last executing test programs: 14m9.056703974s ago: executing program 2 (id=3): socket$inet6(0xa, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000580)=""/174, 0xae) quotactl$Q_SETQUOTA(0xffffffff80000800, 0x0, 0x0, 0x0) 14m6.976433651s ago: executing program 2 (id=7): syz_usb_connect(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_generic(0x10, 0x3, 0x10) msgget$private(0x0, 0x629) msgrcv(0x0, 0x0, 0x0, 0x3, 0x2000) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) 13m51.814409736s ago: executing program 32 (id=7): syz_usb_connect(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_generic(0x10, 0x3, 0x10) msgget$private(0x0, 0x629) msgrcv(0x0, 0x0, 0x0, 0x3, 0x2000) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) 13m17.00211892s ago: executing program 3 (id=74): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[]) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="120000"], 0x48) recvfrom$inet6(r3, &(0x7f00000000c0)=""/53, 0x35, 0x40010102, 0x0, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) 13m15.835484949s ago: executing program 3 (id=75): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x2, 0x5, 0x6, 0x1000}, 0x10, 0x2a9bf, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000300)=[{0x2, 0x4, 0x7}, {0x3, 0x3, 0x4, 0x8}]}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) socket$phonet(0x23, 0x2, 0x1) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x11) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000dc0)={0x0, 0x0}) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 13m14.834506701s ago: executing program 3 (id=78): socket$inet6(0xa, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000580)=""/174, 0xae) 13m12.018971182s ago: executing program 3 (id=80): socket$inet6(0xa, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r3, &(0x7f0000000580)=""/174, 0xae) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 13m10.310324634s ago: executing program 3 (id=86): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x6, 0x40, 0x0, '\x00', 0x4, 0xcaa}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) 13m9.647720956s ago: executing program 3 (id=89): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0) 12m53.842451185s ago: executing program 33 (id=89): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0) 3m56.640985032s ago: executing program 4 (id=1553): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) 3m55.007234867s ago: executing program 4 (id=1558): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MAC_ACL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffff17, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x24040003}, 0x200088c4) getpeername(0xffffffffffffffff, 0x0, &(0x7f0000000340)) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x1) 3m54.34898166s ago: executing program 4 (id=1559): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$kvm(0xffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000140)}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f00000003c0)={0x140, r4, 0x10, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x44}, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x2, 0x7e}}}}, [@NL80211_ATTR_VENDOR_DATA={0xf7, 0xc5, "2e1d0592d739b79ccb568e677916103e11edffd2e3ad2916f4878832dce3e4613765b924b6fc5bf064fe4800de0033a265ac6b314fab323d172a458cf566aa13faf8a00716d78470928d22f1aba6c642bf67f0c73246a257307d14f3e04473631c0c7144bcb1d6629ff692c047c912b0f9d355a05087a36292d8530dc1cb747053a94dfdbf4299629ca229554e73b37409576be21d31afe26455bfc6ce647b10319ee93422191cdf27604613070a8529eabb9493ce018b2b65fba9489dfb90b077ff922c948b5a5a0a407c9cefd5b03a52ccc54cb82a1ba3c2b7f10405a2442e192e7bf45d14f0f464cee7f8c274fe0bc1b382"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x6}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xffffffff}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x8d0}]}, 0x140}, 0x1, 0x0, 0x0, 0x20000090}, 0x8000043) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000140)={0x0, 0x5, 0x1, {0xa, @pix_mp={0x9, 0x81, 0x0, 0x8, 0xa, [{0xd, 0x2}, {0x3, 0x8000}, {0xa64a80ed, 0x7fffffff}, {0x200, 0x3ff}, {0x5, 0x1}, {0x4ce, 0x8}, {0x7ff, 0x9}, {0x6, 0x1}], 0x7, 0xff, 0x6, 0x1, 0x5}}}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) 3m46.055758239s ago: executing program 4 (id=1572): socket$inet6(0xa, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000580)=""/174, 0xae) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00'}) getgid() 3m44.463384741s ago: executing program 4 (id=1575): syz_emit_ethernet(0x4e, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "ef00", 0x18, 0x2b, 0x0, @private1, @local, {[@hopopts={0x87}], {0x3b00, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = dup(r1) write$binfmt_elf32(r6, 0x0, 0x64) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) connect$netlink(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r7 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r7, &(0x7f0000000100)='./file0\x00') 3m41.318881242s ago: executing program 4 (id=1580): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x8907, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) gettid() fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) timer_settime(0x0, 0x1, 0x0, 0x0) r5 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 3m26.175612413s ago: executing program 34 (id=1580): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x8907, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) gettid() fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) timer_settime(0x0, 0x1, 0x0, 0x0) r5 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 8.905309264s ago: executing program 0 (id=2321): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000018110000", @ANYRES16=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008fe0000b90400000000000085000000c30000009597b8b5a506901dd79770f6899378b543ea16ce199c78f673323df1fa65784332981f76"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) close_range(r1, r3, 0x40000000000000) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f00000042c0)=ANY=[@ANYBLOB="180080001400010028bd5132939aaa73e9271afe", @ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x4002}, 0x810) syz_open_dev$video4linux(0x0, 0x7fff, 0x48b03) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000cc0)) preadv(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f00000010c0)=""/225, 0xe1}], 0x1, 0x7, 0x20000000) 8.635587075s ago: executing program 0 (id=2326): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x14, 0xf, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x45}, 0x800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.403803611s ago: executing program 0 (id=2335): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x35, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_query]}, &(0x7f0000000100)='syzkaller\x00', 0x9c4, 0xfc, &(0x7f0000000380)=""/252, 0x40f00, 0x4a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000480)=[{0x4, 0x3, 0x2, 0x3}, {0x1, 0x2, 0xb, 0x7}, {0x3, 0x3, 0x10, 0x1}, {0x2, 0x5, 0xc, 0x1}, {0x4, 0x5, 0xa, 0x3}, {0x0, 0x2, 0x6, 0xc}, {0x5, 0x5, 0x4, 0x8}, {0x4, 0x4, 0x10}, {0x1, 0x3, 0x7}]}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r0, 0x0, 0xe0}, 0xfff3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0xfffffffffffffffe) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r4, 0x4bfa, 0x0) 7.077975518s ago: executing program 7 (id=2337): bind$unix(0xffffffffffffffff, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_usb_connect(0x5, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014}) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876) 6.24822156s ago: executing program 0 (id=2341): bind$unix(0xffffffffffffffff, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_usb_connect(0x5, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014}) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876) (fail_nth: 1) 6.17211763s ago: executing program 1 (id=2342): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000000701030000000000000003000000010c00064000000000000080"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x1c, 0xf, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x45}, 0x800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.757794682s ago: executing program 1 (id=2343): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x24, 0xf, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x45}, 0x800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.458758671s ago: executing program 1 (id=2345): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x14, 0xf, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x45}, 0x800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.346376813s ago: executing program 6 (id=2347): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) 5.246577817s ago: executing program 6 (id=2348): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r2, 0x917, 0x1000, 0x0, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2b3d}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x68}}, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) syz_emit_ethernet(0x62, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000500ff"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="270100df00"], 0x50) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa2286dd601996460014060000000000000000000000000000000000fe8000000000000000800000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04050400c900", @ANYRES32=r5], 0x7) syz_open_dev$video4linux(0x0, 0x7fff, 0x48b03) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000cc0)={0xffffffffffffffff}) close(r6) 5.12995441s ago: executing program 6 (id=2349): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) write$FUSE_LSEEK(0xffffffffffffffff, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x1}, 0x18) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) 4.032300898s ago: executing program 6 (id=2351): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x29, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x8d) socket$nl_netfilter(0x10, 0x3, 0xc) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x3c0a00, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) socket(0x1e, 0x805, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$unix(0x1, 0x1, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 4.000018148s ago: executing program 7 (id=2352): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x29, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) creat(&(0x7f00000002c0)='./file0\x00', 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x8d) socket$nl_netfilter(0x10, 0x3, 0xc) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x3c0a00, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x1e, 0x805, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$unix(0x1, 0x1, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 2.998465204s ago: executing program 0 (id=2353): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000000701030000000000000003000000010c00064000000000000080"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x1c, 0xf, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x45}, 0x800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.997036374s ago: executing program 1 (id=2354): socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000000701030000000000000003000000010c000640"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x24, 0xf, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x45}, 0x800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.906137554s ago: executing program 5 (id=2355): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1ca0c27cd21d8a48637cb781581aac75a2f848f285c99133f0435497bf6ae25625c64f82ecc0a7bb7b", 0x40}, {&(0x7f0000000cc0)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb9556a649fb246dd788930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42", 0xf1}], 0x2}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="a7040f7dff0a4fed838b52a29c46952dfe5aff84e281448c520c4b0808bdb32447fc2ba20baa8cc06a99aea4a4221e753e94bf215e02377273dfb5b0cdc89fcd35", 0x41}, {&(0x7f00000002c0)="d0f28c036a8b6293adbae6a1f4a98928a2efe08e665dac369f8749c5c15e9819ef3627a4cf2264401c991774440846e7b4146eca22035546a286d4571d16423012a6cc000f8a5fb3c2555ef48a1e7dc5a9c834f7dfdb9487e74566a7a9e2262d739ba78f19916bd9efee8442b70298a91798f9186dcd1a9e63316e7d18debc6fe4280aff3b3400849f8d659d4d5a", 0x8e}, {&(0x7f0000000380)="ba78a730565fdeecaa98beb39bb0a1e4a46f0808ce0b5b03542d54303591031ad9f9073b1dff296b9df9eca8a08c6bf80659214737633acdcd8a7f2cfbeeaf58ac4f24a24f362b8356f278b8bd35ea4252eaa3cd4d77c9732606a6ef391938556550996483853a6837696da775fb0b6dd87e1c4d21", 0x75}, {0x0}], 0x4}}], 0x2, 0x54004) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 2.829974828s ago: executing program 6 (id=2356): socket$inet6(0xa, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) getdents64(0xffffffffffffffff, &(0x7f0000000580)=""/174, 0xae) 2.802387012s ago: executing program 7 (id=2357): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) socket(0x2, 0x3, 0xff) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2.784029011s ago: executing program 5 (id=2358): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) 2.69045994s ago: executing program 5 (id=2359): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x9237, 0x149441) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001940), r1) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fddbdf25010000000000000002410000001088aa21af00137564703c73797a31000000006a989f4a4ebc23e4049769ea3169cc262228e5d62eabe17ddca7a294e2a5dc98afea"], 0x2c}, 0x1, 0x0, 0x0, 0x4044880}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r2, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4048005}, 0x1) 2.667501012s ago: executing program 0 (id=2360): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r4 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000480)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r5}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r2, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000080)={0x28, 0x6, r2, 0x0, &(0x7f00004fb000/0x4000)=nil, 0x4000, 0x4}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xb}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r2, r2, 0x3, 0xfffffffffffffffa, 0x3fff}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000180)={0x28, 0x5, r2, 0x0, &(0x7f00000003c0)="90", 0x1, 0xf90a}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r2, 0x0, &(0x7f0000000440)="98", 0x1, 0x80000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000001c0)={0x28, 0x6, r2, 0x0, &(0x7f00004fe000/0x2000)=nil, 0x2000, 0x8000}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) mount$nfs(&(0x7f00000001c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\x8f\x98\xb9\x89Q\xa4Pxy0\x01\x8cC\x1f|\xad\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', 0x0, 0x0, 0x1a29143, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x401c2103, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x4000000}) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}}, @NFT_MSG_NEWSETELEM={0x2c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x3b8, 0xb, 0xa, 0x3, 0x0, 0x0, {}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_USERDATA={0x75, 0xd, 0x1, 0x0, "6d2884b6b1e21ff3f3c814eb194e02aa7337bf84e4d0ab69c039e0c31f87a9b1ca44f55fd9c6fd08548043390f823b35c6cbd663e11915fbbb188c764f3b7cef3198181c3bcdc57da33fd509ba48d985636070ec24a46eac3d880da8ea00a6b529ea88e6ce87942e45d534d8b6251552d2"}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_SET_EXPRESSIONS={0x4c, 0x12, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, {0x1c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0xa}]}}}]}, @NFTA_SET_DESC={0x2a8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0xdacf}, @NFTA_SET_DESC_CONCAT={0x130, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffff1e9}]}, {0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x25}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x87}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffffc0}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffffd}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x100}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x81}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffffa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff7}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x34, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x939}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7a}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_DESC_CONCAT={0x60, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa159}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xff}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_DESC_CONCAT={0x104, 0x2, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x100}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1000}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7fffffff}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x44, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb59}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8326}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x40}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x3a}]}, @NFT_MSG_NEWFLOWTABLE={0x60, 0x16, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x48c}, 0x1, 0x0, 0x0, 0x20004000}, 0xc000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x7d00) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r8 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r9, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)={0x174, 0x2, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x1}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7fffffff}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0xfffffff7}, @CTA_EXPECT_MASK={0x50, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @CTA_EXPECT_MASTER={0x58, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}]}, @CTA_EXPECT_TUPLE={0xa8, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x240040c4}, 0x8000) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00222200000096231306e53f0b53743ff62a9000070d00be0083"], 0x0}, 0x0) 2.536344773s ago: executing program 7 (id=2361): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) write$FUSE_LSEEK(0xffffffffffffffff, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x1}, 0x18) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) 1.601496808s ago: executing program 5 (id=2362): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x29, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x8d) socket$nl_netfilter(0x10, 0x3, 0xc) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x3c0a00, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x1e, 0x805, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$unix(0x1, 0x1, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 1.592015445s ago: executing program 6 (id=2363): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000001c0)={0x1adb8}) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) read$sequencer(r2, &(0x7f0000000100)=""/174, 0xae) r3 = syz_open_procfs(0x0, &(0x7f0000000500)='task\x00') getdents64(r3, &(0x7f0000000100)=""/86, 0x56) accept$netrom(r3, &(0x7f00000002c0)={{0x3, @bcast}, [@bcast, @remote, @null, @default, @default, @bcast, @netrom, @bcast]}, &(0x7f0000000340)=0x25) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba", 0x10}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2000847}], 0x1, 0x40800) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001080)=""/27, 0x1b}], 0x1}}], 0x1, 0x40000000, 0x0) r8 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r8, 0x800c5012, &(0x7f0000000200)) socket(0xa, 0x3, 0xff) 1.189578533s ago: executing program 1 (id=2364): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) (async, rerun: 32) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async, rerun: 32) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81101) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262) (async) futex(&(0x7f000000cffc), 0x3, 0x0, 0x0, 0x0, 0x2) 1.167893192s ago: executing program 7 (id=2365): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000018110000", @ANYRES16=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008fe0000b90400000000000085000000c30000009597b8b5a506901dd79770f6899378b543ea16ce199c78f673323df1fa65784332981f76"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) close_range(r1, r3, 0x40000000000000) syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') 1.136325793s ago: executing program 5 (id=2366): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r2, 0x917, 0x1000, 0x0, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2b3d}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x68}}, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) syz_emit_ethernet(0x62, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000500ff"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="270100df00"], 0x50) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa2286dd601996460014060000000000000000000000000000000000fe8000000000000000800000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect$uac1(0x3, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04050400c900", @ANYRES32], 0x7) syz_open_dev$video4linux(0x0, 0x7fff, 0x48b03) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000cc0)={0xffffffffffffffff}) close(r5) 913.835985ms ago: executing program 1 (id=2367): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x29, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) creat(&(0x7f00000002c0)='./file0\x00', 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x8d) socket$nl_netfilter(0x10, 0x3, 0xc) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x3c0a00, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x1e, 0x805, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$unix(0x1, 0x1, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 877.921012ms ago: executing program 7 (id=2368): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000001c0)={0x1adb8}) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) read$sequencer(r2, &(0x7f0000000100)=""/174, 0xae) r3 = syz_open_procfs(0x0, &(0x7f0000000500)='task\x00') getdents64(r3, &(0x7f0000000100)=""/86, 0x56) accept$netrom(r3, &(0x7f00000002c0)={{0x3, @bcast}, [@bcast, @remote, @null, @default, @default, @bcast, @netrom, @bcast]}, &(0x7f0000000340)=0x25) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x80800) sendmmsg$alg(r8, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba", 0x10}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2000847}], 0x1, 0x40800) recvmmsg$unix(r8, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001080)=""/27, 0x1b}], 0x1}}], 0x1, 0x40000000, 0x0) r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r9, 0x800c5012, &(0x7f0000000200)) socket(0xa, 0x3, 0xff) 0s ago: executing program 5 (id=2369): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) kernel console output (not intermixed with test programs): /syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 629.589803][ T37] audit: type=1326 audit(1766368944.463:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10830 comm="syz.1.1422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 629.589841][ T37] audit: type=1326 audit(1766368944.463:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10830 comm="syz.1.1422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 629.589878][ T37] audit: type=1326 audit(1766368944.463:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10830 comm="syz.1.1422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 629.704266][ T37] audit: type=1326 audit(1766368944.593:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10830 comm="syz.1.1422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 629.889514][ T6000] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 629.921592][T10837] overlayfs: overlapping lowerdir path [ 630.069820][T10839] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 630.919467][ T6000] usb 2-1: Using ep0 maxpacket: 16 [ 630.997576][ T6000] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.997611][ T6000] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.997648][ T6000] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 630.997670][ T6000] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.282395][ T6000] usb 2-1: config 0 descriptor?? [ 631.544754][T10843] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 632.802684][ T5808] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 633.090923][ T5808] usb 7-1: Using ep0 maxpacket: 16 [ 633.351104][ T5808] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 633.351136][ T5808] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 633.351232][ T5808] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 633.351254][ T5808] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.356167][ T5808] usb 7-1: config 0 descriptor?? [ 634.276412][ T6000] usbhid 2-1:0.0: can't add hid device: -71 [ 634.276583][ T6000] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 634.296976][ T6000] usb 2-1: USB disconnect, device number 15 [ 634.473435][ T5808] corsair 0003:1B1C:1B02.0006: item fetching failed at offset 4/5 [ 634.474191][ T5808] corsair 0003:1B1C:1B02.0006: parse failed [ 634.474321][ T5808] corsair 0003:1B1C:1B02.0006: probe with driver corsair failed with error -22 [ 634.738319][ T37] kauditd_printk_skb: 58 callbacks suppressed [ 634.738336][ T37] audit: type=1326 audit(1766368949.623:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10852 comm="syz.6.1427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeed5bf749 code=0x7ffc0000 [ 634.738735][ T37] audit: type=1326 audit(1766368949.623:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10852 comm="syz.6.1427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeed5bf749 code=0x7ffc0000 [ 635.133302][T10862] autofs: Unknown parameter '0x0000000000000000' [ 635.959668][ T5808] usb 7-1: USB disconnect, device number 9 [ 636.159885][T10864] Bluetooth: hci0: invalid length 0, exp 2 for type 24 [ 636.837469][T10880] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 638.187167][T10884] overlayfs: overlapping lowerdir path [ 639.091964][T10894] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 641.179513][ T37] audit: type=1326 audit(1766368956.063:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 641.179975][ T37] audit: type=1326 audit(1766368956.073:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 641.180362][ T37] audit: type=1326 audit(1766368956.073:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 641.180850][ T37] audit: type=1326 audit(1766368956.073:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc20461df90 code=0x7ffc0000 [ 641.181791][ T37] audit: type=1326 audit(1766368956.073:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 641.182183][ T37] audit: type=1326 audit(1766368956.073:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 641.184465][ T37] audit: type=1326 audit(1766368956.073:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 641.184512][ T37] audit: type=1326 audit(1766368956.073:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 641.291990][ T37] audit: type=1326 audit(1766368956.183:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 641.361302][ T37] audit: type=1326 audit(1766368956.253:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10897 comm="syz.4.1441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 641.419583][ T6000] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 641.439503][ T5808] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 641.599670][ T6000] usb 5-1: Using ep0 maxpacket: 16 [ 641.602527][ T5808] usb 7-1: config 0 has an invalid interface number: 106 but max is 0 [ 641.602554][ T5808] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 641.602573][ T5808] usb 7-1: config 0 has no interface number 0 [ 641.602674][ T5808] usb 7-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 641.602716][ T5808] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 641.602739][ T5808] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.612852][ T6000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.612885][ T6000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 641.612920][ T6000] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 641.612942][ T6000] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.639326][ T5808] usb 7-1: config 0 descriptor?? [ 641.651305][ T6000] usb 5-1: config 0 descriptor?? [ 641.830222][ T5808] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 642.019864][ T5808] usb 7-1: USB disconnect, device number 10 [ 642.067325][T10911] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 642.092639][ T6000] corsair 0003:1B1C:1B02.0007: item fetching failed at offset 4/5 [ 642.093420][ T6000] corsair 0003:1B1C:1B02.0007: parse failed [ 642.093520][ T6000] corsair 0003:1B1C:1B02.0007: probe with driver corsair failed with error -22 [ 642.101850][ T13] usb 7-1: Failed to submit usb control message: -71 [ 642.101884][ T13] usb 7-1: unable to send the bmi data to the device: -71 [ 642.101901][ T13] usb 7-1: unable to get target info from device [ 642.101915][ T13] usb 7-1: could not get target info (-71) [ 642.101932][ T13] usb 7-1: could not probe fw (-71) [ 642.650823][T10914] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 643.084145][ T6044] usb 5-1: USB disconnect, device number 22 [ 644.469149][T10941] autofs: Unknown parameter '0x0000000000000000' [ 645.218318][T10939] Bluetooth: hci0: unsupported parameter 255 [ 645.218342][T10939] Bluetooth: hci0: unsupported parameter 255 [ 646.057987][T10958] autofs: Unknown parameter '0x0000000000000000' [ 647.225881][T10966] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1462'. [ 647.554921][T10976] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 649.839827][ T37] kauditd_printk_skb: 35 callbacks suppressed [ 649.839845][ T37] audit: type=1326 audit(1766368964.733:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 649.840339][ T37] audit: type=1326 audit(1766368964.733:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 649.840579][ T37] audit: type=1326 audit(1766368964.733:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 649.841025][ T37] audit: type=1326 audit(1766368964.733:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc20461df90 code=0x7ffc0000 [ 649.841609][ T37] audit: type=1326 audit(1766368964.733:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 649.841926][ T37] audit: type=1326 audit(1766368964.733:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 649.843875][ T37] audit: type=1326 audit(1766368964.733:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 649.844112][ T37] audit: type=1326 audit(1766368964.733:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 649.962005][T10635] chnl_net:caif_netlink_parms(): no params data found [ 649.962394][ T37] audit: type=1326 audit(1766368964.853:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 649.989574][ T5901] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 650.040474][ T37] audit: type=1326 audit(1766368964.933:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10990 comm="syz.4.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 650.109665][ T6044] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 650.249518][ T5901] usb 6-1: Using ep0 maxpacket: 16 [ 650.270689][ T5901] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 650.270714][ T5901] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 650.270732][ T5901] usb 6-1: config 0 has no interface number 0 [ 650.278044][ T5901] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 650.278074][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.278094][ T5901] usb 6-1: Product: syz [ 650.278108][ T5901] usb 6-1: Manufacturer: syz [ 650.278122][ T5901] usb 6-1: SerialNumber: syz [ 650.299461][ T6044] usb 5-1: Using ep0 maxpacket: 16 [ 650.324007][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.324039][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.324076][ T6044] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 650.324097][ T6044] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.463006][ T5901] usb 6-1: config 0 descriptor?? [ 650.468885][ T6044] usb 5-1: config 0 descriptor?? [ 650.497862][ T5901] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 650.551561][ T5901] snd-usb-audio 6-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 652.231766][ T5901] usb 6-1: USB disconnect, device number 12 [ 652.311779][T10901] udevd[10901]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 652.586285][T10635] bridge0: port 1(bridge_slave_0) entered blocking state [ 652.603130][T10635] bridge0: port 1(bridge_slave_0) entered disabled state [ 652.603379][T10635] bridge_slave_0: entered allmulticast mode [ 652.606385][T10635] bridge_slave_0: entered promiscuous mode [ 652.643476][T10635] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.643745][T10635] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.643954][T10635] bridge_slave_1: entered allmulticast mode [ 652.646427][T10635] bridge_slave_1: entered promiscuous mode [ 652.791174][ T6044] usbhid 5-1:0.0: can't add hid device: -71 [ 652.791287][ T6044] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 652.842838][ T6044] usb 5-1: USB disconnect, device number 23 [ 652.962726][T10635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.966751][T10635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 653.481822][ T3480] bridge_slave_1: left allmulticast mode [ 653.481850][ T3480] bridge_slave_1: left promiscuous mode [ 653.482100][ T3480] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.559972][ T6044] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 653.700066][T11033] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 654.471960][ T3480] bridge_slave_0: left allmulticast mode [ 654.471989][ T3480] bridge_slave_0: left promiscuous mode [ 654.472238][ T3480] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.611870][ T6044] usb 5-1: config 0 has an invalid interface number: 106 but max is 0 [ 654.611900][ T6044] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 654.611919][ T6044] usb 5-1: config 0 has no interface number 0 [ 654.611967][ T6044] usb 5-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 654.612008][ T6044] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 654.612030][ T6044] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.623175][ T6044] usb 5-1: config 0 descriptor?? [ 654.681048][ T6044] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 654.848482][T11042] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 656.302990][ T5808] usb 5-1: USB disconnect, device number 24 [ 656.321499][ T1175] usb 5-1: Failed to submit usb control message: -71 [ 656.321520][ T1175] usb 5-1: unable to send the bmi data to the device: -71 [ 656.321530][ T1175] usb 5-1: unable to get target info from device [ 656.321537][ T1175] usb 5-1: could not get target info (-71) [ 656.321547][ T1175] usb 5-1: could not probe fw (-71) [ 656.359186][ T3480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 657.380562][ T3480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 657.491469][ T3480] bond0 (unregistering): Released all slaves [ 657.597569][T10635] team0: Port device team_slave_0 added [ 657.647552][T10635] team0: Port device team_slave_1 added [ 657.934300][ T37] kauditd_printk_skb: 21 callbacks suppressed [ 657.934318][ T37] audit: type=1326 audit(1766368972.823:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 657.934894][ T37] audit: type=1326 audit(1766368972.823:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 658.017244][ T37] audit: type=1326 audit(1766368972.823:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc20461f749 code=0x7ffc0000 [ 658.017666][ T37] audit: type=1326 audit(1766368972.903:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc20461df90 code=0x7ffc0000 [ 658.018401][ T37] audit: type=1326 audit(1766368972.903:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 658.115526][ T37] audit: type=1326 audit(1766368972.903:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 658.135778][ T37] audit: type=1326 audit(1766368973.003:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 658.135831][ T37] audit: type=1326 audit(1766368973.003:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 658.175645][T10635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.175665][T10635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 658.175692][T10635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.268272][ T37] audit: type=1326 audit(1766368973.153:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 658.330532][ T37] audit: type=1326 audit(1766368973.223:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11063 comm="syz.4.1484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc20461f34b code=0x7ffc0000 [ 658.465986][ T6044] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 658.510433][ T3480] hsr_slave_0: left promiscuous mode [ 659.279570][ T3480] hsr_slave_1: left promiscuous mode [ 659.280498][ T3480] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 659.349504][ T6044] usb 5-1: Using ep0 maxpacket: 16 [ 659.361711][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.361743][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.361778][ T6044] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 659.361798][ T6044] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.421032][ T3480] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 659.426086][ T6044] usb 5-1: config 0 descriptor?? [ 659.960963][ T6044] corsair 0003:1B1C:1B02.0008: item fetching failed at offset 4/5 [ 659.961721][ T6044] corsair 0003:1B1C:1B02.0008: parse failed [ 659.961825][ T6044] corsair 0003:1B1C:1B02.0008: probe with driver corsair failed with error -22 [ 660.272900][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 660.275626][ T5814] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 660.281305][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 660.282675][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 660.283719][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 661.019823][ T9912] usb 5-1: USB disconnect, device number 25 [ 661.244775][ T3480] team0 (unregistering): Port device team_slave_1 removed [ 661.461545][ T9912] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 661.562696][ T3480] team0 (unregistering): Port device team_slave_0 removed [ 661.641623][ T9912] usb 5-1: Using ep0 maxpacket: 16 [ 661.645953][ T9912] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 661.645977][ T9912] usb 5-1: config 0 has no interfaces? [ 661.648575][ T9912] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 661.648591][ T9912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.648601][ T9912] usb 5-1: Product: syz [ 661.648608][ T9912] usb 5-1: Manufacturer: syz [ 661.648615][ T9912] usb 5-1: SerialNumber: syz [ 661.732093][ T9912] usb 5-1: config 0 descriptor?? [ 661.997568][ T9912] usb 5-1: USB disconnect, device number 26 [ 662.849654][T10636] Bluetooth: hci3: command tx timeout [ 662.919463][ T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 662.990124][ T37] kauditd_printk_skb: 53 callbacks suppressed [ 662.990140][ T37] audit: type=1326 audit(1766368977.883:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.069515][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 663.208656][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 663.208692][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.208729][ T10] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 663.208751][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.239862][ T37] audit: type=1326 audit(1766368978.093:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.239910][ T37] audit: type=1326 audit(1766368978.093:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.239963][ T37] audit: type=1326 audit(1766368978.093:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.240002][ T37] audit: type=1326 audit(1766368978.093:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.240042][ T37] audit: type=1326 audit(1766368978.093:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.240082][ T37] audit: type=1326 audit(1766368978.103:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 663.473846][T11124] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 664.913835][T10636] Bluetooth: hci3: command tx timeout [ 664.918906][ T10] usb 2-1: config 0 descriptor?? [ 664.921670][ T37] audit: type=1326 audit(1766368979.813:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 664.922702][ T37] audit: type=1326 audit(1766368979.813:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 664.923133][ T37] audit: type=1326 audit(1766368979.813:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11107 comm="syz.1.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f219546f34b code=0x7ffc0000 [ 666.812668][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 666.813284][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 666.836961][ T10] usb 2-1: USB disconnect, device number 16 [ 667.089048][T10636] Bluetooth: hci3: command tx timeout [ 667.370496][T11143] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 669.238270][T10636] Bluetooth: hci3: command tx timeout [ 670.709556][ T5808] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 670.879502][ T5808] usb 5-1: Using ep0 maxpacket: 16 [ 670.957654][T11082] chnl_net:caif_netlink_parms(): no params data found [ 671.113995][ T5808] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 671.114022][ T5808] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 671.114049][ T5808] usb 5-1: config 0 has no interface number 0 [ 671.116932][ T5808] usb 5-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 671.116961][ T5808] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.116979][ T5808] usb 5-1: Product: syz [ 671.116992][ T5808] usb 5-1: Manufacturer: syz [ 671.117004][ T5808] usb 5-1: SerialNumber: syz [ 672.201574][ T5808] usb 5-1: config 0 descriptor?? [ 672.951725][T11178] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 673.049270][T11173] autofs: Unknown parameter '0x0000000000000000' [ 674.534171][ T5808] usb 5-1: can't set config #0, error -71 [ 675.246364][T11192] overlayfs: overlapping lowerdir path [ 675.255907][T11193] overlayfs: overlapping lowerdir path [ 676.902023][T11198] overlayfs: overlapping lowerdir path [ 677.014255][T11199] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 677.996530][ T5808] usb 5-1: USB disconnect, device number 27 [ 678.895297][T11082] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.895496][T11082] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.895691][T11082] bridge_slave_0: entered allmulticast mode [ 678.898259][T11082] bridge_slave_0: entered promiscuous mode [ 678.904769][T11082] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.904951][T11082] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.905126][T11082] bridge_slave_1: entered allmulticast mode [ 678.907429][T11082] bridge_slave_1: entered promiscuous mode [ 679.124086][T11215] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 679.721802][ T5808] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 680.029161][ T5808] usb 7-1: Using ep0 maxpacket: 16 [ 680.037492][ T5808] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 680.037507][ T5808] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 680.037516][ T5808] usb 7-1: config 0 has no interface number 0 [ 680.073997][ T5808] usb 7-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 680.074015][ T5808] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 680.074025][ T5808] usb 7-1: Product: syz [ 680.074032][ T5808] usb 7-1: Manufacturer: syz [ 680.074040][ T5808] usb 7-1: SerialNumber: syz [ 680.080117][ T5808] usb 7-1: config 0 descriptor?? [ 680.122965][ T5808] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 680.193392][ T5808] snd-usb-audio 7-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 680.250098][ T3480] bridge_slave_1: left allmulticast mode [ 680.250126][ T3480] bridge_slave_1: left promiscuous mode [ 680.250371][ T3480] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.266894][T10901] udevd[10901]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 680.390917][ T3480] bridge_slave_0: left allmulticast mode [ 680.390949][ T3480] bridge_slave_0: left promiscuous mode [ 680.391216][ T3480] bridge0: port 1(bridge_slave_0) entered disabled state [ 680.404617][ T9912] usb 7-1: USB disconnect, device number 11 [ 682.485801][T11244] autofs: Unknown parameter '0x0000000000000000' [ 683.249462][ T3480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 683.876340][T11251] autofs: Unknown parameter '0x0000000000000000' [ 684.653945][ T3480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 684.719941][ T3480] bond0 (unregistering): Released all slaves [ 684.929270][T11082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 685.780752][T11082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.865075][T11082] team0: Port device team_slave_0 added [ 687.865223][ T3480] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 687.919528][ T8140] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 688.069536][ T8140] usb 2-1: Using ep0 maxpacket: 32 [ 688.076881][ T8140] usb 2-1: config 1 has an invalid interface number: 67 but max is 0 [ 688.076909][ T8140] usb 2-1: config 1 has no interface number 0 [ 688.121013][ T8140] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 688.121045][ T8140] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 688.121066][ T8140] usb 2-1: Product: syz [ 688.121080][ T8140] usb 2-1: Manufacturer: syz [ 688.121093][ T8140] usb 2-1: SerialNumber: syz [ 688.382211][ T3480] team0 (unregistering): Port device team_slave_1 removed [ 688.432693][ T8140] smsc95xx v2.0.0 [ 688.456512][ T8140] smsc95xx 2-1:1.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 688.456793][ T8140] smsc95xx 2-1:1.67: probe with driver smsc95xx failed with error -71 [ 688.490029][ T8140] usb 2-1: USB disconnect, device number 17 [ 688.610334][ T3480] team0 (unregistering): Port device team_slave_0 removed [ 689.414218][T11288] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 691.345186][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.345263][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.599496][ T804] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 691.749492][ T804] usb 6-1: Using ep0 maxpacket: 16 [ 691.751667][ T804] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 691.751682][ T804] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 691.751692][ T804] usb 6-1: config 0 has no interface number 0 [ 691.753889][ T804] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 691.753905][ T804] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.753915][ T804] usb 6-1: Product: syz [ 691.753922][ T804] usb 6-1: Manufacturer: syz [ 691.753929][ T804] usb 6-1: SerialNumber: syz [ 691.863686][ T804] usb 6-1: config 0 descriptor?? [ 691.936258][ T804] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 692.313974][T11304] autofs: Unknown parameter '0x0000000000000000' [ 693.177546][ T804] snd-usb-audio 6-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 693.197197][ T804] usb 6-1: USB disconnect, device number 13 [ 693.208158][T11082] team0: Port device team_slave_1 added [ 693.306665][T10901] udevd[10901]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 696.028336][T11082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 696.028355][T11082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 696.028382][T11082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 696.059270][T11082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 696.059288][T11082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 696.059314][T11082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 697.237634][T11333] overlayfs: overlapping lowerdir path [ 697.774787][T11335] overlayfs: overlapping lowerdir path [ 700.497117][T11347] autofs: Unknown parameter '0x0000000000000000' [ 701.938254][T11082] hsr_slave_0: entered promiscuous mode [ 701.941628][T11082] hsr_slave_1: entered promiscuous mode [ 701.942506][T11082] debugfs: 'hsr0' already exists in 'hsr' [ 701.942529][T11082] Cannot create hsr debugfs directory [ 703.524666][ T31] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 704.043736][ T31] usb 6-1: config 0 has an invalid interface number: 106 but max is 0 [ 704.043764][ T31] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 704.043782][ T31] usb 6-1: config 0 has no interface number 0 [ 704.043825][ T31] usb 6-1: config 0 interface 106 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 704.043864][ T31] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 704.043888][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.122429][ T31] usb 6-1: config 0 descriptor?? [ 704.175974][ T31] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 704.476201][ T1050] usb 6-1: Failed to submit usb control message: -71 [ 704.476237][ T1050] usb 6-1: unable to send the bmi data to the device: -71 [ 704.476255][ T1050] usb 6-1: unable to get target info from device [ 704.476269][ T1050] usb 6-1: could not get target info (-71) [ 704.476286][ T1050] usb 6-1: could not probe fw (-71) [ 704.476982][ T31] usb 6-1: USB disconnect, device number 14 [ 705.062763][T11393] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 706.572253][T11402] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 707.561380][T11411] netlink: 'syz.5.1563': attribute type 4 has an invalid length. [ 709.690462][T11430] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 711.473657][T11440] No control pipe specified [ 713.339713][T11452] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 714.289116][T11455] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 714.661658][T11463] overlayfs: overlapping lowerdir path [ 716.035979][T11474] autofs: Unknown parameter '0x0000000000000000' [ 720.042992][T11501] autofs: Unknown parameter '0x0000000000000000' [ 721.417103][T11510] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 723.815904][T10636] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 723.836052][T10636] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 723.857132][T10636] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 723.859001][T10636] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 723.933530][T10636] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 724.286008][T11527] autofs: Unknown parameter '0x0000000000000000' [ 725.862284][T11532] autofs: Unknown parameter '0x0000000000000000' [ 726.529723][T10636] Bluetooth: hci4: command tx timeout [ 727.409514][ T5901] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 727.628107][T11544] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 728.309470][ T5901] usb 6-1: Using ep0 maxpacket: 16 [ 728.418719][ T5901] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 728.418736][ T5901] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 728.418746][ T5901] usb 6-1: config 0 has no interface number 0 [ 728.450128][ T5901] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 728.450146][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 728.450156][ T5901] usb 6-1: Product: syz [ 728.450163][ T5901] usb 6-1: Manufacturer: syz [ 728.450170][ T5901] usb 6-1: SerialNumber: syz [ 728.455588][ T5901] usb 6-1: config 0 descriptor?? [ 728.498663][ T5901] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 728.590105][T10636] Bluetooth: hci4: command tx timeout [ 728.622338][ T5901] snd-usb-audio 6-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 728.737227][T10901] udevd[10901]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 728.863492][ T31] usb 6-1: USB disconnect, device number 15 [ 729.607074][T11564] autofs: Unknown parameter '0x0000000000000000' [ 730.761561][T11571] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 730.789825][T10636] Bluetooth: hci4: command tx timeout [ 731.891864][ T68] bridge_slave_1: left allmulticast mode [ 731.891890][ T68] bridge_slave_1: left promiscuous mode [ 731.892126][ T68] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.962679][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 731.962696][ T37] audit: type=1326 audit(1766369046.853:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeed5bf749 code=0x7ffc0000 [ 731.974493][ T37] audit: type=1326 audit(1766369046.863:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7feeed5bf749 code=0x7ffc0000 [ 731.974872][ T37] audit: type=1326 audit(1766369046.863:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeed5bf749 code=0x7ffc0000 [ 731.975507][ T37] audit: type=1326 audit(1766369046.863:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feeed5bdf90 code=0x7ffc0000 [ 731.976201][ T37] audit: type=1326 audit(1766369046.863:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeed5bf34b code=0x7ffc0000 [ 731.976569][ T37] audit: type=1326 audit(1766369046.863:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeed5bf34b code=0x7ffc0000 [ 731.989440][ T37] audit: type=1326 audit(1766369046.863:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeed5bf34b code=0x7ffc0000 [ 731.989863][ T37] audit: type=1326 audit(1766369046.883:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeed5bf34b code=0x7ffc0000 [ 732.116392][ T37] audit: type=1326 audit(1766369047.003:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeed5bf34b code=0x7ffc0000 [ 732.180480][ T37] audit: type=1326 audit(1766369047.073:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11576 comm="syz.6.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeed5bf34b code=0x7ffc0000 [ 732.239439][ T31] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 732.321187][ T68] bridge_slave_0: left allmulticast mode [ 732.321214][ T68] bridge_slave_0: left promiscuous mode [ 732.321478][ T68] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.459491][ T31] usb 7-1: Using ep0 maxpacket: 16 [ 732.462185][ T31] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 732.462215][ T31] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 732.462250][ T31] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 732.462273][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 732.465748][ T31] usb 7-1: config 0 descriptor?? [ 732.864176][T10636] Bluetooth: hci4: command tx timeout [ 734.510472][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 734.514460][ T5814] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 734.515620][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 734.556166][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 734.560632][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 734.776256][ T31] usbhid 7-1:0.0: can't add hid device: -71 [ 734.776383][ T31] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 734.789893][ T31] usb 7-1: USB disconnect, device number 12 [ 734.943307][ T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 736.383943][ T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 736.589497][ T5814] Bluetooth: hci3: command tx timeout [ 737.704891][ T68] bond0 (unregistering): Released all slaves [ 737.904285][T11629] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 738.679427][ T5814] Bluetooth: hci3: command tx timeout [ 739.064794][T11641] autofs: Unknown parameter '0x0000000000000000' [ 740.423316][ T68] hsr_slave_0: left promiscuous mode [ 740.621771][ T68] hsr_slave_1: left promiscuous mode [ 740.622864][ T68] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 740.667494][ T68] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 740.812167][ T5814] Bluetooth: hci3: command tx timeout [ 741.049437][T11666] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 743.069612][ T5814] Bluetooth: hci3: command tx timeout [ 744.926411][T11691] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 746.337723][ T68] team0 (unregistering): Port device team_slave_1 removed [ 746.648705][T11709] overlayfs: overlapping lowerdir path [ 747.577278][ T68] team0 (unregistering): Port device team_slave_0 removed [ 750.138759][T11520] chnl_net:caif_netlink_parms(): no params data found [ 751.209706][T11520] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.211557][T11520] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.211796][T11520] bridge_slave_0: entered allmulticast mode [ 751.364876][T11520] bridge_slave_0: entered promiscuous mode [ 751.367408][T11520] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.367473][T11520] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.367584][T11520] bridge_slave_1: entered allmulticast mode [ 751.630008][T11753] overlayfs: overlapping lowerdir path [ 751.756907][T11754] overlayfs: overlapping lowerdir path [ 752.298721][T11520] bridge_slave_1: entered promiscuous mode [ 752.362228][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.362295][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 754.020590][T11779] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 754.235363][T11520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 754.306247][T11520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 755.739476][ T31] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 755.773600][T11520] team0: Port device team_slave_0 added [ 755.787672][T11520] team0: Port device team_slave_1 added [ 755.889447][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 755.891735][ T31] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 755.891759][ T31] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 755.891778][ T31] usb 2-1: config 0 has no interface number 0 [ 755.898097][ T31] usb 2-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 755.898133][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 755.898152][ T31] usb 2-1: Product: syz [ 755.898165][ T31] usb 2-1: Manufacturer: syz [ 755.898178][ T31] usb 2-1: SerialNumber: syz [ 755.974435][ T31] usb 2-1: config 0 descriptor?? [ 756.018559][ T31] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 756.075896][ T31] snd-usb-audio 2-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 756.158472][T11728] udevd[11728]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 756.277839][ T5901] usb 2-1: USB disconnect, device number 18 [ 756.528790][T11520] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 756.528808][T11520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.528836][T11520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 757.021552][T11819] overlayfs: overlapping lowerdir path [ 759.059711][T11824] autofs: Unknown parameter '0x0000000000000000' [ 759.108712][ T68] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.039461][ T8140] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 760.095956][T11598] chnl_net:caif_netlink_parms(): no params data found [ 760.136267][T11520] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 760.136287][T11520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 760.136314][T11520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 760.219509][ T8140] usb 7-1: Using ep0 maxpacket: 16 [ 760.223898][ T8140] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 760.223923][ T8140] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 760.223940][ T8140] usb 7-1: config 0 has no interface number 0 [ 760.227759][ T8140] usb 7-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 760.227789][ T8140] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.227807][ T8140] usb 7-1: Product: syz [ 760.227821][ T8140] usb 7-1: Manufacturer: syz [ 760.227834][ T8140] usb 7-1: SerialNumber: syz [ 760.330340][ T8140] usb 7-1: config 0 descriptor?? [ 760.334339][ T8140] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 760.452910][ T8140] snd-usb-audio 7-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 760.600060][ T804] usb 7-1: USB disconnect, device number 13 [ 760.618113][T11728] udevd[11728]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 760.847089][ T68] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.288859][ T68] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.765365][T11855] autofs: Unknown parameter '0x0000000000000000' [ 764.000917][T11857] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 764.794673][T11520] hsr_slave_0: entered promiscuous mode [ 764.795371][T11520] hsr_slave_1: entered promiscuous mode [ 764.795830][T11520] debugfs: 'hsr0' already exists in 'hsr' [ 764.795843][T11520] Cannot create hsr debugfs directory [ 765.086188][ T68] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.789449][ T9912] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 766.819773][T11598] bridge0: port 1(bridge_slave_0) entered blocking state [ 766.819956][T11598] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.820183][T11598] bridge_slave_0: entered allmulticast mode [ 766.824260][T11598] bridge_slave_0: entered promiscuous mode [ 766.898165][T11598] bridge0: port 2(bridge_slave_1) entered blocking state [ 766.898304][T11598] bridge0: port 2(bridge_slave_1) entered disabled state [ 766.898494][T11598] bridge_slave_1: entered allmulticast mode [ 766.923354][T11598] bridge_slave_1: entered promiscuous mode [ 766.939480][ T9912] usb 6-1: Using ep0 maxpacket: 16 [ 766.941405][ T9912] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 766.941426][ T9912] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 766.941441][ T9912] usb 6-1: config 0 has no interface number 0 [ 766.946859][ T9912] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 766.946882][ T9912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.946898][ T9912] usb 6-1: Product: syz [ 766.946911][ T9912] usb 6-1: Manufacturer: syz [ 766.946924][ T9912] usb 6-1: SerialNumber: syz [ 767.027798][ T9912] usb 6-1: config 0 descriptor?? [ 767.036877][ T9912] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 767.171457][ T9912] snd-usb-audio 6-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 767.300146][ T804] usb 6-1: USB disconnect, device number 16 [ 767.304023][T11876] udevd[11876]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 767.646897][T11598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 767.855937][T11598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 768.006389][T11888] overlayfs: overlapping lowerdir path [ 769.011503][ T6000] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 769.949476][ T6000] usb 2-1: Using ep0 maxpacket: 16 [ 770.063128][ T6000] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 770.063164][ T6000] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 770.063202][ T6000] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 770.063224][ T6000] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 770.072920][ T6000] usb 2-1: config 0 descriptor?? [ 770.219251][T11598] team0: Port device team_slave_0 added [ 770.272479][T11598] team0: Port device team_slave_1 added [ 770.524450][ T6000] corsair 0003:1B1C:1B02.0009: item fetching failed at offset 4/5 [ 770.525221][ T6000] corsair 0003:1B1C:1B02.0009: parse failed [ 770.525321][ T6000] corsair 0003:1B1C:1B02.0009: probe with driver corsair failed with error -22 [ 770.677548][T11906] overlayfs: overlapping lowerdir path [ 771.301125][T11908] autofs: Unknown parameter '0x0000000000000000' [ 772.353313][T11912] No control pipe specified [ 772.804809][ T6000] usb 2-1: USB disconnect, device number 19 [ 773.027825][ T37] kauditd_printk_skb: 32 callbacks suppressed [ 773.027843][ T37] audit: type=1326 audit(1766369087.913:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f557cc1f749 code=0x7ffc0000 [ 773.028374][ T37] audit: type=1326 audit(1766369087.913:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f557cc1f749 code=0x7ffc0000 [ 773.028749][ T37] audit: type=1326 audit(1766369087.913:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f557cc1f749 code=0x7ffc0000 [ 773.038341][ T37] audit: type=1326 audit(1766369087.923:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f557cc1df90 code=0x7ffc0000 [ 773.039089][ T37] audit: type=1326 audit(1766369087.923:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f557cc1f34b code=0x7ffc0000 [ 773.040846][ T37] audit: type=1326 audit(1766369087.933:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f557cc1f34b code=0x7ffc0000 [ 773.046868][ T37] audit: type=1326 audit(1766369087.933:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f557cc1f34b code=0x7ffc0000 [ 773.046915][ T37] audit: type=1326 audit(1766369087.933:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f557cc1f34b code=0x7ffc0000 [ 773.159787][ T37] audit: type=1326 audit(1766369088.053:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f557cc1f34b code=0x7ffc0000 [ 773.223279][ T68] bridge_slave_1: left allmulticast mode [ 773.223307][ T68] bridge_slave_1: left promiscuous mode [ 773.224741][ T68] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.230494][ T37] audit: type=1326 audit(1766369088.123:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11919 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f557cc1f34b code=0x7ffc0000 [ 773.284679][ T68] bridge_slave_0: left allmulticast mode [ 773.284698][ T68] bridge_slave_0: left promiscuous mode [ 773.284861][ T68] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.299564][ T9912] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 773.449507][ T9912] usb 6-1: Using ep0 maxpacket: 16 [ 773.454753][ T9912] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 773.454772][ T9912] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 773.454793][ T9912] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 773.454805][ T9912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.510648][ T9912] usb 6-1: config 0 descriptor?? [ 776.199425][ T9912] usbhid 6-1:0.0: can't add hid device: -71 [ 776.199600][ T9912] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 776.204874][ T9912] usb 6-1: USB disconnect, device number 17 [ 779.230956][ T10] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 781.587249][T10636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 781.601583][T10636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 781.603506][T10636] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 781.605717][T10636] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 781.607141][T10636] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 781.948237][T11973] autofs: Unknown parameter '0x0000000000000000' [ 784.124941][T10636] Bluetooth: hci1: command tx timeout [ 784.253396][ T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 784.330194][ T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 784.381588][ T68] bond0 (unregistering): Released all slaves [ 784.431700][T11598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 784.431719][T11598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 784.431745][T11598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 784.526698][T11598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 784.526716][T11598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 784.526742][T11598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 784.831619][T12001] autofs: Unknown parameter '0x0000000000000000' [ 785.835162][ T68] rxrpc: Call ffff888026afd780 still in use (1,Complete,1489,0)! [ 785.987346][T11598] hsr_slave_0: entered promiscuous mode [ 785.988639][T11598] hsr_slave_1: entered promiscuous mode [ 785.989128][T11598] debugfs: 'hsr0' already exists in 'hsr' [ 785.989142][T11598] Cannot create hsr debugfs directory [ 786.189842][T10636] Bluetooth: hci1: command tx timeout [ 789.170558][T12043] overlayfs: overlapping lowerdir path [ 789.430488][T12044] overlayfs: overlapping lowerdir path [ 789.530761][T12045] overlayfs: overlapping lowerdir path [ 789.576182][T10636] Bluetooth: hci1: command tx timeout [ 790.374432][T11970] chnl_net:caif_netlink_parms(): no params data found [ 790.398131][T12055] autofs: Unknown parameter '0x0000000000000000' [ 790.722737][T12060] overlayfs: overlapping lowerdir path [ 791.629908][T10636] Bluetooth: hci1: command tx timeout [ 791.695083][T11598] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 791.843817][T11598] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 791.954406][T11598] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 792.139931][T11598] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 792.608026][T11598] kthread_run failed with err -4 [ 792.619167][T11970] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.654146][T11970] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.697236][T11970] bridge_slave_0: entered allmulticast mode [ 792.924765][T11970] bridge_slave_0: entered promiscuous mode [ 793.600537][T11970] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.600661][T11970] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.600922][T11970] bridge_slave_1: entered allmulticast mode [ 793.723807][T11970] bridge_slave_1: entered promiscuous mode [ 794.086210][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 794.103552][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 794.105077][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 794.107697][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 794.108503][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 794.252977][T11970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 794.263794][T11970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 796.344753][T12117] overlayfs: overlapping lowerdir path [ 796.741252][T12115] autofs: Unknown parameter '0x0000000000000000' [ 796.747748][T12119] overlayfs: overlapping lowerdir path [ 796.750231][ T5814] Bluetooth: hci4: command tx timeout [ 797.522633][T12125] overlayfs: overlapping lowerdir path [ 797.581547][T12126] overlayfs: overlapping lowerdir path [ 797.945712][T11970] team0: Port device team_slave_0 added [ 797.968146][T11970] team0: Port device team_slave_1 added [ 798.446567][T12142] overlayfs: overlapping lowerdir path [ 798.477197][T12143] autofs: Unknown parameter '0x0000000000000000' [ 798.565272][T11970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 798.565285][T11970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 798.565365][T11970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 798.651311][T11970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 798.651329][T11970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 798.651355][T11970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 798.836329][ T5814] Bluetooth: hci4: command tx timeout [ 798.983787][T12156] Bluetooth: hci0: invalid length 0, exp 2 for type 23 [ 799.235184][T11970] hsr_slave_0: entered promiscuous mode [ 799.245854][T11970] hsr_slave_1: entered promiscuous mode [ 799.246841][T11970] debugfs: 'hsr0' already exists in 'hsr' [ 799.246864][T11970] Cannot create hsr debugfs directory [ 799.751748][T12169] overlayfs: overlapping lowerdir path [ 799.902640][T12170] overlayfs: overlapping lowerdir path [ 800.909749][ T5814] Bluetooth: hci4: command tx timeout [ 801.223878][T12106] chnl_net:caif_netlink_parms(): no params data found [ 802.074097][T12202] autofs: Unknown parameter '0x0000000000000000' [ 802.261934][T12106] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.264765][T12106] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.266775][T12106] bridge_slave_0: entered allmulticast mode [ 802.301012][T12106] bridge_slave_0: entered promiscuous mode [ 802.514899][T12106] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.515000][T12106] bridge0: port 2(bridge_slave_1) entered disabled state [ 802.518283][T12106] bridge_slave_1: entered allmulticast mode [ 802.571031][T12106] bridge_slave_1: entered promiscuous mode [ 802.973571][T12106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.991109][ T5814] Bluetooth: hci4: command tx timeout [ 803.034132][T12106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 803.251526][T11970] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 803.557358][T11970] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 803.619744][T12106] team0: Port device team_slave_0 added [ 803.620003][T11970] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 803.762830][T12106] team0: Port device team_slave_1 added [ 803.763000][T11970] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 804.348074][T12106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 804.348092][T12106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 804.348115][T12106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 804.410163][T12106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 804.410180][T12106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 804.410208][T12106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 804.960204][T12244] autofs: Unknown parameter '0x0000000000000000' [ 805.983026][T12106] hsr_slave_0: entered promiscuous mode [ 805.985209][T12106] hsr_slave_1: entered promiscuous mode [ 805.986117][T12106] debugfs: 'hsr0' already exists in 'hsr' [ 805.986142][T12106] Cannot create hsr debugfs directory [ 806.305735][T12262] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 807.055730][T12278] FAULT_INJECTION: forcing a failure. [ 807.055730][T12278] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 807.055780][T12278] CPU: 1 UID: 0 PID: 12278 Comm: syz.6.1748 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 807.055811][T12278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 807.055830][T12278] Call Trace: [ 807.055841][T12278] [ 807.055849][T12278] dump_stack_lvl+0xe8/0x150 [ 807.055889][T12278] should_fail_ex+0x46c/0x600 [ 807.055920][T12278] _copy_from_user+0x2d/0xb0 [ 807.055939][T12278] snd_seq_oss_ioctl+0x43d/0x1090 [ 807.055972][T12278] ? __pfx_snd_seq_oss_ioctl+0x10/0x10 [ 807.055998][T12278] ? __lock_acquire+0x6b6/0x2cf0 [ 807.056027][T12278] ? smk_access+0x14c/0x4e0 [ 807.056056][T12278] ? do_raw_spin_lock+0x121/0x290 [ 807.056081][T12278] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 807.056100][T12278] ? lockdep_hardirqs_on+0x7b/0x110 [ 807.056169][T12278] ? mutex_lock_interruptible_nested+0x154/0x1d0 [ 807.056195][T12278] ? odev_ioctl+0x84/0xf0 [ 807.056218][T12278] ? __pfx_odev_ioctl+0x10/0x10 [ 807.056244][T12278] odev_ioctl+0xb5/0xf0 [ 807.056271][T12278] __se_sys_ioctl+0xff/0x170 [ 807.056299][T12278] do_syscall_64+0xec/0xf80 [ 807.056317][T12278] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.056335][T12278] ? trace_irq_disable+0x37/0x100 [ 807.056355][T12278] ? clear_bhb_loop+0x60/0xb0 [ 807.056378][T12278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.056396][T12278] RIP: 0033:0x7feeed5bf749 [ 807.056420][T12278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 807.056448][T12278] RSP: 002b:00007feeeb81e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 807.056473][T12278] RAX: ffffffffffffffda RBX: 00007feeed815fa0 RCX: 00007feeed5bf749 [ 807.056488][T12278] RDX: 0000200000000040 RSI: 0000000040085112 RDI: 0000000000000003 [ 807.056500][T12278] RBP: 00007feeeb81e090 R08: 0000000000000000 R09: 0000000000000000 [ 807.056513][T12278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 807.056524][T12278] R13: 00007feeed816038 R14: 00007feeed815fa0 R15: 00007ffd558e3b28 [ 807.056555][T12278] [ 807.575736][T12285] can: request_module (can-proto-5) failed. [ 807.900834][T12293] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 808.115573][T11970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.395754][T12302] netlink: 'syz.6.1755': attribute type 4 has an invalid length. [ 808.947472][T11970] 8021q: adding VLAN 0 to HW filter on device team0 [ 808.965750][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.967445][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 808.994269][T11287] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.994412][T11287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 809.089407][ T6044] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 809.221050][ T6044] usb 2-1: device descriptor read/64, error -71 [ 809.327295][T12106] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 809.369651][T12106] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 809.392825][T12325] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 809.425281][T12106] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 809.459434][ T6044] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 809.475332][T12106] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 809.491539][T12329] openvswitch: netlink: IP tunnel dst address not specified [ 809.589434][ T6044] usb 2-1: device descriptor read/64, error -71 [ 809.615135][T11970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 809.629550][ T5901] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 809.698808][T11970] veth0_vlan: entered promiscuous mode [ 809.706877][ T6044] usb usb2-port1: attempt power cycle [ 809.725271][T12106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 809.746840][T11970] veth1_vlan: entered promiscuous mode [ 809.764524][T12106] 8021q: adding VLAN 0 to HW filter on device team0 [ 809.771442][ T9912] usb 6-1: new low-speed USB device number 19 using dummy_hcd [ 809.798785][ T5901] usb 7-1: Using ep0 maxpacket: 16 [ 809.806271][ T1495] bridge0: port 1(bridge_slave_0) entered blocking state [ 809.811013][ T5901] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 809.811038][ T5901] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 809.811055][ T5901] usb 7-1: config 0 has no interface number 0 [ 809.813660][ T5901] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 809.813685][ T5901] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.813704][ T5901] usb 7-1: Product: syz [ 809.813717][ T5901] usb 7-1: Manufacturer: syz [ 809.813730][ T5901] usb 7-1: SerialNumber: syz [ 809.831540][ T5901] usb 7-1: config 0 descriptor?? [ 809.882629][ T1495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 809.914265][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 809.914454][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 809.959487][ T9912] usb 6-1: Invalid ep0 maxpacket: 32 [ 810.017512][T11970] veth0_macvtap: entered promiscuous mode [ 810.049397][ T6044] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 810.050838][ T5901] uvcvideo 7-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 810.050881][ T5901] uvcvideo 7-1:0.105: No valid video chain found. [ 810.073196][ T5901] usb 7-1: USB disconnect, device number 14 [ 810.089550][ T6044] usb 2-1: device descriptor read/8, error -71 [ 810.094011][ T9912] usb 6-1: new low-speed USB device number 20 using dummy_hcd [ 810.117777][T11970] veth1_macvtap: entered promiscuous mode [ 810.181319][T11970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 810.201435][T11970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 810.223848][ T83] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.224992][ T83] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.226019][ T83] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.227418][ T83] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.269994][ T9912] usb 6-1: Invalid ep0 maxpacket: 32 [ 810.270326][ T9912] usb usb6-port1: attempt power cycle [ 810.329525][ T6044] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 810.352616][ T6044] usb 2-1: device descriptor read/8, error -71 [ 810.460180][ T6044] usb usb2-port1: unable to enumerate USB device [ 810.557497][ T6221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 810.557519][ T6221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 810.599925][T12106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 810.619793][ T9912] usb 6-1: new low-speed USB device number 21 using dummy_hcd [ 810.641865][ T9912] usb 6-1: Invalid ep0 maxpacket: 32 [ 810.717710][T12343] kexec: Could not allocate control_code_buffer [ 810.730929][ T6192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 810.730948][ T6192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 810.779495][ T9912] usb 6-1: new low-speed USB device number 22 using dummy_hcd [ 810.799995][ T9912] usb 6-1: Invalid ep0 maxpacket: 32 [ 810.800363][ T9912] usb usb6-port1: unable to enumerate USB device [ 811.604782][T12106] veth0_vlan: entered promiscuous mode [ 811.731620][T12106] veth1_vlan: entered promiscuous mode [ 812.062904][T12106] veth0_macvtap: entered promiscuous mode [ 812.093915][T12106] veth1_macvtap: entered promiscuous mode [ 812.175859][T12106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 812.182472][T12368] FAULT_INJECTION: forcing a failure. [ 812.182472][T12368] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 812.182510][T12368] CPU: 0 UID: 0 PID: 12368 Comm: syz.1.1767 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 812.182532][T12368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 812.182544][T12368] Call Trace: [ 812.182551][T12368] [ 812.182559][T12368] dump_stack_lvl+0xe8/0x150 [ 812.182589][T12368] should_fail_ex+0x46c/0x600 [ 812.182618][T12368] _copy_to_user+0x31/0xb0 [ 812.182639][T12368] simple_read_from_buffer+0xe1/0x170 [ 812.182663][T12368] proc_fail_nth_read+0x1b6/0x220 [ 812.182693][T12368] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 812.182722][T12368] ? rw_verify_area+0x2ac/0x4e0 [ 812.182745][T12368] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 812.182772][T12368] vfs_read+0x206/0xa30 [ 812.182804][T12368] ? __pfx_vfs_read+0x10/0x10 [ 812.182830][T12368] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 812.182850][T12368] ? lockdep_hardirqs_on+0x7b/0x110 [ 812.182867][T12368] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 812.182886][T12368] ? mutex_lock_nested+0x154/0x1d0 [ 812.182908][T12368] ? fdget_pos+0x253/0x320 [ 812.182935][T12368] ksys_read+0x14b/0x260 [ 812.182962][T12368] ? __pfx_ksys_read+0x10/0x10 [ 812.182997][T12368] do_syscall_64+0xec/0xf80 [ 812.183014][T12368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.183032][T12368] ? trace_irq_disable+0x37/0x100 [ 812.183051][T12368] ? clear_bhb_loop+0x60/0xb0 [ 812.183073][T12368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.183091][T12368] RIP: 0033:0x7f219546e15c [ 812.183108][T12368] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 812.183125][T12368] RSP: 002b:00007f21936d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 812.183145][T12368] RAX: ffffffffffffffda RBX: 00007f21956c5fa0 RCX: 00007f219546e15c [ 812.183159][T12368] RDX: 000000000000000f RSI: 00007f21936d60a0 RDI: 0000000000000003 [ 812.183171][T12368] RBP: 00007f21936d6090 R08: 0000000000000000 R09: 0000000000000000 [ 812.183182][T12368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 812.183194][T12368] R13: 00007f21956c6038 R14: 00007f21956c5fa0 R15: 00007fff956ce238 [ 812.183223][T12368] [ 812.430576][T12106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 812.501659][ T3546] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.501878][ T3546] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.501901][ T3546] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.501920][ T3546] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.058889][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 813.058912][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.089989][ T5972] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 813.195313][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 813.195334][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.272773][ T5972] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 813.272800][ T5972] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 813.272848][ T5972] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 813.304587][ T5972] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 813.304618][ T5972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.304637][ T5972] usb 2-1: Product: syz [ 813.304650][ T5972] usb 2-1: Manufacturer: syz [ 813.304663][ T5972] usb 2-1: SerialNumber: syz [ 813.348156][ T5972] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 813.348186][ T5972] cdc_ncm 2-1:1.0: bind() failure [ 814.313541][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.313604][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.584626][T12402] FAULT_INJECTION: forcing a failure. [ 814.584626][T12402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 814.584664][T12402] CPU: 1 UID: 0 PID: 12402 Comm: syz.0.1775 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 814.584713][T12402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 814.584737][T12402] Call Trace: [ 814.584745][T12402] [ 814.584753][T12402] dump_stack_lvl+0xe8/0x150 [ 814.584784][T12402] should_fail_ex+0x46c/0x600 [ 814.584815][T12402] _copy_from_user+0x2d/0xb0 [ 814.584835][T12402] __sys_bpf+0x1e3/0x860 [ 814.584859][T12402] ? __pfx___sys_bpf+0x10/0x10 [ 814.584878][T12402] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 814.584918][T12402] ? ksys_write+0x230/0x260 [ 814.584946][T12402] ? __pfx_ksys_write+0x10/0x10 [ 814.584982][T12402] __x64_sys_bpf+0x7c/0x90 [ 814.585001][T12402] do_syscall_64+0xec/0xf80 [ 814.585019][T12402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.585037][T12402] ? trace_irq_disable+0x37/0x100 [ 814.585057][T12402] ? clear_bhb_loop+0x60/0xb0 [ 814.585079][T12402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.585097][T12402] RIP: 0033:0x7fc53bf8f749 [ 814.585113][T12402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 814.585128][T12402] RSP: 002b:00007fc53a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 814.585148][T12402] RAX: ffffffffffffffda RBX: 00007fc53c1e5fa0 RCX: 00007fc53bf8f749 [ 814.585162][T12402] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 814.585174][T12402] RBP: 00007fc53a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 814.585186][T12402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 814.585197][T12402] R13: 00007fc53c1e6038 R14: 00007fc53c1e5fa0 R15: 00007ffcd82518f8 [ 814.585226][T12402] [ 815.412288][T12406] overlay: Unknown parameter '/file0:/' [ 816.050019][ T9912] usb 2-1: USB disconnect, device number 24 [ 816.173186][T12407] No control pipe specified [ 816.962753][T12424] overlayfs: overlapping lowerdir path [ 817.106850][T12425] overlayfs: overlapping lowerdir path [ 818.131529][T12437] FAULT_INJECTION: forcing a failure. [ 818.131529][T12437] name failslab, interval 1, probability 0, space 0, times 1 [ 818.131564][T12437] CPU: 1 UID: 0 PID: 12437 Comm: syz.0.1782 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 818.131586][T12437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 818.131598][T12437] Call Trace: [ 818.131605][T12437] [ 818.131613][T12437] dump_stack_lvl+0xe8/0x150 [ 818.131644][T12437] should_fail_ex+0x46c/0x600 [ 818.131684][T12437] should_failslab+0xa8/0x100 [ 818.131705][T12437] __kmalloc_noprof+0xe0/0x7e0 [ 818.131733][T12437] ? tomoyo_encode+0x28b/0x550 [ 818.131756][T12437] tomoyo_encode+0x28b/0x550 [ 818.131780][T12437] tomoyo_realpath_from_path+0x58d/0x5d0 [ 818.131810][T12437] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 818.131836][T12437] tomoyo_path_number_perm+0x1e8/0x5a0 [ 818.131864][T12437] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 818.131893][T12437] ? sb_end_write+0xe9/0x1c0 [ 818.131914][T12437] ? vfs_write+0x965/0xb40 [ 818.131971][T12437] ? ksys_write+0x1e7/0x260 [ 818.132003][T12437] security_file_ioctl+0xcb/0x2d0 [ 818.132032][T12437] __se_sys_ioctl+0x47/0x170 [ 818.132058][T12437] do_syscall_64+0xec/0xf80 [ 818.132077][T12437] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.132096][T12437] ? trace_irq_disable+0x37/0x100 [ 818.132116][T12437] ? clear_bhb_loop+0x60/0xb0 [ 818.132138][T12437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.132156][T12437] RIP: 0033:0x7fc53bf8f749 [ 818.132173][T12437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.132191][T12437] RSP: 002b:00007fc53a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.132211][T12437] RAX: ffffffffffffffda RBX: 00007fc53c1e5fa0 RCX: 00007fc53bf8f749 [ 818.132226][T12437] RDX: 0000000000000000 RSI: 0000000040084504 RDI: 0000000000000003 [ 818.132238][T12437] RBP: 00007fc53a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 818.132250][T12437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 818.132262][T12437] R13: 00007fc53c1e6038 R14: 00007fc53c1e5fa0 R15: 00007ffcd82518f8 [ 818.132292][T12437] [ 818.132321][T12437] ERROR: Out of memory at tomoyo_realpath_from_path. [ 818.606027][T12447] netlink: 'syz.0.1785': attribute type 4 has an invalid length. [ 818.670461][T12451] netlink: 'syz.5.1786': attribute type 4 has an invalid length. [ 820.360829][T12469] overlay: Unknown parameter '/file0:/' [ 821.718555][T12483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1794'. [ 821.970857][T12494] FAULT_INJECTION: forcing a failure. [ 821.970857][T12494] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 821.970893][T12494] CPU: 0 UID: 0 PID: 12494 Comm: syz.0.1797 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 821.970934][T12494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 821.970946][T12494] Call Trace: [ 821.970954][T12494] [ 821.970962][T12494] dump_stack_lvl+0xe8/0x150 [ 821.970993][T12494] should_fail_ex+0x46c/0x600 [ 821.971023][T12494] _copy_from_user+0x2d/0xb0 [ 821.971043][T12494] uhid_char_write+0x123/0xd10 [ 821.971069][T12494] ? rw_verify_area+0x25b/0x4e0 [ 821.971094][T12494] ? __pfx_uhid_char_write+0x10/0x10 [ 821.971119][T12494] vfs_write+0x287/0xb40 [ 821.971152][T12494] ? __pfx_vfs_write+0x10/0x10 [ 821.971179][T12494] ? __fget_files+0x2a/0x420 [ 821.971202][T12494] ? __fget_files+0x2a/0x420 [ 821.971220][T12494] ? __fget_files+0x3a6/0x420 [ 821.971238][T12494] ? __fget_files+0x2a/0x420 [ 821.971265][T12494] ksys_write+0x14b/0x260 [ 821.971341][T12494] ? __pfx_ksys_write+0x10/0x10 [ 821.971377][T12494] do_syscall_64+0xec/0xf80 [ 821.971396][T12494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.971415][T12494] ? trace_irq_disable+0x37/0x100 [ 821.971436][T12494] ? clear_bhb_loop+0x60/0xb0 [ 821.971459][T12494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.971477][T12494] RIP: 0033:0x7fc53bf8f749 [ 821.971494][T12494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 821.971510][T12494] RSP: 002b:00007fc53a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 821.971532][T12494] RAX: ffffffffffffffda RBX: 00007fc53c1e5fa0 RCX: 00007fc53bf8f749 [ 821.971543][T12494] RDX: 0000000000000119 RSI: 00002000000007c0 RDI: 0000000000000003 [ 821.971553][T12494] RBP: 00007fc53a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 821.971563][T12494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 821.971574][T12494] R13: 00007fc53c1e6038 R14: 00007fc53c1e5fa0 R15: 00007ffcd82518f8 [ 821.971604][T12494] [ 822.019610][ T10] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 822.191096][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 822.212705][ T10] usb 2-1: config 125 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 822.213523][ T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 822.213556][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.885699][T12511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 822.902873][T12511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 823.426866][T12515] overlayfs: overlapping lowerdir path [ 823.476341][T12515] overlayfs: overlapping lowerdir path [ 823.571252][T12517] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 823.785786][ T10] usbhid 2-1:125.0: can't add hid device: -71 [ 823.788086][ T10] usbhid 2-1:125.0: probe with driver usbhid failed with error -71 [ 823.799531][ T10] usb 2-1: USB disconnect, device number 25 [ 827.031360][T12571] overlayfs: overlapping lowerdir path [ 827.073391][T12571] overlayfs: overlapping lowerdir path [ 827.196923][T12574] capability: warning: `syz.6.1819' uses deprecated v2 capabilities in a way that may be insecure [ 828.836962][T12629] FAULT_INJECTION: forcing a failure. [ 828.836962][T12629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 828.837007][T12629] CPU: 0 UID: 0 PID: 12629 Comm: syz.1.1832 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 828.837029][T12629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 828.837042][T12629] Call Trace: [ 828.837049][T12629] [ 828.837058][T12629] dump_stack_lvl+0xe8/0x150 [ 828.837088][T12629] should_fail_ex+0x46c/0x600 [ 828.837118][T12629] _copy_from_user+0x2d/0xb0 [ 828.837138][T12629] do_tcp_setsockopt+0x47d/0x1f40 [ 828.837170][T12629] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 828.837204][T12629] ? __fget_files+0x2a/0x420 [ 828.837227][T12629] ? sock_common_setsockopt+0x36/0xc0 [ 828.837244][T12629] ? tcp_setsockopt+0x3d/0xe0 [ 828.837276][T12629] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 828.837296][T12629] do_sock_setsockopt+0x17c/0x1b0 [ 828.837324][T12629] __x64_sys_setsockopt+0x145/0x1b0 [ 828.837351][T12629] do_syscall_64+0xec/0xf80 [ 828.837369][T12629] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.837388][T12629] ? trace_irq_disable+0x37/0x100 [ 828.837409][T12629] ? clear_bhb_loop+0x60/0xb0 [ 828.837431][T12629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.837450][T12629] RIP: 0033:0x7f219546f749 [ 828.837467][T12629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 828.837484][T12629] RSP: 002b:00007f21936d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 828.837505][T12629] RAX: ffffffffffffffda RBX: 00007f21956c5fa0 RCX: 00007f219546f749 [ 828.837520][T12629] RDX: 2000000000000020 RSI: 0000000000000006 RDI: 0000000000000041 [ 828.837533][T12629] RBP: 00007f21936d6090 R08: 000000001959cc36 R09: 0000000000000000 [ 828.837545][T12629] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 828.837558][T12629] R13: 00007f21956c6038 R14: 00007f21956c5fa0 R15: 00007fff956ce238 [ 828.837588][T12629] [ 829.039609][ T5901] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 829.224421][ T5901] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 829.224448][ T5901] usb 1-1: config 0 has no interfaces? [ 829.224479][ T5901] usb 1-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 829.224501][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.351405][ T5901] usb 1-1: config 0 descriptor?? [ 829.482837][T12645] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1837'. [ 829.563709][T12621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 829.564229][T12621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 829.666060][ T5894] usb 1-1: USB disconnect, device number 12 [ 829.805039][T12652] FAULT_INJECTION: forcing a failure. [ 829.805039][T12652] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 829.805072][T12652] CPU: 1 UID: 0 PID: 12652 Comm: syz.1.1842 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 829.805093][T12652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 829.805105][T12652] Call Trace: [ 829.805113][T12652] [ 829.805120][T12652] dump_stack_lvl+0xe8/0x150 [ 829.805148][T12652] should_fail_ex+0x46c/0x600 [ 829.805174][T12652] _copy_from_user+0x2d/0xb0 [ 829.805193][T12652] __sys_bpf+0x1e3/0x860 [ 829.805216][T12652] ? __pfx___sys_bpf+0x10/0x10 [ 829.805233][T12652] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 829.805276][T12652] ? ksys_write+0x230/0x260 [ 829.805305][T12652] ? __pfx_ksys_write+0x10/0x10 [ 829.805335][T12652] __x64_sys_bpf+0x7c/0x90 [ 829.805354][T12652] do_syscall_64+0xec/0xf80 [ 829.805373][T12652] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.805391][T12652] ? trace_irq_disable+0x37/0x100 [ 829.805410][T12652] ? clear_bhb_loop+0x60/0xb0 [ 829.805437][T12652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.805455][T12652] RIP: 0033:0x7f219546f749 [ 829.805471][T12652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 829.805487][T12652] RSP: 002b:00007f21936d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 829.805507][T12652] RAX: ffffffffffffffda RBX: 00007f21956c5fa0 RCX: 00007f219546f749 [ 829.805520][T12652] RDX: 0000000000000028 RSI: 0000200000000800 RDI: 0000000000000012 [ 829.805532][T12652] RBP: 00007f21936d6090 R08: 0000000000000000 R09: 0000000000000000 [ 829.805542][T12652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 829.805553][T12652] R13: 00007f21956c6038 R14: 00007f21956c5fa0 R15: 00007fff956ce238 [ 829.805583][T12652] [ 830.685004][T12689] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1854'. [ 831.565223][T12707] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 834.792189][T12744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1872'. [ 836.338386][T12752] overlayfs: overlapping lowerdir path [ 839.219470][ T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 839.399617][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 839.402846][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 839.402872][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 839.402899][ T9] usb 2-1: config 0 has no interface number 0 [ 839.406539][ T9] usb 2-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 839.406572][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.406590][ T9] usb 2-1: Product: syz [ 839.406606][ T9] usb 2-1: Manufacturer: syz [ 839.406619][ T9] usb 2-1: SerialNumber: syz [ 839.415236][ T9] usb 2-1: config 0 descriptor?? [ 839.426417][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 839.667118][ T9] snd-usb-audio 2-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 839.677689][ T9] usb 2-1: USB disconnect, device number 26 [ 839.801987][T12316] udevd[12316]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 840.271175][T12777] autofs: Unknown parameter '0x0000000000000000' [ 841.660803][T12800] FAULT_INJECTION: forcing a failure. [ 841.660803][T12800] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 841.660826][T12800] CPU: 1 UID: 0 PID: 12800 Comm: syz.0.1891 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 841.660839][T12800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 841.660846][T12800] Call Trace: [ 841.660850][T12800] [ 841.660855][T12800] dump_stack_lvl+0xe8/0x150 [ 841.660873][T12800] should_fail_ex+0x46c/0x600 [ 841.660891][T12800] _copy_from_user+0x2d/0xb0 [ 841.660901][T12800] __sys_connect+0x124/0x450 [ 841.660914][T12800] ? __pfx___sys_connect+0x10/0x10 [ 841.660930][T12800] ? __pfx_ksys_write+0x10/0x10 [ 841.660948][T12800] __x64_sys_connect+0x7a/0x90 [ 841.660960][T12800] do_syscall_64+0xec/0xf80 [ 841.660970][T12800] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.660980][T12800] ? trace_irq_disable+0x37/0x100 [ 841.660991][T12800] ? clear_bhb_loop+0x60/0xb0 [ 841.661003][T12800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.661013][T12800] RIP: 0033:0x7fc53bf8f749 [ 841.661023][T12800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 841.661032][T12800] RSP: 002b:00007fc53a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 841.661043][T12800] RAX: ffffffffffffffda RBX: 00007fc53c1e5fa0 RCX: 00007fc53bf8f749 [ 841.661051][T12800] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003 [ 841.661058][T12800] RBP: 00007fc53a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 841.661064][T12800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 841.661070][T12800] R13: 00007fc53c1e6038 R14: 00007fc53c1e5fa0 R15: 00007ffcd82518f8 [ 841.661085][T12800] [ 841.673887][T12796] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 843.034740][T12814] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 845.355715][T12851] sctp: Trying to GSO but underlying device doesn't support it. [ 846.453776][T12871] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 846.453819][T12871] CIFS: Unable to determine destination address [ 849.567604][T12913] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1928'. [ 849.567629][T12913] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1928'. [ 849.879532][ T9912] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 849.940995][ T6000] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 850.009589][ T9912] usb 6-1: device descriptor read/64, error -71 [ 850.099431][ T6000] usb 7-1: Using ep0 maxpacket: 8 [ 850.101928][ T6000] usb 7-1: config 0 has an invalid interface number: 3 but max is 0 [ 850.101953][ T6000] usb 7-1: config 0 has no interface number 0 [ 850.113445][ T6000] usb 7-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 7.55 [ 850.113475][ T6000] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 850.113494][ T6000] usb 7-1: Product: syz [ 850.113508][ T6000] usb 7-1: Manufacturer: syz [ 850.113521][ T6000] usb 7-1: SerialNumber: syz [ 850.201345][ T6000] usb 7-1: config 0 descriptor?? [ 850.212291][ T6000] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 850.219825][ T6000] usb 7-1: invalid MIDI in EP 0 [ 850.249413][ T9912] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 850.414356][ T9912] usb 6-1: device descriptor read/64, error -71 [ 850.449866][T12919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 850.477422][T12919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 850.519944][ T9912] usb usb6-port1: attempt power cycle [ 851.128090][ T6000] snd-usb-audio 7-1:0.3: probe with driver snd-usb-audio failed with error -22 [ 851.285481][ T9912] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 851.301507][ T9912] usb 6-1: device descriptor read/8, error -71 [ 851.345158][ T6000] usb 7-1: USB disconnect, device number 15 [ 851.477613][T12935] udevd[12935]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.3/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 851.539547][ T9912] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 851.560403][ T9912] usb 6-1: device descriptor read/8, error -71 [ 851.859803][ T9912] usb usb6-port1: unable to enumerate USB device [ 852.438646][T12945] overlayfs: overlapping lowerdir path [ 853.009421][ T6020] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 853.161764][ T6020] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 853.161799][ T6020] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 853.161836][ T6020] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 853.161858][ T6020] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 853.263388][ T6020] usb 8-1: config 0 descriptor?? [ 853.603093][T12947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 853.603625][T12947] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 854.547708][ T6020] hid-steam 0003:28DE:1142.000A: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.7-1/input0 [ 854.722126][ T6020] usb 8-1: USB disconnect, device number 2 [ 854.970662][T12987] fido_id[12987]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory [ 855.201673][T13004] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1954'. [ 855.877391][T13024] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 856.360020][T13043] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 858.021827][T13074] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 860.160465][T13095] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 861.505419][T13120] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 863.763739][T13155] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 864.017318][T13159] autofs: Unknown parameter '0x0000000000000000' [ 864.213591][T13160] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 864.912505][T13171] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2006'. [ 865.204512][ T9] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 865.359486][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 865.364222][ T9] usb 7-1: config 125 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 865.364270][ T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 865.364302][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 866.464786][ T9] usbhid 7-1:125.0: can't add hid device: -71 [ 866.464864][ T9] usbhid 7-1:125.0: probe with driver usbhid failed with error -71 [ 866.473730][ T9] usb 7-1: USB disconnect, device number 16 [ 867.708673][T13194] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2014'. [ 867.708798][T13194] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2014'. [ 867.772178][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2014'. [ 868.112501][T13202] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 870.959518][T13272] overlayfs: missing 'lowerdir' [ 872.457383][T13286] Bluetooth: hci0: invalid length 0, exp 2 for type 23 [ 872.564656][T13290] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 872.627013][T13293] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2049'. [ 872.889634][ T9] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 872.916180][T13295] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 872.916202][T13295] IPv6: NLM_F_CREATE should be set when creating new route [ 873.039408][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 873.048177][ T9] usb 7-1: config 125 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 873.048226][ T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 873.048247][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 873.559773][ T6012] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 873.624134][ T9] usbhid 7-1:125.0: can't add hid device: -71 [ 873.624263][ T9] usbhid 7-1:125.0: probe with driver usbhid failed with error -71 [ 873.638885][ T9] usb 7-1: USB disconnect, device number 17 [ 873.719609][ T6012] usb 1-1: device descriptor read/64, error -71 [ 873.961093][ T6012] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 874.089391][ T6012] usb 1-1: device descriptor read/64, error -71 [ 874.210072][ T6012] usb usb1-port1: attempt power cycle [ 874.228813][T13319] Bluetooth: hci0: invalid length 0, exp 2 for type 23 [ 874.591094][ T6012] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 874.610055][ T6012] usb 1-1: device descriptor read/8, error -71 [ 874.769498][T13331] overlay: Unknown parameter '/file0:/' [ 875.358916][ T6012] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 875.377612][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.377682][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.406904][ T6012] usb 1-1: device descriptor read/8, error -71 [ 875.548655][ T6012] usb usb1-port1: unable to enumerate USB device [ 875.774163][ T6012] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 875.909395][ T6012] usb 7-1: device descriptor read/64, error -71 [ 875.969517][ T6097] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 876.122845][ T6097] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 876.122874][ T6097] usb 2-1: config 0 has no interface number 0 [ 876.137221][ T6097] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 876.137251][ T6097] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.137270][ T6097] usb 2-1: Product: syz [ 876.137284][ T6097] usb 2-1: Manufacturer: syz [ 876.137298][ T6097] usb 2-1: SerialNumber: syz [ 876.147912][ T6097] usb 2-1: config 0 descriptor?? [ 876.185524][ T6012] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 876.329542][ T6012] usb 7-1: device descriptor read/64, error -71 [ 876.372059][ T6097] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 876.440082][ T6012] usb usb7-port1: attempt power cycle [ 876.552230][ T6097] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 876.552762][ T6097] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 876.552817][ T6097] usb 2-1: media controller created [ 876.574808][T13340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 876.575301][T13340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 876.718251][ T6097] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 876.789534][ T6012] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 877.000000][ T6012] usb 7-1: device descriptor read/8, error -71 [ 877.185106][ T6097] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 877.423682][T13366] overlay: Unknown parameter '/owerdir' [ 877.580909][ T6012] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 877.757232][ T6012] usb 7-1: device descriptor read/8, error -71 [ 877.950407][ T6012] usb usb7-port1: unable to enumerate USB device [ 878.190069][ T6097] usb 2-1: USB disconnect, device number 27 [ 880.545236][T13408] overlay: Unknown parameter '/owerdir' [ 883.073175][T13443] FAULT_INJECTION: forcing a failure. [ 883.073175][T13443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 883.073209][T13443] CPU: 0 UID: 0 PID: 13443 Comm: syz.6.2102 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 883.073230][T13443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 883.073243][T13443] Call Trace: [ 883.073250][T13443] [ 883.073257][T13443] dump_stack_lvl+0xe8/0x150 [ 883.073286][T13443] should_fail_ex+0x46c/0x600 [ 883.073315][T13443] _copy_from_user+0x2d/0xb0 [ 883.073333][T13443] ___sys_sendmsg+0x158/0x2a0 [ 883.073360][T13443] ? __pfx____sys_sendmsg+0x10/0x10 [ 883.073415][T13443] ? __fget_files+0x2a/0x420 [ 883.073435][T13443] ? __fget_files+0x3a6/0x420 [ 883.073463][T13443] __x64_sys_sendmsg+0x1a1/0x260 [ 883.073489][T13443] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 883.073528][T13443] ? __pfx_ksys_write+0x10/0x10 [ 883.073565][T13443] do_syscall_64+0xec/0xf80 [ 883.073582][T13443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.073600][T13443] ? trace_irq_disable+0x37/0x100 [ 883.073620][T13443] ? clear_bhb_loop+0x60/0xb0 [ 883.073643][T13443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.073661][T13443] RIP: 0033:0x7feeed5bf749 [ 883.073678][T13443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 883.073695][T13443] RSP: 002b:00007feeeb81e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 883.073716][T13443] RAX: ffffffffffffffda RBX: 00007feeed815fa0 RCX: 00007feeed5bf749 [ 883.073730][T13443] RDX: 0000000000000000 RSI: 0000200000000f00 RDI: 0000000000000003 [ 883.073743][T13443] RBP: 00007feeeb81e090 R08: 0000000000000000 R09: 0000000000000000 [ 883.073754][T13443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 883.073765][T13443] R13: 00007feeed816038 R14: 00007feeed815fa0 R15: 00007ffd558e3b28 [ 883.073795][T13443] [ 883.473203][T13460] Driver unsupported XDP return value 0 on prog (id 428) dev N/A, expect packet loss! [ 886.304507][T13487] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2116'. [ 886.692080][ T37] kauditd_printk_skb: 35 callbacks suppressed [ 886.692098][ T37] audit: type=1326 audit(1766369201.583:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13491 comm="syz.0.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53bf8f749 code=0x7ffc0000 [ 886.742092][ T37] audit: type=1326 audit(1766369201.583:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13491 comm="syz.0.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53bf8f749 code=0x7ffc0000 [ 886.972868][ T37] audit: type=1326 audit(1766369201.833:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13491 comm="syz.0.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7fc53bf8f749 code=0x7ffc0000 [ 887.420489][ T37] audit: type=1326 audit(1766369202.313:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13491 comm="syz.0.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53bf8f749 code=0x7ffc0000 [ 887.420742][ T37] audit: type=1326 audit(1766369202.313:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13491 comm="syz.0.2120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53bf8f749 code=0x7ffc0000 [ 887.459404][ T6020] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 887.802306][T13506] FAULT_INJECTION: forcing a failure. [ 887.802306][T13506] name failslab, interval 1, probability 0, space 0, times 0 [ 887.802329][T13506] CPU: 1 UID: 0 PID: 13506 Comm: syz.1.2121 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 887.802342][T13506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 887.802349][T13506] Call Trace: [ 887.802353][T13506] [ 887.802358][T13506] dump_stack_lvl+0xe8/0x150 [ 887.802377][T13506] should_fail_ex+0x46c/0x600 [ 887.802394][T13506] should_failslab+0xa8/0x100 [ 887.802405][T13506] __kmalloc_noprof+0xe0/0x7e0 [ 887.802420][T13506] ? kfree+0x4d/0x900 [ 887.802431][T13506] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 887.802445][T13506] tomoyo_realpath_from_path+0xe3/0x5d0 [ 887.802456][T13506] ? tomoyo_domain+0xd9/0x130 [ 887.802468][T13506] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 887.802482][T13506] tomoyo_path_number_perm+0x1e8/0x5a0 [ 887.802497][T13506] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 887.802510][T13506] ? __lock_acquire+0x6b6/0x2cf0 [ 887.802525][T13506] ? do_raw_spin_lock+0x121/0x290 [ 887.802553][T13506] ? __fget_files+0x2a/0x420 [ 887.802565][T13506] ? __fget_files+0x2a/0x420 [ 887.802576][T13506] ? __fget_files+0x3a6/0x420 [ 887.802591][T13506] ? __fget_files+0x2a/0x420 [ 887.802610][T13506] security_file_ioctl+0xcb/0x2d0 [ 887.802638][T13506] __se_sys_ioctl+0x47/0x170 [ 887.802665][T13506] do_syscall_64+0xec/0xf80 [ 887.802684][T13506] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.802701][T13506] ? trace_irq_disable+0x37/0x100 [ 887.802718][T13506] ? clear_bhb_loop+0x60/0xb0 [ 887.802730][T13506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.802740][T13506] RIP: 0033:0x7f219546f749 [ 887.802751][T13506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 887.802760][T13506] RSP: 002b:00007f21936b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 887.802772][T13506] RAX: ffffffffffffffda RBX: 00007f21956c6090 RCX: 00007f219546f749 [ 887.802780][T13506] RDX: 0000200000000080 RSI: 00000000c004500a RDI: 0000000000000007 [ 887.802786][T13506] RBP: 00007f21936b5090 R08: 0000000000000000 R09: 0000000000000000 [ 887.802792][T13506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 887.802799][T13506] R13: 00007f21956c6128 R14: 00007f21956c6090 R15: 00007fff956ce238 [ 887.802814][T13506] [ 887.802826][T13506] ERROR: Out of memory at tomoyo_realpath_from_path. [ 889.569535][ T6020] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 889.809795][ T6020] usb 1-1: device descriptor read/64, error -71 [ 890.120829][ T6020] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 890.389948][ T6020] usb 1-1: device descriptor read/64, error -71 [ 890.509943][ T6020] usb usb1-port1: attempt power cycle [ 891.764845][T13527] autofs: Unknown parameter '0x0000000000000000' [ 892.873254][T13530] autofs: Unknown parameter '0x0000000000000000' [ 893.264841][T13537] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 895.105764][T13580] Bluetooth: hci0: invalid length 0, exp 2 for type 21 [ 896.021593][T13590] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 896.459599][ T6020] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 896.645495][ T6020] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 896.645525][ T6020] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 896.645544][ T6020] usb 2-1: config 0 has no interface number 0 [ 896.645592][ T6020] usb 2-1: config 0 interface 106 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 896.645634][ T6020] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 896.645656][ T6020] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 896.715175][ T6020] usb 2-1: config 0 descriptor?? [ 897.083219][T13598] FAULT_INJECTION: forcing a failure. [ 897.083219][T13598] name failslab, interval 1, probability 0, space 0, times 0 [ 897.083291][T13598] CPU: 1 UID: 0 PID: 13598 Comm: syz.1.2154 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 897.083314][T13598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 897.083326][T13598] Call Trace: [ 897.083333][T13598] [ 897.083342][T13598] dump_stack_lvl+0xe8/0x150 [ 897.083373][T13598] should_fail_ex+0x46c/0x600 [ 897.083403][T13598] should_failslab+0xa8/0x100 [ 897.083425][T13598] __kmalloc_noprof+0xe0/0x7e0 [ 897.083451][T13598] ? kfree+0x4d/0x900 [ 897.083471][T13598] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 897.083497][T13598] tomoyo_realpath_from_path+0xe3/0x5d0 [ 897.083518][T13598] ? tomoyo_domain+0xd9/0x130 [ 897.083543][T13598] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 897.083569][T13598] tomoyo_path_number_perm+0x1e8/0x5a0 [ 897.083601][T13598] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 897.083625][T13598] ? __lock_acquire+0x6b6/0x2cf0 [ 897.083654][T13598] ? do_raw_spin_lock+0x121/0x290 [ 897.083706][T13598] ? __fget_files+0x2a/0x420 [ 897.083729][T13598] ? __fget_files+0x2a/0x420 [ 897.083747][T13598] ? __fget_files+0x3a6/0x420 [ 897.083766][T13598] ? __fget_files+0x2a/0x420 [ 897.083789][T13598] security_file_ioctl+0xcb/0x2d0 [ 897.083819][T13598] __se_sys_ioctl+0x47/0x170 [ 897.083846][T13598] do_syscall_64+0xec/0xf80 [ 897.083864][T13598] ? rcu_is_watching+0x15/0xb0 [ 897.083882][T13598] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.083901][T13598] ? clear_bhb_loop+0x60/0xb0 [ 897.083923][T13598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.083949][T13598] RIP: 0033:0x7f219546f749 [ 897.083967][T13598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 897.083983][T13598] RSP: 002b:00007f21936d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 897.084003][T13598] RAX: ffffffffffffffda RBX: 00007f21956c5fa0 RCX: 00007f219546f749 [ 897.084019][T13598] RDX: 0000200000000100 RSI: 00000000c0045002 RDI: 0000000000000004 [ 897.084031][T13598] RBP: 00007f21936d6090 R08: 0000000000000000 R09: 0000000000000000 [ 897.084044][T13598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 897.084055][T13598] R13: 00007f21956c6038 R14: 00007f21956c5fa0 R15: 00007fff956ce238 [ 897.084087][T13598] [ 897.084176][T13598] ERROR: Out of memory at tomoyo_realpath_from_path. [ 897.730358][ T6020] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 897.787796][ T6020] usb 2-1: USB disconnect, device number 28 [ 897.808228][ T6221] usb 2-1: Failed to submit usb control message: -71 [ 897.808261][ T6221] usb 2-1: unable to send the bmi data to the device: -71 [ 897.808278][ T6221] usb 2-1: unable to get target info from device [ 897.808292][ T6221] usb 2-1: could not get target info (-71) [ 897.808307][ T6221] usb 2-1: could not probe fw (-71) [ 898.252110][T13638] overlayfs: missing 'lowerdir' [ 899.899184][T13650] overlayfs: missing 'lowerdir' [ 900.913781][T13667] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'. [ 901.908797][ T6020] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 902.539418][ T6020] usb 1-1: Using ep0 maxpacket: 8 [ 902.544571][ T6020] usb 1-1: config 125 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 902.544619][ T6020] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 902.544642][ T6020] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 903.418732][T13684] overlayfs: missing 'lowerdir' [ 903.468761][T13679] autofs: Unknown parameter '0x0000000000000000' [ 903.813569][ T6020] usbhid 1-1:125.0: can't add hid device: -71 [ 903.813684][ T6020] usbhid 1-1:125.0: probe with driver usbhid failed with error -71 [ 903.839729][ T6020] usb 1-1: USB disconnect, device number 21 [ 908.222394][T13721] overlay: Unknown parameter '/file0:/' [ 909.779182][T13746] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 910.199930][T13752] overlay: Unknown parameter '/file0:/' [ 910.830695][T10636] Bluetooth: hci1: command 0x0406 tx timeout [ 911.171820][T13761] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2207'. [ 911.712338][T13781] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 915.143862][T13830] autofs: Unknown parameter '0x0000000000000000' [ 917.008507][T13840] Bluetooth: hci0: invalid length 0, exp 2 for type 19 [ 917.666354][T13868] FAULT_INJECTION: forcing a failure. [ 917.666354][T13868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 917.666447][T13868] CPU: 0 UID: 0 PID: 13868 Comm: syz.0.2245 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 917.666470][T13868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 917.666482][T13868] Call Trace: [ 917.666491][T13868] [ 917.666499][T13868] dump_stack_lvl+0xe8/0x150 [ 917.666529][T13868] should_fail_ex+0x46c/0x600 [ 917.666559][T13868] _copy_from_user+0x2d/0xb0 [ 917.666577][T13868] __sys_sendto+0x262/0x520 [ 917.666601][T13868] ? __pfx___sys_sendto+0x10/0x10 [ 917.666653][T13868] __x64_sys_sendto+0xde/0x100 [ 917.666678][T13868] do_syscall_64+0xec/0xf80 [ 917.666696][T13868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.666716][T13868] ? clear_bhb_loop+0x60/0xb0 [ 917.666739][T13868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.666758][T13868] RIP: 0033:0x7fc53bf8f749 [ 917.666775][T13868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 917.666791][T13868] RSP: 002b:00007fc53a1d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 917.666812][T13868] RAX: ffffffffffffffda RBX: 00007fc53c1e6090 RCX: 00007fc53bf8f749 [ 917.666827][T13868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 917.666838][T13868] RBP: 00007fc53a1d5090 R08: 0000200000e68000 R09: 0000000000000010 [ 917.666852][T13868] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001 [ 917.666863][T13868] R13: 00007fc53c1e6128 R14: 00007fc53c1e6090 R15: 00007ffcd82518f8 [ 917.666894][T13868] [ 918.272904][ T5814] Bluetooth: hci4: command 0x0406 tx timeout [ 919.543366][T13893] snd_dummy snd_dummy.0: control 4:2:0:syz0:211 is already present [ 922.379107][T13962] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2280'. [ 925.968450][T14038] FAULT_INJECTION: forcing a failure. [ 925.968450][T14038] name failslab, interval 1, probability 0, space 0, times 0 [ 925.968484][T14038] CPU: 0 UID: 0 PID: 14038 Comm: syz.1.2303 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 925.968507][T14038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 925.968520][T14038] Call Trace: [ 925.968528][T14038] [ 925.968536][T14038] dump_stack_lvl+0xe8/0x150 [ 925.968566][T14038] should_fail_ex+0x46c/0x600 [ 925.968596][T14038] should_failslab+0xa8/0x100 [ 925.968617][T14038] __kmalloc_noprof+0xe0/0x7e0 [ 925.968643][T14038] ? kfree+0x4d/0x900 [ 925.968664][T14038] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 925.968689][T14038] tomoyo_realpath_from_path+0xe3/0x5d0 [ 925.968711][T14038] ? tomoyo_domain+0xd9/0x130 [ 925.968735][T14038] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 925.968761][T14038] tomoyo_path_number_perm+0x1e8/0x5a0 [ 925.968790][T14038] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 925.968814][T14038] ? __lock_acquire+0x6b6/0x2cf0 [ 925.968842][T14038] ? do_raw_spin_lock+0x121/0x290 [ 925.968896][T14038] ? __fget_files+0x2a/0x420 [ 925.968919][T14038] ? __fget_files+0x2a/0x420 [ 925.968937][T14038] ? __fget_files+0x3a6/0x420 [ 925.968956][T14038] ? __fget_files+0x2a/0x420 [ 925.968980][T14038] security_file_ioctl+0xcb/0x2d0 [ 925.969009][T14038] __se_sys_ioctl+0x47/0x170 [ 925.969037][T14038] do_syscall_64+0xec/0xf80 [ 925.969060][T14038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.969079][T14038] ? trace_irq_disable+0x37/0x100 [ 925.969098][T14038] ? clear_bhb_loop+0x60/0xb0 [ 925.969121][T14038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.969139][T14038] RIP: 0033:0x7f219546f749 [ 925.969156][T14038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 925.969172][T14038] RSP: 002b:00007f21936d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 925.969192][T14038] RAX: ffffffffffffffda RBX: 00007f21956c5fa0 RCX: 00007f219546f749 [ 925.969207][T14038] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000008 [ 925.969217][T14038] RBP: 00007f21936d6090 R08: 0000000000000000 R09: 0000000000000000 [ 925.969228][T14038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 925.969237][T14038] R13: 00007f21956c6038 R14: 00007f21956c5fa0 R15: 00007fff956ce238 [ 925.969263][T14038] [ 925.987972][T14038] ERROR: Out of memory at tomoyo_realpath_from_path. [ 926.238249][T14042] FAULT_INJECTION: forcing a failure. [ 926.238249][T14042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 926.238284][T14042] CPU: 1 UID: 0 PID: 14042 Comm: syz.6.2305 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 926.238305][T14042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 926.238317][T14042] Call Trace: [ 926.238324][T14042] [ 926.238332][T14042] dump_stack_lvl+0xe8/0x150 [ 926.238362][T14042] should_fail_ex+0x46c/0x600 [ 926.238391][T14042] _copy_from_user+0x2d/0xb0 [ 926.238410][T14042] ___sys_sendmsg+0x158/0x2a0 [ 926.238436][T14042] ? __pfx____sys_sendmsg+0x10/0x10 [ 926.238491][T14042] ? __fget_files+0x2a/0x420 [ 926.238510][T14042] ? __fget_files+0x3a6/0x420 [ 926.238539][T14042] __x64_sys_sendmsg+0x1a1/0x260 [ 926.238565][T14042] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 926.238597][T14042] ? __pfx_ksys_write+0x10/0x10 [ 926.238633][T14042] do_syscall_64+0xec/0xf80 [ 926.238652][T14042] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.238670][T14042] ? trace_irq_disable+0x37/0x100 [ 926.238690][T14042] ? clear_bhb_loop+0x60/0xb0 [ 926.238713][T14042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.238732][T14042] RIP: 0033:0x7feeed5bf749 [ 926.238748][T14042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 926.238765][T14042] RSP: 002b:00007feeeb81e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 926.238784][T14042] RAX: ffffffffffffffda RBX: 00007feeed815fa0 RCX: 00007feeed5bf749 [ 926.238798][T14042] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000004 [ 926.238811][T14042] RBP: 00007feeeb81e090 R08: 0000000000000000 R09: 0000000000000000 [ 926.238824][T14042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 926.238835][T14042] R13: 00007feeed816038 R14: 00007feeed815fa0 R15: 00007ffd558e3b28 [ 926.238866][T14042] [ 929.442615][T14084] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2320'. [ 931.168045][T14122] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2334'. [ 931.929725][T14135] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2339'. [ 932.355542][T14144] FAULT_INJECTION: forcing a failure. [ 932.355542][T14144] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 932.355575][T14144] CPU: 1 UID: 0 PID: 14144 Comm: syz.0.2341 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 932.355596][T14144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 932.355607][T14144] Call Trace: [ 932.355614][T14144] [ 932.355622][T14144] dump_stack_lvl+0xe8/0x150 [ 932.355652][T14144] should_fail_ex+0x46c/0x600 [ 932.355680][T14144] _copy_from_user+0x2d/0xb0 [ 932.355699][T14144] do_sock_getsockopt+0x15c/0x3d0 [ 932.355723][T14144] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 932.355752][T14144] ? __fget_files+0x3a6/0x420 [ 932.355772][T14144] ? __fget_files+0x2a/0x420 [ 932.355796][T14144] __x64_sys_getsockopt+0x1ab/0x250 [ 932.355827][T14144] do_syscall_64+0xec/0xf80 [ 932.355844][T14144] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 932.355862][T14144] ? trace_irq_disable+0x37/0x100 [ 932.355881][T14144] ? clear_bhb_loop+0x60/0xb0 [ 932.355902][T14144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 932.355920][T14144] RIP: 0033:0x7fc53bf8f749 [ 932.355935][T14144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 932.355949][T14144] RSP: 002b:00007fc53a1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 932.355969][T14144] RAX: ffffffffffffffda RBX: 00007fc53c1e6090 RCX: 00007fc53bf8f749 [ 932.355982][T14144] RDX: 0000000000000002 RSI: 000000000000011c RDI: 0000000000000003 [ 932.355991][T14144] RBP: 00007fc53a1d5090 R08: 0000200000000000 R09: 0000000000000000 [ 932.356002][T14144] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 932.356011][T14144] R13: 00007fc53c1e6128 R14: 00007fc53c1e6090 R15: 00007ffcd82518f8 [ 932.356036][T14144] [ 932.369407][T13797] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 932.519312][T13797] usb 6-1: Using ep0 maxpacket: 8 [ 932.522139][T13797] usb 6-1: config 125 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 932.522187][T13797] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 932.522209][T13797] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 932.957922][T13797] usbhid 6-1:125.0: can't add hid device: -71 [ 932.958044][T13797] usbhid 6-1:125.0: probe with driver usbhid failed with error -71 [ 932.967645][T13797] usb 6-1: USB disconnect, device number 27 [ 933.121838][T14156] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2346'. [ 935.498057][T14169] Bluetooth: hci0: invalid length 0, exp 2 for type 19 [ 935.529708][T14171] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 936.218126][T14194] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 936.761391][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.761486][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.971087][T13797] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 937.129346][T13797] usb 1-1: Using ep0 maxpacket: 16 [ 937.166648][T13797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 937.166667][T13797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 937.166679][T13797] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 937.166702][T13797] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 937.166714][T13797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 937.172981][T13797] usb 1-1: config 0 descriptor?? [ 937.216411][T14198] Bluetooth: hci0: invalid length 0, exp 2 for type 19 [ 937.624833][T14210] Bluetooth: hci0: invalid length 0, exp 2 for type 22 [ 937.764024][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764063][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764089][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764114][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764139][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764172][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764199][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764224][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764249][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.764274][T13797] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 937.823982][T13797] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.000B/input/input6 [ 938.601064][ T38] INFO: task kworker/u8:4:68 blocked for more than 143 seconds. [ 938.601088][ T38] Not tainted syzkaller #0 [ 938.601105][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 938.601114][ T38] task:kworker/u8:4 state:D stack:22264 pid:68 tgid:68 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 938.601163][ T38] Workqueue: netns cleanup_net [ 938.601189][ T38] Call Trace: [ 938.601195][ T38] [ 938.601206][ T38] __schedule+0x145f/0x5070 [ 938.601236][ T38] ? __lock_acquire+0x6b6/0x2cf0 [ 938.601273][ T38] ? lockdep_hardirqs_on+0x7b/0x110 [ 938.601302][ T38] ? __pfx___schedule+0x10/0x10 [ 938.601339][ T38] ? schedule+0x91/0x360 [ 938.601368][ T38] schedule+0x165/0x360 [ 938.601397][ T38] rxrpc_destroy_all_calls+0x564/0x660 [ 938.601432][ T38] ? __pfx_rxrpc_destroy_all_calls+0x10/0x10 [ 938.601458][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 938.601480][ T38] ? __pfx_var_wake_function+0x10/0x10 [ 938.601503][ T38] ? __try_to_del_timer_sync+0x34d/0x3a0 [ 938.601537][ T38] rxrpc_exit_net+0x6f/0xc0 [ 938.601556][ T38] ops_undo_list+0x49a/0x990 [ 938.601585][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 938.601605][ T38] ? rt_spin_unlock+0x150/0x200 [ 938.601634][ T38] ? rt_spin_unlock+0x161/0x200 [ 938.601662][ T38] cleanup_net+0x4de/0x7b0 [ 938.601687][ T38] ? __pfx_cleanup_net+0x10/0x10 [ 938.601713][ T38] ? process_scheduled_works+0x9ef/0x1770 [ 938.601734][ T38] ? process_scheduled_works+0x9ef/0x1770 [ 938.601758][ T38] process_scheduled_works+0xad1/0x1770 [ 938.601809][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 938.601829][ T38] ? do_raw_spin_lock+0x121/0x290 [ 938.601874][ T38] worker_thread+0x8a0/0xda0 [ 938.601919][ T38] kthread+0x711/0x8a0 [ 938.601943][ T38] ? __pfx_worker_thread+0x10/0x10 [ 938.601962][ T38] ? __pfx_kthread+0x10/0x10 [ 938.601982][ T38] ? rt_spin_unlock+0x150/0x200 [ 938.602008][ T38] ? rt_spin_unlock+0x161/0x200 [ 938.602030][ T38] ? __pfx_kthread+0x10/0x10 [ 938.602054][ T38] ret_from_fork+0x510/0xa50 [ 938.602077][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 938.602096][ T38] ? __switch_to+0xc9e/0x1480 [ 938.602128][ T38] ? __pfx_kthread+0x10/0x10 [ 938.602155][ T38] ret_from_fork_asm+0x1a/0x30 [ 938.602201][ T38] [ 938.602429][ T38] [ 938.602429][ T38] Showing all locks held in the system: [ 938.602440][ T38] 2 locks held by kworker/1:0/31: [ 938.602454][ T38] 1 lock held by khungtaskd/38: [ 938.602463][ T38] #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 938.602522][ T38] 4 locks held by kworker/u8:2/44: [ 938.602534][ T38] 3 locks held by kworker/u8:4/68: [ 938.602544][ T38] #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 938.602588][ T38] #1: ffffc9000153fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 938.602631][ T38] #2: ffffffff8e898680 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0 [ 938.602680][ T38] 4 locks held by kworker/u8:6/1008: [ 938.602695][ T38] 4 locks held by kworker/u8:14/1512: [ 938.602715][ T38] 4 locks held by kworker/u8:17/3546: [ 938.602727][ T38] 2 locks held by getty/5565: [ 938.602737][ T38] #0: ffff888034a5b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 938.602784][ T38] #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460 [ 938.602830][ T38] 3 locks held by syz-executor/7372: [ 938.602859][ T38] 4 locks held by kworker/u8:28/12709: [ 938.602870][ T38] 1 lock held by udevd/12935: [ 938.602882][ T38] 8 locks held by kworker/1:2/13797: [ 938.602893][ T38] 6 locks held by syz-executor/14214: [ 938.602904][ T38] [ 938.602908][ T38] ============================================= [ 938.602908][ T38] [ 938.602923][ T38] NMI backtrace for cpu 1 [ 938.602937][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 938.602958][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 938.602969][ T38] Call Trace: [ 938.602976][ T38] [ 938.602984][ T38] dump_stack_lvl+0xe8/0x150 [ 938.603009][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 938.603034][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 938.603056][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 938.603082][ T38] sys_info+0x135/0x170 [ 938.603101][ T38] watchdog+0xf95/0xfe0 [ 938.603128][ T38] ? watchdog+0x20a/0xfe0 [ 938.603154][ T38] kthread+0x711/0x8a0 [ 938.603180][ T38] ? __pfx_watchdog+0x10/0x10 [ 938.603197][ T38] ? __pfx_kthread+0x10/0x10 [ 938.603218][ T38] ? rt_spin_unlock+0x150/0x200 [ 938.603244][ T38] ? rt_spin_unlock+0x161/0x200 [ 938.603266][ T38] ? __pfx_kthread+0x10/0x10 [ 938.603290][ T38] ret_from_fork+0x510/0xa50 [ 938.603313][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 938.603330][ T38] ? __switch_to+0xc9e/0x1480 [ 938.603360][ T38] ? __pfx_kthread+0x10/0x10 [ 938.603386][ T38] ret_from_fork_asm+0x1a/0x30 [ 938.603427][ T38] [ 938.603435][ T38] Sending NMI from CPU 1 to CPUs 0: [ 938.603465][ C0] NMI backtrace for cpu 0 [ 938.603479][ C0] CPU: 0 UID: 0 PID: 5801 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 938.603500][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 938.603511][ C0] RIP: 0010:check_preemption_disabled+0x29/0xe0 [ 938.603533][ C0] Code: 90 55 41 57 41 56 53 65 8b 05 77 64 e1 06 65 8b 0d 6c 64 e1 06 f7 c1 ff ff ff 7f 74 0c 5b 41 5e 41 5f 5d e9 c9 a3 03 00 cc 9c <59> f7 c1 00 02 00 00 74 ea 65 4c 8b 3c 25 08 10 b3 91 41 f6 47 2f [ 938.603549][ C0] RSP: 0018:ffffc90004c97388 EFLAGS: 00000046 [ 938.603566][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000080000000 [ 938.603578][ C0] RDX: 00000000da346400 RSI: ffffffff8cfded8c RDI: ffffffff8b3f57e0 [ 938.603592][ C0] RBP: ffffffff8173dd35 R08: ffffffff8173dd35 R09: ffffffff8d5ae940 [ 938.603606][ C0] R10: ffffc90004c97578 R11: ffffffff81ab9830 R12: 0000000000000002 [ 938.603619][ C0] R13: ffffffff8d5ae940 R14: 0000000000000000 R15: 0000000000000246 [ 938.603632][ C0] FS: 00005555807fb500(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 938.603648][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 938.603660][ C0] CR2: 00007fff956ccd18 CR3: 000000003cbcc000 CR4: 00000000003526f0 [ 938.603676][ C0] Call Trace: [ 938.603683][ C0] [ 938.603691][ C0] ? unwind_next_frame+0xa5/0x23d0 [ 938.603713][ C0] lock_acquire+0x117/0x340 [ 938.603738][ C0] ? unwind_next_frame+0xa5/0x23d0 [ 938.603759][ C0] ? security_inode_getattr+0x12f/0x330 [ 938.603782][ C0] ? unwind_next_frame+0xa5/0x23d0 [ 938.603803][ C0] unwind_next_frame+0xc2/0x23d0 [ 938.603825][ C0] ? unwind_next_frame+0xa5/0x23d0 [ 938.603849][ C0] ? unwind_next_frame+0xa5/0x23d0 [ 938.603871][ C0] ? tomoyo_path_perm+0x213/0x4b0 [ 938.603894][ C0] ? security_inode_getattr+0x12f/0x330 [ 938.603916][ C0] ? tomoyo_realpath_from_path+0x598/0x5d0 [ 938.603933][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 938.603955][ C0] arch_stack_walk+0x11c/0x150 [ 938.603979][ C0] ? security_inode_getattr+0x12f/0x330 [ 938.604002][ C0] stack_trace_save+0x9c/0xe0 [ 938.604022][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 938.604043][ C0] ? kasan_save_track+0x4f/0x80 [ 938.604069][ C0] ? __lock_acquire+0x6b6/0x2cf0 [ 938.604091][ C0] kasan_save_track+0x3e/0x80 [ 938.604119][ C0] ? kasan_save_track+0x3e/0x80 [ 938.604141][ C0] ? kasan_save_free_info+0x46/0x50 [ 938.604160][ C0] ? __kasan_slab_free+0x5c/0x80 [ 938.604184][ C0] ? kfree+0x1bd/0x900 [ 938.604204][ C0] ? tomoyo_realpath_from_path+0x598/0x5d0 [ 938.604222][ C0] ? tomoyo_path_perm+0x213/0x4b0 [ 938.604243][ C0] ? security_inode_getattr+0x12f/0x330 [ 938.604285][ C0] kasan_save_free_info+0x46/0x50 [ 938.604304][ C0] __kasan_slab_free+0x5c/0x80 [ 938.604329][ C0] kfree+0x1bd/0x900 [ 938.604349][ C0] ? tomoyo_realpath_from_path+0x598/0x5d0 [ 938.604369][ C0] tomoyo_realpath_from_path+0x598/0x5d0 [ 938.604392][ C0] tomoyo_path_perm+0x213/0x4b0 [ 938.604416][ C0] ? tomoyo_path_perm+0x1e3/0x4b0 [ 938.604438][ C0] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 938.604475][ C0] ? __might_fault+0xb0/0x130 [ 938.604500][ C0] ? __might_fault+0xb0/0x130 [ 938.604527][ C0] security_inode_getattr+0x12f/0x330 [ 938.604548][ C0] vfs_statx+0x18e/0x550 [ 938.604568][ C0] ? __pfx_vfs_statx+0x10/0x10 [ 938.604584][ C0] ? strncpy_from_user+0x150/0x2c0 [ 938.604606][ C0] ? getname_flags+0x1e5/0x540 [ 938.604624][ C0] vfs_fstatat+0x118/0x170 [ 938.604642][ C0] __x64_sys_newfstatat+0x116/0x190 [ 938.604663][ C0] ? __pfx___x64_sys_newfstatat+0x10/0x10 [ 938.604697][ C0] ? __pfx___x64_sys_umount+0x10/0x10 [ 938.604729][ C0] do_syscall_64+0xec/0xf80 [ 938.604745][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.604763][ C0] ? trace_irq_disable+0x37/0x100 [ 938.604782][ C0] ? clear_bhb_loop+0x60/0xb0 [ 938.604801][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.604818][ C0] RIP: 0033:0x7f219546de3a [ 938.604832][ C0] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 0b 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 [ 938.604847][ C0] RSP: 002b:00007fff956cd4c8 EFLAGS: 00000286 ORIG_RAX: 0000000000000106 [ 938.604864][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f219546de3a [ 938.604877][ C0] RDX: 00007fff956cd4f0 RSI: 00007fff956cd580 RDI: 00000000ffffff9c [ 938.604890][ C0] RBP: 00007fff956cd580 R08: 0000000000000000 R09: 0000000000000000 [ 938.604902][ C0] R10: 0000000000000100 R11: 0000000000000286 R12: 00007fff956ce610 [ 938.604914][ C0] R13: 00007f21954f3d7d R14: 00000000000e4de6 R15: 00007fff956ce650 [ 938.604940][ C0] [ 938.605468][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 938.605487][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 938.605509][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 938.605520][ T38] Call Trace: [ 938.605527][ T38] [ 938.605535][ T38] vpanic+0x1e0/0x670 [ 938.605566][ T38] panic+0xb9/0xc0 [ 938.605590][ T38] ? __pfx_panic+0x10/0x10 [ 938.605624][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 938.605652][ T38] watchdog+0xfdf/0xfe0 [ 938.605677][ T38] ? watchdog+0x20a/0xfe0 [ 938.605705][ T38] kthread+0x711/0x8a0 [ 938.605733][ T38] ? __pfx_watchdog+0x10/0x10 [ 938.605754][ T38] ? __pfx_kthread+0x10/0x10 [ 938.605776][ T38] ? rt_spin_unlock+0x150/0x200 [ 938.605805][ T38] ? rt_spin_unlock+0x161/0x200 [ 938.605827][ T38] ? __pfx_kthread+0x10/0x10 [ 938.605859][ T38] ret_from_fork+0x510/0xa50 [ 938.605882][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 938.605901][ T38] ? __switch_to+0xc9e/0x1480 [ 938.605932][ T38] ? __pfx_kthread+0x10/0x10 [ 938.605958][ T38] ret_from_fork_asm+0x1a/0x30 [ 938.606000][ T38] [ 938.606349][ T38] Kernel Offset: disabled