633a28eb2ae73d2c54b158a1a1a566f87df3ab1c914b7217cc70a8dec32728c9104de987857e40626cc5faa420a6c1d712b3e491588d76780adc8192758b82867905dee785d9be0374c5f1cd02473932bc2c0f4f459ef2635110e961099e05e7d09ed6ce21ed89b13eafb95826efc60104a0250361b677089802d7694da862193114802640997aee25f82a282e4cab5d9e4bfffbb8c6275e10ef3", 0xff}, {&(0x7f0000000480)="8f030c3592fc2cafe7fdc2eb162fe6be422d52894feb4441bb3d00a4db69e9debd0f3d56f5bd324468244deeb7938a798056a9e5c533a0bbbae74275a7d99b3150259d3801472e8b46b6f2195413f48a7ec773aa9d4f63ea223b51de270120b3ff8361b5b1e1d7c3bcfd0d1b4b4bf59832eb8f82e089eae28fae142d9d3e54454a059377d4ad33ff7cfc643434066e28da48d688f25b77f785640203261bf2afad93bc9cc47a29d9aa6ab104496227bd82f2b41f948622d02b7c83b5f7e49de33a4b3ab587e06935968785ba63c9fa135e7b3fd6690f4e8b3636f009852c602db39a171bc9d5fc", 0xe7}, {&(0x7f0000000580)="8b3b45fac33beec8bb6959e414abaad960dafd11914c184a6c049de647a972eba2364283195e9d17166487a68f9035e377d4e431a59a95ec16fdcbb0967f472928b893dc28e93d372b077533bbe84d74a9ea59d0bd4b182a069b1647f5a5d2eea26e677f98efb626e41ba3311ca8ff889c6618546715c47f422ef60c7bd1c7a071570a9017cf55951f4c287ff91359133d09ddfedbc26ef720faceaeb16554f0f54fab02390be334ae26a17ccf3867e2611e97", 0xb3}, {&(0x7f0000000640)="48ba51240c60677e3392b33f9a364e6af10b396f349bc1973bcc465af83fddefaf382556ae473596a2f0c8994011fef453c12b756751f42057134e8f484ffb6c9fef7f1e6fe16633925d034fb3c837cd4b25c65664df5ed38d5b6153546c537b6355581957d142b08be126bff6ce3505df430d2df8914036d0a7fdb0cd531df9bd1a2103d06ac5672b48cd7369669fa1fba636184d02cbfeef", 0x99}], 0x7, 0x400, 0x3) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, 0x0, &(0x7f0000000000)=0xa4f6455e162caeb7) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x3, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0xfd, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r9 = dup(r8) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0) r11 = syz_open_dev$sndctrl(&(0x7f0000000700), 0x20000, 0x800) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r11, 0xc0045540, &(0x7f0000000040)=0x772) 22m38.038489535s ago: executing program 1 (id=221): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_io_uring_setup(0x1238, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x0, 0x40000ab9}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x0, 0x0}) r4 = landlock_create_ruleset(&(0x7f0000000000)={0x17ef, 0x2}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x26200) sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x50, 0x7, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_COMPAT={0x3c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8863}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x32}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}]}, 0x50}}, 0x40811) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, 0x0, 0x0) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, r0) 22m34.365230619s ago: executing program 1 (id=228): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) getsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_clone(0xb21e0000, 0x0, 0x1e, 0x0, 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(r5, 0x3b88, &(0x7f0000000100)={0xc}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000240)={0x0, 0x20}, 0x8) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c491}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) fcntl$setownex(r7, 0xf, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=ANY=[@ANYBLOB="54000000090605fb0000002000000000010000050900020073797a30000000000500010007000000080009400000000124000880100007800a00110001"], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) 22m32.268351345s ago: executing program 1 (id=229): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r0 = socket(0xa, 0x5, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000008400005807000000ac1414aa000000002000000000000000840000000800000020010000000000000000000000000000180000000000000084"], 0x50, 0x4855}, 0x24000052) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r1 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x3f, 0x0, 0x1fd, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r5, 0x25, 0x0, @void}, 0x10) r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r8, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/51, 0x0}) r9 = eventfd2(0xe3, 0x800) ioctl$VHOST_SET_LOG_FD(r8, 0x4004af07, &(0x7f0000000380)=r9) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000000340)) r11 = dup(r10) ioctl$VHOST_NET_SET_BACKEND(r8, 0x4008af30, &(0x7f00000003c0)={0x1, r11}) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8932, &(0x7f0000000900)={'wlan1\x00', @random}) r12 = socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x7b, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r12, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x8}, &(0x7f0000000080)=0x8) 22m17.132527759s ago: executing program 33 (id=229): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r0 = socket(0xa, 0x5, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000008400005807000000ac1414aa000000002000000000000000840000000800000020010000000000000000000000000000180000000000000084"], 0x50, 0x4855}, 0x24000052) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r1 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x3f, 0x0, 0x1fd, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r5, 0x25, 0x0, @void}, 0x10) r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r8, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/51, 0x0}) r9 = eventfd2(0xe3, 0x800) ioctl$VHOST_SET_LOG_FD(r8, 0x4004af07, &(0x7f0000000380)=r9) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000000340)) r11 = dup(r10) ioctl$VHOST_NET_SET_BACKEND(r8, 0x4008af30, &(0x7f00000003c0)={0x1, r11}) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8932, &(0x7f0000000900)={'wlan1\x00', @random}) r12 = socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x7b, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r12, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x8}, &(0x7f0000000080)=0x8) 15m39.933609255s ago: executing program 2 (id=726): cachestat(0xffffffffffffffff, 0x0, 0x0, 0xee) ioctl$BLKFINISHZONE(0xffffffffffffffff, 0x40101288, &(0x7f00000000c0)={0x9, 0x6fe4}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x20008014) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x529ae000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000100000027bf0000000500"], 0x48) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r4, 0x0) (fail_nth: 6) ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000380)={0x0, 0x3, [0x4, 0x1b, 0x2b, 0x8, 0x8000, 0x1]}) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 15m38.96588791s ago: executing program 2 (id=727): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10001, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 6) 15m38.529571362s ago: executing program 2 (id=729): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x84, 0x4, 0x0, @loopback, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x40, 0x0, 0x0, 0x1}}) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x151}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14a0}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4840) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}}, 0x40) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x282, 0x0) write$snapshot(r3, &(0x7f00000003c0)="bfe44175c443c0eb9cdc0869173c02d9fe899fd90b2b6b2ca62db11130a91549355faf19407bf87d2244eba67a3660b325d527a4903794662d39b0cf97bdc4f51cb4427b2ac05a3ba03944e574ec0dd975a08ed62c4d77cf507752f531b6d7aafb625e0b10e2f760642f5320b5d2b4422653747db989d5355b9b5fde385795db6a12f7270dfd3fccfadec1181048ed1b", 0x90) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 15m27.629436654s ago: executing program 2 (id=742): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x128, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @lifetime_val={0x24, 0x9, {0xb4, 0x8000000000000001, 0xb4, 0x5}}]}, 0x128}}, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) futex_waitv(&(0x7f0000007840), 0x0, 0x0, 0x0, 0x1) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f00000000c0)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x5a, 0xb400, 0x2, 0xfeffff7f00000001, 0x0, 0x60000}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 15m22.284968269s ago: executing program 2 (id=746): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='mm_lru_activate\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 15m17.036023942s ago: executing program 2 (id=750): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400}) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x48) close(0x3) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'lo\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='siox_get_data\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r7, r6, &(0x7f00000000c0)=0x8b, 0x100000500) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x100819, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="2cc7276489bb12c8234414d46c7766646e6f3d9720d0a4f1bb034030519f1bf4f46fcde4cd0ed2619af9a42b861f04e6cb4dfc276f6f3b2846987a3ecb216c4b3bf868bf7c5fcca7dfd6fb51545530afc6dd54d7c501320fa934eea36e24197ee63272caf0b2125c4db35ef2bf23466e4f5a4b350a5a39b3905091edd16c1f55d37e6ef7d790c8071cafae52b15a54e4d3f278c7258ce5e94b61a57351f1b6eacb", @ANYRESHEX=r2, @ANYBLOB=',cache=none,\x00']) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000000)) 15m1.191134872s ago: executing program 34 (id=750): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400}) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x48) close(0x3) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'lo\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='siox_get_data\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r7, r6, &(0x7f00000000c0)=0x8b, 0x100000500) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x100819, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="2cc7276489bb12c8234414d46c7766646e6f3d9720d0a4f1bb034030519f1bf4f46fcde4cd0ed2619af9a42b861f04e6cb4dfc276f6f3b2846987a3ecb216c4b3bf868bf7c5fcca7dfd6fb51545530afc6dd54d7c501320fa934eea36e24197ee63272caf0b2125c4db35ef2bf23466e4f5a4b350a5a39b3905091edd16c1f55d37e6ef7d790c8071cafae52b15a54e4d3f278c7258ce5e94b61a57351f1b6eacb", @ANYRESHEX=r2, @ANYBLOB=',cache=none,\x00']) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000000)) 14m28.555571259s ago: executing program 4 (id=803): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000030000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f01000000010000006e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b98d2de10c21d3ea02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d000000200008000000000000001abc11c800000000000000000000000928ee53595a779d243a48cea769470424d20a04c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e495f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e4a48dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde05c10809c9edfa6d77c652fd742e6dad13d2a397bebe3ea8bc087d3720e2202f36c7719ae34f042e19dc08a3323a3d94098a7ec171469352bab1662c3e4d4803c565cfcce32dad628fade43a4844abb230ce608726fd87e93c405a96cf638c41510f26e9da5f316"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x62, 0xfe, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c961e5f3762a51fe4c736edec6f", &(0x7f0000000440)=""/254, 0x2f00, 0x0, 0xff, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x10000}, 0x24) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0) write(r5, &(0x7f0000000040)="0600", 0x2) sendfile(r5, r5, &(0x7f0000001000), 0xffff) 14m25.312467861s ago: executing program 4 (id=805): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x61709000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x4, @mcast1}, 0x1c, 0x0}}], 0x1, 0x2404f715) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c93010000c00050017e308000600fe"], 0x15) close(r7) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r8, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x200880c0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x567742, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x2, 0x3a0, 0x5}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000080), &(0x7f0000000240), 0x1800, r9}, 0x38) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r9, &(0x7f0000000080), &(0x7f0000000540)=""/240}, 0x20) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="7472616e733db41d2c7266646e6f3d", @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',\x00']) 14m24.033207779s ago: executing program 4 (id=809): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c000180060200a9903900001000"], 0x34}, 0x1, 0x0, 0x0, 0x4004095}, 0xc000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000003"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000) socket$nl_netfilter(0x10, 0x3, 0xc) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x10, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x91, 0x1, 0x1, 0x8}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x141101) r3 = getpid() ptrace$setopts(0x4200, r3, 0x676, 0x62) socket(0xa, 0x1, 0x84) r4 = dup(r2) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x44}}, 0x20000490) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffd, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad, 0x3, 0xc2c5}, 0x0, 0x0) pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x5e51, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x4000007, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0) 14m18.360924656s ago: executing program 4 (id=816): r0 = socket$nl_audit(0x10, 0x3, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f5, 0x1, 0x70bd28, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 14m17.326143961s ago: executing program 4 (id=819): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000003e, 0x0) read$msr(r4, &(0x7f0000000400)=""/102400, 0x19000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="7667aa", @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_default\x00', 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000c40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) 14m15.727267602s ago: executing program 4 (id=820): syz_usb_connect$cdc_ncm(0x6, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000003040)={&(0x7f0000002d40), 0x6e, 0x0}, 0x0) syz_clone(0xe50c1700, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000000040), 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 14m0.427239177s ago: executing program 35 (id=820): syz_usb_connect$cdc_ncm(0x6, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000003040)={&(0x7f0000002d40), 0x6e, 0x0}, 0x0) syz_clone(0xe50c1700, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000000040), 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 8m48.988335799s ago: executing program 3 (id=1126): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0f000000040000000400c7e06ee500001200000030b93d28f13835c1b6c440bb08ef16e673f83baf54c63eb6bdeaf3b71ef486aa741b71c2230b9c080acfce2414c948a058dce0fba5ce82b326254df317eb7ea19540976b8c9e8d34f7f7b340467f52f6515d19d7396c04a660275a6b752beb57ca3e43114d38f86c0135f863781d4aadb3285c6727bc7ea7c5ab02e9993b3e0923e78453dbd89b798c97b53dca82dc4f7658d694", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r8, 0x5406, &(0x7f0000000200)={0x40, 0x0, 0x0, 0x8006, 0x3, "5f7300fbffffff00"}) ioctl$TIOCL_GETMOUSEREPORTING(r8, 0x5412, &(0x7f00000006c0)=0x16) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$cgroup2(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580), 0x2, &(0x7f00000005c0)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, '\'^])'}}]}) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) fsopen(&(0x7f0000000180)='ntfs3\x00', 0x0) close_range(r10, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SOUND_PCM_READ_BITS(r11, 0x80045005, &(0x7f0000000180)) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYRES32=r9, @ANYBLOB="0500"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) 8m47.300728808s ago: executing program 3 (id=1129): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) read(r2, &(0x7f0000000140)=""/116, 0x74) syz_io_uring_complete(r1) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000400)={0x0, 0x0, @pic={0x1, 0x40, 0xfd, 0xc8, 0x0, 0xe2, 0x5, 0xb7, 0x1, 0x2, 0x7, 0xf, 0xe, 0x40, 0x6, 0xfe}}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x1}, {0xa, 0x4e22, 0x4, @remote, 0x80000000}, r3, 0xfffffe4d}}, 0x48) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24000010) r4 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="ac0000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c00010a0000008005000100000000002c00018014000300fe8000000000000000000000000000aa14000400fc00000000000000000000000000000108000740000000071800068014000500fe800000000000000000000000000031"], 0xac}}, 0x0) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r6, 0x2, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) r8 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000240)={'vcan0\x00', 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f0000000100)=0x8, 0x4) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f00000001c0)={0x0, 'gre0\x00', {0x4}, 0xf}) bind$can_j1939(r8, &(0x7f0000000340)={0x1d, r9, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r4, 0x1, 0x2f, &(0x7f0000000040)=0x9, 0xfffffffffffffcc9) 8m44.939006798s ago: executing program 3 (id=1131): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='syscall\x00') r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) eventfd(0x80000000) syz_io_uring_setup(0x189, &(0x7f0000000400)={0x0, 0x341a, 0x13100, 0x2, 0x4}, &(0x7f0000000300)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {0xe091}}) ioctl$VIDIOC_SUBDEV_G_SELECTION(0xffffffffffffffff, 0xc040563d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {0x10000, 0x4, 0x40, 0x4}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r6, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r6, &(0x7f0000000900)=[{{0x0, 0x60, 0x0}}], 0x40000cf, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 8m41.449139431s ago: executing program 3 (id=1134): socket$inet6(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x6, 0x4, 0x3, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00001800000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'veth1_virt_wifi\x00', &(0x7f0000000040)=@ethtool_eee={0x44, 0x1, 0x3, 0x400, 0x3, 0x7, 0x15ac, 0xf, [0x4, 0x8]}}) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c) read$eventfd(r2, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, 0x40, 0x107, 0xfffffefe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x6, 0xc, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd) 8m38.561436166s ago: executing program 3 (id=1137): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) setrlimit(0x7, &(0x7f0000000080)={0x69, 0x2}) ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40043d0d, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000300), r3) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b", 0xb}], 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000019140000001100"], 0xd8}}, 0x80) syz_genetlink_get_family_id$netlbl_mgmt(0x0, r3) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r6, 0xc10c5541, &(0x7f0000000280)={0x0, 0xd, 0x1}) lseek(r6, 0xbe93, 0x3) r7 = accept4(r5, 0x0, 0x0, 0x80800) recvmmsg$unix(r7, &(0x7f0000003700), 0x0, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) 8m37.384592328s ago: executing program 3 (id=1139): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) io_uring_enter(r3, 0x1bb0, 0x90e5, 0x44, &(0x7f00000000c0)={[0x6]}, 0x8) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x28, r1, 0x5, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x61a7}]}]}, 0x28}}, 0x0) 8m22.101983203s ago: executing program 36 (id=1139): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) io_uring_enter(r3, 0x1bb0, 0x90e5, 0x44, &(0x7f00000000c0)={[0x6]}, 0x8) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x28, r1, 0x5, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x61a7}]}]}, 0x28}}, 0x0) 1m37.180019487s ago: executing program 6 (id=1927): unshare(0x2000400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x103a42, 0x0) copy_file_range(r0, 0x0, r0, 0x0, 0x9, 0x0) 1m37.121898004s ago: executing program 6 (id=1928): syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x56, 0x54, 0x48, 0x20, 0x5e1, 0x408, 0x2511, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2e, 0xc2, 0x5d, 0x0, [], [{{0x9, 0x5, 0x3, 0x1}}, {{0x9, 0x5, 0x8, 0x0, 0x0, 0x4}}]}}]}}]}}, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='}\x00') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x1}, @IFLA_BOND_MIIMON={0x8, 0x3, 0x10}, @IFLA_BOND_ACTIVE_SLAVE={0x8}]}}}]}, 0x4c}}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = syz_usb_connect$cdc_ecm(0x1, 0x103, &(0x7f0000000880)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xf1, 0x1, 0x1, 0xa7, 0x20, 0xe, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0xff, {{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x5, 0x40, 0x8}, [@acm={0x4, 0x24, 0x2, 0xc}, @mdlm_detail={0xa2, 0x24, 0x13, 0x2, "17894243911b095e4dd922a10d365f2fe4ac994ead1b3af3103deb561f3322719db46ce51426ffdbd72fbb58eb09fb1a5556fd8a7a319fce49b028db5403a1176a91c87302fc701e89c6cec77885c8dbf5516694681bad64c33c82a637ee8a3e303d6c3910b0903b8c33770990f83e6dacf77561087be6ef4462716525179622cfe41cf4ca95d55b300c63980dd93bd56699c09947888aa2a2669e2da1bc"}, @network_terminal={0x7, 0x24, 0xa, 0x3, 0x10, 0x3, 0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4, 0x3, 0x10}}], {{0x9, 0x5, 0x82, 0x2, 0x8, 0x9, 0x9c, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x9, 0x81, 0xf}}}}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0xff, 0x86, 0x6, 0x10, 0x8}, 0xa5, &(0x7f0000000440)={0x5, 0xf, 0xa5, 0x4, [@ptm_cap={0x3}, @generic={0x75, 0x10, 0x4, "20120072f25e77d332d791bdc0a57f8064bbc6ad80a2fa5cc4a21830bddc8acca1acee9a6c8cce39033b5f9a91468f898882f928f719e831a4db1d53a481e5e73fda6b58b9e0ae11d2ba1f405ee4491624f3da6f98ca5fce4e2b8d922ab4f43b39005a396ae2fb683d0ca0ff70f80b3065f1"}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "40d3ffbc63daa03792ac34f2881813df"}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "9e95249c756a96350723801fc04331df"}]}, 0x1, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x422}}]}) syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000a40)={0xc, 0x0, &(0x7f0000000a00)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000b80)={0x10, &(0x7f0000000a80)={0x40, 0xe, 0x5b, "9856e4f98b03817cfe344550c28fa7f5db97615d08ca2eaa4b896ff32fdff2470c498cac1345690aaedcc894d0767443f7fab90e13ac5a1af6c16c40805c2cc3bfe57ca07ea386f576399a3d667afcbfedf512509bcf9f3658164c"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xc}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0x9}}) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x0, @local}, 0x2}}, 0x26) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x1c, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x80, 0x1}}, 0x1c}}, 0x0) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x3c, r5, 0x1, 0x60bd27, 0x0, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x1f9e}]}, 0x3c}}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800) openat$pfkey(0xffffff9c, &(0x7f0000000640), 0x180, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r9 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) connect$can_bcm(r9, &(0x7f00000000c0)={0x1d, r10}, 0x10) 1m35.398103909s ago: executing program 6 (id=1942): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f0000000200)='x'}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x10, 0x0, &(0x7f00000025c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) 1m34.232858187s ago: executing program 6 (id=1947): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000600000008e0859e2f6f0000001d00230080040000ef9d9581fc00000000dbbf50ad1f4644e36cd75d7c39498aadc37c15d45815e7208528760f3d7af49a8689e1e6da633094d3280ad682b3c133987bef4658becd1e7369e2bb334ba17a701acd0fdafe569f2a8e2a1d9bfaeba862cdec149335026cfff52d6814684e8658ab30015a812b560fd31b401c458b871e71b1152ec7b6708c3cd8fb9d87ca7b2894905a20e904cfec44fe024abd895e12acd353dfd8b55a8ad93d2d6f74e431139a95908da70600baab601680c82ce3c9da01a850fe811fa3b7a3e1c30552ecd3e785ad8ba9", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000004600)=[{{0x0, 0x0, &(0x7f0000002100)=[{&(0x7f0000001fc0)=""/217, 0xd9}], 0x1}, 0x3b83}], 0x1, 0x20001000, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0x8, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xa, 0x4}, {0xf, 0xffff}, {0xfff1, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) 1m32.44656812s ago: executing program 6 (id=1955): rseq(0x0, 0x0, 0x0, 0x0) syz_clone(0x800211, 0x0, 0x0, 0x0, 0x0, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x300) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9) r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) 1m29.887315254s ago: executing program 6 (id=1960): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x74, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_u32={{0x8}, {0x48, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xd, 0x1, 0x3, 0x1, 0x4, 0x401, 0xe, 0xfffffffa, [{0x200, 0x500, 0x3, 0xe}, {0x6783, 0x2, 0x8001, 0x10}, {0x40000, 0x53, 0xa9, 0x80000001}]}}]}}]}, 0x74}}, 0x20000000) 1m28.345553762s ago: executing program 5 (id=1963): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x2ffe, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) 1m26.482219205s ago: executing program 5 (id=1964): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500), 0x800, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) 1m24.200262299s ago: executing program 9 (id=1967): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000030900010073797a310000000054000000030a010400000000000000000100ffff0900030073797a310000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000140004"], 0xe8}}, 0x0) 1m24.102635615s ago: executing program 5 (id=1968): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x600a4, 0x50}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0x7}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8840}, 0x0) 1m23.40938722s ago: executing program 9 (id=1970): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000002c0), 0x4) 1m22.652854072s ago: executing program 9 (id=1972): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2], 0x48}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}, {0xfff0}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xffff, 0x5}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008854}, 0x4010) 1m22.105041721s ago: executing program 5 (id=1973): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x7f) 1m21.969657178s ago: executing program 9 (id=1975): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x8800) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000000c0)=0xfff) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) 1m20.918527818s ago: executing program 5 (id=1977): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x48, 0x10, 0x439, 0x70bd23, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, 0xb881}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24008007}, 0x4040844) sendto$packet(r0, &(0x7f0000000640)="e8b770", 0x3, 0x40, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x0, 0x6, @local}, 0x14) 1m18.311569152s ago: executing program 9 (id=1980): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x10) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f0000000140)) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r1, 0x9c3fa077fa966179, 0xfffffffd, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) 1m18.109968074s ago: executing program 5 (id=1981): socket$key(0xf, 0x3, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x39}}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m16.798638725s ago: executing program 7 (id=1982): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4000004) 1m15.432353955s ago: executing program 7 (id=1984): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000000)=0xd, 0x4) sendto$inet6(r0, &(0x7f0000000080)="ac", 0x34000, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0x8, @loopback, 0xc5f}, 0x1c) 1m15.336795709s ago: executing program 9 (id=1985): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x4000841) listen(r0, 0x2000fff) openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0xc8e00, 0x80, 0x1}, 0x18) r1 = socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000000c0)={r3}, 0xc) 1m14.187810578s ago: executing program 37 (id=1960): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x74, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_u32={{0x8}, {0x48, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xd, 0x1, 0x3, 0x1, 0x4, 0x401, 0xe, 0xfffffffa, [{0x200, 0x500, 0x3, 0xe}, {0x6783, 0x2, 0x8001, 0x10}, {0x40000, 0x53, 0xa9, 0x80000001}]}}]}}]}, 0x74}}, 0x20000000) 1m13.577570171s ago: executing program 7 (id=1989): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x1cb) r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000780), 0x2, 0x0) ioctl$VIDIOC_DQBUF(r1, 0xc04c5611, &(0x7f0000000880)=@multiplanar_fd={0x0, 0x9, 0x4, 0x10, 0x5, {0x0, 0xea60}, {0x2, 0x0, 0x4, 0x3, 0x2, 0x2, "03028153"}, 0x6, 0x4, {0x0}, 0x59, 0x0, r0}) 1m12.334035242s ago: executing program 7 (id=1991): setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f00000002c0), 0x4) 1m10.985693897s ago: executing program 7 (id=1992): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000200)={0xff7e, 0xd, 0x8, 0xb3, 0xc, "7fff7a2004dc17a8"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x4) 1m9.351813265s ago: executing program 7 (id=1993): socket$key(0xf, 0x3, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) socket(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x6, 0x9}, 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m2.51785842s ago: executing program 38 (id=1981): socket$key(0xf, 0x3, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x39}}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 59.073036862s ago: executing program 39 (id=1985): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x4000841) listen(r0, 0x2000fff) openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0xc8e00, 0x80, 0x1}, 0x18) r1 = socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000000c0)={r3}, 0xc) 53.637163144s ago: executing program 40 (id=1993): socket$key(0xf, 0x3, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) socket(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x6, 0x9}, 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 34.10219188s ago: executing program 8 (id=2009): socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x14, 0x2, 0x6, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r2 = socket$inet(0x2, 0x2, 0x1) bind$inet(r2, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) r3 = socket$inet(0x2, 0x2, 0x1) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0) 29.414865259s ago: executing program 8 (id=2010): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x8800) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) 28.604791478s ago: executing program 8 (id=2011): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xcc}}, 0x0) 26.103719843s ago: executing program 8 (id=2012): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1}) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) 24.190055297s ago: executing program 8 (id=2013): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x38, r3, 0x1, 0x2, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}]}, 0x38}}, 0x4000000) 16.268330673s ago: executing program 8 (id=2014): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000200)={0x0, 0x6000, 0x8}) 0s ago: executing program 41 (id=2014): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000200)={0x0, 0x6000, 0x8}) kernel console output (not intermixed with test programs): , idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 1372.797759][ T6666] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1372.825523][ T6666] usb 9-1: config 0 descriptor?? [ 1373.593461][ T6666] uclogic 0003:145F:0212.0009: interface is invalid, ignoring [ 1373.902794][ T9336] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260 [ 1373.903892][T12127] team0: Port device team_slave_0 added [ 1373.925346][T12127] team0: Port device team_slave_1 added [ 1373.979403][T12371] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1438'. [ 1374.033836][T12379] FAULT_INJECTION: forcing a failure. [ 1374.033836][T12379] name failslab, interval 1, probability 0, space 0, times 0 [ 1374.033879][T12379] CPU: 0 UID: 0 PID: 12379 Comm: syz.5.1441 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1374.033930][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1374.033953][T12379] Call Trace: [ 1374.033965][T12379] [ 1374.033980][T12379] dump_stack_lvl+0xe8/0x150 [ 1374.034020][T12379] should_fail_ex+0x46c/0x600 [ 1374.034052][T12379] ? skb_clone+0x212/0x3a0 [ 1374.034074][T12379] should_failslab+0xa8/0x100 [ 1374.034090][T12379] ? skb_clone+0x212/0x3a0 [ 1374.034110][T12379] kmem_cache_alloc_noprof+0x84/0x6c0 [ 1374.034149][T12379] ? sk_filter_trim_cap+0x1e1/0xd60 [ 1374.034178][T12379] skb_clone+0x212/0x3a0 [ 1374.034202][T12379] __netlink_deliver_tap+0x404/0x850 [ 1374.034238][T12379] ? netlink_deliver_tap+0x2e/0x1b0 [ 1374.034261][T12379] netlink_deliver_tap+0x19c/0x1b0 [ 1374.034283][T12379] netlink_dump+0x92b/0xe90 [ 1374.034312][T12379] ? __pfx_netlink_dump+0x10/0x10 [ 1374.034344][T12379] ? netlink_recvmsg+0x5b2/0xa30 [ 1374.034366][T12379] ? netlink_recvmsg+0x5b2/0xa30 [ 1374.034391][T12379] netlink_recvmsg+0x676/0xa30 [ 1374.034420][T12379] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1374.034445][T12379] ? __lock_acquire+0x6b6/0x2cf0 [ 1374.034469][T12379] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 1374.034492][T12379] ? security_socket_recvmsg+0x7e/0x2e0 [ 1374.034514][T12379] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1374.034536][T12379] sock_recvmsg+0x22c/0x270 [ 1374.034564][T12379] ____sys_recvmsg+0x1ce/0x470 [ 1374.034592][T12379] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1374.034626][T12379] ? import_iovec+0x74/0xa0 [ 1374.034644][T12379] ___sys_recvmsg+0x1b5/0x510 [ 1374.034664][T12379] ? get_pid_task+0x20/0x1f0 [ 1374.034690][T12379] ? __pfx____sys_recvmsg+0x10/0x10 [ 1374.034715][T12379] ? __fget_files+0x2a/0x420 [ 1374.034745][T12379] ? __fget_files+0x3a6/0x420 [ 1374.034769][T12379] __x64_sys_recvmsg+0x19e/0x260 [ 1374.034793][T12379] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 1374.034821][T12379] ? __pfx_ksys_write+0x10/0x10 [ 1374.034853][T12379] do_syscall_64+0xec/0xf80 [ 1374.034869][T12379] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1374.034885][T12379] ? trace_irq_disable+0x37/0x100 [ 1374.034902][T12379] ? clear_bhb_loop+0x60/0xb0 [ 1374.034927][T12379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1374.034943][T12379] RIP: 0033:0x7fa75503f749 [ 1374.034958][T12379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1374.034972][T12379] RSP: 002b:00007fa75329e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1374.034989][T12379] RAX: ffffffffffffffda RBX: 00007fa755295fa0 RCX: 00007fa75503f749 [ 1374.035001][T12379] RDX: 0000000000000120 RSI: 0000200000000100 RDI: 0000000000000003 [ 1374.035012][T12379] RBP: 00007fa75329e090 R08: 0000000000000000 R09: 0000000000000000 [ 1374.035022][T12379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1374.035031][T12379] R13: 00007fa755296038 R14: 00007fa755295fa0 R15: 00007ffc769be728 [ 1374.035056][T12379] [ 1374.641200][T11293] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 1374.793536][T11293] usb 6-1: config 0 has an invalid interface number: 52 but max is 0 [ 1374.793567][T11293] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1374.793589][T11293] usb 6-1: config 0 has no interface number 0 [ 1374.794340][T11293] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1374.794363][T11293] usb 6-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1374.794383][T11293] usb 6-1: config 0 interface 52 has no altsetting 0 [ 1374.794408][T11293] usb 6-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 8.00 [ 1374.794424][T11293] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1374.798639][T11293] usb 6-1: config 0 descriptor?? [ 1374.802948][T11293] hub 6-1:0.52: bad descriptor, ignoring hub [ 1374.802982][T11293] hub 6-1:0.52: probe with driver hub failed with error -5 [ 1374.983746][ T5908] usb 9-1: USB disconnect, device number 17 [ 1375.166339][T11293] input: USB Synaptics Device 06cb:0003 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.52/input/input13 [ 1375.492454][T12127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1375.492470][T12127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1375.492489][T12127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1375.560034][T12127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1375.560051][T12127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1375.560072][T12127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1377.029332][T12127] hsr_slave_0: entered promiscuous mode [ 1377.030476][T12127] hsr_slave_1: entered promiscuous mode [ 1377.043899][T12127] debugfs: 'hsr0' already exists in 'hsr' [ 1377.043930][T12127] Cannot create hsr debugfs directory [ 1377.865671][T11294] usb 6-1: USB disconnect, device number 7 [ 1378.490403][T10006] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1379.333734][ T9336] Bluetooth: hci5: command 0x0406 tx timeout [ 1380.808045][T12407] FAULT_INJECTION: forcing a failure. [ 1380.808045][T12407] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.808071][T12407] CPU: 1 UID: 0 PID: 12407 Comm: syz.5.1449 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1380.808090][T12407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1380.808100][T12407] Call Trace: [ 1380.808106][T12407] [ 1380.808113][T12407] dump_stack_lvl+0xe8/0x150 [ 1380.808139][T12407] should_fail_ex+0x46c/0x600 [ 1380.808165][T12407] should_failslab+0xa8/0x100 [ 1380.808182][T12407] __kmalloc_cache_noprof+0x84/0x6d0 [ 1380.808207][T12407] ? binder_alloc_new_buf+0x27d/0x2fa0 [ 1380.808227][T12407] binder_alloc_new_buf+0x27d/0x2fa0 [ 1380.808248][T12407] ? binder_debug+0x13f/0x1b0 [ 1380.808269][T12407] ? __pfx_binder_debug+0x10/0x10 [ 1380.808291][T12407] ? __pfx_binder_alloc_new_buf+0x10/0x10 [ 1380.808308][T12407] ? __kmalloc_cache_noprof+0x1fb/0x6d0 [ 1380.808337][T12407] binder_transaction+0x23ac/0x6430 [ 1380.808378][T12407] ? __lock_acquire+0x6b6/0x2cf0 [ 1380.808405][T12407] ? __pfx_binder_transaction+0x10/0x10 [ 1380.808435][T12407] ? __might_fault+0xb0/0x130 [ 1380.808460][T12407] ? __might_fault+0xb0/0x130 [ 1380.808499][T12407] binder_ioctl_write_read+0xd6f/0x9ef0 [ 1380.808536][T12407] ? try_to_take_rt_mutex+0x840/0xb00 [ 1380.808570][T12407] ? __lock_acquire+0x6b6/0x2cf0 [ 1380.808595][T12407] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 1380.808617][T12407] ? stack_depot_save_flags+0x33/0x810 [ 1380.808645][T12407] ? do_raw_spin_lock+0x121/0x290 [ 1380.808678][T12407] ? rt_mutex_slowunlock+0x493/0x8a0 [ 1380.808700][T12407] ? reacquire_held_locks+0x104/0x190 [ 1380.808724][T12407] ? rt_spin_lock+0x1c1/0x3e0 [ 1380.808746][T12407] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1380.808799][T12407] ? rt_spin_unlock+0x150/0x200 [ 1380.808839][T12407] ? binder_get_thread+0x178/0x6d0 [ 1380.808869][T12407] binder_ioctl+0x3c8/0x19d0 [ 1380.808895][T12407] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1380.808929][T12407] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1380.808965][T12407] ? do_vfs_ioctl+0xbeb/0x1440 [ 1380.808988][T12407] ? __pfx_binder_ioctl+0x10/0x10 [ 1380.809006][T12407] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1380.809028][T12407] ? __pfx_smack_log+0x10/0x10 [ 1380.809045][T12407] ? smk_access+0x14c/0x4e0 [ 1380.809067][T12407] ? smk_tskacc+0x2fc/0x370 [ 1380.809087][T12407] ? smack_file_ioctl+0x2ac/0x340 [ 1380.809109][T12407] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1380.809136][T12407] ? __fget_files+0x2a/0x420 [ 1380.809152][T12407] ? __fget_files+0x3a6/0x420 [ 1380.809168][T12407] ? __fget_files+0x2a/0x420 [ 1380.809187][T12407] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1380.809212][T12407] ? __pfx_binder_ioctl+0x10/0x10 [ 1380.809229][T12407] __se_sys_ioctl+0xff/0x170 [ 1380.809253][T12407] do_syscall_64+0xec/0xf80 [ 1380.809269][T12407] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.809285][T12407] ? trace_irq_disable+0x37/0x100 [ 1380.809301][T12407] ? clear_bhb_loop+0x60/0xb0 [ 1380.809321][T12407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.809337][T12407] RIP: 0033:0x7fa75503f749 [ 1380.809351][T12407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1380.809365][T12407] RSP: 002b:00007fa75329e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1380.809383][T12407] RAX: ffffffffffffffda RBX: 00007fa755295fa0 RCX: 00007fa75503f749 [ 1380.809402][T12407] RDX: 0000200000000680 RSI: 00000000c0306201 RDI: 0000000000000004 [ 1380.809413][T12407] RBP: 00007fa75329e090 R08: 0000000000000000 R09: 0000000000000000 [ 1380.809423][T12407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1380.809433][T12407] R13: 00007fa755296038 R14: 00007fa755295fa0 R15: 00007ffc769be728 [ 1380.809458][T12407] [ 1380.847156][T12407] binder: 12406:12407 ioctl c0306201 0 returned -14 [ 1382.393988][T10006] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1385.383214][T12425] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1454'. [ 1385.804328][T10006] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1385.871047][T11294] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 1386.021124][T11294] usb 9-1: Using ep0 maxpacket: 8 [ 1386.023054][T11294] usb 9-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 1386.023095][T11294] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1386.028209][T11294] usb 9-1: config 0 descriptor?? [ 1386.243585][T11294] usb 9-1: string descriptor 0 read error: -71 [ 1386.243650][T11294] uvcvideo 9-1:0.0: Found UVC 0.00 device (2833:0201) [ 1386.243680][T11294] uvcvideo 9-1:0.0: No valid video chain found. [ 1386.279031][T11294] usb 9-1: USB disconnect, device number 18 [ 1386.296067][T10006] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1386.543147][T12296] chnl_net:caif_netlink_parms(): no params data found [ 1386.565686][T12301] chnl_net:caif_netlink_parms(): no params data found [ 1386.966653][T12439] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1458'. [ 1387.246758][T12446] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1459'. [ 1388.366845][ T9336] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1388.491776][ T9336] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1388.499551][ T9336] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1388.522221][ T9336] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1388.523340][ T9336] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1389.650598][T12296] bridge0: port 1(bridge_slave_0) entered blocking state [ 1389.650808][T12296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1389.665692][T12296] bridge_slave_0: entered allmulticast mode [ 1389.668451][T12296] bridge_slave_0: entered promiscuous mode [ 1389.684704][T12301] bridge0: port 1(bridge_slave_0) entered blocking state [ 1389.684849][T12301] bridge0: port 1(bridge_slave_0) entered disabled state [ 1389.685113][T12301] bridge_slave_0: entered allmulticast mode [ 1389.687856][T12301] bridge_slave_0: entered promiscuous mode [ 1389.721411][T12301] bridge0: port 2(bridge_slave_1) entered blocking state [ 1389.721569][T12301] bridge0: port 2(bridge_slave_1) entered disabled state [ 1389.721815][T12301] bridge_slave_1: entered allmulticast mode [ 1389.729500][T12301] bridge_slave_1: entered promiscuous mode [ 1389.734976][T12296] bridge0: port 2(bridge_slave_1) entered blocking state [ 1389.735359][T12296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1389.735945][T12296] bridge_slave_1: entered allmulticast mode [ 1389.781061][T12296] bridge_slave_1: entered promiscuous mode [ 1390.051942][ T6238] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1390.201648][T12301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1390.206380][ T6238] usb 6-1: Using ep0 maxpacket: 8 [ 1390.208878][ T6238] usb 6-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 1390.208997][ T6238] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1390.247098][T12296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1390.248352][ T6238] usb 6-1: config 0 descriptor?? [ 1390.267484][T12301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1390.303327][T12296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1390.396915][T10006] bridge_slave_1: left allmulticast mode [ 1390.396973][T10006] bridge_slave_1: left promiscuous mode [ 1390.397269][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1390.469990][T10006] bridge_slave_0: left allmulticast mode [ 1390.470013][T10006] bridge_slave_0: left promiscuous mode [ 1390.474000][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1390.567204][T10006] bridge_slave_1: left allmulticast mode [ 1390.567237][T10006] bridge_slave_1: left promiscuous mode [ 1390.567484][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1390.613980][ T9336] Bluetooth: hci0: command tx timeout [ 1390.617942][T10006] bridge_slave_0: left allmulticast mode [ 1390.619224][T10006] bridge_slave_0: left promiscuous mode [ 1390.619552][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1390.702932][ T6238] usb 6-1: string descriptor 0 read error: -71 [ 1390.702997][ T6238] uvcvideo 6-1:0.0: Found UVC 0.00 device (2833:0201) [ 1390.703027][ T6238] uvcvideo 6-1:0.0: No valid video chain found. [ 1390.705588][ T6238] usb 6-1: USB disconnect, device number 8 [ 1392.885925][ T9336] Bluetooth: hci0: command tx timeout [ 1394.425467][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1394.982911][ T9336] Bluetooth: hci0: command tx timeout [ 1394.984440][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1395.128508][T10006] bond0 (unregistering): Released all slaves [ 1396.331431][T12494] 9p: Bad value for 'wfdno' [ 1397.085626][ T5793] Bluetooth: hci0: command tx timeout [ 1400.561289][T11292] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 1400.732787][T11292] usb 9-1: config 5 has an invalid interface number: 61 but max is 2 [ 1400.732830][T11292] usb 9-1: config 5 has an invalid interface number: 24 but max is 2 [ 1400.732852][T11292] usb 9-1: config 5 has an invalid interface number: 166 but max is 2 [ 1400.732874][T11292] usb 9-1: config 5 contains an unexpected descriptor of type 0x1, skipping [ 1400.732895][T11292] usb 9-1: config 5 has no interface number 0 [ 1400.732914][T11292] usb 9-1: config 5 has no interface number 1 [ 1400.732932][T11292] usb 9-1: config 5 has no interface number 2 [ 1400.732997][T11292] usb 9-1: config 5 interface 61 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1400.733042][T11292] usb 9-1: config 5 interface 24 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 1400.733068][T11292] usb 9-1: config 5 interface 24 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 1400.733097][T11292] usb 9-1: too many endpoints for config 5 interface 166 altsetting 140: 194, using maximum allowed: 30 [ 1400.733151][T11292] usb 9-1: config 5 interface 166 altsetting 140 has a duplicate endpoint with address 0x88, skipping [ 1400.733168][T11292] usb 9-1: config 5 interface 166 altsetting 140 has a duplicate endpoint with address 0x1, skipping [ 1400.733186][T11292] usb 9-1: config 5 interface 166 altsetting 140 has 5 endpoint descriptors, different from the interface descriptor's value: 194 [ 1400.733206][T11292] usb 9-1: config 5 interface 61 has no altsetting 0 [ 1400.733220][T11292] usb 9-1: config 5 interface 166 has no altsetting 0 [ 1400.733791][T11292] usb 9-1: string descriptor 0 read error: -22 [ 1400.733926][T11292] usb 9-1: Dual-Role OTG device on HNP port [ 1400.734190][T11292] usb 9-1: New USB device found, idVendor=0b95, idProduct=1720, bcdDevice=24.00 [ 1400.734209][T11292] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1400.759098][T11292] asix 9-1:5.61: probe with driver asix failed with error -22 [ 1400.763255][T12518] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 1400.763330][T12518] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1400.825505][T11292] asix 9-1:5.24: probe with driver asix failed with error -22 [ 1400.882542][T12518] vhci_hcd vhci_hcd.0: Device attached [ 1400.933474][T12519] vhci_hcd: connection closed [ 1400.991712][T11292] asix 9-1:5.166: probe with driver asix failed with error -22 [ 1401.020227][T11292] usb 9-1: USB disconnect, device number 19 [ 1401.036968][ T1297] vhci_hcd vhci_hcd.5: stop threads [ 1401.037971][ T1297] vhci_hcd vhci_hcd.5: release socket [ 1401.059490][ T1297] vhci_hcd vhci_hcd.5: disconnect device [ 1401.116684][ T867] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 1402.804717][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1403.301405][T12524] 9p: Bad value for 'wfdno' [ 1404.111886][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1404.167610][T10006] bond0 (unregistering): Released all slaves [ 1407.418080][T12301] team0: Port device team_slave_0 added [ 1407.463485][T12296] team0: Port device team_slave_0 added [ 1407.479753][T12301] team0: Port device team_slave_1 added [ 1407.575742][T12296] team0: Port device team_slave_1 added [ 1407.791110][T11293] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 1407.951176][T11293] usb 9-1: Using ep0 maxpacket: 8 [ 1407.994058][T11293] usb 9-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 1407.994092][T11293] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1408.073642][T11293] usb 9-1: config 0 descriptor?? [ 1408.628416][T10006] hsr_slave_0: left promiscuous mode [ 1408.661052][T10006] hsr_slave_1: left promiscuous mode [ 1408.662296][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1408.703679][T11293] usb 9-1: string descriptor 0 read error: -71 [ 1408.703741][T11293] uvcvideo 9-1:0.0: Found UVC 0.00 device (2833:0201) [ 1408.703771][T11293] uvcvideo 9-1:0.0: No valid video chain found. [ 1408.706665][T11293] usb 9-1: USB disconnect, device number 20 [ 1408.742628][T10006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1408.981178][T10006] hsr_slave_0: left promiscuous mode [ 1409.065867][T10006] hsr_slave_1: left promiscuous mode [ 1409.079568][T10006] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1409.100754][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1409.225849][T10006] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1409.225927][T10006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1411.151423][T12563] 9p: Bad value for 'wfdno' [ 1411.937551][T10006] veth1_macvtap: left promiscuous mode [ 1411.937600][T10006] veth0_macvtap: left promiscuous mode [ 1411.937714][T10006] veth1_vlan: left promiscuous mode [ 1411.937804][T10006] veth0_vlan: left promiscuous mode [ 1412.086878][T12568] Bluetooth: MGMT ver 1.23 [ 1413.036502][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1413.212492][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1413.240485][T12581] hub 6-0:1.0: USB hub found [ 1413.243736][T12581] hub 6-0:1.0: 1 port detected [ 1417.961131][T10993] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 1418.111155][T10993] usb 9-1: Using ep0 maxpacket: 8 [ 1418.141750][T10993] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1418.141779][T10993] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1418.141834][T10993] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1418.141868][T10993] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1418.141900][T10993] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1418.141918][T10993] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.148649][T10993] hub 9-1:1.0: bad descriptor, ignoring hub [ 1418.148676][T10993] hub 9-1:1.0: probe with driver hub failed with error -5 [ 1418.149357][T10993] cdc_wdm 9-1:1.0: skipping garbage [ 1418.149369][T10993] cdc_wdm 9-1:1.0: skipping garbage [ 1418.168083][T10993] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 1418.168149][T10993] cdc_wdm 9-1:1.0: Unknown control protocol [ 1418.401523][T12602] [U]  [ 1418.401573][T12602] [U] K{ [ 1418.403313][T12602] [U] T 1ŠFFˊ`GJǘGO/MC [ 1418.407825][T12602] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 1418.445453][T12602] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 1418.455777][T12602] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 1418.488744][T12602] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 1418.529544][T12602] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 1418.539509][T12602] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 1418.568000][T12602] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 1418.620297][T12602] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 1418.625414][T12602] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 1418.625835][T12602] [U] 22Ʃ۩X?0;3U [ 1418.636976][T12602] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 1418.639077][T12602] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 1418.640571][T12602] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 1418.641908][T12602] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 1418.644382][T12602] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 1418.644820][T12602] [U] EC [ 1418.647369][T12602] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 1418.909435][T12601] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 1419.116372][T12611] hub 6-0:1.0: USB hub found [ 1419.118826][T12611] hub 6-0:1.0: 1 port detected [ 1419.247688][ T5908] usb 9-1: USB disconnect, device number 21 [ 1420.887526][ T9336] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1420.899569][ T9336] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1420.903203][ T9336] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1420.905087][ T9336] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1420.906501][ T9336] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1422.123079][ T5793] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1422.138140][ T5793] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1422.140133][ T5793] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1422.141738][ T5793] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1422.142656][ T5793] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1422.199433][T12628] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1505'. [ 1422.199470][T12628] netlink: 'syz.8.1505': attribute type 20 has an invalid length. [ 1422.199488][T12628] netlink: 'syz.8.1505': attribute type 21 has an invalid length. [ 1422.941362][ T5793] Bluetooth: hci1: command tx timeout [ 1423.273237][T12629] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1423.273637][T12629] block device autoloading is deprecated and will be removed. [ 1423.874437][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1424.302245][ T5793] Bluetooth: hci7: command tx timeout [ 1424.771700][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1425.011098][ T5793] Bluetooth: hci1: command tx timeout [ 1426.372511][ T5793] Bluetooth: hci7: command tx timeout [ 1428.105138][ T5793] Bluetooth: hci1: command tx timeout [ 1428.452128][ T5793] Bluetooth: hci7: command tx timeout [ 1429.211368][T12659] FAULT_INJECTION: forcing a failure. [ 1429.211368][T12659] name failslab, interval 1, probability 0, space 0, times 0 [ 1429.211451][T12659] CPU: 1 UID: 0 PID: 12659 Comm: syz.5.1512 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1429.211478][T12659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1429.211494][T12659] Call Trace: [ 1429.211504][T12659] [ 1429.211514][T12659] dump_stack_lvl+0xe8/0x150 [ 1429.211554][T12659] should_fail_ex+0x46c/0x600 [ 1429.211593][T12659] should_failslab+0xa8/0x100 [ 1429.211618][T12659] __kmalloc_noprof+0xe0/0x7e0 [ 1429.211662][T12659] ? nft_obj_init+0x53/0x360 [ 1429.211702][T12659] nft_obj_init+0x53/0x360 [ 1429.211746][T12659] nf_tables_newobj+0xade/0x1c30 [ 1429.211788][T12659] ? __pfx_nf_tables_newobj+0x10/0x10 [ 1429.211823][T12659] ? __nla_parse+0x40/0x60 [ 1429.211863][T12659] nfnetlink_rcv+0x11e0/0x2590 [ 1429.211929][T12659] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1429.211976][T12659] ? ref_tracker_free+0x61e/0x7c0 [ 1429.212036][T12659] ? lockdep_hardirqs_on+0x7b/0x110 [ 1429.212060][T12659] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1429.212084][T12659] ? rcu_preempt_deferred_qs_irqrestore+0x7b9/0xbc0 [ 1429.212149][T12659] netlink_unicast+0x846/0xa10 [ 1429.212188][T12659] ? __pfx_netlink_unicast+0x10/0x10 [ 1429.212214][T12659] ? __alloc_skb+0x198/0x3a0 [ 1429.212241][T12659] ? netlink_sendmsg+0x642/0xb30 [ 1429.212270][T12659] ? skb_put+0x11b/0x210 [ 1429.212302][T12659] netlink_sendmsg+0x805/0xb30 [ 1429.212344][T12659] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1429.212385][T12659] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1429.212418][T12659] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1429.212452][T12659] __sock_sendmsg+0x21c/0x270 [ 1429.212492][T12659] ____sys_sendmsg+0x508/0x810 [ 1429.212528][T12659] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1429.212569][T12659] ? import_iovec+0x74/0xa0 [ 1429.212596][T12659] ___sys_sendmsg+0x21f/0x2a0 [ 1429.212635][T12659] ? __pfx____sys_sendmsg+0x10/0x10 [ 1429.212706][T12659] ? __fget_files+0x2a/0x420 [ 1429.212731][T12659] ? __fget_files+0x3a6/0x420 [ 1429.212767][T12659] __x64_sys_sendmsg+0x1a1/0x260 [ 1429.212801][T12659] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1429.212844][T12659] ? __pfx_ksys_write+0x10/0x10 [ 1429.212890][T12659] do_syscall_64+0xec/0xf80 [ 1429.212913][T12659] ? rcu_is_watching+0x15/0xb0 [ 1429.212933][T12659] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1429.212956][T12659] ? clear_bhb_loop+0x60/0xb0 [ 1429.212990][T12659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1429.213013][T12659] RIP: 0033:0x7fa75503f749 [ 1429.213035][T12659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1429.213056][T12659] RSP: 002b:00007fa75327d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1429.213080][T12659] RAX: ffffffffffffffda RBX: 00007fa755296090 RCX: 00007fa75503f749 [ 1429.213098][T12659] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 000000000000000b [ 1429.213112][T12659] RBP: 00007fa75327d090 R08: 0000000000000000 R09: 0000000000000000 [ 1429.213127][T12659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1429.213140][T12659] R13: 00007fa755296128 R14: 00007fa755296090 R15: 00007ffc769be728 [ 1429.213177][T12659] [ 1429.622374][T12301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1429.622429][T12301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1429.622506][T12301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1429.711055][ T867] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 1429.931106][ T867] usb 9-1: Using ep0 maxpacket: 8 [ 1429.999940][ T867] usb 9-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 1429.999974][ T867] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1430.033219][ T867] usb 9-1: config 0 descriptor?? [ 1430.133407][ T5793] Bluetooth: hci1: command tx timeout [ 1431.070221][ T5793] Bluetooth: hci7: command tx timeout [ 1431.567933][ T867] usb 9-1: string descriptor 0 read error: -71 [ 1431.568007][ T867] uvcvideo 9-1:0.0: Found UVC 0.00 device (2833:0201) [ 1431.568038][ T867] uvcvideo 9-1:0.0: No valid video chain found. [ 1431.598286][ T867] usb 9-1: USB disconnect, device number 22 [ 1433.731449][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1434.833424][T12699] program syz.5.1524 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1434.833877][T12699] program syz.5.1524 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1435.236277][T12704] FAULT_INJECTION: forcing a failure. [ 1435.236277][T12704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1435.236345][T12704] CPU: 1 UID: 0 PID: 12704 Comm: syz.8.1523 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1435.236372][T12704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1435.236387][T12704] Call Trace: [ 1435.236397][T12704] [ 1435.236407][T12704] dump_stack_lvl+0xe8/0x150 [ 1435.236443][T12704] should_fail_ex+0x46c/0x600 [ 1435.236480][T12704] strncpy_from_user+0x36/0x2c0 [ 1435.236514][T12704] getname_flags+0xf3/0x540 [ 1435.236542][T12704] do_sys_openat2+0xbc/0x200 [ 1435.236572][T12704] ? __pfx_do_sys_openat2+0x10/0x10 [ 1435.236602][T12704] ? __x64_sys_openat+0x30/0x170 [ 1435.236637][T12704] __x64_sys_openat+0x138/0x170 [ 1435.236670][T12704] do_syscall_64+0xec/0xf80 [ 1435.236692][T12704] ? rcu_is_watching+0x15/0xb0 [ 1435.236713][T12704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.236737][T12704] ? clear_bhb_loop+0x60/0xb0 [ 1435.236771][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.236795][T12704] RIP: 0033:0x7f6a1c16df90 [ 1435.236816][T12704] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 1435.236835][T12704] RSP: 002b:00007f6a1a393f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1435.236858][T12704] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6a1c16df90 [ 1435.236874][T12704] RDX: 0000000000000000 RSI: 00007f6a1c1f407e RDI: 00000000ffffff9c [ 1435.236889][T12704] RBP: 00007f6a1c1f407e R08: 0000000000000000 R09: 0000000000000000 [ 1435.236904][T12704] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1435.236917][T12704] R13: 00007f6a1c3c6218 R14: 00007f6a1c3c6180 R15: 00007fffb62a1c88 [ 1435.236953][T12704] [ 1436.151848][ T37] kauditd_printk_skb: 24 callbacks suppressed [ 1436.151869][ T37] audit: type=1107 audit(1766715359.185:96): pid=12705 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1436.419333][T12714] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1527'. [ 1436.459959][ T5985] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 1436.666493][ T5985] usb 9-1: config 0 has an invalid interface number: 97 but max is 0 [ 1436.666515][ T5985] usb 9-1: config 0 has no interface number 0 [ 1436.666540][ T5985] usb 9-1: too many endpoints for config 0 interface 97 altsetting 97: 97, using maximum allowed: 30 [ 1436.666568][ T5985] usb 9-1: config 0 interface 97 altsetting 97 has 0 endpoint descriptors, different from the interface descriptor's value: 97 [ 1436.666589][ T5985] usb 9-1: config 0 interface 97 has no altsetting 0 [ 1436.670138][ T5985] usb 9-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00 [ 1436.670173][ T5985] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1436.670188][ T5985] usb 9-1: Product: syz [ 1436.670199][ T5985] usb 9-1: Manufacturer: syz [ 1436.670210][ T5985] usb 9-1: SerialNumber: syz [ 1436.699032][ T5985] usb 9-1: config 0 descriptor?? [ 1437.023937][ T5985] ftdi_sio 9-1:0.97: FTDI USB Serial Device converter detected [ 1437.025608][ T5985] usb 9-1: Detected FT4232HP [ 1437.094003][T12456] chnl_net:caif_netlink_parms(): no params data found [ 1437.121162][ T5985] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1437.121751][ T5985] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1437.135138][ T5985] usb 9-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1437.175773][ T5985] usb 9-1: USB disconnect, device number 23 [ 1437.188134][ T5985] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1437.188642][ T5985] ftdi_sio 9-1:0.97: device disconnected [ 1437.486978][T12615] chnl_net:caif_netlink_parms(): no params data found [ 1437.665847][T12626] chnl_net:caif_netlink_parms(): no params data found [ 1438.720171][T12456] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.720613][T12456] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.720791][T12456] bridge_slave_0: entered allmulticast mode [ 1438.751302][T12456] bridge_slave_0: entered promiscuous mode [ 1438.791230][T12456] bridge0: port 2(bridge_slave_1) entered blocking state [ 1438.791370][T12456] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.791626][T12456] bridge_slave_1: entered allmulticast mode [ 1438.811084][ T6666] usb 9-1: new full-speed USB device number 24 using dummy_hcd [ 1438.829875][T12456] bridge_slave_1: entered promiscuous mode [ 1439.013841][ T6666] usb 9-1: config 0 has an invalid interface number: 31 but max is 0 [ 1439.013873][ T6666] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1439.013894][ T6666] usb 9-1: config 0 has no interface number 0 [ 1439.017824][ T6666] usb 9-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1439.017855][ T6666] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1439.017876][ T6666] usb 9-1: Product: syz [ 1439.017897][ T6666] usb 9-1: Manufacturer: syz [ 1439.017908][ T6666] usb 9-1: SerialNumber: syz [ 1439.023342][ T6666] usb 9-1: config 0 descriptor?? [ 1439.025949][ T6666] hub 9-1:0.31: bad descriptor, ignoring hub [ 1439.025976][ T6666] hub 9-1:0.31: probe with driver hub failed with error -5 [ 1439.028141][ T6666] uvcvideo 9-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 1439.028217][ T6666] uvcvideo 9-1:0.31: Entity type for entity Output 6 was not initialized! [ 1439.122186][ T6666] uvcvideo 9-1:0.31: Failed to create links for entity 6 [ 1439.122203][ T6666] uvcvideo 9-1:0.31: Failed to register entities (-22). [ 1439.363289][T11294] usb 9-1: USB disconnect, device number 24 [ 1440.400802][T12456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1441.515359][T12615] bridge0: port 1(bridge_slave_0) entered blocking state [ 1441.515511][T12615] bridge0: port 1(bridge_slave_0) entered disabled state [ 1441.515721][T12615] bridge_slave_0: entered allmulticast mode [ 1441.517895][T12615] bridge_slave_0: entered promiscuous mode [ 1441.550979][T12749] tap0: tun_chr_ioctl cmd 1074025677 [ 1441.551184][T12749] tap0: linktype set to 1 [ 1441.678838][T12456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1441.962204][T12615] bridge0: port 2(bridge_slave_1) entered blocking state [ 1441.962314][T12615] bridge0: port 2(bridge_slave_1) entered disabled state [ 1441.962569][T12615] bridge_slave_1: entered allmulticast mode [ 1441.964487][T12615] bridge_slave_1: entered promiscuous mode [ 1442.132103][T12626] bridge0: port 1(bridge_slave_0) entered blocking state [ 1442.133077][T12626] bridge0: port 1(bridge_slave_0) entered disabled state [ 1442.133306][T12626] bridge_slave_0: entered allmulticast mode [ 1442.140013][T12626] bridge_slave_0: entered promiscuous mode [ 1442.522733][T12626] bridge0: port 2(bridge_slave_1) entered blocking state [ 1442.522863][T12626] bridge0: port 2(bridge_slave_1) entered disabled state [ 1442.523062][T12626] bridge_slave_1: entered allmulticast mode [ 1442.561498][T12626] bridge_slave_1: entered promiscuous mode [ 1442.800414][T12456] team0: Port device team_slave_0 added [ 1443.223780][T10006] bridge_slave_1: left allmulticast mode [ 1443.223814][T10006] bridge_slave_1: left promiscuous mode [ 1443.224083][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1443.392468][T12762] usb usb1: usbfs: interface 0 claimed by hub while 'syz.8.1538' sets config #1 [ 1445.262192][T10006] bridge_slave_0: left allmulticast mode [ 1445.262216][T10006] bridge_slave_0: left promiscuous mode [ 1445.262449][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1445.392804][T10006] bridge_slave_1: left allmulticast mode [ 1445.392836][T10006] bridge_slave_1: left promiscuous mode [ 1445.393093][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1446.630769][T10006] bridge_slave_0: left allmulticast mode [ 1446.630801][T10006] bridge_slave_0: left promiscuous mode [ 1446.631134][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1446.713840][T10006] bridge_slave_1: left allmulticast mode [ 1446.713864][T10006] bridge_slave_1: left promiscuous mode [ 1446.714060][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1446.812128][T10006] bridge_slave_0: left allmulticast mode [ 1446.812151][T10006] bridge_slave_0: left promiscuous mode [ 1446.812338][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1446.915496][T10006] bridge_slave_1: left allmulticast mode [ 1446.915529][T10006] bridge_slave_1: left promiscuous mode [ 1446.915778][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1447.182174][T10006] bridge_slave_0: left allmulticast mode [ 1447.182199][T10006] bridge_slave_0: left promiscuous mode [ 1447.182386][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1449.281038][ T5908] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 1449.346030][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1449.441078][ T5908] usb 9-1: Using ep0 maxpacket: 32 [ 1449.451741][ T5908] usb 9-1: config 0 has an invalid interface number: 51 but max is 0 [ 1449.451772][ T5908] usb 9-1: config 0 has no interface number 0 [ 1449.461120][ T5908] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1449.461161][ T5908] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1449.461177][ T5908] usb 9-1: Product: syz [ 1449.461188][ T5908] usb 9-1: Manufacturer: syz [ 1449.461199][ T5908] usb 9-1: SerialNumber: syz [ 1449.469153][ T9336] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1449.508484][ T9336] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1449.510344][ T9336] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1449.518759][ T9336] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1449.520735][ T9336] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1449.569543][ T5908] usb 9-1: config 0 descriptor?? [ 1449.587583][ T5908] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1449.589389][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1449.633373][T10006] bond0 (unregistering): Released all slaves [ 1449.793194][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1449.844695][ T5908] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1449.861908][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1449.875585][ T5908] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1449.934048][T10006] bond0 (unregistering): Released all slaves [ 1450.122004][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1450.212490][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1450.233653][ C1] usb 9-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1450.234700][ T5985] usb 9-1: USB disconnect, device number 25 [ 1450.239607][ T5985] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1450.270361][ T5985] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1450.270821][ T5985] quatech2 9-1:0.51: device disconnected [ 1450.303218][T10006] bond0 (unregistering): Released all slaves [ 1450.511780][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1450.591868][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1450.663884][T10006] bond0 (unregistering): Released all slaves [ 1450.689583][T12615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1450.730639][T12456] team0: Port device team_slave_1 added [ 1450.857948][T12789] netlink: 120 bytes leftover after parsing attributes in process `syz.8.1546'. [ 1450.857980][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1546'. [ 1450.884542][T12615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1450.903846][T12626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1451.622348][ T5793] Bluetooth: hci3: command tx timeout [ 1452.290827][T12626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1452.929880][T12812] FAULT_INJECTION: forcing a failure. [ 1452.929880][T12812] name failslab, interval 1, probability 0, space 0, times 0 [ 1452.929912][T12812] CPU: 0 UID: 0 PID: 12812 Comm: syz.5.1553 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1452.929934][T12812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1452.929946][T12812] Call Trace: [ 1452.929953][T12812] [ 1452.929962][T12812] dump_stack_lvl+0xe8/0x150 [ 1452.929994][T12812] should_fail_ex+0x46c/0x600 [ 1452.930025][T12812] should_failslab+0xa8/0x100 [ 1452.930045][T12812] __kmalloc_noprof+0xe0/0x7e0 [ 1452.930072][T12812] ? kfree+0x4d/0x900 [ 1452.930093][T12812] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1452.930118][T12812] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1452.930139][T12812] ? tomoyo_domain+0xd9/0x130 [ 1452.930163][T12812] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1452.930190][T12812] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1452.930220][T12812] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1452.930244][T12812] ? __lock_acquire+0x6b6/0x2cf0 [ 1452.930274][T12812] ? do_raw_spin_lock+0x121/0x290 [ 1452.930326][T12812] ? __fget_files+0x2a/0x420 [ 1452.930348][T12812] ? __fget_files+0x2a/0x420 [ 1452.930366][T12812] ? __fget_files+0x3a6/0x420 [ 1452.930384][T12812] ? __fget_files+0x2a/0x420 [ 1452.930407][T12812] security_file_ioctl+0xcb/0x2d0 [ 1452.930436][T12812] __se_sys_ioctl+0x47/0x170 [ 1452.930464][T12812] do_syscall_64+0xec/0xf80 [ 1452.930483][T12812] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1452.930501][T12812] ? trace_irq_disable+0x37/0x100 [ 1452.930530][T12812] ? clear_bhb_loop+0x60/0xb0 [ 1452.930552][T12812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1452.930570][T12812] RIP: 0033:0x7fa75503f749 [ 1452.930588][T12812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1452.930606][T12812] RSP: 002b:00007fa75327d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.930626][T12812] RAX: ffffffffffffffda RBX: 00007fa755296090 RCX: 00007fa75503f749 [ 1452.930640][T12812] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1452.930652][T12812] RBP: 00007fa75327d090 R08: 0000000000000000 R09: 0000000000000000 [ 1452.930663][T12812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1452.930674][T12812] R13: 00007fa755296128 R14: 00007fa755296090 R15: 00007ffc769be728 [ 1452.930705][T12812] [ 1452.930713][T12812] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1452.993598][T12615] team0: Port device team_slave_0 added [ 1453.011638][T12812] kvm: pic: non byte read [ 1453.089058][T12812] kvm: pic: level sensitive irq not supported [ 1453.089501][T12812] kvm: pic: non byte read [ 1453.099387][T12812] kvm: pic: single mode not supported [ 1453.099687][T12812] kvm: pic: non byte read [ 1453.100692][T12812] kvm: pic: non byte read [ 1453.114115][T12812] kvm: pic: non byte read [ 1453.129574][T12812] kvm: pic: non byte read [ 1453.130471][T12812] kvm: pic: single mode not supported [ 1453.130502][T12812] kvm: pic: level sensitive irq not supported [ 1453.139473][T12812] kvm: pic: non byte read [ 1453.345883][T12615] team0: Port device team_slave_1 added [ 1453.360816][T12626] team0: Port device team_slave_0 added [ 1453.469837][T12626] team0: Port device team_slave_1 added [ 1453.605066][T12820] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 1453.741658][T12818] netdevsim netdevsim8 netdevsim0: entered promiscuous mode [ 1453.744064][T12615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1453.744082][T12615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1453.744111][T12615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1453.887632][T12817] netdevsim netdevsim8 netdevsim0: left promiscuous mode [ 1453.900816][T12615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1453.900830][T12615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1453.903414][T12615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1453.981265][T12626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1453.981285][T12626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1453.981316][T12626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1454.050234][T12626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1454.050253][T12626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1454.050283][T12626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1454.054670][ T5793] Bluetooth: hci3: command tx timeout [ 1454.903910][T12828] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1559'. [ 1455.731397][T10006] hsr_slave_0: left promiscuous mode [ 1455.801025][T10006] hsr_slave_1: left promiscuous mode [ 1455.804055][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1455.852167][T10006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1455.908387][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1456.101265][T10006] hsr_slave_0: left promiscuous mode [ 1456.131182][ T5793] Bluetooth: hci3: command tx timeout [ 1456.146640][T10006] hsr_slave_1: left promiscuous mode [ 1456.148945][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1456.192005][T10006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1456.279667][T12839] 9p: Bad value for 'wfdno' [ 1456.291076][T11293] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1456.334054][T12840] MTD: Attempt to mount non-MTD device "/dev/loop8" [ 1456.342921][T12840] cramfs: wrong magic [ 1456.444553][T11293] usb 6-1: config 5 has an invalid interface number: 61 but max is 2 [ 1456.444586][T11293] usb 6-1: config 5 has an invalid interface number: 24 but max is 2 [ 1456.444610][T11293] usb 6-1: config 5 has an invalid interface number: 166 but max is 2 [ 1456.444630][T11293] usb 6-1: config 5 has no interface number 0 [ 1456.444649][T11293] usb 6-1: config 5 has no interface number 1 [ 1456.444667][T11293] usb 6-1: config 5 has no interface number 2 [ 1456.444710][T11293] usb 6-1: config 5 interface 61 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1456.444744][T11293] usb 6-1: config 5 interface 24 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 1456.444762][T11293] usb 6-1: too many endpoints for config 5 interface 166 altsetting 140: 194, using maximum allowed: 30 [ 1456.444792][T11293] usb 6-1: config 5 interface 166 altsetting 140 has 0 endpoint descriptors, different from the interface descriptor's value: 194 [ 1456.444812][T11293] usb 6-1: config 5 interface 61 has no altsetting 0 [ 1456.444826][T11293] usb 6-1: config 5 interface 166 has no altsetting 0 [ 1456.445538][T11293] usb 6-1: string descriptor 0 read error: -22 [ 1456.445685][T11293] usb 6-1: New USB device found, idVendor=0b95, idProduct=1720, bcdDevice=24.00 [ 1456.445704][T11293] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1456.543286][T11293] asix 6-1:5.61: probe with driver asix failed with error -22 [ 1456.611545][T11293] asix 6-1:5.24: probe with driver asix failed with error -22 [ 1456.635843][T11293] asix 6-1:5.166: probe with driver asix failed with error -22 [ 1456.661967][T11293] usb 6-1: USB disconnect, device number 9 [ 1457.122047][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1457.292431][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1458.071845][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1458.219228][ T5793] Bluetooth: hci3: command tx timeout [ 1458.261726][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1458.427430][T12847] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1564'. [ 1458.427447][T12847] netlink: 364 bytes leftover after parsing attributes in process `syz.5.1564'. [ 1458.427458][T12847] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1564'. [ 1458.792652][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1458.953922][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1459.972687][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1460.132973][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1460.797019][T12847] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1564'. [ 1461.010051][T12615] hsr_slave_0: entered promiscuous mode [ 1461.016033][T12615] hsr_slave_1: entered promiscuous mode [ 1461.016955][T12615] debugfs: 'hsr0' already exists in 'hsr' [ 1461.016978][T12615] Cannot create hsr debugfs directory [ 1462.540216][T12626] hsr_slave_0: entered promiscuous mode [ 1462.547397][T12626] hsr_slave_1: entered promiscuous mode [ 1462.548163][T12626] debugfs: 'hsr0' already exists in 'hsr' [ 1462.548181][T12626] Cannot create hsr debugfs directory [ 1463.951109][T12868] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1568'. [ 1465.591098][T11293] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 1466.341078][T11293] usb 9-1: Using ep0 maxpacket: 8 [ 1466.353155][T11293] usb 9-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 1466.353189][T11293] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.482462][T11293] usb 9-1: config 0 descriptor?? [ 1466.621524][T12884] FAULT_INJECTION: forcing a failure. [ 1466.621524][T12884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.621561][T12884] CPU: 1 UID: 0 PID: 12884 Comm: syz.5.1573 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1466.621585][T12884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1466.621600][T12884] Call Trace: [ 1466.621609][T12884] [ 1466.621624][T12884] dump_stack_lvl+0xe8/0x150 [ 1466.621651][T12884] should_fail_ex+0x46c/0x600 [ 1466.621699][T12884] _copy_from_user+0x2d/0xb0 [ 1466.621724][T12884] ___sys_recvmsg+0x12e/0x510 [ 1466.621760][T12884] ? __pfx____sys_recvmsg+0x10/0x10 [ 1466.621800][T12884] ? __fget_files+0x2a/0x420 [ 1466.621832][T12884] ? __fget_files+0x3a6/0x420 [ 1466.621879][T12884] do_recvmmsg+0x30d/0x770 [ 1466.621919][T12884] ? __pfx_do_recvmmsg+0x10/0x10 [ 1466.621961][T12884] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1466.622004][T12884] __x64_sys_recvmmsg+0x190/0x240 [ 1466.622057][T12884] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1466.622110][T12884] do_syscall_64+0xec/0xf80 [ 1466.622131][T12884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.622158][T12884] ? clear_bhb_loop+0x60/0xb0 [ 1466.622183][T12884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.622215][T12884] RIP: 0033:0x7fa75503f749 [ 1466.622236][T12884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1466.622256][T12884] RSP: 002b:00007fa75329e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.622280][T12884] RAX: ffffffffffffffda RBX: 00007fa755295fa0 RCX: 00007fa75503f749 [ 1466.622296][T12884] RDX: 0000000000000001 RSI: 0000200000008cc0 RDI: 0000000000000003 [ 1466.622309][T12884] RBP: 00007fa75329e090 R08: 0000000000000000 R09: 0000000000000000 [ 1466.622333][T12884] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1466.622343][T12884] R13: 00007fa755296038 R14: 00007fa755295fa0 R15: 00007ffc769be728 [ 1466.622368][T12884] [ 1467.228018][T11293] uclogic 0003:145F:0212.000A: interface is invalid, ignoring [ 1467.447851][ T5793] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260 [ 1467.502552][T12784] chnl_net:caif_netlink_parms(): no params data found [ 1469.033930][T12895] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1571'. [ 1469.284525][T11293] usb 9-1: USB disconnect, device number 26 [ 1469.628793][T12784] bridge0: port 1(bridge_slave_0) entered blocking state [ 1469.639538][T12784] bridge0: port 1(bridge_slave_0) entered disabled state [ 1469.639799][T12784] bridge_slave_0: entered allmulticast mode [ 1469.649616][T12784] bridge_slave_0: entered promiscuous mode [ 1469.719951][T12784] bridge0: port 2(bridge_slave_1) entered blocking state [ 1469.720099][T12784] bridge0: port 2(bridge_slave_1) entered disabled state [ 1469.720292][T12784] bridge_slave_1: entered allmulticast mode [ 1469.727425][T12784] bridge_slave_1: entered promiscuous mode [ 1471.061973][T12902] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1576'. [ 1472.239040][T12784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1472.252710][T12615] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1474.238349][T12784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1474.250136][T12615] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1474.395355][T12917] team_slave_0: entered promiscuous mode [ 1474.395442][T12917] team_slave_1: entered promiscuous mode [ 1474.397601][T12917] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1474.502512][T12615] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1474.529324][T12925] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1583'. [ 1474.593166][T12926] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1583'. [ 1474.849186][T12930] netlink: 'syz.5.1583': attribute type 4 has an invalid length. [ 1475.617378][T12615] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1475.809866][T12784] team0: Port device team_slave_0 added [ 1476.463264][T12935] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1585'. [ 1477.292562][T12784] team0: Port device team_slave_1 added [ 1477.935041][T12784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1477.935060][T12784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1477.935083][T12784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1477.939955][T12784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1477.939973][T12784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1477.940002][T12784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1480.256571][T12956] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1589'. [ 1481.203304][T12626] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1481.461155][T12626] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1481.511279][T12784] hsr_slave_0: entered promiscuous mode [ 1481.512277][T12784] hsr_slave_1: entered promiscuous mode [ 1481.512976][T12784] debugfs: 'hsr0' already exists in 'hsr' [ 1481.512994][T12784] Cannot create hsr debugfs directory [ 1481.513360][T10006] bridge_slave_1: left allmulticast mode [ 1481.513384][T10006] bridge_slave_1: left promiscuous mode [ 1481.513623][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1481.603396][T10006] bridge_slave_0: left allmulticast mode [ 1481.603431][T10006] bridge_slave_0: left promiscuous mode [ 1481.603707][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1481.911756][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1482.011857][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1482.077770][T10006] bond0 (unregistering): Released all slaves [ 1482.121330][T12626] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1482.446514][T12626] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1482.791769][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1482.954901][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1483.362612][ T9336] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1483.379827][ T9336] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1483.399280][ T9336] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1483.421377][ T9336] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1483.422284][ T9336] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1483.577080][T12626] kthread_run failed with err -4 [ 1486.219751][ T5793] Bluetooth: hci0: command tx timeout [ 1486.336529][ T9336] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1486.439458][ T9336] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1486.481255][ T9336] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1486.512784][ T9336] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1486.513782][ T9336] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1487.296822][T12983] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1594'. [ 1488.483092][ T9336] Bluetooth: hci0: command tx timeout [ 1488.550436][T12784] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1488.611118][ T9336] Bluetooth: hci1: command tx timeout [ 1488.726855][T12784] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1488.954928][T12784] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1489.157020][T12784] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1490.932095][T10834] Bluetooth: hci1: command tx timeout [ 1490.932204][ T5793] Bluetooth: hci0: command tx timeout [ 1491.687259][T12965] chnl_net:caif_netlink_parms(): no params data found [ 1493.011341][ T5793] Bluetooth: hci1: command tx timeout [ 1493.011427][ T9336] Bluetooth: hci0: command tx timeout [ 1494.014799][T12965] bridge0: port 1(bridge_slave_0) entered blocking state [ 1494.019859][T12965] bridge0: port 1(bridge_slave_0) entered disabled state [ 1494.020120][T12965] bridge_slave_0: entered allmulticast mode [ 1494.031350][T12965] bridge_slave_0: entered promiscuous mode [ 1494.104751][T12965] bridge0: port 2(bridge_slave_1) entered blocking state [ 1494.104892][T12965] bridge0: port 2(bridge_slave_1) entered disabled state [ 1494.105112][T12965] bridge_slave_1: entered allmulticast mode [ 1494.107819][T12965] bridge_slave_1: entered promiscuous mode [ 1494.807525][T12965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1494.807995][T12979] chnl_net:caif_netlink_parms(): no params data found [ 1494.848977][T12965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1495.016900][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1495.091419][ T9336] Bluetooth: hci1: command tx timeout [ 1495.306851][T12965] team0: Port device team_slave_0 added [ 1495.399607][T12965] team0: Port device team_slave_1 added [ 1495.890803][ T5908] hid_parser_main: 91 callbacks suppressed [ 1495.890821][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907852][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907881][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907901][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907921][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x2 [ 1495.907940][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907959][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907979][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.907999][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.908018][ T5908] hid-generic 0000:0000:0004.000B: unknown main item tag 0x0 [ 1495.908572][ T5908] hid-generic 0000:0000:0004.000B: collection stack underflow [ 1495.908590][ T5908] hid-generic 0000:0000:0004.000B: item 0 0 0 12 parsing failed [ 1495.909133][ T5908] hid-generic 0000:0000:0004.000B: probe with driver hid-generic failed with error -22 [ 1496.024030][T12965] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1496.024051][T12965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1496.024081][T12965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1496.185740][T12965] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1496.185760][T12965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1496.185789][T12965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1496.204089][T12979] bridge0: port 1(bridge_slave_0) entered blocking state [ 1496.206862][T12979] bridge0: port 1(bridge_slave_0) entered disabled state [ 1496.207581][T12979] bridge_slave_0: entered allmulticast mode [ 1496.225787][T12979] bridge_slave_0: entered promiscuous mode [ 1496.296882][T12979] bridge0: port 2(bridge_slave_1) entered blocking state [ 1496.297008][T12979] bridge0: port 2(bridge_slave_1) entered disabled state [ 1496.297205][T12979] bridge_slave_1: entered allmulticast mode [ 1496.305293][T12979] bridge_slave_1: entered promiscuous mode [ 1496.841462][T10991] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1496.854391][ T9336] Bluetooth: hci2: unexpected event for opcode 0x080d [ 1497.062725][T12979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1497.092468][T10991] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1497.092501][T10991] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1497.092523][T10991] usb 6-1: Product: syz [ 1497.092539][T10991] usb 6-1: Manufacturer: syz [ 1497.092555][T10991] usb 6-1: SerialNumber: syz [ 1497.233667][T12979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1497.483503][T12965] hsr_slave_0: entered promiscuous mode [ 1497.484905][T12965] hsr_slave_1: entered promiscuous mode [ 1497.485888][T12965] debugfs: 'hsr0' already exists in 'hsr' [ 1497.485907][T12965] Cannot create hsr debugfs directory [ 1497.513971][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1497.514036][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1498.008825][T12979] team0: Port device team_slave_0 added [ 1498.126597][T12979] team0: Port device team_slave_1 added [ 1498.743649][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 1498.744724][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE [ 1498.781043][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 1498.781130][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1498.790615][T10991] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1498.845099][T10991] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 1498.860229][T12979] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1498.860249][T12979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1498.860280][T12979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1498.915993][T10991] usb 6-1: USB disconnect, device number 10 [ 1498.944040][T12784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1498.969420][T12979] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1498.969441][T12979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1498.969463][T12979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1499.447971][T12979] hsr_slave_0: entered promiscuous mode [ 1499.449071][T12979] hsr_slave_1: entered promiscuous mode [ 1499.449793][T12979] debugfs: 'hsr0' already exists in 'hsr' [ 1499.449820][T12979] Cannot create hsr debugfs directory [ 1499.618590][T12784] 8021q: adding VLAN 0 to HW filter on device team0 [ 1499.843644][ T9987] bridge0: port 1(bridge_slave_0) entered blocking state [ 1499.851709][ T9987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1499.878867][T10006] bridge_slave_1: left allmulticast mode [ 1499.878890][T10006] bridge_slave_1: left promiscuous mode [ 1499.879057][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1499.943233][T10006] bridge_slave_0: left allmulticast mode [ 1499.943258][T10006] bridge_slave_0: left promiscuous mode [ 1499.943479][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1500.014165][T10006] bridge_slave_1: left allmulticast mode [ 1500.014189][T10006] bridge_slave_1: left promiscuous mode [ 1500.014378][T10006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1500.082208][T10006] bridge_slave_0: left allmulticast mode [ 1500.082233][T10006] bridge_slave_0: left promiscuous mode [ 1500.082431][T10006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1500.457366][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1500.583892][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1500.664385][T10006] bond0 (unregistering): Released all slaves [ 1500.856918][ T9336] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1500.859971][ T9336] Bluetooth: hci2: Injecting HCI hardware error event [ 1500.865888][ T5793] Bluetooth: hci2: hardware error 0x00 [ 1500.944708][T10006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1501.023551][T10006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1501.083712][T10006] bond0 (unregistering): Released all slaves [ 1501.666831][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1501.666968][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1501.971127][T10006] hsr_slave_0: left promiscuous mode [ 1502.012330][T10006] hsr_slave_1: left promiscuous mode [ 1502.013166][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1502.062140][T10006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1502.241104][T10006] hsr_slave_0: left promiscuous mode [ 1502.261171][T10006] hsr_slave_1: left promiscuous mode [ 1502.262136][T10006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1502.312008][T10006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1503.011917][ T5793] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1503.065599][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1503.231769][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1504.461978][T10006] team0 (unregistering): Port device team_slave_1 removed [ 1504.612473][T10006] team0 (unregistering): Port device team_slave_0 removed [ 1505.696737][T13103] binder: 13102:13103 ioctl c0306201 2000000002c0 returned -14 [ 1506.246429][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1634'. [ 1506.535119][T12965] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1506.608142][T12965] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1506.885991][T13126] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1635'. [ 1506.889485][T12965] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1506.984604][T12965] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1507.289270][T12784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1507.955767][T12965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1507.957833][T13164] netlink: 'syz.5.1644': attribute type 1 has an invalid length. [ 1507.957856][T13164] netlink: 'syz.5.1644': attribute type 4 has an invalid length. [ 1507.957870][T13164] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.1644'. [ 1508.040954][T12965] 8021q: adding VLAN 0 to HW filter on device team0 [ 1508.163175][ T1378] bridge0: port 1(bridge_slave_0) entered blocking state [ 1508.163309][ T1378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1508.167527][ T1378] bridge0: port 2(bridge_slave_1) entered blocking state [ 1508.167653][ T1378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1508.299286][T12784] veth0_vlan: entered promiscuous mode [ 1508.529478][T12784] veth1_vlan: entered promiscuous mode [ 1508.630417][T12979] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1508.716309][T12979] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1508.752164][T12979] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1508.793074][T12979] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1508.916821][T12784] veth0_macvtap: entered promiscuous mode [ 1508.944664][T12784] veth1_macvtap: entered promiscuous mode [ 1509.048526][T12784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1509.138880][T12784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1509.192506][ T68] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.213106][ T68] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.260479][T12209] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.260544][T12209] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1509.376107][T12965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1509.388786][T12979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1509.435643][T12979] 8021q: adding VLAN 0 to HW filter on device team0 [ 1509.465511][ T1297] bridge0: port 1(bridge_slave_0) entered blocking state [ 1509.465736][ T1297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1509.496610][ T1297] bridge0: port 2(bridge_slave_1) entered blocking state [ 1509.496753][ T1297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1510.217463][ T9336] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1510.233398][ T9336] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1510.238389][ T9336] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1510.239691][ T9336] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1510.240537][ T9336] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1510.509910][T12979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1510.827978][ T1378] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1510.986662][T12965] veth0_vlan: entered promiscuous mode [ 1511.051812][T12965] veth1_vlan: entered promiscuous mode [ 1511.263510][ T1378] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1511.643518][ T1378] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1511.730701][T12965] veth0_macvtap: entered promiscuous mode [ 1511.738373][T10991] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 1511.881074][T10991] usb 9-1: Using ep0 maxpacket: 32 [ 1511.887143][T10991] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1511.887185][T10991] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1511.887218][T10991] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1511.887240][T10991] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1511.966513][T10991] usb 9-1: config 0 descriptor?? [ 1511.969492][T10991] hub 9-1:0.0: USB hub found [ 1512.021422][ T1378] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1512.094463][T13209] chnl_net:caif_netlink_parms(): no params data found [ 1512.109610][T12965] veth1_macvtap: entered promiscuous mode [ 1512.172931][T10991] hub 9-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 1512.371947][ T5793] Bluetooth: hci3: command tx timeout [ 1512.578743][T10991] hid-generic 0003:046D:C31C.000C: item fetching failed at offset 0/1 [ 1512.579293][T10991] hid-generic 0003:046D:C31C.000C: probe with driver hid-generic failed with error -22 [ 1512.645545][T13209] bridge0: port 1(bridge_slave_0) entered blocking state [ 1512.645837][T13209] bridge0: port 1(bridge_slave_0) entered disabled state [ 1512.646076][T13209] bridge_slave_0: entered allmulticast mode [ 1512.648991][T13209] bridge_slave_0: entered promiscuous mode [ 1512.682607][T12979] veth0_vlan: entered promiscuous mode [ 1512.689563][T12965] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1512.758451][T13209] bridge0: port 2(bridge_slave_1) entered blocking state [ 1512.758616][T13209] bridge0: port 2(bridge_slave_1) entered disabled state [ 1512.758812][T13209] bridge_slave_1: entered allmulticast mode [ 1512.786571][T13209] bridge_slave_1: entered promiscuous mode [ 1512.891690][T10991] usb 9-1: USB disconnect, device number 27 [ 1512.969243][T12965] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1512.984388][T13209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1513.025555][T13209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1513.169802][T12979] veth1_vlan: entered promiscuous mode [ 1513.201560][ T1297] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1513.279479][ T1297] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1513.292813][T13209] team0: Port device team_slave_0 added [ 1513.297817][ T1297] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1513.320380][T13209] team0: Port device team_slave_1 added [ 1513.320461][ T1297] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1513.327405][T13250] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1667'. [ 1513.432876][ T1378] bridge_slave_1: left allmulticast mode [ 1513.432907][ T1378] bridge_slave_1: left promiscuous mode [ 1513.433127][ T1378] bridge0: port 2(bridge_slave_1) entered disabled state [ 1513.493780][ T1378] bridge_slave_0: left allmulticast mode [ 1513.493803][ T1378] bridge_slave_0: left promiscuous mode [ 1513.493987][ T1378] bridge0: port 1(bridge_slave_0) entered disabled state [ 1513.641091][ T6666] usb 9-1: new full-speed USB device number 28 using dummy_hcd [ 1513.671012][ T5908] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1513.793289][ T6666] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1513.793327][ T6666] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1513.793355][ T6666] usb 9-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 1513.793372][ T6666] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.835530][ T6666] usb 9-1: config 0 descriptor?? [ 1513.916905][ T5908] usb 6-1: config 128 has an invalid interface number: 148 but max is 0 [ 1513.916939][ T5908] usb 6-1: config 128 has no interface number 0 [ 1513.917047][ T5908] usb 6-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1513.917074][ T5908] usb 6-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 1513.917104][ T5908] usb 6-1: config 128 interface 148 has no altsetting 0 [ 1513.920107][ T5908] usb 6-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 1513.920181][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1513.920198][ T5908] usb 6-1: Product: syz [ 1513.920209][ T5908] usb 6-1: Manufacturer: syz [ 1513.920220][ T5908] usb 6-1: SerialNumber: syz [ 1514.342601][ T6666] semitek 0003:1EA7:0907.000D: item fetching failed at offset 0/2 [ 1514.343164][ T6666] semitek 0003:1EA7:0907.000D: probe with driver semitek failed with error -22 [ 1514.346176][ T5908] usb 6-1: USB disconnect, device number 11 [ 1514.451714][ T5793] Bluetooth: hci3: command tx timeout [ 1514.540642][T11292] usb 9-1: USB disconnect, device number 28 [ 1514.841120][ T5908] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1515.032867][ T5908] usb 6-1: Using ep0 maxpacket: 8 [ 1515.048070][ T5908] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1515.048148][ T5908] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1515.048166][ T5908] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1515.048184][ T5908] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 16 [ 1515.048202][ T5908] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1515.048233][ T5908] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1515.048250][ T5908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1515.196905][T13256] random: crng reseeded on system resumption [ 1515.285701][ T5908] usb 6-1: usb_control_msg returned -32 [ 1515.285733][ T5908] usbtmc 6-1:16.0: can't read capabilities [ 1515.443951][T13259] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1515.972371][ T1378] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1516.033025][ T1378] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1516.082767][ T1378] bond0 (unregistering): Released all slaves [ 1516.459429][T13209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1516.459444][T13209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1516.459464][T13209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1516.540627][ T5793] Bluetooth: hci3: command tx timeout [ 1516.557745][T13209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1516.557765][T13209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1516.557793][T13209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1516.741195][ T1378] hsr_slave_0: left promiscuous mode [ 1516.781141][ T1378] hsr_slave_1: left promiscuous mode [ 1516.782164][ T1378] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1516.782193][ T1378] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1516.844526][ T1378] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1516.844556][ T1378] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1516.943868][ T1378] veth1_macvtap: left promiscuous mode [ 1516.943946][ T1378] veth0_macvtap: left promiscuous mode [ 1516.944110][ T1378] veth1_vlan: left promiscuous mode [ 1516.944228][ T1378] veth0_vlan: left promiscuous mode [ 1517.054016][T11292] usb 6-1: USB disconnect, device number 12 [ 1517.694365][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1678'. [ 1517.804966][T13282] Bluetooth: MGMT ver 1.23 [ 1518.611106][ T5793] Bluetooth: hci3: command tx timeout [ 1519.712470][ T1378] team0 (unregistering): Port device team_slave_1 removed [ 1519.951626][ T1378] team0 (unregistering): Port device team_slave_0 removed [ 1523.012071][ T5908] kernel write not supported for file /1204/clear_refs (pid: 5908 comm: kworker/1:6) [ 1523.312493][T13209] hsr_slave_0: entered promiscuous mode [ 1523.313580][T13209] hsr_slave_1: entered promiscuous mode [ 1523.314473][T13209] debugfs: 'hsr0' already exists in 'hsr' [ 1523.314499][T13209] Cannot create hsr debugfs directory [ 1523.341626][ T6666] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 1523.501015][ T6666] usb 9-1: Using ep0 maxpacket: 32 [ 1523.532154][ T6666] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1523.532189][ T6666] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1523.583714][ T6666] usb 9-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1523.583752][ T6666] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1523.583768][ T6666] usb 9-1: Product: syz [ 1523.583779][ T6666] usb 9-1: Manufacturer: syz [ 1523.583790][ T6666] usb 9-1: SerialNumber: syz [ 1523.587497][ T6666] usb 9-1: config 0 descriptor?? [ 1523.646403][ T6666] usb 9-1: no audio or video endpoints found [ 1523.780449][T12979] veth0_macvtap: entered promiscuous mode [ 1523.874744][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1523.874768][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1523.923199][T13311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1523.923651][T13311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1523.978472][T13307] bond1: entered promiscuous mode [ 1523.978505][T13307] bond1: entered allmulticast mode [ 1523.979007][T13307] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1524.069810][T12979] veth1_macvtap: entered promiscuous mode [ 1524.211519][ T6666] usb 6-1: new full-speed USB device number 13 using dummy_hcd [ 1524.265900][T11292] usb 9-1: USB disconnect, device number 29 [ 1524.335080][ T6515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1524.335103][ T6515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1524.369639][ T6666] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1524.370251][ T6666] usb 6-1: not running at top speed; connect to a high speed hub [ 1524.410125][ T6666] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1524.410155][ T6666] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1524.454013][T12979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1524.475639][ T6666] usb 6-1: string descriptor 0 read error: -22 [ 1524.475791][ T6666] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1524.475817][ T6666] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1524.526978][ T6666] usb 6-1: 0:2 : does not exist [ 1524.545740][T12979] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1524.593651][ T6272] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1524.728874][ T6272] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1524.742848][ T6272] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1524.742904][ T6272] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1524.955777][T13318] delete_channel: no stack [ 1525.159556][ T6666] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1525.177211][ T6666] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1525.193278][ T6666] usb 6-1: 5:0: failed to get current value for ch 1 (-22) [ 1525.327263][ T6666] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1525.362257][ T6666] usb 6-1: USB disconnect, device number 13 [ 1525.785936][ T9987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1525.785960][ T9987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1525.996863][ T5919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1525.996890][ T5919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1526.206293][ T5793] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 1526.206324][ T5793] CPU: 1 UID: 0 PID: 5793 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1526.206352][ T5793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1526.206369][ T5793] Workqueue: hci0 hci_rx_work [ 1526.206402][ T5793] Call Trace: [ 1526.206412][ T5793] [ 1526.206423][ T5793] dump_stack_lvl+0xe8/0x150 [ 1526.206461][ T5793] sysfs_create_dir_ns+0x259/0x280 [ 1526.206497][ T5793] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1526.206532][ T5793] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1526.206572][ T5793] ? rt_spin_unlock+0x161/0x200 [ 1526.206608][ T5793] kobject_add_internal+0x6b1/0xcd0 [ 1526.206645][ T5793] kobject_add+0x155/0x220 [ 1526.206679][ T5793] ? __pfx_kobject_add+0x10/0x10 [ 1526.206714][ T5793] ? get_device_parent+0x370/0x3a0 [ 1526.206744][ T5793] device_add+0x408/0xb80 [ 1526.206773][ T5793] hci_conn_add_sysfs+0xd5/0x210 [ 1526.206812][ T5793] le_conn_complete_evt+0xf1d/0x1420 [ 1526.206854][ T5793] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1526.206885][ T5793] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1526.206910][ T5793] ? lockdep_hardirqs_on+0x7b/0x110 [ 1526.206936][ T5793] ? skb_pull_data+0xfb/0x200 [ 1526.206977][ T5793] hci_le_conn_complete_evt+0x187/0x480 [ 1526.207013][ T5793] hci_event_packet+0x78f/0x1260 [ 1526.207055][ T5793] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1526.207095][ T5793] ? __pfx_hci_event_packet+0x10/0x10 [ 1526.207131][ T5793] ? rt_spin_unlock+0x150/0x200 [ 1526.207174][ T5793] ? hci_send_to_monitor+0xe2/0x590 [ 1526.207209][ T5793] hci_rx_work+0x3ee/0x1060 [ 1526.207241][ T5793] ? process_scheduled_works+0x9ef/0x1770 [ 1526.207271][ T5793] process_scheduled_works+0xad1/0x1770 [ 1526.207332][ T5793] ? __pfx_process_scheduled_works+0x10/0x10 [ 1526.207356][ T5793] ? do_raw_spin_lock+0x121/0x290 [ 1526.207403][ T5793] worker_thread+0x8a0/0xda0 [ 1526.207461][ T5793] kthread+0x711/0x8a0 [ 1526.207499][ T5793] ? __pfx_worker_thread+0x10/0x10 [ 1526.207526][ T5793] ? __pfx_kthread+0x10/0x10 [ 1526.207557][ T5793] ? rt_spin_unlock+0x150/0x200 [ 1526.207594][ T5793] ? rt_spin_unlock+0x161/0x200 [ 1526.207623][ T5793] ? __pfx_kthread+0x10/0x10 [ 1526.207658][ T5793] ret_from_fork+0x510/0xa50 [ 1526.207687][ T5793] ? __pfx_ret_from_fork+0x10/0x10 [ 1526.207711][ T5793] ? __switch_to+0xc9e/0x1480 [ 1526.207752][ T5793] ? __pfx_kthread+0x10/0x10 [ 1526.207788][ T5793] ret_from_fork_asm+0x1a/0x30 [ 1526.207843][ T5793] [ 1526.208033][ T5793] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1526.208084][ T5793] Bluetooth: hci0: failed to register connection device [ 1526.608273][T13335] netlink: 'syz.8.1697': attribute type 3 has an invalid length. [ 1526.608297][T13335] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1697'. [ 1526.753849][T13209] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1526.790089][T13209] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1526.911721][T13209] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1527.009086][T13209] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1527.048045][T13345] tmpfs: Bad value for 'mpol' [ 1527.281029][T11292] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1527.321008][T12991] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1527.376783][T13209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1527.435576][T11292] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1527.435610][T11292] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1527.438116][T11292] usb 7-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 1527.438148][T11292] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.438171][T11292] usb 7-1: Product: syz [ 1527.438188][T11292] usb 7-1: Manufacturer: syz [ 1527.438204][T11292] usb 7-1: SerialNumber: syz [ 1527.494074][T11292] usb 7-1: config 0 descriptor?? [ 1527.508678][T12991] usb 6-1: Using ep0 maxpacket: 8 [ 1527.533893][T12991] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1527.537736][T12991] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1527.537765][T12991] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1527.537786][T12991] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1527.581007][T12991] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1527.581031][T12991] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.581046][T12991] usb 6-1: Product: syz [ 1527.581056][T12991] usb 6-1: Manufacturer: 驱빐汿▛퓼졦␢〰䊲䣻孅葇琥ݩ纹㩁㎐㝯랟㩣冄 [ 1527.581070][T12991] usb 6-1: SerialNumber: syz [ 1527.612043][T13209] 8021q: adding VLAN 0 to HW filter on device team0 [ 1527.617235][T11292] usb 7-1: ucan: probing device on interface #0 [ 1527.617307][T11292] usb 7-1: ucan: invalid EP count (1) [ 1527.617351][T11292] usb 7-1: ucan: probe failed; try to update the device firmware [ 1527.705466][ T1378] bridge0: port 1(bridge_slave_0) entered blocking state [ 1527.705700][ T1378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1527.826609][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 1527.826887][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1529.132040][T13345] bridge_slave_0: left allmulticast mode [ 1529.132072][T13345] bridge_slave_0: left promiscuous mode [ 1529.132922][T13345] bridge0: port 1(bridge_slave_0) entered disabled state [ 1529.183650][ T6032] usb 7-1: USB disconnect, device number 2 [ 1529.293923][T13345] bridge_slave_1: left allmulticast mode [ 1529.293946][T13345] bridge_slave_1: left promiscuous mode [ 1529.294159][T13345] bridge0: port 2(bridge_slave_1) entered disabled state [ 1529.445596][T13345] bond0: (slave bond_slave_0): Releasing backup interface [ 1529.547157][T13345] bond0: (slave bond_slave_1): Releasing backup interface [ 1529.681247][T13345] team_slave_0: left promiscuous mode [ 1529.747243][T13345] team0: Port device team_slave_0 removed [ 1529.801216][T13345] team_slave_1: left promiscuous mode [ 1529.925560][T13345] team0: Port device team_slave_1 removed [ 1529.939937][T13345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1529.939969][T13345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1530.035728][T13345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1530.035757][T13345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1530.106236][T13345] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1530.302708][ T5908] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 1530.325902][T12991] usb 6-1: 0:2 : does not exist [ 1530.405017][T12991] usb 6-1: USB disconnect, device number 14 [ 1530.495211][ T5908] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1530.495247][ T5908] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1530.495288][ T5908] usb 7-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 1530.495313][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1530.500273][ T5908] usb 7-1: config 0 descriptor?? [ 1530.947426][ T5908] usbhid 7-1:0.0: can't add hid device: -71 [ 1530.947577][ T5908] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1530.987253][ T5908] usb 7-1: USB disconnect, device number 3 [ 1531.429749][T13209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1531.607439][T13391] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1713'. [ 1531.721746][T13395] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1715'. [ 1531.765313][T13395] hsr_slave_0: left promiscuous mode [ 1531.821097][T13395] hsr_slave_1: left promiscuous mode [ 1532.014098][T13399] sp0: Synchronizing with TNC [ 1532.305366][T13414] syzkaller0: entered promiscuous mode [ 1532.305394][T13414] syzkaller0: entered allmulticast mode [ 1532.719903][T13424] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1726'. [ 1532.804834][T13426] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1727'. [ 1532.861028][T11292] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 1532.912124][T13209] veth0_vlan: entered promiscuous mode [ 1532.931164][ T9336] Bluetooth: hci0: command 0x0406 tx timeout [ 1532.952112][T13209] veth1_vlan: entered promiscuous mode [ 1533.015090][T11292] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1533.015129][T11292] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1533.015158][T11292] usb 6-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 1533.015175][T11292] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1533.036024][T11292] usb 6-1: config 0 descriptor?? [ 1533.157702][T13209] veth0_macvtap: entered promiscuous mode [ 1533.248540][T13209] veth1_macvtap: entered promiscuous mode [ 1533.389865][T13209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1533.474233][T11292] usbhid 6-1:0.0: can't add hid device: -71 [ 1533.474366][T11292] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1533.528891][T11292] usb 6-1: USB disconnect, device number 15 [ 1533.547247][T13209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1533.596233][ T12] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1533.596504][ T12] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1533.596545][ T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1533.596583][ T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1534.186390][ T1378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1534.186423][ T1378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1534.316225][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1534.316249][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1538.491122][ T6032] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1538.594561][T13508] comedi comedi0: dt2801: I/O port conflict (0x6,2) [ 1538.643454][ T6032] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1538.643505][ T6032] usb 10-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1538.643531][ T6032] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1538.649797][ T6032] usb 10-1: config 0 descriptor?? [ 1539.190754][ T6032] lg-g15 0003:046D:C222.000E: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.9-1/input0 [ 1539.571773][ T6032] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 1539.740926][ T6032] usb 9-1: Using ep0 maxpacket: 8 [ 1539.743073][ T6032] usb 9-1: config 0 has no interfaces? [ 1539.743109][ T6032] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1539.743133][ T6032] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1539.782503][ T6032] usb 9-1: config 0 descriptor?? [ 1540.004479][T13524] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1765'. [ 1540.009696][ T6032] usb 9-1: USB disconnect, device number 30 [ 1540.264849][T13557] 9p: Bad value for 'wfdno' [ 1540.297772][ T5985] usb 10-1: USB disconnect, device number 2 [ 1540.871028][ T5985] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 1541.021025][ T5985] usb 8-1: Using ep0 maxpacket: 8 [ 1541.069640][ T5985] usb 8-1: unable to get BOS descriptor or descriptor too short [ 1541.070592][ T5985] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 1541.070626][ T5985] usb 8-1: can't read configurations, error -71 [ 1541.153915][T13581] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1541.273077][T13586] netlink: 312 bytes leftover after parsing attributes in process `syz.9.1788'. [ 1541.339391][T13588] 9p: Bad value for 'wfdno' [ 1541.481036][ T5971] usb 9-1: new full-speed USB device number 31 using dummy_hcd [ 1541.611033][ T5971] usb 9-1: device descriptor read/64, error -71 [ 1541.861057][ T5971] usb 9-1: new full-speed USB device number 32 using dummy_hcd [ 1542.011006][ T5971] usb 9-1: device descriptor read/64, error -71 [ 1542.121332][ T5971] usb usb9-port1: attempt power cycle [ 1542.470976][ T5971] usb 9-1: new full-speed USB device number 33 using dummy_hcd [ 1542.491684][ T5971] usb 9-1: device descriptor read/8, error -71 [ 1542.515277][T13634] binder: 13632:13634 ioctl c0306201 200000000640 returned -22 [ 1542.741035][ T5971] usb 9-1: new full-speed USB device number 34 using dummy_hcd [ 1542.761770][ T5971] usb 9-1: device descriptor read/8, error -71 [ 1542.871547][ T5971] usb usb9-port1: unable to enumerate USB device [ 1542.903219][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1813'. [ 1543.052857][T13652] qrtr: Invalid version 0 [ 1543.391196][T12991] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 1543.543559][T12991] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1543.543614][T12991] usb 8-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1543.543640][T12991] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1543.555781][T12991] usb 8-1: config 0 descriptor?? [ 1543.994391][T12991] hid_parser_main: 68 callbacks suppressed [ 1543.994419][T12991] steelseries 0003:1038:12B6.000F: unknown main item tag 0x6 [ 1543.998437][T12991] steelseries 0003:1038:12B6.000F: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.7-1/input0 [ 1544.369905][ T5793] Bluetooth: hci0: unexpected event for opcode 0x2043 [ 1544.468198][T13657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1544.468637][T13657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1544.513512][ T5971] usb 8-1: USB disconnect, device number 4 [ 1544.543770][T13695] binder: 13691:13695 ioctl c0306201 200000000640 returned -22 [ 1545.171014][ T5971] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 1545.341597][ T5971] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1545.341634][ T5971] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1545.341659][ T5971] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1545.341703][ T5971] usb 10-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1545.341729][ T5971] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1545.346779][ T5971] usb 10-1: config 0 descriptor?? [ 1545.615585][T13709] Bluetooth: hci0: invalid length 0, exp 2 for type 18 [ 1545.623304][ T5971] usbhid 10-1:0.0: can't add hid device: -71 [ 1545.623443][ T5971] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1545.654477][ T5971] usb 10-1: USB disconnect, device number 3 [ 1546.239548][T13746] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1851'. [ 1546.384284][T13757] binder: 13749:13757 ioctl c0306201 200000000640 returned -22 [ 1546.396031][T10993] kernel write not supported for file /54/loginuid (pid: 10993 comm: kworker/0:1) [ 1547.042136][T12991] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1547.210986][T12991] usb 7-1: Using ep0 maxpacket: 16 [ 1547.212862][T12991] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1547.212953][T12991] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1547.212985][T12991] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1547.213011][T12991] usb 7-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping [ 1547.216249][T12991] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1547.216272][T12991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.216287][T12991] usb 7-1: Product: syz [ 1547.216377][T12991] usb 7-1: Manufacturer: syz [ 1547.216394][T12991] usb 7-1: SerialNumber: syz [ 1547.351189][ T6238] usb 9-1: new high-speed USB device number 35 using dummy_hcd [ 1547.503272][ T6238] usb 9-1: Using ep0 maxpacket: 8 [ 1547.507426][ T6238] usb 9-1: config 0 has an invalid interface number: 31 but max is 0 [ 1547.507512][ T6238] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1547.507534][ T6238] usb 9-1: config 0 has no interface number 0 [ 1547.547545][ T6238] usb 9-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1547.547578][ T6238] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.547599][ T6238] usb 9-1: Product: syz [ 1547.547614][ T6238] usb 9-1: Manufacturer: syz [ 1547.547629][ T6238] usb 9-1: SerialNumber: syz [ 1547.599988][ T6238] usb 9-1: config 0 descriptor?? [ 1547.650634][T12991] usb 7-1: USB disconnect, device number 4 [ 1547.691597][T13795] trusted_key: encrypted_key: insufficient parameters specified [ 1547.829459][ T6238] uvcvideo 9-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 1547.829559][ T6238] uvcvideo 9-1:0.31: No valid video chain found. [ 1547.852866][ T6238] usb 9-1: USB disconnect, device number 35 [ 1548.111463][T13809] binder: 13806:13809 ioctl c0306201 200000000640 returned -22 [ 1548.371079][ T5793] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1548.371568][ T5793] Bluetooth: hci0: Injecting HCI hardware error event [ 1548.377606][ T9336] Bluetooth: hci0: hardware error 0x00 [ 1549.331009][ T6238] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1549.481386][ T6238] usb 10-1: Using ep0 maxpacket: 16 [ 1549.489588][ T6238] usb 10-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1549.489621][ T6238] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1549.489644][ T6238] usb 10-1: Product: syz [ 1549.489660][ T6238] usb 10-1: Manufacturer: syz [ 1549.489764][ T6238] usb 10-1: SerialNumber: syz [ 1549.540698][ T6238] r8152-cfgselector 10-1: Unknown version 0x0000 [ 1549.540973][T11294] usb 9-1: new full-speed USB device number 36 using dummy_hcd [ 1549.541105][ T6238] r8152-cfgselector 10-1: config 0 descriptor?? [ 1549.703533][T11294] usb 9-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1549.703563][T11294] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1549.732270][T11294] usb 9-1: config 0 descriptor?? [ 1549.768788][ T6238] r8152-cfgselector 10-1: Unknown version 0x0000 [ 1549.782145][ T6238] r8152-cfgselector 10-1: bad CDC descriptors [ 1549.877587][T13872] binder: 13870:13872 ioctl c0306201 200000000640 returned -22 [ 1549.992843][T13457] r8152-cfgselector 10-1: USB disconnect, device number 4 [ 1550.531166][ T9336] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1550.753892][T11294] pegasus 9-1:0.0: probe with driver pegasus failed with error -121 [ 1550.778121][T13882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1908'. [ 1550.956461][T12991] usb 9-1: USB disconnect, device number 36 [ 1551.092616][T13895] netlink: 280 bytes leftover after parsing attributes in process `syz.9.1913'. [ 1551.475599][T13915] binder: 13911:13915 ioctl c0306201 200000000640 returned -22 [ 1552.081457][T13935] syzkaller0: entered promiscuous mode [ 1552.081488][T13935] syzkaller0: entered allmulticast mode [ 1552.090984][T12991] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 1552.261102][T12991] usb 7-1: Using ep0 maxpacket: 32 [ 1552.264283][T12991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1552.264320][T12991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1552.266722][T12991] usb 7-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1552.266752][T12991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1552.266775][T12991] usb 7-1: Product: syz [ 1552.266790][T12991] usb 7-1: Manufacturer: syz [ 1552.266815][T12991] usb 7-1: SerialNumber: syz [ 1552.286394][T12991] usb 7-1: config 0 descriptor?? [ 1552.359422][T12991] usb 7-1: no audio or video endpoints found [ 1552.715580][T13951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1552.715988][T13951] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1552.751087][T13933] bond1: entered promiscuous mode [ 1552.751121][T13933] bond1: entered allmulticast mode [ 1552.775860][T13933] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1552.915695][T12991] usb 7-1: USB disconnect, device number 5 [ 1552.935878][T13955] 9p: Bad value for 'wfdno' [ 1553.914672][T13977] binder: 13972:13977 ioctl c0306201 200000000640 returned -22 [ 1555.057164][T13989] 9p: Bad value for 'wfdno' [ 1556.456793][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1556.794131][T11294] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1557.112356][T11294] usb 10-1: Using ep0 maxpacket: 32 [ 1557.687115][T11294] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1557.687153][T11294] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1557.715788][T11294] usb 10-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1557.715823][T11294] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1557.715846][T11294] usb 10-1: Product: syz [ 1557.715862][T11294] usb 10-1: Manufacturer: syz [ 1557.715879][T11294] usb 10-1: SerialNumber: syz [ 1557.753871][T11294] usb 10-1: config 0 descriptor?? [ 1557.774648][T11294] usb 10-1: no audio or video endpoints found [ 1558.336030][T14015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1558.336456][T14015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1558.580766][T14020] binder: 14017:14020 ioctl c0306201 200000000640 returned -22 [ 1561.688100][T14003] bond1: entered promiscuous mode [ 1561.688133][T14003] bond1: entered allmulticast mode [ 1561.688713][T14003] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1561.981913][T14036] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1563.687130][ T867] usb 10-1: USB disconnect, device number 5 [ 1564.943790][T14048] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1967'. [ 1564.943834][T14048] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1967'. [ 1566.131627][T14057] binder: 14056:14057 ioctl 4018620d 0 returned -22 [ 1566.185521][T14058] binder: 14056:14058 ioctl c0306201 200000000640 returned -22 [ 1566.735798][T14060] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1972'. [ 1567.619063][T14062] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1568.110996][T14037] usb 9-1: new high-speed USB device number 37 using dummy_hcd [ 1569.353763][T14037] usb 9-1: Using ep0 maxpacket: 16 [ 1569.360797][T14037] usb 9-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1569.375379][T14037] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1569.375408][T14037] usb 9-1: Product: syz [ 1569.375425][T14037] usb 9-1: Manufacturer: syz [ 1569.375441][T14037] usb 9-1: SerialNumber: syz [ 1569.486549][T14037] r8152-cfgselector 9-1: Unknown version 0x0000 [ 1569.486579][T14037] r8152-cfgselector 9-1: config 0 descriptor?? [ 1570.228516][T14069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1570.228937][T14069] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1570.828521][T14037] r8152-cfgselector 9-1: USB disconnect, device number 37 [ 1572.173595][ T37] audit: type=1800 audit(1766715495.225:97): pid=14078 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.9.1980" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 1572.190685][T14078] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 1572.190734][T14078] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 1572.190768][T14078] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1573.458236][T14078] syz.9.1980 (14078) used greatest stack depth: 17496 bytes left [ 1574.654288][T14091] binder: 14090:14091 ioctl 4018620d 0 returned -22 [ 1574.709238][T14093] binder: 14090:14093 ioctl c0306201 200000000640 returned -22 [ 1576.012377][T14099] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1577.684423][ T5793] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1577.739178][ T5793] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1577.762260][ T5793] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1577.764040][ T5793] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1577.764940][ T5793] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1579.892207][ T5793] Bluetooth: hci4: command tx timeout [ 1582.193134][ T5793] Bluetooth: hci4: command tx timeout [ 1584.210970][ T5793] Bluetooth: hci4: command tx timeout [ 1586.100243][T14100] chnl_net:caif_netlink_parms(): no params data found [ 1586.336224][ T5793] Bluetooth: hci4: command tx timeout [ 1587.583404][T14037] usb 9-1: new high-speed USB device number 38 using dummy_hcd [ 1588.217742][T14037] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1588.217797][T14037] usb 9-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1588.217823][T14037] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1588.275429][T14037] usb 9-1: config 0 descriptor?? [ 1589.255436][T14037] steelseries 0003:1038:12B6.0010: unknown main item tag 0x6 [ 1589.385288][T14130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1589.386244][T14130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1589.523654][T14037] steelseries 0003:1038:12B6.0010: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.8-1/input0 [ 1593.321994][T14037] steelseries 0003:1038:12B6.0010: hid_hw_raw_request() failed with -71 [ 1593.373241][T14037] usb 9-1: USB disconnect, device number 38 [ 1593.410374][ T9336] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1593.430356][ T9336] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1593.439717][ T9336] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1593.450672][ T9336] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1593.474822][ T9336] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1593.952823][ T5793] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1593.957762][ T5793] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1594.003360][ T5793] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1594.004914][ T5793] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1594.330023][ T5793] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1595.572784][ T5793] Bluetooth: hci0: command tx timeout [ 1597.250967][ T5793] Bluetooth: hci6: command tx timeout [ 1597.669344][ T5793] Bluetooth: hci0: command tx timeout [ 1597.932305][ T9336] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1598.429060][ T9336] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1598.451377][ T9336] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1598.459630][ T9336] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1598.477920][ T9336] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1599.431145][ T5793] Bluetooth: hci6: command tx timeout [ 1599.731000][ T5793] Bluetooth: hci0: command tx timeout [ 1600.611092][ T5793] Bluetooth: hci7: command tx timeout [ 1601.545411][ T5793] Bluetooth: hci6: command tx timeout [ 1601.819866][ T5793] Bluetooth: hci0: command tx timeout [ 1603.036763][ T5793] Bluetooth: hci7: command tx timeout [ 1603.570955][ T5793] Bluetooth: hci6: command tx timeout [ 1605.230986][ T5793] Bluetooth: hci7: command tx timeout [ 1607.251087][ T5793] Bluetooth: hci7: command tx timeout [ 1607.487152][T14100] bridge0: port 1(bridge_slave_0) entered blocking state [ 1607.516092][T14100] bridge0: port 1(bridge_slave_0) entered disabled state [ 1607.534391][T14100] bridge_slave_0: entered allmulticast mode [ 1607.588043][T14100] bridge_slave_0: entered promiscuous mode [ 1609.735463][ T5793] Bluetooth: hci1: command 0x0406 tx timeout [ 1609.958703][T14100] bridge0: port 2(bridge_slave_1) entered blocking state [ 1609.958856][T14100] bridge0: port 2(bridge_slave_1) entered disabled state [ 1609.959199][T14100] bridge_slave_1: entered allmulticast mode [ 1609.983067][T14100] bridge_slave_1: entered promiscuous mode [ 1610.221713][T13359] usb 9-1: new high-speed USB device number 39 using dummy_hcd [ 1615.009787][T14100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1616.579371][T14100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1616.685572][T14164] bridge0: port 1(bridge_slave_0) entered disabled state [ 1616.701411][T14164] bridge0: port 2(bridge_slave_1) entered disabled state [ 1617.899026][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1623.192069][T14100] team0: Port device team_slave_0 added [ 1623.519555][T14100] team0: Port device team_slave_1 added [ 1635.626887][T14100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1635.626908][T14100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1635.626939][T14100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1635.701198][T14100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1635.701226][T14100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1635.701257][T14100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1642.506227][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1642.529538][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1642.545808][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1642.636376][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1642.753875][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1644.860952][ T5793] Bluetooth: hci3: command tx timeout [ 1646.931090][ T5793] Bluetooth: hci3: command tx timeout [ 1649.013950][ T5793] Bluetooth: hci3: command tx timeout [ 1650.823420][ T9336] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1651.120943][ T9336] Bluetooth: hci3: command tx timeout [ 1651.215246][ T9336] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1651.660189][ T9336] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1652.247815][ T9336] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1652.248873][ T9336] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1654.390203][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1654.408503][ T5793] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1654.470517][ T5793] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1654.520535][ T5793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1654.808197][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1654.868019][T14198] Bluetooth: hci8: command tx timeout [ 1654.869995][T14198] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1654.894200][T14198] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1654.901251][T14198] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1654.912316][T14198] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1654.921404][T14198] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1656.934946][ T5793] Bluetooth: hci8: command tx timeout [ 1657.891018][ T5793] Bluetooth: hci1: command tx timeout [ 1657.892519][T14198] Bluetooth: hci4: command tx timeout [ 1659.011116][T14198] Bluetooth: hci8: command tx timeout [ 1659.975345][ T5793] Bluetooth: hci1: command tx timeout [ 1659.977708][T14198] Bluetooth: hci4: command tx timeout [ 1661.231188][T14198] Bluetooth: hci8: command tx timeout [ 1662.051737][ T9336] Bluetooth: hci1: command tx timeout [ 1662.060569][ T5793] Bluetooth: hci4: command tx timeout [ 1664.131446][T14198] Bluetooth: hci1: command tx timeout [ 1664.131497][ T5793] Bluetooth: hci4: command tx timeout [ 1667.102651][T14198] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1667.165558][T14198] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1667.192682][T14198] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1667.194012][T14198] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1667.194909][T14198] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1669.419778][T14198] Bluetooth: hci0: command tx timeout [ 1671.491129][T14198] Bluetooth: hci0: command tx timeout [ 1673.895112][T14198] Bluetooth: hci0: command tx timeout [ 1676.077838][T14198] Bluetooth: hci0: command tx timeout [ 1679.336577][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1703.233140][ T5793] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1703.237321][ T5793] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1703.261256][ T5793] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1703.263660][ T5793] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1703.265467][ T5793] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1705.330958][T14198] Bluetooth: hci5: command tx timeout [ 1707.429655][T14198] Bluetooth: hci5: command tx timeout [ 1709.511154][T14198] Bluetooth: hci5: command tx timeout [ 1711.456974][ T5793] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1711.501145][ T5793] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1711.506235][ T5793] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1711.507655][ T5793] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1711.578527][ T5793] Bluetooth: hci5: command tx timeout [ 1711.578664][ T5793] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1712.176230][ T9336] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1712.231410][ T9336] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1712.298355][ T9336] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1712.326982][ T9336] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1712.328087][ T9336] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1713.387434][T14198] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1713.450671][T14198] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1713.474522][T14198] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1713.476605][T14198] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1713.477483][T14198] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1713.661001][T14198] Bluetooth: hci6: command tx timeout [ 1714.371029][T14198] Bluetooth: hci7: command tx timeout [ 1715.801001][ T9336] Bluetooth: hci6: command tx timeout [ 1716.450969][ T9336] Bluetooth: hci7: command tx timeout [ 1716.749963][ T9336] Bluetooth: hci9: command tx timeout [ 1717.810896][ T9336] Bluetooth: hci6: command tx timeout [ 1718.709610][ T9336] Bluetooth: hci7: command tx timeout [ 1718.774928][T14198] Bluetooth: hci9: command tx timeout [ 1719.933432][ T9336] Bluetooth: hci6: command tx timeout [ 1720.851198][T14198] Bluetooth: hci9: command tx timeout [ 1720.851301][ T9336] Bluetooth: hci7: command tx timeout [ 1722.946026][ T9336] Bluetooth: hci9: command tx timeout [ 1727.833024][T14198] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1727.837386][T14198] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1727.884872][T14198] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1727.922370][T14198] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1727.923303][T14198] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1730.050951][ T9336] Bluetooth: hci10: command tx timeout [ 1732.131209][ T9336] Bluetooth: hci10: command tx timeout [ 1734.210901][ T9336] Bluetooth: hci10: command tx timeout [ 1736.354735][ T9336] Bluetooth: hci10: command tx timeout [ 1740.898511][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 1763.811501][ T38] INFO: task syz-executor:13209 blocked for more than 143 seconds. [ 1763.811533][ T38] Not tainted syzkaller #0 [ 1763.811546][ T38] Blocked by coredump. [ 1763.811553][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1763.811564][ T38] task:syz-executor state:D stack:21592 pid:13209 tgid:13209 ppid:1 task_flags:0x40054c flags:0x00080003 [ 1763.811632][ T38] Call Trace: [ 1763.811640][ T38] [ 1763.811657][ T38] __schedule+0x145f/0x5070 [ 1763.811712][ T38] ? unwind_next_frame+0xa5/0x23d0 [ 1763.811762][ T38] ? __pfx___schedule+0x10/0x10 [ 1763.811817][ T38] rt_mutex_schedule+0x77/0xf0 [ 1763.811854][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 1763.811886][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 1763.811937][ T38] rt_mutex_slowlock+0x2a8/0x6b0 [ 1763.811971][ T38] ? rt_mutex_slowlock+0x1c9/0x6b0 [ 1763.812003][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1763.812048][ T38] ? rcu_barrier+0x4c/0x570 [ 1763.812078][ T38] ? rcu_barrier+0x4c/0x570 [ 1763.812110][ T38] ? rcu_barrier+0x4c/0x570 [ 1763.812133][ T38] mutex_lock_nested+0x16a/0x1d0 [ 1763.812162][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1763.812195][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1763.812234][ T38] rcu_barrier+0x4c/0x570 [ 1763.812265][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1763.812294][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1763.812323][ T38] netdev_run_todo+0x327/0xea0 [ 1763.812361][ T38] ? __pfx_netif_state_change+0x10/0x10 [ 1763.812386][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 1763.812420][ T38] ? kasan_quarantine_put+0xbb/0x1f0 [ 1763.812463][ T38] ? netdev_state_change+0x1ca/0x220 [ 1763.812494][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1763.812522][ T38] tun_chr_close+0x13f/0x1c0 [ 1763.812552][ T38] __fput+0x45b/0xa80 [ 1763.812594][ T38] task_work_run+0x1d4/0x260 [ 1763.812632][ T38] ? __pfx_task_work_run+0x10/0x10 [ 1763.812669][ T38] ? do_exit+0x68f/0x22f0 [ 1763.812701][ T38] ? do_exit+0x68f/0x22f0 [ 1763.812740][ T38] do_exit+0x694/0x22f0 [ 1763.812775][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1763.812800][ T38] ? lockdep_hardirqs_on+0x7b/0x110 [ 1763.812824][ T38] ? __pfx_do_exit+0x10/0x10 [ 1763.812856][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 1763.812887][ T38] ? reacquire_held_locks+0x104/0x190 [ 1763.812921][ T38] ? rt_spin_lock+0x1c1/0x3e0 [ 1763.812965][ T38] do_group_exit+0x21c/0x2d0 [ 1763.813001][ T38] ? rt_spin_unlock+0x161/0x200 [ 1763.813034][ T38] get_signal+0x125d/0x1310 [ 1763.813081][ T38] arch_do_signal_or_restart+0x9a/0x7a0 [ 1763.813118][ T38] ? kmem_cache_free+0x18f/0x8d0 [ 1763.813151][ T38] ? do_unlinkat+0x50d/0x570 [ 1763.813186][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1763.813241][ T38] ? __pfx_do_unlinkat+0x10/0x10 [ 1763.813291][ T38] exit_to_user_mode_loop+0x87/0x4e0 [ 1763.813324][ T38] ? rcu_is_watching+0x15/0xb0 [ 1763.813349][ T38] do_syscall_64+0x2b7/0xf80 [ 1763.813373][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1763.813398][ T38] ? clear_bhb_loop+0x60/0xb0 [ 1763.813426][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1763.813449][ T38] RIP: 0033:0x7f8dc64aecf7 [ 1763.813470][ T38] RSP: 002b:00007ffed898e4f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000057 [ 1763.813495][ T38] RAX: ffffffffffffffff RBX: 0000000000000449 RCX: 00007f8dc64aecf7 [ 1763.813512][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffed898e5b0 [ 1763.813526][ T38] RBP: 00007ffed898e5b0 R08: 0000000000000000 R09: 0000000000000000 [ 1763.813541][ T38] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffed898f640 [ 1763.813556][ T38] R13: 00007f8dc6533d7d R14: 0000555580b0a4a8 R15: 0000000000000005 [ 1763.813592][ T38] [ 1763.813644][ T38] [ 1763.813644][ T38] Showing all locks held in the system: [ 1763.813657][ T38] 4 locks held by rcuc/0/20: [ 1763.813673][ T38] 1 lock held by khungtaskd/38: [ 1763.813686][ T38] #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1763.813762][ T38] 9 locks held by kworker/u8:3/58: [ 1763.813801][ T38] 2 locks held by getty/5555: [ 1763.813814][ T38] #0: ffff88814e8aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1763.813872][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460 [ 1763.813922][ T38] 2 locks held by syz-executor/5782: [ 1763.814386][ T38] 2 locks held by kworker/u8:20/6350: [ 1763.814404][ T38] 9 locks held by kworker/u8:5/9987: [ 1763.814417][ T38] 3 locks held by kworker/u8:17/10006: [ 1763.814431][ T38] #0: ffff88814d30f938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 1763.814504][ T38] #1: ffffc900015dfbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 1763.814560][ T38] #2: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 1763.814624][ T38] 2 locks held by kworker/1:0/11167: [ 1763.814643][ T38] 1 lock held by syz-executor/13209: [ 1763.814656][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.814711][ T38] 3 locks held by kworker/1:3/13360: [ 1763.814724][ T38] 1 lock held by syz.6.1960/14024: [ 1763.814736][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.814788][ T38] 1 lock held by syz.5.1981/14081: [ 1763.814800][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.814854][ T38] 1 lock held by syz-executor/14100: [ 1763.814866][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.814919][ T38] 1 lock held by syz.7.1993/14110: [ 1763.814932][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.814984][ T38] 2 locks held by kworker/0:10/14132: [ 1763.814996][ T38] 1 lock held by syz-executor/14134: [ 1763.815009][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815066][ T38] 1 lock held by syz-executor/14136: [ 1763.815079][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815132][ T38] 1 lock held by syz-executor/14146: [ 1763.815145][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815208][ T38] 1 lock held by syz.8.2014/14175: [ 1763.815222][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815279][ T38] 2 locks held by syz-executor/14182: [ 1763.815292][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.815346][ T38] #1: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815400][ T38] 2 locks held by syz-executor/14189: [ 1763.815413][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.815465][ T38] #1: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815520][ T38] 2 locks held by syz-executor/14193: [ 1763.815534][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.815587][ T38] #1: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815648][ T38] 2 locks held by syz-executor/14196: [ 1763.815662][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.815712][ T38] #1: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815764][ T38] 2 locks held by syz-executor/14201: [ 1763.815778][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.815829][ T38] #1: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1763.815881][ T38] 1 lock held by syz-executor/14205: [ 1763.815894][ T38] #0: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x37d/0x1df0 [ 1763.815955][ T38] 2 locks held by syz-executor/14209: [ 1763.815968][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.816019][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1763.816081][ T38] 2 locks held by syz-executor/14211: [ 1763.816095][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.816146][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1763.816213][ T38] 2 locks held by syz-executor/14214: [ 1763.816226][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 1763.816276][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1763.816336][ T38] 3 locks held by syz-executor/14217: [ 1763.816351][ T38] [ 1763.816357][ T38] ============================================= [ 1763.816357][ T38] [ 1763.816381][ T38] NMI backtrace for cpu 1 [ 1763.816400][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1763.816424][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1763.816439][ T38] Call Trace: [ 1763.816449][ T38] [ 1763.816460][ T38] dump_stack_lvl+0xe8/0x150 [ 1763.816494][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 1763.816526][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1763.816555][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1763.816589][ T38] sys_info+0x135/0x170 [ 1763.816614][ T38] watchdog+0xf95/0xfe0 [ 1763.816647][ T38] ? watchdog+0x20a/0xfe0 [ 1763.816682][ T38] kthread+0x711/0x8a0 [ 1763.816716][ T38] ? __pfx_watchdog+0x10/0x10 [ 1763.816741][ T38] ? __pfx_kthread+0x10/0x10 [ 1763.816769][ T38] ? rt_spin_unlock+0x150/0x200 [ 1763.816805][ T38] ? rt_spin_unlock+0x161/0x200 [ 1763.816834][ T38] ? __pfx_kthread+0x10/0x10 [ 1763.816866][ T38] ret_from_fork+0x510/0xa50 [ 1763.816894][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1763.816917][ T38] ? __switch_to+0xc9e/0x1480 [ 1763.816955][ T38] ? __pfx_kthread+0x10/0x10 [ 1763.816990][ T38] ret_from_fork_asm+0x1a/0x30 [ 1763.817042][ T38] [ 1763.817051][ T38] Sending NMI from CPU 1 to CPUs 0: [ 1763.817094][ C0] NMI backtrace for cpu 0 [ 1763.817112][ C0] CPU: 0 UID: 0 PID: 9987 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1763.817134][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1763.817149][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 1763.817182][ C0] RIP: 0010:stack_depot_save_flags+0x1ed/0x810 [ 1763.817210][ C0] Code: 8b 5f 1c 85 db 74 11 8d 4b 01 89 d8 f0 0f b1 0f 74 08 89 c3 85 c0 75 ef 31 db 8d 43 01 09 d8 78 93 85 db 74 a8 eb 03 45 31 ff <44> 8b 2c 24 65 ff 0d 18 0c fd 0c 0f 84 fc 00 00 00 4d 85 ff 0f 85 [ 1763.817229][ C0] RSP: 0018:ffffc90003f26478 EFLAGS: 00000297 [ 1763.817247][ C0] RAX: 000000000000001e RBX: 0000000000000801 RCX: ffffffff8132bfaa [ 1763.817261][ C0] RDX: 00000000ddc53aac RSI: 0000000000000001 RDI: 000000004fd68387 [ 1763.817275][ C0] RBP: 000000001944a59d R08: 0000000089e3ff23 R09: 00000000e6a2e67a [ 1763.817289][ C0] R10: 000000000000001e R11: ffffffff81ab9830 R12: ffff88823b2a59d0 [ 1763.817304][ C0] R13: 000000000000001e R14: ffffc90003f264d0 R15: ffff888034323e00 [ 1763.817319][ C0] FS: 0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 1763.817336][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1763.817350][ C0] CR2: 00007f2917438766 CR3: 0000000092290000 CR4: 00000000003526f0 [ 1763.817368][ C0] Call Trace: [ 1763.817376][ C0] [ 1763.817389][ C0] kasan_save_track+0x4f/0x80 [ 1763.817417][ C0] ? kasan_save_track+0x3e/0x80 [ 1763.817443][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 1763.817472][ C0] ? kmem_cache_alloc_noprof+0x18d/0x6c0 [ 1763.817499][ C0] ? dst_alloc+0x105/0x170 [ 1763.817526][ C0] ? ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 1763.817546][ C0] ? ip_route_output_key_hash+0x174/0x280 [ 1763.817564][ C0] ? ip_route_output_flow+0x2a/0x150 [ 1763.817593][ C0] ? ip_route_me_harder+0x6c4/0xf10 [ 1763.817616][ C0] ? synproxy_send_tcp+0x3a7/0x700 [ 1763.817644][ C0] ? synproxy_send_client_synack+0x8bb/0xe20 [ 1763.817672][ C0] ? nft_synproxy_eval_v4+0x36e/0x560 [ 1763.817693][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 1763.817714][ C0] ? nft_do_chain+0x40c/0x1920 [ 1763.817731][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 1763.817750][ C0] ? nf_hook_slow+0xc5/0x220 [ 1763.817777][ C0] ? NF_HOOK+0x206/0x3a0 [ 1763.817800][ C0] ? NF_HOOK+0x30c/0x3a0 [ 1763.817823][ C0] ? __netif_receive_skb+0x143/0x380 [ 1763.817841][ C0] ? process_backlog+0x315/0x8f0 [ 1763.817860][ C0] ? __napi_poll+0xae/0x520 [ 1763.817877][ C0] ? net_rx_action+0x64a/0xdb0 [ 1763.817896][ C0] ? handle_softirqs+0x1df/0x650 [ 1763.817926][ C0] ? __local_bh_enable_ip+0x171/0x2c0 [ 1763.817947][ C0] ? __alloc_skb+0x1bc/0x3a0 [ 1763.817967][ C0] ? nsim_dev_trap_report_work+0x29f/0xbc0 [ 1763.817995][ C0] ? process_scheduled_works+0xad1/0x1770 [ 1763.818016][ C0] ? worker_thread+0x8a0/0xda0 [ 1763.818036][ C0] ? kthread+0x711/0x8a0 [ 1763.818061][ C0] ? ret_from_fork+0x510/0xa50 [ 1763.818079][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 1763.818124][ C0] ? __slab_alloc+0xc6/0x1f0 [ 1763.818146][ C0] __kasan_slab_alloc+0x6c/0x80 [ 1763.818176][ C0] ? dst_alloc+0x105/0x170 [ 1763.818202][ C0] kmem_cache_alloc_noprof+0x18d/0x6c0 [ 1763.818235][ C0] dst_alloc+0x105/0x170 [ 1763.818265][ C0] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 1763.818291][ C0] ? ip_route_output_key_hash+0xc1/0x280 [ 1763.818312][ C0] ip_route_output_key_hash+0x174/0x280 [ 1763.818331][ C0] ? __pfx___inet_dev_addr_type+0x10/0x10 [ 1763.818355][ C0] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1763.818385][ C0] ip_route_output_flow+0x2a/0x150 [ 1763.818415][ C0] ? ip_route_me_harder+0x6ae/0xf10 [ 1763.818441][ C0] ip_route_me_harder+0x6c4/0xf10 [ 1763.818471][ C0] ? __pfx_ip_route_me_harder+0x10/0x10 [ 1763.818504][ C0] ? rcu_is_watching+0x15/0xb0 [ 1763.818522][ C0] ? siphash_2u64+0x25/0x2a0 [ 1763.818546][ C0] synproxy_send_tcp+0x3a7/0x700 [ 1763.818581][ C0] synproxy_send_client_synack+0x8bb/0xe20 [ 1763.818619][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 1763.818648][ C0] ? nft_log_eval+0x808/0xab0 [ 1763.818675][ C0] ? synproxy_pernet+0x45/0x270 [ 1763.818700][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 1763.818725][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 1763.818748][ C0] ? nf_ip_checksum+0x13c/0x510 [ 1763.818771][ C0] nft_synproxy_do_eval+0x345/0x570 [ 1763.818792][ C0] ? nf_ip_checksum+0x13c/0x510 [ 1763.818812][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1763.818833][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 1763.818857][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1763.818883][ C0] nft_do_chain+0x40c/0x1920 [ 1763.818916][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 1763.818939][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 1763.818980][ C0] nft_do_chain_inet+0x25d/0x340 [ 1763.819001][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1763.819026][ C0] ? NF_HOOK+0x9a/0x3a0 [ 1763.819052][ C0] ? NF_HOOK+0x9a/0x3a0 [ 1763.819077][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1763.819098][ C0] nf_hook_slow+0xc5/0x220 [ 1763.819128][ C0] NF_HOOK+0x206/0x3a0 [ 1763.819154][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1763.819181][ C0] ? NF_HOOK+0x9a/0x3a0 [ 1763.819206][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 1763.819229][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 1763.819258][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1763.819286][ C0] ? skb_dst+0x4f/0xd0 [ 1763.819312][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 1763.819339][ C0] NF_HOOK+0x30c/0x3a0 [ 1763.819364][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1763.819390][ C0] ? NF_HOOK+0x9a/0x3a0 [ 1763.819414][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 1763.819439][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1763.819471][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 1763.819494][ C0] __netif_receive_skb+0x143/0x380 [ 1763.819516][ C0] ? process_backlog+0x272/0x8f0 [ 1763.819536][ C0] process_backlog+0x315/0x8f0 [ 1763.819564][ C0] __napi_poll+0xae/0x520 [ 1763.819584][ C0] net_rx_action+0x64a/0xdb0 [ 1763.819613][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1763.819640][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1763.819661][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1763.819688][ C0] handle_softirqs+0x1df/0x650 [ 1763.819716][ C0] __local_bh_enable_ip+0x171/0x2c0 [ 1763.819738][ C0] ? __alloc_skb+0x198/0x3a0 [ 1763.819759][ C0] __alloc_skb+0x1bc/0x3a0 [ 1763.819782][ C0] nsim_dev_trap_report_work+0x29f/0xbc0 [ 1763.819820][ C0] ? process_scheduled_works+0x9ef/0x1770 [ 1763.819844][ C0] process_scheduled_works+0xad1/0x1770 [ 1763.819881][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1763.820271][ C0] ? do_raw_spin_lock+0x121/0x290 [ 1763.820308][ C0] worker_thread+0x8a0/0xda0 [ 1763.820339][ C0] ? __kthread_parkme+0x7b/0x200 [ 1763.820369][ C0] kthread+0x711/0x8a0 [ 1763.820398][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1763.820420][ C0] ? __pfx_kthread+0x10/0x10 [ 1763.820445][ C0] ? rt_spin_unlock+0x150/0x200 [ 1763.820475][ C0] ? rt_spin_unlock+0x161/0x200 [ 1763.820499][ C0] ? __pfx_kthread+0x10/0x10 [ 1763.820526][ C0] ret_from_fork+0x510/0xa50 [ 1763.820549][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1763.820568][ C0] ? __switch_to+0xc9e/0x1480 [ 1763.820601][ C0] ? __pfx_kthread+0x10/0x10 [ 1763.820628][ C0] ret_from_fork_asm+0x1a/0x30 [ 1763.820667][ C0] [ 1764.294547][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 1764.294631][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1764.294700][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1764.294741][ T38] Call Trace: [ 1764.294766][ T38] [ 1764.294797][ T38] vpanic+0x1e0/0x670 [ 1764.294897][ T38] panic+0xb9/0xc0 [ 1764.295000][ T38] ? __pfx_panic+0x10/0x10 [ 1764.295088][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 1764.295174][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 1764.295586][ T38] watchdog+0xfdf/0xfe0 [ 1764.295677][ T38] ? watchdog+0x20a/0xfe0 [ 1764.295779][ T38] kthread+0x711/0x8a0 [ 1764.295842][ T38] ? __pfx_watchdog+0x10/0x10 [ 1764.295866][ T38] ? __pfx_kthread+0x10/0x10 [ 1764.295894][ T38] ? rt_spin_unlock+0x150/0x200 [ 1764.295928][ T38] ? rt_spin_unlock+0x161/0x200 [ 1764.295955][ T38] ? __pfx_kthread+0x10/0x10 [ 1764.296049][ T38] ret_from_fork+0x510/0xa50 [ 1764.296075][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1764.296099][ T38] ? __switch_to+0xc9e/0x1480 [ 1764.296138][ T38] ? __pfx_kthread+0x10/0x10 [ 1764.296171][ T38] ret_from_fork_asm+0x1a/0x30 [ 1764.296223][ T38] [ 1764.296847][ T38] Kernel Offset: disabled