last executing test programs: 15.573579546s ago: executing program 0 (id=54): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) timer_create(0x0, 0x0, &(0x7f0000000300)) mprotect(&(0x7f000012b000/0x2000)=nil, 0x2000, 0x1) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) move_pages(0x0, 0x1, &(0x7f0000000440)=[&(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000480)=[0x1], &(0x7f0000001680), 0x0) write$UHID_CREATE(r1, &(0x7f00000000c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f00000006c0)=""/83, 0x53, 0x0, 0x0, 0x0, 0x3, 0x10000000}}, 0x120) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r2, &(0x7f0000000080), 0x2000011a) r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_restrict_self(r3, 0xe) writev(r1, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e000000", 0x4}, {&(0x7f00000006c0), 0x1000000}], 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a"], 0x7c}}, 0x0) rt_sigqueueinfo(0x0, 0x1000002f, &(0x7f0000000340)={0x31, 0x718, 0x80000000}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8885}, 0x0) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000100)}], 0x1) ptrace$cont(0x18, r5, 0x7ffffffe, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0xc, 0xe, 0x6, 0x3, 0x68004, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x4}, 0x50) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000d, 0x3b071, 0xffffffffffffffff, 0x0) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, 0x0, 0x0) 10.158131966s ago: executing program 0 (id=67): syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x40042, 0x0) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$inet6(r0, &(0x7f0000000240)={&(0x7f0000000180)={0xa, 0x4e23, 0x1, @local, 0x38a}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES8=r0], 0x30}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0xd}, 0x1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000080)='c', 0x1}], 0x1, &(0x7f0000000a80)=ANY=[@ANYBLOB="480000000000000029000000370000002b0500000000000007280000000308480400030000000000000008000000000000000104000000000000080000000000000004010300000014000000000000002900000043000000080000000000000050"], 0xb0}}], 0x1, 0x4000801) shutdown(r2, 0x1) getsockopt$bt_hci(r2, 0x84, 0x6c, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r6, 0xf21, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, r3, 0x300, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x5, 0x7d}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x4044080) 9.851059704s ago: executing program 2 (id=72): r0 = inotify_init1(0x80800) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x50007a2) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4) write$binfmt_elf32(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="7f454c46800c040001000000010000000200060001000000dd00000038000000450300000800000005002000010005000900000000000000030000000500000009000000800000000200"], 0x58) close(r1) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}], 0x20) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @rand_addr=0x64010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0) r7 = socket(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, &(0x7f0000000480)=ANY=[], 0xf0) sendto$inet6(r7, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket(0x2, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r8, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r10, 0x7}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000002c0)={r10}, &(0x7f0000000040)=0x3e7e) 8.224470351s ago: executing program 0 (id=76): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x3ff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mknodat(r1, &(0x7f0000000040)='./file0\x00', 0x0, 0xfff) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x3, @empty, 0x57}, 0x1c) ppoll(&(0x7f00000020c0)=[{r5, 0x8000}], 0x1, 0x0, 0x0, 0x0) write(r5, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, 0x0) geteuid() r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x46b350501f29363b, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r7, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r6, 0x3b89, &(0x7f0000000000)={0x28, 0x4, r8, r7, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) 8.173164105s ago: executing program 1 (id=77): mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1}) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@remote, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, r1}) ioprio_set$uid(0x3, 0x0, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3400000044000701feffffff00000000037c0000070042800c00018006000600800a0000100002"], 0x34}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x8}, {0x0, 0x7}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x44}, 0x28) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="660a0000000000006111600000000000850000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) 8.002064626s ago: executing program 2 (id=78): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000300)={0x14, 0x6, 0x1, 0x801, 0x0, 0x0, {0xa, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x44040) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000280)="0000000000000004ff6943b80000000800000028f2000000008607000000ebb01f63dd65dd530700a28f2cbf86f474fad8cb594ed9fabe9ec277bb8d0000009c238532dd4c6ee9eddd58a599264432dc88941a476f8674c3b25a20e8d25504d773dd523add126ab51ca15c9d0436b3d0164bda8d9ed4e88158a20d3c55bd06050b964a5503bd0ef4b3a0823ad11bfae501057d95ba3e8d12893e6201c24e96b3031a817db4aa92e708a23ec370714940856977cb6f99f8ddc11996d1d5587f9c325bf5c2f77088d08a05af40a5392711377de42a66c2adee5a0612b9", 0xdc, r1) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xcc, 0x1, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x5}]}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'netbios-ns\x00'}}, @CTA_SEQ_ADJ_ORIG={0x54, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x401}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xffff}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x10}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x400}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_FILTER={0x24, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x28}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x201}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x810}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x920}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}]}, 0xcc}}, 0x800) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0xfffff63d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_FAIL_OVER_MAC={0x5, 0xd, 0x1}]}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000080) 7.407935535s ago: executing program 3 (id=79): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioprio_set$pid(0x2, 0x0, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000024c0)={'\x00', 0x3ff, 0x79, 0x9, 0x9, 0x1, r3}) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0) unshare(0x22020600) ioctl$TCSETS(r5, 0x40045431, &(0x7f00000000c0)={0x0, 0x5, 0x400007f, 0x4000006, 0x5, "42341f9b1000007e4f00"}) r6 = syz_open_pts(r5, 0x60300) dup3(r6, r5, 0x0) splice(r5, 0x0, r4, 0x0, 0x7ffff000, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x20008000) 7.356189752s ago: executing program 1 (id=80): r0 = socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open$dir(&(0x7f0000000100)='./cgroup/../file0\x00', 0x8c00, 0x40) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fcntl$lock(r4, 0x6, &(0x7f0000000000)={0x0, 0x2, 0x3a, 0x8}) linkat(r3, &(0x7f0000000140)='./cgroup/../file0\x00', r4, &(0x7f0000000300)='./cgroup/../file0\x00', 0x1000) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, '\x00', "5193bb672965593497c186a80e00", '\x00\x00=*', "1202000000040030"}, 0x38) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e24, 0x7ff, @private0, 0x9}}, 0x0, 0x0, 0x25, 0x0, "1ee17f72fd75c837c225b44a81048e0da750593b7e9f8c95bf0f0adb78238f800b39a90d91cbcdd4cfbd096f89abc7466e167e81517cebe664849b398a7817e3d11faf15e1b8f064f6c7770a34584ce3"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000400)={@in6={{0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x3fc}}, 0x0, 0x0, 0x18, 0x0, "b2e4f91cf70100ffff4c2b19ebef230a33685fbacfcf3b4e455e573d821422f08f671600000000000000000000000000000000000000000200"}, 0xd8) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) r5 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f00000000c0)=0x100000000000000, 0x12) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff28bd7000f9dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="715a0300231a05003c0012800b00010069703667726500002c0002801400060000000000000000000000ffffac1414aa14000700000000000000000007"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) r6 = syz_init_net_socket$llc(0x1a, 0x4, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) setsockopt$llc_int(r6, 0x10c, 0x0, &(0x7f0000000040)=0x1, 0x4) 6.96788586s ago: executing program 2 (id=81): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r1 = syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x8257f) ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r1, 0x6f2d, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x9, 0x11, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2, 0x400}}, @sadb_x_kmaddress={0x5, 0x19, 0x0, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e21, @private=0xa010102}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x88}, 0x1, 0x7}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000005807715bcf14d63051d31d3270"], &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', r2}, 0x94) 6.967554203s ago: executing program 0 (id=82): openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa0201, 0x0) close(0x3) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x201a40, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x9, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 6.3989732s ago: executing program 2 (id=83): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004"], 0xd4}}, 0x8818) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x300) 6.160293033s ago: executing program 3 (id=84): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r1 = dup2(r0, r0) fcntl$notify(r1, 0x402, 0x3f) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c4620040000000000000000000002003e00ebffffff7c0000000000000040000000000000000200"/51], 0x178) close(r2) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') read$FUSE(r4, &(0x7f0000003680)={0x2020}, 0xfd) ioctl$KVM_GET_TSC_KHZ_vm(r4, 0xaea3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) recvmmsg(r5, &(0x7f0000007cc0)=[{{&(0x7f0000000380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000000800)=[{&(0x7f0000007e40)=""/264, 0x108}, {&(0x7f0000000580)=""/126, 0x7e}, {&(0x7f0000000600)}, {&(0x7f0000000640)=""/78, 0x4e}, {&(0x7f00000006c0)=""/166, 0xa6}, {&(0x7f0000000780)=""/42, 0x2a}, {&(0x7f00000007c0)=""/13, 0xd}], 0x7, &(0x7f0000000880)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000001880)=@nfc_llcp, 0x80, &(0x7f0000001c00)=[{&(0x7f0000001900)=""/42, 0x2a}, {&(0x7f0000001940)=""/181, 0xb5}, {&(0x7f0000001a00)=""/187, 0xbb}, {&(0x7f0000001ac0)=""/2, 0x2}, {&(0x7f0000001b00)=""/245, 0xf5}], 0x5, &(0x7f0000001c80)=""/222, 0xde}}, {{&(0x7f0000001d80)=@qipcrtr, 0x80, &(0x7f0000002f80)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000002e00)=""/80, 0x50}, {&(0x7f0000002e80)=""/246, 0xf6}], 0x3, &(0x7f0000000400)=""/120, 0x78}, 0x8001}, {{&(0x7f0000003040)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000003440)=[{&(0x7f00000030c0)=""/249, 0xf9}, {&(0x7f00000031c0)=""/131, 0x83}, {&(0x7f0000003280)=""/169, 0xa9}, {&(0x7f0000003340)=""/224, 0xe0}], 0x4, &(0x7f0000003480)=""/42, 0x2a}}, {{&(0x7f00000034c0)=@x25, 0x80, &(0x7f0000006800)=[{&(0x7f0000003540)=""/63, 0x3f}, {&(0x7f00000002c0)=""/32, 0x20}, {&(0x7f00000056c0)=""/4096, 0x1000}, {&(0x7f00000066c0)=""/187, 0xbb}, {&(0x7f0000006780)=""/124, 0x7c}], 0x5, &(0x7f0000006880)=""/154, 0x9a}, 0xfffffff8}, {{&(0x7f0000006940)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000007c40)=[{&(0x7f00000069c0)=""/226, 0xe2}, {&(0x7f0000006ac0)=""/147, 0x93}, {&(0x7f0000006bc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000007c00)=""/60, 0x3c}], 0x5}, 0xfffffff7}], 0x6, 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="2800000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB="003f9500203f000008001300", @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x40488c5}, 0x40000) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioprio_set$pid(0x3, 0x0, 0x0) r9 = open(&(0x7f0000000000)='./file1\x00', 0x80242, 0x8) sendfile(r9, r9, &(0x7f0000000080), 0x4d9b6eaf) r10 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r10, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x3}]}, 0x1c}}, 0x0) 6.011335735s ago: executing program 1 (id=85): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000c00)={0xffffffffffffffff}) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000108117980800000000000109024100010000000009040000020308000009210000010122290a0905b8"], 0x0) sendmsg$tipc(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40844}, 0x8c0) 5.351465807s ago: executing program 4 (id=88): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x800}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x98) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.351073951s ago: executing program 2 (id=89): unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x200) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0xb8, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x65205, 0xc900}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2020d}}}}}}, @IFLA_MTU={0x8, 0x4, 0x7ff}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x2c707}, @IFLA_AF_SPEC={0x60, 0x1a, 0x0, 0x1, [@AF_MPLS={0xffffffffffffff96}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8, 0x20, 0x0, 0x0, 0xb7}, {0x8, 0x14}, {0x8, 0xb, 0x0, 0x0, 0x10000}, {0x8, 0x15, 0x0, 0x0, 0x1}]}}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24}}, @AF_MPLS={0x4}, @AF_MPLS={0x4}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x84}, 0x0) r1 = socket$inet6(0xa, 0x4, 0xffffff08) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x7, 0x4) mount_setattr(0xffffffffffffffff, &(0x7f0000001d80)='.\x00', 0x8000, &(0x7f0000001dc0)={0x0, 0x0, 0x40000}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r1) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) bind$unix(r2, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) 5.078672847s ago: executing program 3 (id=90): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x2, 0x1, 0xb, 0x4}]}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) accept$nfc_llcp(r2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000001c00070c2bbd70000080000002000000", @ANYRES32=r3, @ANYBLOB="d200f40b140001"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20024014) personality(0x8) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4a26, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x3}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x24058034, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001a00010029bd7000000000000220200000000040"], 0x2c}}, 0x80) fcntl$getown(r1, 0x9) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$update(0x2, r6, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="800000001000010428bd70000000000000000000", @ANYBLOB="0001000029ef0200280012800b00010067656e65766500001800028014000700fe880000000000000000f7ff000008013800128008000100677265"], 0x80}}, 0x2000000) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f00000028c0)={0x0, 0x9}, 0x8) 4.885284459s ago: executing program 4 (id=91): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x2563, 0x4) sendto$inet(r0, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) recvmmsg(r0, 0x0, 0x0, 0x40000120, 0x0) 4.521693167s ago: executing program 4 (id=92): syz_open_dev$vbi(0x0, 0x0, 0x2) set_mempolicy(0x3, 0x0, 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xd8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit={0x95, 0x0, 0x700}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6}, 0x70) 4.345286081s ago: executing program 4 (id=93): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@delneigh={0x28, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0x80, 0x2}, [@NDA_LLADDR={0xa, 0x2, @link_local}]}, 0x28}}, 0x0) getsockopt$sock_buf(r1, 0x1, 0x37, &(0x7f0000000000)=""/90, &(0x7f0000000080)=0x5a) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x3c, r6, 0x1, 0x60bd27, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x1}]}, 0x3c}}, 0x20) r8 = signalfd4(r3, &(0x7f0000000140)={[0x9]}, 0x8, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@L2TP_ATTR_FD={0x8, 0x17, @l2tp=r8}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x40041) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, 0x0, 0x0) 4.124690926s ago: executing program 1 (id=94): r0 = io_uring_setup(0x5136, &(0x7f00000005c0)={0x0, 0x799a, 0x8000, 0x0, 0x3a3}) r1 = syz_io_uring_setup(0x33ad, &(0x7f0000000100)={0x0, 0x26bb, 0x4000, 0x0, 0x84, 0x0, r0}, &(0x7f0000000180), &(0x7f0000000280), 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000580)={0x40, 0x0, &(0x7f00000003c0)=[r2]}, 0x1) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000240)={0x200000, 0x200003, 0x9, 0x0, 0x7, 0x3}) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_DISCONNECT(r3, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r4 = syz_open_procfs(0x0, &(0x7f0000000400)='net/ip_mr_cache\x00') r5 = io_uring_setup(0x3aa5, &(0x7f00000002c0)={0x0, 0x32b6, 0x880, 0x0, 0x35d}) r6 = syz_open_dev$media(&(0x7f0000000040), 0x7fdffffe, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) close_range(r4, r4, 0x0) statx(r4, 0x0, 0x1000, 0x200, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(r7, 0x0, 0x10) 3.95714912s ago: executing program 4 (id=95): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0) syz_usb_connect(0x6, 0x36, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f00003d5000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, r0, 0xc0f49000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000040)) migrate_pages(0x0, 0x5, 0x0, &(0x7f0000000080)=0x272) 3.86172839s ago: executing program 1 (id=96): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) memfd_create(0x0, 0x1) (async) memfd_create(0x0, 0x1) openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0) (async) openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, r0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f0000000280)={0x3, 0x1, 0x7f, &(0x7f0000000080)=""/127}) (async) ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f0000000280)={0x3, 0x1, 0x7f, &(0x7f0000000080)=""/127}) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000040)={0x1, 'syz_tun\x00', 0x1}, 0x18) socket$l2tp6(0xa, 0x2, 0x73) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={0x0}, 0x1, 0x0, 0x0, 0x4035}, 0x4) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={0x0}, 0x1, 0x0, 0x0, 0x4035}, 0x4) msgget$private(0x0, 0x31) (async) r3 = msgget$private(0x0, 0x31) msgsnd(r3, &(0x7f00000035c0)=ANY=[@ANYBLOB="03"], 0x1b, 0x5f005e4c1fdd0237) (async) msgsnd(r3, &(0x7f00000035c0)=ANY=[@ANYBLOB="03"], 0x1b, 0x5f005e4c1fdd0237) msgrcv(r3, 0x0, 0x0, 0x3, 0x800) socket$packet(0x11, 0x2, 0x300) (async) socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x7e, &(0x7f0000000480)=ANY=[], 0x0) r4 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x4, 0x4) listen(r4, 0x7f) r5 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r5, &(0x7f0000000180)="3bf9b2fe782f2612acf8dbbb02f053738ad98602b632aa77afc4f4d855e38cde81d5487d1b46eaee67be553179f734d91fbb227002bb1a886330ad2f17a9f74713ecac9642fd06da3a124d281d056b5f1cb0d283", &(0x7f0000000000)=@tcp6, 0x1}, 0x20) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r5, &(0x7f0000000180)="3bf9b2fe782f2612acf8dbbb02f053738ad98602b632aa77afc4f4d855e38cde81d5487d1b46eaee67be553179f734d91fbb227002bb1a886330ad2f17a9f74713ecac9642fd06da3a124d281d056b5f1cb0d283", &(0x7f0000000000)=@tcp6, 0x1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r5}, &(0x7f00000004c0), &(0x7f0000000500)}, 0x20) 3.844172064s ago: executing program 3 (id=97): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x2563, 0x4) sendto$inet(r0, &(0x7f0000000100)="1ce0", 0x2, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000120, 0x0) 3.619419412s ago: executing program 0 (id=98): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) stat(&(0x7f0000000000)='.\x00', &(0x7f0000000280)) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000200)={r2, r3/1000+10000}, 0x10) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c729a7bc01e69e46000"]) 3.220708911s ago: executing program 2 (id=99): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "c8bf5d03ac85c25d", "9a5d38a17f00c500000000feff00", "a1c4776d", "3c84a3a3be2adbff"}, 0x28) recvfrom(r2, &(0x7f0000000440)=""/4070, 0x20, 0x101, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0) fcntl$lock(r4, 0x6, &(0x7f0000000080)={0x1, 0x1, 0x0, 0x400}) fcntl$lock(r4, 0x7, &(0x7f0000000340)={0x0, 0x2, 0x201, 0x1d}) fcntl$lock(r4, 0x24, &(0x7f0000000180)={0x0, 0x0, 0x20006, 0x20000000001}) kcmp$KCMP_EPOLL_TFD(0x0, r3, 0x7, r1, &(0x7f00000001c0)={r4, r0, 0x7f}) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x439, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, 0x49811, 0x49841}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x32}}]}}}]}, 0x38}}, 0x0) sendto$packet(r0, &(0x7f0000000400)="05d936277c6f5422007f83477ca1b278e3e4018a", 0x14, 0x0, &(0x7f0000000200)={0x11, 0x86dd, r5, 0x1, 0x4, 0x6, @local}, 0x14) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) io_setup(0x3, &(0x7f0000000600)=0x0) io_submit(r7, 0x1, &(0x7f0000000000)=[&(0x7f0000000080)={0x0, 0x0, 0x10, 0x7, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x2}]) 3.128863007s ago: executing program 1 (id=100): syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) syz_emit_ethernet(0x22, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffaaaaaabb81002e00000c020000000101000077a97189e038a81400000000"], &(0x7f00000000c0)={0x0, 0x4, [0xac9, 0xefe, 0x9a6, 0xf46]}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x600000a, 0x12, 0xffffffffffffffff, 0x0) unshare(0x66000080) r2 = socket$netlink(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x9c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0x9c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r5, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'dummy0\x00', 0x0}) r7 = gettid() sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r6, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r7], 0x28}, 0x1, 0x0, 0x0, 0x24000810}, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r8, 0x0, 0x2e, &(0x7f0000000000)={0x7, {{0x2, 0x4e22, @multicast2}}, {{0x2, 0x7f, @multicast2}}}, 0x108) r9 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00') pread64(r10, &(0x7f0000000380)=""/148, 0x94, 0x30) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}}) 3.016342143s ago: executing program 0 (id=101): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000001c0)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={r1}, 0x4) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000040), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0xffffffff) r5 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000380)='./file0\x00', 0x6000000) vmsplice(r5, &(0x7f0000000200)=[{&(0x7f0000000c80)="93", 0x1}], 0x1, 0x7) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0xe, 0x0, &(0x7f0000000740)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_usb_control_io$printer(r7, 0x0, &(0x7f0000000540)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x1, 0x1, 0x5}, 0x0}) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r8, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r9}, 0xc) syz_usb_control_io$cdc_ncm(r7, 0x0, &(0x7f0000000940)={0x44, &(0x7f0000000680)=ANY=[@ANYBLOB="400a040000000022060d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x90882) 2.557978874s ago: executing program 3 (id=102): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x40b0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, 0x0, 0x0, 0x0, 0x1}) r4 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000100)={0x0, 0x6, 0x2, [0x2, 0x1]}, &(0x7f0000000180)=0xc) 1.416455287s ago: executing program 3 (id=103): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0xa) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100001042bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0305000038c70200240012800b000100627269646765000014000280080003000a04"], 0x44}, 0x1, 0x0, 0x0, 0x4008086}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r4 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) write$binfmt_elf32(r5, &(0x7f0000000600)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba0300003f000000e50100000180ffff06002000010003000400060000000000030000000c000000040000000900000040000000030000000200000006740000"], 0x58) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000040)='./file0\x00', 0x808) r7 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r7, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) close(r7) close(r5) execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_usb_connect$uac1(0x6, 0x0, 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f0000000100)={0x4, 0x0, [{0x80000019, 0xffff83d7, 0x0, 0x2, 0x2, 0x7, 0x5bdc00}, {0x80000008, 0x5, 0x2, 0xfffffffe, 0x0, 0xffffffff, 0x7}, {0xb, 0x0, 0x2, 0x7ff, 0x8, 0x6, 0x6}, {0x40000000, 0xc4a, 0x0, 0xb, 0x5, 0xbd7}]}) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b40)={@ifindex, 0x2e, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x6, 0x910b7332239a4e3c, 0x1000, &(0x7f00007ee000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f00007ee000/0x2000)=nil, 0x2000, 0xb, 0x10, 0xffffffffffffffff, 0xb2318000) ioctl$KVM_PRE_FAULT_MEMORY(r9, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) prctl$PR_SET_IO_FLUSHER(0x50, 0x10001) 0s ago: executing program 4 (id=104): keyctl$KEYCTL_CAPABILITIES(0x1f, 0xfffffffffffffffc, 0x55) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0) ioctl$FE_GET_PROPERTY(r0, 0x80106f53, &(0x7f0000000400)={0x37, &(0x7f0000000200)=[{0x27, '\x00', @buffer={"4d8de65116f7ed5b2bfe2526eaf777fce9f93fc95703f742bb77f27d597765d5", 0x20}}]}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setresuid(0xee00, 0xee00, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701000000feffffbfa40000000000000704000000fefffeb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r3, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r3, 0xa9525000) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) lchown(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0) close(0x3) readv(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/77, 0x40}, {&(0x7f0000000140)=""/135}], 0x100000000000024c) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x61}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) ioctl$XFS_IOC_PATH_TO_HANDLE(r4, 0xc0385869, &(0x7f0000000380)={r4, &(0x7f00000000c0)='\x00', 0x10000, &(0x7f0000000100)={@_ha_fsid={[0x4, 0x6]}, {0x7, 0x401, 0x4, 0x8000000000000001}}, 0x32d4, &(0x7f0000000300), &(0x7f0000000340)=0x5}) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r7 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f0000000400)={0x0, 0xe758, 0x3}) sendmmsg$inet(r6, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014) bind$llc(r6, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. [ 86.304421][ T5814] cgroup: Unknown subsys name 'net' [ 86.546535][ T5814] cgroup: Unknown subsys name 'cpuset' [ 86.590974][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.325055][ T31] cfg80211: failed to load regulatory.db [ 88.761227][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.933291][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.942999][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.951187][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.970148][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.977102][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.980593][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.982430][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.984347][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.986855][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.987922][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.990426][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.992806][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.994114][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.995192][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.997504][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.029973][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.031218][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.046910][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.055365][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.059874][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.071459][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.136408][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.163464][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.166654][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.218308][ T5148] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.253200][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 94.284644][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 94.376999][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 94.459288][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 94.488078][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 94.706454][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.707456][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.707638][ T5830] bridge_slave_0: entered allmulticast mode [ 94.709338][ T5830] bridge_slave_0: entered promiscuous mode [ 94.750005][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.750134][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.752086][ T5827] bridge_slave_0: entered allmulticast mode [ 94.753758][ T5827] bridge_slave_0: entered promiscuous mode [ 94.770807][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.770932][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.771134][ T5830] bridge_slave_1: entered allmulticast mode [ 94.775486][ T5830] bridge_slave_1: entered promiscuous mode [ 94.821222][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.821346][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.821683][ T5827] bridge_slave_1: entered allmulticast mode [ 94.823609][ T5827] bridge_slave_1: entered promiscuous mode [ 94.872134][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.872271][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.872441][ T5828] bridge_slave_0: entered allmulticast mode [ 94.874312][ T5828] bridge_slave_0: entered promiscuous mode [ 94.944039][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.944175][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.944349][ T5828] bridge_slave_1: entered allmulticast mode [ 94.946390][ T5828] bridge_slave_1: entered promiscuous mode [ 95.002892][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.003235][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.003389][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.003581][ T5829] bridge_slave_0: entered allmulticast mode [ 95.005513][ T5829] bridge_slave_0: entered promiscuous mode [ 95.055491][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.055767][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.055922][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.056098][ T5831] bridge_slave_0: entered allmulticast mode [ 95.057948][ T5831] bridge_slave_0: entered promiscuous mode [ 95.061291][ T5837] Bluetooth: hci3: command tx timeout [ 95.117102][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.119018][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.119155][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.119323][ T5829] bridge_slave_1: entered allmulticast mode [ 95.128108][ T5829] bridge_slave_1: entered promiscuous mode [ 95.140010][ T5837] Bluetooth: hci1: command tx timeout [ 95.163911][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.219864][ T5837] Bluetooth: hci0: command tx timeout [ 95.299948][ T5837] Bluetooth: hci2: command tx timeout [ 95.300161][ T5837] Bluetooth: hci4: command tx timeout [ 95.321119][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.321269][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.322363][ T5831] bridge_slave_1: entered allmulticast mode [ 95.325114][ T5831] bridge_slave_1: entered promiscuous mode [ 95.378042][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.438958][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.483526][ T5830] team0: Port device team_slave_0 added [ 95.494400][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.525687][ T5827] team0: Port device team_slave_0 added [ 95.529256][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.536115][ T5830] team0: Port device team_slave_1 added [ 95.544255][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.574556][ T5827] team0: Port device team_slave_1 added [ 95.576838][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.612900][ T5828] team0: Port device team_slave_0 added [ 95.679545][ T5828] team0: Port device team_slave_1 added [ 95.709035][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.709049][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.709093][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.722488][ T5829] team0: Port device team_slave_0 added [ 95.749194][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.749212][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.749239][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.755491][ T5831] team0: Port device team_slave_0 added [ 95.756485][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.756498][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.756524][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.763345][ T5829] team0: Port device team_slave_1 added [ 95.785358][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.785375][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.785401][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.791040][ T5831] team0: Port device team_slave_1 added [ 95.828146][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.828166][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.828191][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.975217][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.975238][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.975266][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.000514][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.000532][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.000558][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.023784][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.023803][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.023829][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.049374][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.049391][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.049417][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.077364][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.077380][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.077405][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.174239][ T5830] hsr_slave_0: entered promiscuous mode [ 96.175861][ T5830] hsr_slave_1: entered promiscuous mode [ 96.217124][ T5827] hsr_slave_0: entered promiscuous mode [ 96.217976][ T5827] hsr_slave_1: entered promiscuous mode [ 96.218810][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 96.218889][ T5827] Cannot create hsr debugfs directory [ 96.570788][ T5828] hsr_slave_0: entered promiscuous mode [ 96.571703][ T5828] hsr_slave_1: entered promiscuous mode [ 96.572304][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 96.572323][ T5828] Cannot create hsr debugfs directory [ 96.688267][ T5829] hsr_slave_0: entered promiscuous mode [ 96.689096][ T5829] hsr_slave_1: entered promiscuous mode [ 96.694398][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 96.694427][ T5829] Cannot create hsr debugfs directory [ 96.717139][ T5831] hsr_slave_0: entered promiscuous mode [ 96.718016][ T5831] hsr_slave_1: entered promiscuous mode [ 96.718582][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 96.718599][ T5831] Cannot create hsr debugfs directory [ 97.141794][ T5845] Bluetooth: hci3: command tx timeout [ 97.220758][ T5845] Bluetooth: hci1: command tx timeout [ 97.300584][ T5845] Bluetooth: hci0: command tx timeout [ 97.379932][ T5845] Bluetooth: hci2: command tx timeout [ 97.379970][ T5845] Bluetooth: hci4: command tx timeout [ 97.636565][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.682821][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 97.686237][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.712297][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 97.715042][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.747954][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 97.767682][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.804861][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 97.891723][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.925598][ T5828] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 97.939242][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.976093][ T5828] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 97.978119][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.004963][ T5828] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.027603][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.053685][ T5828] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.204577][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.234284][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.246539][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.285089][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.307525][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.343638][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.375659][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.403304][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.572296][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.603673][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.623969][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.663110][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.678206][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.723126][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.768161][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.804210][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.939520][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.987029][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 99.026355][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.035870][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 99.073131][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.078108][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 99.103156][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.113651][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 99.154088][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.196264][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.219787][ T5837] Bluetooth: hci3: command tx timeout [ 99.242982][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.261808][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.262575][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.300018][ T5837] Bluetooth: hci1: command tx timeout [ 99.324971][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.325080][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.389984][ T5837] Bluetooth: hci0: command tx timeout [ 99.431733][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.462204][ T5837] Bluetooth: hci4: command tx timeout [ 99.462241][ T5837] Bluetooth: hci2: command tx timeout [ 99.476777][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.498832][ T3041] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.498977][ T3041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.544540][ T3041] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.544734][ T3041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.637348][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.694410][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.694516][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.699243][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.792536][ T1509] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.792764][ T1509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.943814][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.016316][ T3046] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.016582][ T3046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.097593][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.097743][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.123428][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.269548][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.346773][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.394982][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.395227][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.484274][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.484459][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.630496][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.821591][ T5830] veth0_vlan: entered promiscuous mode [ 100.876990][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.895665][ T5830] veth1_vlan: entered promiscuous mode [ 101.060946][ T5828] veth0_vlan: entered promiscuous mode [ 101.104449][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.154675][ T5828] veth1_vlan: entered promiscuous mode [ 101.195560][ T5830] veth0_macvtap: entered promiscuous mode [ 101.231518][ T5830] veth1_macvtap: entered promiscuous mode [ 101.279089][ T5827] veth0_vlan: entered promiscuous mode [ 101.301872][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.313708][ T5845] Bluetooth: hci3: command tx timeout [ 101.367606][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.379513][ T5827] veth1_vlan: entered promiscuous mode [ 101.379887][ T5845] Bluetooth: hci1: command tx timeout [ 101.403804][ T5828] veth0_macvtap: entered promiscuous mode [ 101.441620][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.466835][ T5828] veth1_macvtap: entered promiscuous mode [ 101.469938][ T5845] Bluetooth: hci0: command tx timeout [ 101.487886][ T5829] veth0_vlan: entered promiscuous mode [ 101.517336][ T83] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.536368][ T83] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.539859][ T5845] Bluetooth: hci2: command tx timeout [ 101.539895][ T5845] Bluetooth: hci4: command tx timeout [ 101.568617][ T83] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.588621][ T83] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.607933][ T5829] veth1_vlan: entered promiscuous mode [ 101.702465][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.794063][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.933895][ T5827] veth0_macvtap: entered promiscuous mode [ 101.948471][ T3046] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.972897][ T1062] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.982211][ T1062] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.010531][ T1062] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.011113][ T5827] veth1_macvtap: entered promiscuous mode [ 102.239211][ T5829] veth0_macvtap: entered promiscuous mode [ 102.287892][ T1509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.287915][ T1509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.349384][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.355620][ T5829] veth1_macvtap: entered promiscuous mode [ 102.427276][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.503197][ T83] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.540810][ T83] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.545156][ T5831] veth0_vlan: entered promiscuous mode [ 102.549730][ T83] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.549813][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.549831][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.554820][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.562486][ T83] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.614221][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.792011][ T5831] veth1_vlan: entered promiscuous mode [ 102.869437][ T3046] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.935991][ T3046] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.945752][ T3041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.945777][ T3041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.032222][ T3046] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.063472][ T3046] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.428490][ T3041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.428513][ T3041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.869866][ T3070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.869891][ T3070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.904855][ T5831] veth0_macvtap: entered promiscuous mode [ 103.921295][ T5831] veth1_macvtap: entered promiscuous mode [ 104.046060][ T3070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.046086][ T3070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.193772][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.258881][ T5950] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.298797][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.325318][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.325342][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.521309][ T5951] netlink: 'syz.3.4': attribute type 61 has an invalid length. [ 104.522085][ T1568] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.559331][ T1568] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.576843][ T1568] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.577849][ T5950] sctp: [Deprecated]: syz.3.4 (pid 5950) Use of int in max_burst socket option. [ 104.577849][ T5950] Use struct sctp_assoc_value instead [ 104.672981][ T5953] FAULT_INJECTION: forcing a failure. [ 104.672981][ T5953] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 104.673017][ T5953] CPU: 1 UID: 0 PID: 5953 Comm: syz.0.6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 104.673039][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 104.673050][ T5953] Call Trace: [ 104.673059][ T5953] [ 104.673068][ T5953] dump_stack_lvl+0xe8/0x150 [ 104.673103][ T5953] should_fail_ex+0x46b/0x600 [ 104.673140][ T5953] _copy_to_user+0x31/0xb0 [ 104.673166][ T5953] simple_read_from_buffer+0xe1/0x170 [ 104.673194][ T5953] proc_fail_nth_read+0x1be/0x230 [ 104.673222][ T5953] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.673253][ T5953] ? rw_verify_area+0x2ac/0x4e0 [ 104.673278][ T5953] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.673303][ T5953] vfs_read+0x212/0xa80 [ 104.673338][ T5953] ? __pfx_vfs_read+0x10/0x10 [ 104.673366][ T5953] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 104.673392][ T5953] ? lockdep_hardirqs_on+0x7a/0x110 [ 104.673413][ T5953] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 104.673434][ T5953] ? mutex_lock_nested+0x152/0x1d0 [ 104.673461][ T5953] ? fdget_pos+0x252/0x320 [ 104.673492][ T5953] ksys_read+0x156/0x270 [ 104.673520][ T5953] ? __pfx_ksys_read+0x10/0x10 [ 104.673554][ T5953] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.673574][ T5953] do_syscall_64+0x15f/0xf80 [ 104.673596][ T5953] ? trace_irq_disable+0x3b/0x140 [ 104.673614][ T5953] ? clear_bhb_loop+0x40/0x90 [ 104.673636][ T5953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.673656][ T5953] RIP: 0033:0x7f4b3ee5d04e [ 104.673674][ T5953] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 104.673689][ T5953] RSP: 002b:00007f4b3d0edfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 104.673709][ T5953] RAX: ffffffffffffffda RBX: 00007f4b3d0ee6c0 RCX: 00007f4b3ee5d04e [ 104.673721][ T5953] RDX: 000000000000000f RSI: 00007f4b3d0ee0a0 RDI: 0000000000000004 [ 104.673733][ T5953] RBP: 00007f4b3d0ee090 R08: 0000000000000000 R09: 0000000000000000 [ 104.673745][ T5953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.673755][ T5953] R13: 00007f4b3f116038 R14: 00007f4b3f115fa0 R15: 00007ffc0ccf3fc8 [ 104.673785][ T5953] [ 104.712683][ T1568] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.718710][ T3041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.718736][ T3041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.110678][ T48] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.735640][ T48] usb 1-1: Using ep0 maxpacket: 16 [ 107.372700][ T48] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 107.372735][ T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.372756][ T48] usb 1-1: Product: syz [ 107.372772][ T48] usb 1-1: Manufacturer: syz [ 107.372787][ T48] usb 1-1: SerialNumber: syz [ 107.473832][ T3040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.473853][ T3040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.556332][ T48] usb 1-1: config 0 descriptor?? [ 107.641138][ T48] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 108.564734][ T48] ssu100 1-1:0.0: probe with driver ssu100 failed with error -110 [ 108.744729][ T48] usb 1-1: USB disconnect, device number 2 [ 108.952090][ T379] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.952124][ T379] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.268420][ T36] audit: type=1326 audit(1776587209.628:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5987 comm="syz.3.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5baba1c819 code=0x7ffc0000 [ 109.641700][ T5998] netlink: 40 bytes leftover after parsing attributes in process `syz.2.14'. [ 109.660593][ T5919] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 109.982426][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x64, changing to 0x4 [ 109.982463][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 109.982492][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 109.982520][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 110.077779][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 110.099094][ T5919] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 110.099128][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.099148][ T5919] usb 2-1: Product: syz [ 110.099163][ T5919] usb 2-1: Manufacturer: syz [ 110.099179][ T5919] usb 2-1: SerialNumber: syz [ 110.167483][ T6006] netlink: 'syz.2.17': attribute type 10 has an invalid length. [ 110.290003][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 110.306277][ T10] usb 1-1: config index 0 descriptor too short (expected 51443, got 18) [ 110.350065][ T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 110.350100][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.350121][ T10] usb 1-1: Product: syz [ 110.350135][ T10] usb 1-1: Manufacturer: syz [ 110.350150][ T10] usb 1-1: SerialNumber: syz [ 110.351387][ T6006] syz_tun: entered promiscuous mode [ 110.495415][ T5919] usb 2-1: config 0 descriptor?? [ 110.510078][ T5836] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 110.559169][ T6006] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 110.606335][ T6006] netlink: 'syz.2.17': attribute type 1 has an invalid length. [ 110.633513][ T6006] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17'. [ 110.633531][ T6006] netlink: 24 bytes leftover after parsing attributes in process `syz.2.17'. [ 110.636467][ T5919] usb 2-1: ucan: probing device on interface #0 [ 110.636487][ T5919] usb 2-1: ucan: invalid endpoint configuration [ 110.636495][ T5919] usb 2-1: ucan: probe failed; try to update the device firmware [ 110.673324][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 110.673354][ T10] r8152-cfgselector 1-1: config 0 descriptor?? [ 110.679746][ T5836] usb 5-1: device descriptor read/64, error -71 [ 110.693645][ T6011] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.18'. [ 110.746530][ T5994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.761429][ T5994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.949736][ T5836] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 111.085639][ T5836] usb 5-1: device descriptor read/64, error -71 [ 111.095991][ T5919] usb 2-1: USB disconnect, device number 2 [ 111.131233][ C0] raw-gadget.1 gadget.0: ignoring, device is not running [ 111.136763][ C0] raw-gadget.1 gadget.0: ignoring, device is not running [ 111.137086][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 111.138132][ T10] r8152-cfgselector 1-1: No union descriptors [ 111.190296][ T5836] usb usb5-port1: attempt power cycle [ 111.383404][ T10] r8152-cfgselector 1-1: USB disconnect, device number 3 [ 111.384442][ T6019] FAULT_INJECTION: forcing a failure. [ 111.384442][ T6019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.384476][ T6019] CPU: 1 UID: 0 PID: 6019 Comm: syz.3.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 111.384498][ T6019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 111.384508][ T6019] Call Trace: [ 111.384516][ T6019] [ 111.384524][ T6019] dump_stack_lvl+0xe8/0x150 [ 111.384558][ T6019] should_fail_ex+0x46b/0x600 [ 111.384582][ T6019] _copy_to_user+0x31/0xb0 [ 111.384607][ T6019] simple_read_from_buffer+0xe1/0x170 [ 111.384634][ T6019] proc_fail_nth_read+0x1be/0x230 [ 111.384661][ T6019] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.384687][ T6019] ? rw_verify_area+0x2ac/0x4e0 [ 111.384712][ T6019] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.384736][ T6019] vfs_read+0x212/0xa80 [ 111.384770][ T6019] ? __pfx_vfs_read+0x10/0x10 [ 111.384799][ T6019] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 111.384823][ T6019] ? lockdep_hardirqs_on+0x7a/0x110 [ 111.384844][ T6019] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 111.384869][ T6019] ? mutex_lock_nested+0x152/0x1d0 [ 111.384899][ T6019] ? fdget_pos+0x252/0x320 [ 111.384932][ T6019] ksys_read+0x156/0x270 [ 111.384990][ T6019] ? __pfx_ksys_read+0x10/0x10 [ 111.385028][ T6019] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.385053][ T6019] do_syscall_64+0x15f/0xf80 [ 111.385080][ T6019] ? trace_irq_disable+0x3b/0x140 [ 111.385102][ T6019] ? clear_bhb_loop+0x40/0x90 [ 111.385129][ T6019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.385152][ T6019] RIP: 0033:0x7f5bab9dd04e [ 111.385176][ T6019] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 111.385194][ T6019] RSP: 002b:00007f5ba9c4cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 111.385218][ T6019] RAX: ffffffffffffffda RBX: 00007f5ba9c4d6c0 RCX: 00007f5bab9dd04e [ 111.385235][ T6019] RDX: 000000000000000f RSI: 00007f5ba9c4d0a0 RDI: 0000000000000004 [ 111.385248][ T6019] RBP: 00007f5ba9c4d090 R08: 0000000000000000 R09: 0000000000000000 [ 111.385262][ T6019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.385275][ T6019] R13: 00007f5babc96128 R14: 00007f5babc96090 R15: 00007ffcfa4adb88 [ 111.385310][ T6019] [ 111.629758][ T5836] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 111.660455][ T5836] usb 5-1: device descriptor read/8, error -71 [ 111.911451][ T5836] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 111.934238][ T5836] usb 5-1: device descriptor read/8, error -71 [ 112.045202][ T5836] usb usb5-port1: unable to enumerate USB device [ 113.914228][ T6027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23'. [ 113.993980][ T6027] bridge1: entered promiscuous mode [ 114.161062][ T6027] process 'syz.0.23' launched './file0' with NULL argv: empty string added [ 116.369805][ T5832] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 116.391697][ T6002] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.591217][ T6002] usb 3-1: Using ep0 maxpacket: 16 [ 116.595131][ T6002] usb 3-1: config 0 has no interfaces? [ 116.596643][ T6002] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 116.596671][ T6002] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 116.596692][ T6002] usb 3-1: Manufacturer: syz [ 116.610882][ T5832] usb 5-1: Using ep0 maxpacket: 32 [ 116.615574][ T5832] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 116.615607][ T5832] usb 5-1: config 0 has no interface number 0 [ 116.615659][ T5832] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 116.642315][ T6002] usb 3-1: config 0 descriptor?? [ 116.680806][ T5832] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 116.680842][ T5832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.680863][ T5832] usb 5-1: Product: syz [ 116.680877][ T5832] usb 5-1: Manufacturer: syz [ 116.680892][ T5832] usb 5-1: SerialNumber: syz [ 116.787552][ T5832] usb 5-1: config 0 descriptor?? [ 116.790787][ T6043] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 117.076981][ T6052] netlink: 'syz.1.29': attribute type 2 has an invalid length. [ 117.205133][ T6043] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 117.420892][ T6056] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.30'. [ 117.824408][ T6058] Zero length message leads to an empty skb [ 117.880404][ T5832] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 117.880735][ T5832] asix 5-1:0.188: probe with driver asix failed with error -61 [ 118.225997][ T6065] program syz.3.34 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 118.247369][ T6066] netlink: 52 bytes leftover after parsing attributes in process `syz.1.33'. [ 118.369444][ T5836] usb 3-1: USB disconnect, device number 2 [ 118.531943][ T5832] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 118.787496][ T5832] usb 4-1: device descriptor read/64, error -71 [ 118.899826][ T6072] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 119.724211][ T5832] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 119.746482][ T6014] usb 5-1: USB disconnect, device number 6 [ 119.879796][ T5832] usb 4-1: device descriptor read/64, error -71 [ 119.967991][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.4.38'. [ 120.153000][ T5832] usb usb4-port1: attempt power cycle [ 121.059923][ T5832] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 121.080657][ T5832] usb 4-1: device descriptor read/8, error -71 [ 121.259789][ T6014] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 121.359939][ T5832] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 121.421871][ T6014] usb 5-1: Using ep0 maxpacket: 8 [ 121.444948][ T6014] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 121.444980][ T6014] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 121.445005][ T6014] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 60960, setting to 1024 [ 121.445031][ T6014] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 121.445054][ T6014] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.445196][ T6014] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 121.445219][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.573235][ T5832] usb 4-1: device not accepting address 5, error -71 [ 121.573571][ T5832] usb usb4-port1: unable to enumerate USB device [ 121.703602][ T813] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 121.904933][ T6091] FAULT_INJECTION: forcing a failure. [ 121.904933][ T6091] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 121.904970][ T6091] CPU: 1 UID: 0 PID: 6091 Comm: syz.3.42 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 121.904999][ T6091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 121.905011][ T6091] Call Trace: [ 121.905019][ T6091] [ 121.905028][ T6091] dump_stack_lvl+0xe8/0x150 [ 121.905067][ T6091] should_fail_ex+0x46b/0x600 [ 121.905095][ T6091] strncpy_from_user+0x36/0x2b0 [ 121.905121][ T6091] do_getname+0x77/0x250 [ 121.905149][ T6091] user_path_at+0x2a/0x160 [ 121.905179][ T6091] __se_sys_mount+0x2dc/0x420 [ 121.905211][ T6091] ? __pfx___se_sys_mount+0x10/0x10 [ 121.905242][ T6091] ? __x64_sys_mount+0x20/0xc0 [ 121.905266][ T6091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.905287][ T6091] do_syscall_64+0x15f/0xf80 [ 121.905320][ T6091] ? trace_irq_disable+0x3b/0x140 [ 121.905342][ T6091] ? clear_bhb_loop+0x40/0x90 [ 121.905367][ T6091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.905386][ T6091] RIP: 0033:0x7f5baba1c819 [ 121.905407][ T6091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 121.905424][ T6091] RSP: 002b:00007f5ba9c6e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 121.905447][ T6091] RAX: ffffffffffffffda RBX: 00007f5babc95fa0 RCX: 00007f5baba1c819 [ 121.905462][ T6091] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000200000000180 [ 121.905475][ T6091] RBP: 00007f5ba9c6e090 R08: 0000000000000000 R09: 0000000000000000 [ 121.905488][ T6091] R10: 000000000018d883 R11: 0000000000000246 R12: 0000000000000001 [ 121.905501][ T6091] R13: 00007f5babc96038 R14: 00007f5babc95fa0 R15: 00007ffcfa4adb88 [ 121.905533][ T6091] [ 122.039886][ T6014] usb 5-1: GET_CAPABILITIES returned 0 [ 122.039938][ T6014] usbtmc 5-1:16.0: can't read capabilities [ 122.290261][ T813] usb 2-1: device descriptor read/64, error -71 [ 122.562602][ T6014] usb 5-1: USB disconnect, device number 7 [ 122.600665][ T5965] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 122.600833][ T813] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 122.741407][ T813] usb 2-1: device descriptor read/64, error -71 [ 122.762750][ T5965] usb 3-1: Using ep0 maxpacket: 16 [ 122.767780][ T5965] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 122.767814][ T5965] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 122.767834][ T5965] usb 3-1: config 0 has no interface number 0 [ 122.831736][ T5965] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 122.831772][ T5965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.831794][ T5965] usb 3-1: Product: syz [ 122.831810][ T5965] usb 3-1: Manufacturer: syz [ 122.831826][ T5965] usb 3-1: SerialNumber: syz [ 122.873920][ T813] usb usb2-port1: attempt power cycle [ 122.961055][ T5965] usb 3-1: config 0 descriptor?? [ 123.014265][ T5965] uvcvideo 3-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 123.014302][ T5965] uvcvideo 3-1:0.105: No valid video chain found. [ 123.193923][ T5965] usb 3-1: USB disconnect, device number 3 [ 123.282752][ T813] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 123.302465][ T813] usb 2-1: device descriptor read/8, error -71 [ 123.520988][ T6111] FAULT_INJECTION: forcing a failure. [ 123.520988][ T6111] name failslab, interval 1, probability 0, space 0, times 1 [ 123.521029][ T6111] CPU: 1 UID: 0 PID: 6111 Comm: syz.0.50 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 123.521053][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 123.521066][ T6111] Call Trace: [ 123.521075][ T6111] [ 123.521084][ T6111] dump_stack_lvl+0xe8/0x150 [ 123.521127][ T6111] should_fail_ex+0x46b/0x600 [ 123.521157][ T6111] should_failslab+0xa8/0x100 [ 123.521182][ T6111] kmem_cache_alloc_noprof+0x87/0x680 [ 123.521215][ T6111] ? skb_clone+0x212/0x3a0 [ 123.521246][ T6111] skb_clone+0x212/0x3a0 [ 123.521268][ T6111] ? nfnetlink_rcv+0x4b0/0x27b0 [ 123.521315][ T6111] nfnetlink_rcv+0x4e2/0x27b0 [ 123.521349][ T6111] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 123.521382][ T6111] ? lockdep_hardirqs_on+0x7a/0x110 [ 123.521416][ T6111] ? __dev_queue_xmit+0x1eaf/0x3900 [ 123.521441][ T6111] ? __netlink_deliver_tap+0x404/0x850 [ 123.521474][ T6111] ? netlink_unicast+0x754/0x920 [ 123.521512][ T6111] ? __dev_queue_xmit+0x2b3/0x3900 [ 123.521543][ T6111] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 123.521591][ T6111] ? ref_tracker_free+0x673/0x820 [ 123.521619][ T6111] ? __pfx_ref_tracker_free+0x10/0x10 [ 123.521643][ T6111] ? __asan_memcpy+0x40/0x70 [ 123.521669][ T6111] ? __skb_clone+0x63/0x7a0 [ 123.521695][ T6111] ? __skb_clone+0x483/0x7a0 [ 123.521724][ T6111] ? skb_clone+0x246/0x3a0 [ 123.521757][ T6111] ? __netlink_deliver_tap+0x807/0x850 [ 123.521791][ T6111] ? netlink_deliver_tap+0x2e/0x1b0 [ 123.521831][ T6111] ? netlink_deliver_tap+0x2e/0x1b0 [ 123.521863][ T6111] ? netlink_deliver_tap+0x2e/0x1b0 [ 123.521902][ T6111] netlink_unicast+0x780/0x920 [ 123.521944][ T6111] netlink_sendmsg+0x813/0xb40 [ 123.521975][ T6111] ? __pfx_netlink_sendmsg+0x10/0x10 [ 123.521998][ T6111] ? unwind_get_return_address+0x4d/0x90 [ 123.522029][ T6111] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 123.522064][ T6111] ____sys_sendmsg+0x94c/0x9c0 [ 123.522092][ T6111] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.522122][ T6111] ? import_iovec+0x73/0xa0 [ 123.522152][ T6111] ___sys_sendmsg+0x2a5/0x360 [ 123.522175][ T6111] ? __lock_acquire+0x6b5/0x2cf0 [ 123.522205][ T6111] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.522265][ T6111] ? __fget_files+0x2a/0x420 [ 123.522301][ T6111] ? __fget_files+0x3a6/0x420 [ 123.522338][ T6111] __x64_sys_sendmsg+0x1c3/0x2a0 [ 123.522366][ T6111] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 123.522400][ T6111] ? __pfx_ksys_write+0x10/0x10 [ 123.522441][ T6111] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.522466][ T6111] do_syscall_64+0x15f/0xf80 [ 123.522492][ T6111] ? trace_irq_disable+0x3b/0x140 [ 123.522515][ T6111] ? clear_bhb_loop+0x40/0x90 [ 123.522541][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.522563][ T6111] RIP: 0033:0x7f4b3ee9c819 [ 123.522584][ T6111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 123.522602][ T6111] RSP: 002b:00007f4b3d0ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.522627][ T6111] RAX: ffffffffffffffda RBX: 00007f4b3f115fa0 RCX: 00007f4b3ee9c819 [ 123.522643][ T6111] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 123.522657][ T6111] RBP: 00007f4b3d0ee090 R08: 0000000000000000 R09: 0000000000000000 [ 123.522671][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.522684][ T6111] R13: 00007f4b3f116038 R14: 00007f4b3f115fa0 R15: 00007ffc0ccf3fc8 [ 123.522716][ T6111] [ 123.552401][ T813] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 123.595539][ T813] usb 2-1: device descriptor read/8, error -71 [ 123.620250][ T5919] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 123.800908][ T5919] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 123.800940][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.820521][ T5919] usb 5-1: config 0 descriptor?? [ 123.859898][ T813] usb usb2-port1: unable to enumerate USB device [ 123.906873][ T5836] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 124.139923][ T5836] usb 4-1: Using ep0 maxpacket: 16 [ 124.159727][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 124.182449][ T5836] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 124.182484][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.182506][ T5836] usb 4-1: Product: syz [ 124.182522][ T5836] usb 4-1: Manufacturer: syz [ 124.182535][ T5836] usb 4-1: SerialNumber: syz [ 124.231622][ T5836] usb 4-1: config 0 descriptor?? [ 124.307428][ T5836] hub 4-1:0.0: bad descriptor, ignoring hub [ 124.307474][ T5836] hub 4-1:0.0: probe with driver hub failed with error -5 [ 124.376231][ T5836] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 124.524368][ T6109] ======================================================= [ 124.524368][ T6109] WARNING: The mand mount option has been deprecated and [ 124.524368][ T6109] and is ignored by this kernel. Remove the mand [ 124.524368][ T6109] option from the mount to silence this warning. [ 124.524368][ T6109] ======================================================= [ 124.873036][ T5919] usb 5-1: Cannot read MAC address [ 124.873328][ T5919] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 124.912625][ T5919] usb 5-1: USB disconnect, device number 8 [ 124.976870][ T6128] netlink: 20 bytes leftover after parsing attributes in process `syz.1.53'. [ 124.978511][ T6128] netlink: 20 bytes leftover after parsing attributes in process `syz.1.53'. [ 124.978533][ T6128] FAULT_INJECTION: forcing a failure. [ 124.978533][ T6128] name failslab, interval 1, probability 0, space 0, times 0 [ 124.978561][ T6128] CPU: 1 UID: 0 PID: 6128 Comm: syz.1.53 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.978585][ T6128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 124.978599][ T6128] Call Trace: [ 124.978607][ T6128] [ 124.978616][ T6128] dump_stack_lvl+0xe8/0x150 [ 124.978655][ T6128] should_fail_ex+0x46b/0x600 [ 124.978686][ T6128] should_failslab+0xa8/0x100 [ 124.978711][ T6128] __kmalloc_noprof+0xdf/0x7b0 [ 124.978752][ T6128] ? fib6_info_alloc+0x30/0xf0 [ 124.978789][ T6128] fib6_info_alloc+0x30/0xf0 [ 124.978822][ T6128] ip6_route_info_create+0x142/0x860 [ 124.978853][ T6128] ip6_route_add+0x49/0x1d0 [ 124.978877][ T6128] inet6_rtm_newroute+0x265/0x18d0 [ 124.978914][ T6128] ? kasan_quarantine_put+0xbb/0x1f0 [ 124.978943][ T6128] ? lockdep_hardirqs_on+0x7a/0x110 [ 124.978979][ T6128] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 124.979008][ T6128] ? nlmon_xmit+0xb0/0x100 [ 124.979043][ T6128] ? __lock_acquire+0x6b5/0x2cf0 [ 124.979071][ T6128] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 124.979102][ T6128] ? lockdep_hardirqs_on+0x7a/0x110 [ 124.979128][ T6128] ? __dev_queue_xmit+0x2b3/0x3900 [ 124.979183][ T6128] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 124.979212][ T6128] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 124.979257][ T6128] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 124.979286][ T6128] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 124.979315][ T6128] ? ref_tracker_free+0x673/0x820 [ 124.979344][ T6128] ? __pfx_ref_tracker_free+0x10/0x10 [ 124.979366][ T6128] ? __asan_memcpy+0x40/0x70 [ 124.979389][ T6128] ? __skb_clone+0x63/0x7a0 [ 124.979420][ T6128] netlink_rcv_skb+0x232/0x4b0 [ 124.979455][ T6128] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 124.979487][ T6128] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 124.979530][ T6128] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.979563][ T6128] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.979598][ T6128] netlink_unicast+0x780/0x920 [ 124.979636][ T6128] netlink_sendmsg+0x813/0xb40 [ 124.979665][ T6128] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.979692][ T6128] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 124.979727][ T6128] ____sys_sendmsg+0x94c/0x9c0 [ 124.979755][ T6128] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.979789][ T6128] ? import_iovec+0x73/0xa0 [ 124.979842][ T6128] ___sys_sendmsg+0x2a5/0x360 [ 124.979863][ T6128] ? __lock_acquire+0x6b5/0x2cf0 [ 124.979887][ T6128] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.979912][ T6128] ? kstrtouint+0x6e/0xe0 [ 124.979964][ T6128] ? __fget_files+0x2a/0x420 [ 124.979986][ T6128] ? __fget_files+0x3a6/0x420 [ 124.980018][ T6128] __sys_sendmmsg+0x282/0x4e0 [ 124.980044][ T6128] ? __pfx___sys_sendmmsg+0x10/0x10 [ 124.980071][ T6128] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 124.980102][ T6128] ? ksys_write+0x248/0x270 [ 124.980132][ T6128] ? __pfx_ksys_write+0x10/0x10 [ 124.980164][ T6128] __x64_sys_sendmmsg+0xa0/0xc0 [ 124.980183][ T6128] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.980202][ T6128] do_syscall_64+0x15f/0xf80 [ 124.980233][ T6128] ? clear_bhb_loop+0x40/0x90 [ 124.980255][ T6128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.980272][ T6128] RIP: 0033:0x7f64dc7cc819 [ 124.980293][ T6128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 124.980308][ T6128] RSP: 002b:00007f64da9fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 124.980328][ T6128] RAX: ffffffffffffffda RBX: 00007f64dca46090 RCX: 00007f64dc7cc819 [ 124.980342][ T6128] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000009 [ 124.980354][ T6128] RBP: 00007f64da9fd090 R08: 0000000000000000 R09: 0000000000000000 [ 124.980365][ T6128] R10: 000000000000fff0 R11: 0000000000000246 R12: 0000000000000001 [ 124.980375][ T6128] R13: 00007f64dca46128 R14: 00007f64dca46090 R15: 00007ffd434317b8 [ 124.980405][ T6128] [ 125.363338][ T6131] UHID_CREATE from different security context by process 42 (syz.0.54), this is not allowed. [ 125.653182][ T5836] input: failed to attach handler mousedev to device input5, error: -5 [ 126.654165][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654211][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654236][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654261][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654286][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654310][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654336][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654361][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654385][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 126.654409][ T6014] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 127.184039][ T10] usb 4-1: USB disconnect, device number 6 [ 127.331584][ T6014] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.03 Device [syz1] on syz1 [ 127.673678][ T6153] syz.4.59 (6153): /proc/6150/oom_adj is deprecated, please use /proc/6150/oom_score_adj instead. [ 127.880970][ T6147] fido_id[6147]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 128.114127][ T6167] FAULT_INJECTION: forcing a failure. [ 128.114127][ T6167] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.114166][ T6167] CPU: 1 UID: 0 PID: 6167 Comm: syz.2.62 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 128.114192][ T6167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 128.114204][ T6167] Call Trace: [ 128.114213][ T6167] [ 128.114222][ T6167] dump_stack_lvl+0xe8/0x150 [ 128.114263][ T6167] should_fail_ex+0x46b/0x600 [ 128.114293][ T6167] _copy_from_user+0x2d/0xb0 [ 128.114320][ T6167] ___sys_sendmsg+0x1c6/0x360 [ 128.114343][ T6167] ? __lock_acquire+0x6b5/0x2cf0 [ 128.114372][ T6167] ? __pfx____sys_sendmsg+0x10/0x10 [ 128.114431][ T6167] ? __fget_files+0x2a/0x420 [ 128.114458][ T6167] ? __fget_files+0x3a6/0x420 [ 128.114496][ T6167] __x64_sys_sendmsg+0x1c3/0x2a0 [ 128.114530][ T6167] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 128.114563][ T6167] ? __pfx_ksys_write+0x10/0x10 [ 128.114605][ T6167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.114629][ T6167] do_syscall_64+0x15f/0xf80 [ 128.114656][ T6167] ? trace_irq_disable+0x3b/0x140 [ 128.114679][ T6167] ? clear_bhb_loop+0x40/0x90 [ 128.114706][ T6167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.114727][ T6167] RIP: 0033:0x7fe70860c819 [ 128.114747][ T6167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.114766][ T6167] RSP: 002b:00007fe706866028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 128.114791][ T6167] RAX: ffffffffffffffda RBX: 00007fe708885fa0 RCX: 00007fe70860c819 [ 128.114807][ T6167] RDX: 0000000000000000 RSI: 0000200000000ac0 RDI: 0000000000000004 [ 128.114820][ T6167] RBP: 00007fe706866090 R08: 0000000000000000 R09: 0000000000000000 [ 128.114832][ T6167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.114845][ T6167] R13: 00007fe708886038 R14: 00007fe708885fa0 R15: 00007ffdb310c998 [ 128.114879][ T6167] [ 128.556084][ T6172] sctp: [Deprecated]: syz.3.64 (pid 6172) Use of int in maxseg socket option. [ 128.556084][ T6172] Use struct sctp_assoc_value instead [ 130.385838][ T6185] ieee802154 phy0 wpan0: encryption failed: -22 [ 130.551896][ T6195] FAULT_INJECTION: forcing a failure. [ 130.551896][ T6195] name failslab, interval 1, probability 0, space 0, times 0 [ 130.551934][ T6195] CPU: 1 UID: 0 PID: 6195 Comm: syz.3.71 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 130.551959][ T6195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 130.551971][ T6195] Call Trace: [ 130.551979][ T6195] [ 130.551987][ T6195] dump_stack_lvl+0xe8/0x150 [ 130.552027][ T6195] should_fail_ex+0x46b/0x600 [ 130.552057][ T6195] should_failslab+0xa8/0x100 [ 130.552081][ T6195] kmem_cache_alloc_noprof+0x87/0x680 [ 130.552113][ T6195] ? __netlink_lookup+0xc6/0x8b0 [ 130.552135][ T6195] ? skb_clone+0x212/0x3a0 [ 130.552165][ T6195] skb_clone+0x212/0x3a0 [ 130.552199][ T6195] __netlink_deliver_tap+0x404/0x850 [ 130.552288][ T6195] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.552322][ T6195] netlink_deliver_tap+0x19c/0x1b0 [ 130.552355][ T6195] netlink_unicast+0x754/0x920 [ 130.552397][ T6195] netlink_sendmsg+0x813/0xb40 [ 130.552427][ T6195] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.552451][ T6195] ? unwind_get_return_address+0x4d/0x90 [ 130.552479][ T6195] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 130.552514][ T6195] ____sys_sendmsg+0x94c/0x9c0 [ 130.552544][ T6195] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.552577][ T6195] ? import_iovec+0x73/0xa0 [ 130.552609][ T6195] ___sys_sendmsg+0x2a5/0x360 [ 130.552632][ T6195] ? __lock_acquire+0x6b5/0x2cf0 [ 130.552662][ T6195] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.552724][ T6195] ? __fget_files+0x2a/0x420 [ 130.552751][ T6195] ? __fget_files+0x3a6/0x420 [ 130.552789][ T6195] __x64_sys_sendmsg+0x1c3/0x2a0 [ 130.552815][ T6195] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 130.552848][ T6195] ? __pfx_ksys_write+0x10/0x10 [ 130.552890][ T6195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.552914][ T6195] do_syscall_64+0x15f/0xf80 [ 130.552941][ T6195] ? trace_irq_disable+0x3b/0x140 [ 130.552962][ T6195] ? clear_bhb_loop+0x40/0x90 [ 130.552990][ T6195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.553011][ T6195] RIP: 0033:0x7f5baba1c819 [ 130.553033][ T6195] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 130.553051][ T6195] RSP: 002b:00007f5ba9c6e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.553075][ T6195] RAX: ffffffffffffffda RBX: 00007f5babc95fa0 RCX: 00007f5baba1c819 [ 130.553091][ T6195] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 130.553105][ T6195] RBP: 00007f5ba9c6e090 R08: 0000000000000000 R09: 0000000000000000 [ 130.553119][ T6195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.553131][ T6195] R13: 00007f5babc96038 R14: 00007f5babc95fa0 R15: 00007ffcfa4adb88 [ 130.553163][ T6195] [ 130.555472][ T6195] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.71'. [ 130.669297][ T6199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.70'. [ 130.698358][ T6199] netlink: 12 bytes leftover after parsing attributes in process `syz.1.70'. [ 131.845530][ T6193] netlink: 4 bytes leftover after parsing attributes in process `syz.2.72'. [ 132.065406][ T6200] sctp: [Deprecated]: syz.2.72 (pid 6200) Use of struct sctp_assoc_value in delayed_ack socket option. [ 132.065406][ T6200] Use struct sctp_sack_info instead [ 132.123009][ T813] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 132.293389][ T813] usb 5-1: config 156 has an invalid interface number: 38 but max is 0 [ 132.293423][ T813] usb 5-1: config 156 has no interface number 0 [ 132.293457][ T813] usb 5-1: config 156 interface 38 has no altsetting 0 [ 132.324702][ T813] usb 5-1: language id specifier not provided by device, defaulting to English [ 132.329048][ T813] usb 5-1: New USB device found, idVendor=19d2, idProduct=0057, bcdDevice=c6.f9 [ 132.329082][ T813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.329104][ T813] usb 5-1: Product: syz [ 132.329120][ T813] usb 5-1: Manufacturer: syz [ 132.329136][ T813] usb 5-1: SerialNumber: syz [ 132.701141][ T6213] netlink: 'syz.1.77': attribute type 2 has an invalid length. [ 133.113405][ T6226] IPVS: set_ctl: invalid protocol: 12 224.0.0.1:20000 [ 133.428636][ T1328] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.428805][ T1328] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.605958][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.79'. [ 133.711446][ T813] option 5-1:156.38: GSM modem (1-port) converter detected [ 133.766521][ T813] usb 5-1: USB disconnect, device number 9 [ 133.782701][ T813] option 5-1:156.38: device disconnected [ 133.832791][ T6013] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 133.987744][ T6224] ip6gre1: entered allmulticast mode [ 133.990324][ T6013] usb 1-1: Using ep0 maxpacket: 8 [ 134.012065][ T6013] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 134.012131][ T6013] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 134.012161][ T6013] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 134.012196][ T6013] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 134.012223][ T6013] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 134.012247][ T6013] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 134.012292][ T6013] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 134.012316][ T6013] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.338507][ T6013] usb 1-1: usb_control_msg returned -32 [ 134.338565][ T6013] usbtmc 1-1:16.0: can't read capabilities [ 134.791963][ T813] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 134.795412][ T6251] FAULT_INJECTION: forcing a failure. [ 134.795412][ T6251] name failslab, interval 1, probability 0, space 0, times 0 [ 134.795525][ T6251] CPU: 0 UID: 0 PID: 6251 Comm: syz.4.87 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 134.795551][ T6251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 134.795563][ T6251] Call Trace: [ 134.795572][ T6251] [ 134.795581][ T6251] dump_stack_lvl+0xe8/0x150 [ 134.795623][ T6251] should_fail_ex+0x46b/0x600 [ 134.795654][ T6251] should_failslab+0xa8/0x100 [ 134.795679][ T6251] __kmalloc_noprof+0xdf/0x7b0 [ 134.795709][ T6251] ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 134.795743][ T6251] genl_family_rcv_msg_attrs_parse+0xd0/0x2f0 [ 134.795772][ T6251] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 134.795818][ T6251] genl_family_rcv_msg_doit+0xd9/0x330 [ 134.795845][ T6251] ? __asan_memcpy+0x40/0x70 [ 134.795874][ T6251] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 134.795899][ T6251] ? rcu_is_watching+0x15/0xb0 [ 134.795931][ T6251] ? rcu_is_watching+0x15/0xb0 [ 134.795958][ T6251] ? cap_capable+0x123/0x460 [ 134.795989][ T6251] ? safesetid_security_capable+0xa9/0x1a0 [ 134.796023][ T6251] ? bpf_lsm_capable+0x9/0x20 [ 134.796053][ T6251] ? security_capable+0x7e/0x2c0 [ 134.796082][ T6251] genl_rcv_msg+0x61c/0x7a0 [ 134.796117][ T6251] ? __pfx_genl_rcv_msg+0x10/0x10 [ 134.796141][ T6251] ? ref_tracker_free+0x673/0x820 [ 134.796172][ T6251] ? __pfx_mptcp_pm_nl_del_addr_doit+0x10/0x10 [ 134.796202][ T6251] ? __pfx_ref_tracker_free+0x10/0x10 [ 134.796224][ T6251] ? __asan_memcpy+0x40/0x70 [ 134.796250][ T6251] ? __skb_clone+0x63/0x7a0 [ 134.796284][ T6251] netlink_rcv_skb+0x232/0x4b0 [ 134.796316][ T6251] ? __pfx_genl_rcv_msg+0x10/0x10 [ 134.796344][ T6251] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 134.796388][ T6251] ? netlink_deliver_tap+0x2e/0x1b0 [ 134.796421][ T6251] ? netlink_deliver_tap+0x2e/0x1b0 [ 134.796457][ T6251] genl_rcv+0x28/0x40 [ 134.796480][ T6251] netlink_unicast+0x780/0x920 [ 134.796519][ T6251] netlink_sendmsg+0x813/0xb40 [ 134.796549][ T6251] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.796572][ T6251] ? unwind_get_return_address+0x4d/0x90 [ 134.796615][ T6251] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 134.796651][ T6251] ____sys_sendmsg+0x94c/0x9c0 [ 134.796681][ T6251] ? __pfx_____sys_sendmsg+0x10/0x10 [ 134.796714][ T6251] ? import_iovec+0x73/0xa0 [ 134.796746][ T6251] ___sys_sendmsg+0x2a5/0x360 [ 134.796769][ T6251] ? __lock_acquire+0x6b5/0x2cf0 [ 134.796801][ T6251] ? __pfx____sys_sendmsg+0x10/0x10 [ 134.796865][ T6251] ? __fget_files+0x2a/0x420 [ 134.796893][ T6251] ? __fget_files+0x3a6/0x420 [ 134.796931][ T6251] __x64_sys_sendmsg+0x1c3/0x2a0 [ 134.796959][ T6251] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 134.797021][ T6251] ? __pfx_ksys_write+0x10/0x10 [ 134.797064][ T6251] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.797090][ T6251] do_syscall_64+0x15f/0xf80 [ 134.797117][ T6251] ? trace_irq_disable+0x3b/0x140 [ 134.797139][ T6251] ? clear_bhb_loop+0x40/0x90 [ 134.797175][ T6251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.797198][ T6251] RIP: 0033:0x7fb68e81c819 [ 134.797220][ T6251] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.797238][ T6251] RSP: 002b:00007fb68ca6e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 134.797263][ T6251] RAX: ffffffffffffffda RBX: 00007fb68ea95fa0 RCX: 00007fb68e81c819 [ 134.797279][ T6251] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 134.797293][ T6251] RBP: 00007fb68ca6e090 R08: 0000000000000000 R09: 0000000000000000 [ 134.797307][ T6251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.797320][ T6251] R13: 00007fb68ea96038 R14: 00007fb68ea95fa0 R15: 00007fff23c26688 [ 134.797353][ T6251] [ 134.945783][ T813] usb 2-1: Using ep0 maxpacket: 16 [ 134.949771][ T813] usb 2-1: config index 0 descriptor too short (expected 65, got 36) [ 134.949830][ T813] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB8, changing to 0x88 [ 134.949857][ T813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 134.949878][ T813] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 134.949928][ T813] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 134.949950][ T813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.148997][ T813] usb 2-1: config 0 descriptor?? [ 135.263224][ T813] pxrc 2-1:0.0: Could not find endpoint [ 135.325764][ T813] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 135.506729][ T6254] veth2: entered allmulticast mode [ 135.527281][ T6013] usb 2-1: USB disconnect, device number 7 [ 135.655847][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.90'. [ 135.655872][ T6262] netlink: 44 bytes leftover after parsing attributes in process `syz.3.90'. [ 135.660199][ T5836] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 135.860772][ T5836] usb 3-1: Using ep0 maxpacket: 32 [ 135.863506][ T5836] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.863543][ T5836] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.867683][ T5836] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 135.867720][ T5836] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 135.867745][ T5836] usb 3-1: Product: syz [ 135.867762][ T5836] usb 3-1: Manufacturer: syz [ 135.986587][ T5836] hub 3-1:4.0: USB hub found [ 136.314726][ T6270] capability: warning: `syz.1.94' uses deprecated v2 capabilities in a way that may be insecure [ 136.314759][ T5836] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 136.475038][ T5836] usb 3-1: USB disconnect, device number 4 [ 136.596370][ T6013] usb 1-1: USB disconnect, device number 4 [ 137.679753][ T6013] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 137.844142][ T5965] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 137.909346][ T6013] usb 2-1: config index 0 descriptor too short (expected 3910, got 18) [ 137.909380][ T6013] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.909400][ T6013] usb 2-1: config 0 has no interfaces? [ 138.103101][ T6013] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 138.103139][ T6013] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.103406][ T6013] usb 2-1: Product: syz [ 138.103424][ T6013] usb 2-1: Manufacturer: syz [ 138.103440][ T6013] usb 2-1: SerialNumber: syz [ 138.170832][ T6013] usb 2-1: config 0 descriptor?? [ 138.305811][ T5965] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.305873][ T5965] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 138.305900][ T5965] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 138.305925][ T5965] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 138.305938][ T5965] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 138.308843][ T5965] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 138.308871][ T5965] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 138.308883][ T5965] usb 1-1: Product: syz [ 138.308892][ T5965] usb 1-1: Manufacturer: syz [ 138.308900][ T5965] usb 1-1: SerialNumber: syz [ 138.329308][ T5965] usb 1-1: config 0 descriptor?? [ 138.627937][ T5965] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 138.627969][ T5965] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 138.848517][ T5965] radio-si470x 1-1:0.0: software version 34, hardware version 6 [ 138.848550][ T5965] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 139.012836][ T6285] loop2: detected capacity change from 0 to 7 [ 139.329136][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.103'. [ 139.392363][ T5965] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -110 [ 139.392470][ T5965] radio-si470x 1-1:0.0: submitting int urb failed (-90) [ 139.392840][ T5965] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -32 [ 139.393130][ T5965] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22 [ 139.658508][ T6304] bridge1: entered promiscuous mode [ 139.661876][ T6285] Dev loop2: unable to read RDB block 7 [ 139.661929][ T6285] loop2: unable to read partition table [ 139.662188][ T6285] loop2: partition table beyond EOD, truncated [ 139.662291][ T6285] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 139.961272][ T5836] usb 2-1: USB disconnect, device number 8 [ 140.380173][ T5965] usb 1-1: USB disconnect, device number 5 [ 140.523166][ T6284] ------------[ cut here ]------------ [ 140.523182][ T6284] kcov->t != t [ 140.523189][ T6284] WARNING: kernel/kcov.c:483 at kcov_task_exit+0xf5/0x160, CPU#1: syz.1.100/6284 [ 140.523248][ T6284] Modules linked in: [ 140.523267][ T6284] CPU: 1 UID: 0 PID: 6284 Comm: syz.1.100 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 140.523290][ T6284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 140.523301][ T6284] RIP: 0010:kcov_task_exit+0xf5/0x160 [ 140.523331][ T6284] Code: 10 00 00 48 8b bb 90 00 00 00 e8 36 68 55 00 48 89 df 5b 41 5e 41 5f e9 49 25 5b 00 7c 1c 5b 41 5e 41 5f e9 7d cb 69 09 cc 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 9b 64 68 09 48 89 df be 03 00 [ 140.523346][ T6284] RSP: 0018:ffffc90005d77d20 EFLAGS: 00010202 [ 140.523362][ T6284] RAX: 18f19f80a8302e00 RBX: ffff8880369c4200 RCX: 0000000000000000 [ 140.523375][ T6284] RDX: 00000000b9174e89 RSI: ffffffff8ba73040 RDI: 00000000ffffffff [ 140.523388][ T6284] RBP: ffffc90005d77e78 R08: ffffffff8b2cf750 R09: ffffffff8dfc80c0 [ 140.523402][ T6284] R10: dffffc0000000000 R11: fffffbfff1f1717f R12: dffffc0000000000 [ 140.523415][ T6284] R13: 0000000000000000 R14: ffff8880369c4208 R15: ffff8880298c3d80 [ 140.523428][ T6284] FS: 000055555e8cf500(0000) GS:ffff888126209000(0000) knlGS:0000000000000000 [ 140.523444][ T6284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.523457][ T6284] CR2: 00007fb68ea96080 CR3: 000000003433e000 CR4: 00000000003526f0 [ 140.523475][ T6284] Call Trace: [ 140.523483][ T6284] [ 140.523493][ T6284] do_exit+0x150/0x22c0 [ 140.523526][ T6284] ? __pfx_do_exit+0x10/0x10 [ 140.523548][ T6284] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 140.523573][ T6284] ? __rcu_read_unlock+0x83/0xe0 [ 140.523595][ T6284] ? rt_spin_unlock+0x160/0x200 [ 140.523618][ T6284] do_group_exit+0x21b/0x2d0 [ 140.523642][ T6284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.523663][ T6284] __x64_sys_exit_group+0x3f/0x40 [ 140.523686][ T6284] x64_sys_call+0x221a/0x2240 [ 140.523706][ T6284] do_syscall_64+0x15f/0xf80 [ 140.523729][ T6284] ? trace_irq_disable+0x3b/0x140 [ 140.523749][ T6284] ? clear_bhb_loop+0x40/0x90 [ 140.523777][ T6284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.523799][ T6284] RIP: 0033:0x7f64dc7cc819 [ 140.523818][ T6284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.523835][ T6284] RSP: 002b:00007ffd43431af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 140.523855][ T6284] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dc7cc819 [ 140.523868][ T6284] RDX: 00007f64dba21000 RSI: 0000000000000000 RDI: 0000000000000000 [ 140.523880][ T6284] RBP: 00007ffd43431b5c R08: 0000000000000000 R09: 00000000000927c0 [ 140.523892][ T6284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 140.523922][ T6284] R13: 00000000000927c0 R14: 00000000000214b1 R15: 00007ffd43431bb0 [ 140.523952][ T6284] [ 140.523962][ T6284] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 140.523977][ T6284] CPU: 1 UID: 0 PID: 6284 Comm: syz.1.100 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 140.523998][ T6284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 140.524009][ T6284] Call Trace: [ 140.524017][ T6284] [ 140.524024][ T6284] vpanic+0x56c/0xa60 [ 140.524045][ T6284] ? __pfx__printk+0x10/0x10 [ 140.524068][ T6284] ? __pfx_vpanic+0x10/0x10 [ 140.524086][ T6284] ? is_bpf_text_address+0x292/0x2b0 [ 140.524108][ T6284] ? is_bpf_text_address+0x26/0x2b0 [ 140.524137][ T6284] panic+0xc5/0xd0 [ 140.524155][ T6284] ? __pfx_panic+0x10/0x10 [ 140.524191][ T6284] __warn+0x315/0x4c0 [ 140.524217][ T6284] ? kcov_task_exit+0xf5/0x160 [ 140.524246][ T6284] ? kcov_task_exit+0xf5/0x160 [ 140.524274][ T6284] __report_bug+0x29a/0x540 [ 140.524297][ T6284] ? trace_sched_exit_tp+0x3a/0x130 [ 140.524327][ T6284] ? kcov_task_exit+0xf5/0x160 [ 140.524354][ T6284] ? __pfx___report_bug+0x10/0x10 [ 140.524379][ T6284] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 140.524402][ T6284] ? rt_spin_lock+0x1e0/0x400 [ 140.524421][ T6284] ? rt_spin_lock+0x1e0/0x400 [ 140.524441][ T6284] ? kcov_task_exit+0xf5/0x160 [ 140.524474][ T6284] report_bug+0x16a/0x220 [ 140.524498][ T6284] ? kcov_task_exit+0xf5/0x160 [ 140.524523][ T6284] ? kcov_task_exit+0xf7/0x160 [ 140.524550][ T6284] handle_bug+0x9c/0x200 [ 140.524581][ T6284] exc_invalid_op+0x1a/0x50 [ 140.524611][ T6284] asm_exc_invalid_op+0x1a/0x20 [ 140.524633][ T6284] RIP: 0010:kcov_task_exit+0xf5/0x160 [ 140.524663][ T6284] Code: 10 00 00 48 8b bb 90 00 00 00 e8 36 68 55 00 48 89 df 5b 41 5e 41 5f e9 49 25 5b 00 7c 1c 5b 41 5e 41 5f e9 7d cb 69 09 cc 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 9b 64 68 09 48 89 df be 03 00 [ 140.524680][ T6284] RSP: 0018:ffffc90005d77d20 EFLAGS: 00010202 [ 140.524699][ T6284] RAX: 18f19f80a8302e00 RBX: ffff8880369c4200 RCX: 0000000000000000 [ 140.524714][ T6284] RDX: 00000000b9174e89 RSI: ffffffff8ba73040 RDI: 00000000ffffffff [ 140.524750][ T6284] RBP: ffffc90005d77e78 R08: ffffffff8b2cf750 R09: ffffffff8dfc80c0 [ 140.524764][ T6284] R10: dffffc0000000000 R11: fffffbfff1f1717f R12: dffffc0000000000 [ 140.524780][ T6284] R13: 0000000000000000 R14: ffff8880369c4208 R15: ffff8880298c3d80 [ 140.524802][ T6284] ? rt_spin_lock+0x1e0/0x400 [ 140.524837][ T6284] do_exit+0x150/0x22c0 [ 140.524874][ T6284] ? __pfx_do_exit+0x10/0x10 [ 140.524901][ T6284] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 140.524931][ T6284] ? __rcu_read_unlock+0x83/0xe0 [ 140.524957][ T6284] ? rt_spin_unlock+0x160/0x200 [ 140.524983][ T6284] do_group_exit+0x21b/0x2d0 [ 140.525015][ T6284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.525042][ T6284] __x64_sys_exit_group+0x3f/0x40 [ 140.525071][ T6284] x64_sys_call+0x221a/0x2240 [ 140.525096][ T6284] do_syscall_64+0x15f/0xf80 [ 140.525125][ T6284] ? trace_irq_disable+0x3b/0x140 [ 140.525150][ T6284] ? clear_bhb_loop+0x40/0x90 [ 140.525180][ T6284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.525204][ T6284] RIP: 0033:0x7f64dc7cc819 [ 140.525233][ T6284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.525252][ T6284] RSP: 002b:00007ffd43431af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 140.525274][ T6284] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dc7cc819 [ 140.525290][ T6284] RDX: 00007f64dba21000 RSI: 0000000000000000 RDI: 0000000000000000 [ 140.525305][ T6284] RBP: 00007ffd43431b5c R08: 0000000000000000 R09: 00000000000927c0 [ 140.525320][ T6284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 140.525335][ T6284] R13: 00000000000927c0 R14: 00000000000214b1 R15: 00007ffd43431bb0 [ 140.525372][ T6284] [ 140.525930][ T6284] Kernel Offset: disabled