last executing test programs: 3m57.897253189s ago: executing program 2 (id=76): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) syz_usb_connect$uac3(0x5, 0xb2, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086307302040000102030109026e0003010ac007080b0002012430e50904000000010130000a2401060a0007000000090401000001023000090401010101023000090501092001040a100a25250800000050030009040200000101"], 0x0) 3m55.889387336s ago: executing program 2 (id=84): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00007af000/0x3000)=nil, &(0x7f00007fd000/0x800000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a4a000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={0xffffffffffffffff}, 0x0, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000180)={0x9, 0x108, 0xfa00, {r2, 0x0, "ec8823", "1de3ab3ab475581b9b2d354f8e53319e3d52ad21b199d6513b3d7e220633fc8b3024b0a9ed83382b9e7739840f0dfb7a2fe024493daa417d06ca1a4f64b9d4fef1c6fa4a4c2c43278dc782a6071d9567bd9d1cfa8c5008e69ef0f83643ff74d5465841c4d76fce422bc074b931373ecf591fc01ab1d66aa865b4f1eac0867c0467fe3efa942ef43102768af8df45fb99deeb3be4e8767de3eb61e0a7525f93c46f1132271333261069d862c02e2808791c94ba67ad3b7f03298fb20f2cdea385a2fad5bac702211b38214b49be8068e5ad99a20631f381c250a0f2424f4962a89f6bd8c70a91bff9c45a1a86f84de3e711f05ed547ddbf31f054c7a09077ccf6"}}, 0x110) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001e0021002bbd7000000000004700000005002a000000000008000f80"], 0x24}, 0x1, 0x0, 0x0, 0x2008800}, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x49, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffd9c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r4 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x2, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @cgroup_sock_addr=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50) io_uring_enter(r4, 0x2220, 0x134d, 0x16, 0x0, 0x0) 3m55.775257839s ago: executing program 2 (id=85): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x3, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x0, 0xff}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x5, 0x0, 0xb, 0x2, 0x0, 0x0, 0x14}, {}, {0x4}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x24}}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x6, 0xffb, &(0x7f0000001b00)=""/4091, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) 3m55.570939826s ago: executing program 2 (id=86): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141500) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x25, &(0x7f00000006c0)={0x0, 0x0, 0xac1d, 0x9}) fcntl$lock(r3, 0x25, &(0x7f0000000600)={0x2, 0x0, 0x543117e1, 0x4}) semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x43, 0x1000}], 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000280)=0x1) r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000080)={0x7, 0x1, 0x0, "27050000000010f3ff04c70000000400fe9bf40700444af1ffffff00", 0x50453e67}) 3m53.454697206s ago: executing program 2 (id=91): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c0000000000002020207b1af8ff00000000bfa100000000000007010000daffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000000212000000", &(0x7f0000000300)=""/8, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x20400, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r3, 0x0, &(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r3, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0, 0x1}) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0xfd}]}, 0x10) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x1c) chroot(&(0x7f0000000a40)='./file0\x00') syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = epoll_create1(0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f00000000c0)={0xe000001a}) read$char_usb(r6, &(0x7f0000000100)=""/145, 0x91) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_GET_DEVICE(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r8, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40080c0}, 0x20040000) syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, &(0x7f0000000180)={0x28, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(0xffffffffffffffff, 0x3b8d, &(0x7f0000000240)={0x20, r9, &(0x7f00000001c0)=[{}, {0x0, 0x2}, {0x1, 0x1}, {0x0, 0x3}, {0x1, 0x2}], 0xdeadbeef, 0x8, 0x5}) 3m52.637033232s ago: executing program 2 (id=98): openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_devices(r0, &(0x7f0000000000)=ANY=[], 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x94) getdents64(r1, 0x0, 0x0) 3m37.483891791s ago: executing program 32 (id=98): openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_devices(r0, &(0x7f0000000000)=ANY=[], 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x94) getdents64(r1, 0x0, 0x0) 2m23.68253026s ago: executing program 1 (id=456): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfff8}, 0xe) connect$bt_l2cap(r0, &(0x7f00000001c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x100}, 0xe) 2m23.414374559s ago: executing program 1 (id=457): unshare(0x14040700) syz_clone3(&(0x7f0000001e80)={0x166002400, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0xa8) (async) syz_clone3(&(0x7f0000001e80)={0x166002400, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0xa8) 2m22.642043985s ago: executing program 1 (id=461): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_MATCH_NAME={0x8, 0x1, 'u32\x00'}, @NFTA_MATCH_INFO={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20, 0x0, 0x0, {0xa}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008011}, 0x4000800) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfff8}, 0xe) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x200000001000, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0xffffffffffffffad, 0x0, 0x1000, {}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) read$FUSE(r4, &(0x7f0000000540)={0x2020}, 0x2020) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r8 = getpid() r9 = syz_pidfd_open(r8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x291080, 0xc6) pidfd_getfd(r9, r1, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20) connect$bt_l2cap(r1, &(0x7f00000001c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x100}, 0xe) r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x8e, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r10, 0xc4c85513, &(0x7f0000000300)={{0x9, 0x6, 0x0, 0x3, 'syz0\x00', 0x6}, 0x0, [0x2, 0x4, 0x0, 0xfffffffffffff001, 0x7, 0x20000000000, 0x1, 0x7, 0x64c1, 0x68bd, 0x0, 0x0, 0x200, 0x9, 0x1, 0x8, 0x80000001, 0x6, 0x0, 0x2c, 0x3, 0x200, 0xffffffff, 0x1, 0xe7, 0x3, 0x3, 0x8, 0x2, 0x7, 0xa841, 0x4, 0x3bd3, 0xfffffffffffffff7, 0xfffffffffffffffc, 0x7, 0x7f, 0x6, 0x91, 0xc55, 0x4, 0xb179, 0x18, 0xf7c5, 0x1000, 0x4, 0x7, 0x2, 0x7, 0x3, 0xffffffffffffffff, 0x8000000000000000, 0x9, 0x5, 0x7d6, 0x2cfc, 0x4, 0x8, 0x5, 0x5, 0x10001, 0x4, 0x2000, 0x9, 0x101, 0x4, 0x2, 0x9, 0x7, 0x8, 0x2, 0xa0, 0x7, 0x2, 0xb, 0x7, 0x3ff, 0xffffffffffffffff, 0xfffffffffffffffe, 0xf, 0x7ff, 0xf, 0x7532, 0x2, 0x0, 0x6, 0x80000000, 0xb152, 0x8, 0x4, 0x8, 0x1, 0x2, 0x8, 0xd, 0x91e, 0x6, 0xffffffff, 0xe9, 0xfffffffffffffb46, 0x7, 0x8, 0x8, 0x240000, 0x5, 0x3, 0x1, 0x301, 0xd, 0x1, 0xf, 0x4, 0x7, 0x9, 0xfffffffffffffb16, 0xf, 0x1, 0x10001, 0x2, 0x17, 0xffff, 0x3, 0x4207, 0x5, 0x2, 0x8, 0x55, 0x9]}) 2m21.581250689s ago: executing program 1 (id=473): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x8083, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet(0x2, 0x2, 0x1) bind$inet(r2, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) r3 = socket$inet(0x2, 0x2, 0x1) r4 = socket(0x2, 0x2, 0x1) bind$unix(r4, &(0x7f0000000000)=@abs, 0x6e) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000080)={{0x2, 0x4e20, @multicast1}, {0x306}, 0x4, {0x2, 0x4e24, @remote}}) bind$inet(r3, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000001", @ANYRES16=r5, @ANYBLOB="050028bd700001dcdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e0076cc5503"], 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x0) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000540)={0x6, 0x7, 0x10021da1, 0x0, 0xff, "42f42749a2ed195a14c84953dc7e8e5aec7776", 0xfffffffa, 0x8000095f}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x8083, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$inet(0x2, 0x2, 0x1) (async) bind$inet(r2, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) (async) socket$inet(0x2, 0x2, 0x1) (async) socket(0x2, 0x2, 0x1) (async) bind$unix(r4, &(0x7f0000000000)=@abs, 0x6e) (async) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000080)={{0x2, 0x4e20, @multicast1}, {0x306}, 0x4, {0x2, 0x4e24, @remote}}) (async) bind$inet(r3, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="24000001", @ANYRES16=r5, @ANYBLOB="050028bd700001dcdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e0076cc5503"], 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x0) (async) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000540)={0x6, 0x7, 0x10021da1, 0x0, 0xff, "42f42749a2ed195a14c84953dc7e8e5aec7776", 0xfffffffa, 0x8000095f}) (async) 2m21.237569161s ago: executing program 1 (id=468): syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0xc854}, 0x50) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) epoll_create(0x5) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x1000, 0x0, r2}, 0x50) 2m20.809149035s ago: executing program 1 (id=470): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r1, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xb, 0xfff2}, {0x6, 0xfff3}, {0xd, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2004043}, 0x4004050) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x70, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x844) r7 = syz_open_pts(r0, 0x141601) write(r7, &(0x7f0000000000)="d5", 0xfffffedf) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]}) close_range(r8, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) (async) socket$inet6_sctp(0xa, 0x1, 0x84) (async) listen(r1, 0x6) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xb, 0xfff2}, {0x6, 0xfff3}, {0xd, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2004043}, 0x4004050) (async) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x70, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x844) (async) syz_open_pts(r0, 0x141601) (async) write(r7, &(0x7f0000000000)="d5", 0xfffffedf) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]}) (async) close_range(r8, 0xffffffffffffffff, 0x0) (async) 2m5.495950169s ago: executing program 33 (id=470): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r1, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xb, 0xfff2}, {0x6, 0xfff3}, {0xd, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2004043}, 0x4004050) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x70, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x844) r7 = syz_open_pts(r0, 0x141601) write(r7, &(0x7f0000000000)="d5", 0xfffffedf) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]}) close_range(r8, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) (async) socket$inet6_sctp(0xa, 0x1, 0x84) (async) listen(r1, 0x6) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xb, 0xfff2}, {0x6, 0xfff3}, {0xd, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2004043}, 0x4004050) (async) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x70, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x844) (async) syz_open_pts(r0, 0x141601) (async) write(r7, &(0x7f0000000000)="d5", 0xfffffedf) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]}) (async) close_range(r8, 0xffffffffffffffff, 0x0) (async) 7.027728639s ago: executing program 0 (id=911): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x36}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) sigaltstack(&(0x7f0000001000)={&(0x7f00000010c0)=""/4114, 0x80000001, 0xfef1}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x10002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x22) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, 0x0) connect$802154_dgram(r1, &(0x7f0000000180)={0x24, @short={0x2, 0x3, 0xfffe}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) 5.896583926s ago: executing program 0 (id=917): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x606a, &(0x7f0000001280)={0x0, 0x15d1, 0x20, 0x4, 0x244}, &(0x7f0000000000), &(0x7f0000001180), &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x7}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x1c) write$binfmt_misc(r4, &(0x7f0000000000), 0xd) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) getsockopt$PNPIPE_HANDLE(r5, 0x113, 0x3, 0x0, &(0x7f0000000200)) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x6, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100) r6 = syz_open_procfs(0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c}, 0x38) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x28f, 0xfff, 0xa}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000000)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000340)={0x3, r7, 0xfffffffa, 0x4, 0xb, 0x1fd, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000001880)={0x3, r7, 0xfff, 0x3ff, 0x2, 0x944}) r8 = creat(0x0, 0x0) r9 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(0xffffffffffffffff, 0x0) listen(r9, 0x9ce2) write$qrtrtun(r8, &(0x7f0000000340)="66bb0b760dc0f4ff", 0x8) syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r6) syz_emit_ethernet(0x4e, &(0x7f0000001500)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd60f9edff00183a00fe8000000000000000000000000000bbff0200000000000000000000000000018a0090781000ffff00000000000000000000000000008001"], 0x0) 5.878836057s ago: executing program 4 (id=918): prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, 0x0) syz_open_dev$dri(0x0, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x7fff7ffc}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f00000005c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@ifindex, 0x2e, 0x1, 0x9, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f0000000340), &(0x7f00000003c0), 0x0}, 0x40) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000680)) setreuid(0xee00, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000040), 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1, 0xffffffffffffd2a1, 0x5, 0x3, 0x2, {0x0, 0x800000000000002, 0x20ff, 0x10000001, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xf0b}}}}, 0xa0) syz_io_uring_setup(0x4b5, 0x0, 0x0, 0x0, &(0x7f0000000000)) sendfile(r2, r2, &(0x7f0000000080), 0x7f03) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0) 5.414605392s ago: executing program 5 (id=921): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100) mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x10000, 0x0) mkdir(&(0x7f00000001c0)='./file1\x00', 0xb) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="0200000001000200000000000400050000000000100002000000000020"], 0x24, 0x3) 5.137858621s ago: executing program 5 (id=922): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r4, 0x0, 0x10) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000340)={[], [{@dont_measure}]}) ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = accept4(r6, 0x0, 0x0, 0x80800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) 4.000102229s ago: executing program 5 (id=923): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x8a4, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0xc, 0x7, 0x0, 0x40000005, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r2, 0x6, 0xd, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x18) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newsa={0x1f8, 0x10, 0x713, 0x70bd2b, 0x25dfdbfc, {{@in=@multicast1, @in6=@private1={0xfc, 0x1, '\x00', 0x11}, 0x4e20, 0xb6e, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x2c}, {@in=@loopback, 0x4d4, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x1, 0x8000000000000001, 0x387, 0x10, 0x8001, 0xd43}, {0x4, 0x7fffffffffffffff, 0xb, 0xfffffffffffffffd}, {0x0, 0xe}, 0x70bd2c, 0x3500, 0x2, 0x3, 0x0, 0x50}, [@proto={0x5, 0x19, 0xff}, @offload={0xc, 0x1c, {r5, 0x5}}, @algo_auth_trunc={0xf8, 0x14, {{'cmac(aes)\x00'}, 0x560, 0x180, "1cf10a3054604dd179320ee4d79b2e032b412d7c06a04d727eb29de99ce1ed02542873c948d2ce1b289b6c80fd2579339eef581d8ad9d3b964de7d0dd193a8782a3444acdd51d3b2ca11b186f983fd0a26df4075c218f4a96716d0508f81aa9ac19c377e3c2e9ccc6aff798deb99ea66fc106ff062759a1a97255bbca35327705ebddde26c64ac1844bc553149932826ae4fe22e49eb2f6a701fb273e405ce505d17802feffb31634d581bcf"}}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x20000891}, 0x2094) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'hsr0\x00'}) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000000), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x7, 0x12}, 0x50) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x803, 0x300, 0x0, 0x101, 0x300}}) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 3.999938818s ago: executing program 3 (id=924): socket$kcm(0x23, 0x5, 0x0) r0 = syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b1, 0x880, 0x1, 0x82, 0x0, 0x0}, &(0x7f0000000180)=0x0, 0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x42}, 0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={r4, 0x3}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) syz_io_uring_submit(r1, 0x0, r2, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x48, 0x0, r0}) io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0) 3.783646536s ago: executing program 3 (id=925): r0 = socket(0x10, 0x80002, 0x0) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VIDIOC_G_PARM(r1, 0xc0cc5615, &(0x7f0000000480)={0xe, @raw_data="745635a42a45229681152b2fb268ac0d84692d17bba1d9d87c60d56a0d4234660940477da5d26193211a9a29a166b9cb60b6bf0a143f59b446c18f9acfbebd93251f32d2bdcabea8e11e253d67945163b8404a34a15c35fb29e0b39ac727ce1fe6feebe26854ccf29be0e6cf486603a4e020cbd6e552efd9b740669272bb8e1a0968189ef2bdd69fd9d5bcfa2a43dd5ca47d2181b13a2ff448d9856f7a7bda4ccfa8346a0269461b5fb301800000fa84573f63ab2663e22d0957040c2e7724d9ab908700"}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x20004000}, 0x404c880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20045808}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80e40, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) writev(r5, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) r6 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x2000) ioctl$SIOCSIFHWADDR(r3, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast}) sendmsg$nl_route(r5, 0x0, 0x0) 3.092791119s ago: executing program 3 (id=926): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x36}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) sigaltstack(&(0x7f0000001000)={&(0x7f00000010c0)=""/4114, 0x80000001, 0xfef1}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x10002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x22) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, 0x0) connect$802154_dgram(r1, &(0x7f0000000180)={0x24, @short={0x2, 0x3, 0xfffe}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) 2.884992635s ago: executing program 4 (id=927): mkdir(&(0x7f0000000040)='./bus\x00', 0x49) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}]}) 2.524331207s ago: executing program 4 (id=928): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bond0\x00'}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f00000000c0)=0x6, 0x4) setsockopt$packet_int(r2, 0x107, 0x7, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r4 = syz_open_dev$video4linux(&(0x7f0000000480), 0x5, 0x0) poll(&(0x7f0000000000)=[{r4, 0x502}], 0x1, 0x1000) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r3, &(0x7f0000000800)="410309fc1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 2.313375054s ago: executing program 0 (id=929): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x6}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) iopl(0x3) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r1 = socket(0x2b, 0x1, 0x1) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) 2.189391228s ago: executing program 5 (id=931): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES32=0x1], 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0182101, &(0x7f00000004c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x70142, 0xd1) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010f7380400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010069703667726500001800028004001240060003008000000006000e0002000000"], 0x48}}, 0x0) mount$fuse(0x0, &(0x7f00000022c0)='./file1/file0\x00', &(0x7f0000000140), 0x2, &(0x7f0000002300)=ANY=[@ANYBLOB="62643db5deb28313970bb0d86e338978d6bf4fb1684ad118cd9857f26046ef6c025e866753fba96d96766d64bd5853a76631777e22b22f2f53a0bbcb67f41f8190f48f1f508fcfe1509299eba7ea72cc9b6982d392934e4b1f4b2adf8f922daab5ea16db7a3f5c8364388ffeda5814f61dff2cdbd2bed88afe500e159e6fc956ccc9b00dc595b3bb9d108e9ed5528eeabae6ea5a49c2", @ANYRESHEX=r3, @ANYBLOB="2c726f6f746d6f64653df3320b9b1568e6f8665130303030303030303030303030303030303130303030302c46891c757365725f", @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r8, 0x5, &(0x7f00000005c0)='fd', 0x0, r7) write$tun(r7, &(0x7f0000000380)=ANY=[], 0xfdef) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r8, 0x0, 0x2) r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r10, r10) setpgid(0x0, r10) fchdir(r9) chdir(&(0x7f0000000080)='./file0\x00') linkat(r9, &(0x7f0000000280)='./file0\x00', r6, 0x0, 0x1400) read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020) 2.180356478s ago: executing program 3 (id=932): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2.073754932s ago: executing program 4 (id=933): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001e00)={0x18, 0x18, 0x1, 0x70bd25, 0x25dfdbfb, {0x1d, 0xd601, 0x9}, [@nested={0x4, 0x12}]}, 0x18}, 0x1, 0x0, 0x0, 0x5}, 0x8000) 1.925119487s ago: executing program 3 (id=934): socket$kcm(0x23, 0x5, 0x0) r0 = syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b1, 0x880, 0x1, 0x82, 0x0, 0x0}, &(0x7f0000000180)=0x0, 0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x42}, 0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={r4, 0x3}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) syz_io_uring_submit(r1, 0x0, r2, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x48, 0x0, r0}) io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0) 1.877501328s ago: executing program 4 (id=935): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0xad9b, @dev={0xfe, 0x80, '\x00', 0x24}, 0x7b9}}, 0x3, 0x7fff, 0x4, 0xfffffffc, 0x13, 0x4, 0x3}, 0x9c) 1.783031151s ago: executing program 4 (id=936): socket$nl_netfilter(0x10, 0x3, 0xc) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000240)={0x1f, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file0\x00', 0x80101, 0x8c) dup2(r2, r0) pwrite64(r0, 0x0, 0x0, 0x100001) 1.678907595s ago: executing program 3 (id=937): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x24, 0x7, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x70}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x24008012) 1.293488308s ago: executing program 0 (id=938): mkdir(&(0x7f0000000040)='./bus\x00', 0x49) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}]}) 1.193874681s ago: executing program 0 (id=939): r0 = socket(0x10, 0x80002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c000000180001efff00000000000000050000000800b8"], 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f0000000100)={0x5, 0x20001000, 0xffffffffffffffff, 0x1}, 0x10) modify_ldt$write2(0x11, &(0x7f0000000000)={0x3, 0x20000000, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000018"], 0x44}}, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=ANY=[@ANYBLOB="1c0000005e000100278cef4deeb35dc9b880bc4aa5d7102ed65e2d72c9ce80295a397b418966f4c1016d30ffc48497b71c33494278bb8875c2107f475f20d6855ae1b94887cf154a15fae33a49528a7608ee6bf8914cd5207bee715f91db89cdd23dbb2708e41af540043d38a3350d81ca87084d7b82fab31825e4e08fad035d7c827773a202bac2db07b40df8f3d1109290a458a35c852fcf39041116fb416d4134f6045f444e0da0ea7757391c", @ANYRES32=0x0, @ANYBLOB="03000000"], 0x1c}}, 0x884) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) connect$inet(r7, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$inet(r7, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r8, 0x400452c8, &(0x7f0000000100)) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c9, &(0x7f0000000100)) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000)=[@window={0x3, 0x1, 0x8}, @window={0x3, 0x7a31, 0x7fff}, @sack_perm, @sack_perm, @mss={0x2, 0x4}, @window={0x3, 0x800, 0x6}, @window={0x3, 0x1, 0x10}, @sack_perm], 0x8) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001480)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x3f, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0) 1.136632992s ago: executing program 5 (id=940): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) socket$inet6_sctp(0xa, 0x1, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, 0x0) r3 = open(0x0, 0x20000, 0x0) write$sequencer(r3, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x10) recvmmsg(r0, &(0x7f0000007700), 0x318, 0xfc0, 0x0) 101.350517ms ago: executing program 5 (id=941): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x36}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) sigaltstack(&(0x7f0000001000)={&(0x7f00000010c0)=""/4114, 0x80000001, 0xfef1}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x10002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x22) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, 0x0) connect$802154_dgram(r1, &(0x7f0000000180)={0x24, @short={0x2, 0x3, 0xfffe}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x29, 0x5, 0x7, 0xfffffffc, 0x40, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8, 0x3, 0xa96a}}) 0s ago: executing program 0 (id=942): r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x4000, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r0, @ANYRESHEX=r1]) kernel console output (not intermixed with test programs): 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 125.165968][ T6455] RSP: 002b:00007f1e6d613fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 125.174386][ T6455] RAX: ffffffffffffffda RBX: 00007f1e6d6146c0 RCX: 00007f1e6c75d68e [ 125.182361][ T6455] RDX: 000000000000000f RSI: 00007f1e6d6140a0 RDI: 0000000000000004 [ 125.190331][ T6455] RBP: 00007f1e6d614090 R08: 0000000000000000 R09: 0000000000000000 [ 125.198299][ T6455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.206266][ T6455] R13: 00007f1e6ca16038 R14: 00007f1e6ca15fa0 R15: 00007fff74cbad98 [ 125.214247][ T6455] [ 125.217327][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.240449][ T6428] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 125.253921][ T6428] BTRFS error (device loop3): open_ctree failed: -12 [ 125.369963][ T6445] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'. [ 125.395829][ T6471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'. [ 125.455452][ T6473] FAULT_INJECTION: forcing a failure. [ 125.455452][ T6473] name failslab, interval 1, probability 0, space 0, times 0 [ 125.468867][ T6473] CPU: 0 PID: 6473 Comm: syz.0.164 Not tainted syzkaller #0 [ 125.476204][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 125.486281][ T6473] Call Trace: [ 125.489586][ T6473] [ 125.492530][ T6473] dump_stack_lvl+0x18c/0x250 [ 125.497232][ T6473] ? show_regs_print_info+0x20/0x20 [ 125.502461][ T6473] ? load_image+0x420/0x420 [ 125.507084][ T6473] ? __lock_acquire+0x7d80/0x7d80 [ 125.512155][ T6473] should_fail_ex+0x394/0x4c0 [ 125.516859][ T6473] should_failslab+0x9/0x20 [ 125.521387][ T6473] slab_pre_alloc_hook+0x59/0x300 [ 125.526442][ T6473] ? bpf_prog_alloc+0x3d/0x1a0 [ 125.531237][ T6473] ? bpf_prog_load+0x6b2/0x1610 [ 125.536121][ T6473] ? __sys_bpf+0x5ba/0x890 [ 125.540586][ T6473] kmem_cache_alloc_node+0x5e/0x310 [ 125.545820][ T6473] ? alloc_vmap_area+0x1b4/0x1e50 [ 125.550876][ T6473] alloc_vmap_area+0x1b4/0x1e50 [ 125.555747][ T6473] ? vm_map_ram+0xcf0/0xcf0 [ 125.560249][ T6473] ? rcu_is_watching+0x15/0xb0 [ 125.565282][ T6473] __get_vm_area_node+0x162/0x370 [ 125.570350][ T6473] __vmalloc_node_range+0x36f/0x1320 [ 125.575641][ T6473] ? bpf_prog_alloc_no_stats+0x46/0x430 [ 125.581208][ T6473] ? mark_lock+0x94/0x320 [ 125.585629][ T6473] ? __lock_acquire+0x1336/0x7d80 [ 125.590686][ T6473] ? aa_get_newest_label+0xfd/0x5c0 [ 125.595900][ T6473] ? free_vm_area+0x50/0x50 [ 125.600408][ T6473] ? end_current_label_crit_section+0x170/0x170 [ 125.606647][ T6473] ? verify_lock_unused+0x140/0x140 [ 125.611875][ T6473] ? bpf_prog_alloc_no_stats+0x46/0x430 [ 125.617419][ T6473] __vmalloc+0x7a/0x90 [ 125.621489][ T6473] ? bpf_prog_alloc_no_stats+0x46/0x430 [ 125.627035][ T6473] bpf_prog_alloc_no_stats+0x46/0x430 [ 125.632436][ T6473] bpf_prog_alloc+0x3d/0x1a0 [ 125.637032][ T6473] bpf_prog_load+0x6b2/0x1610 [ 125.641742][ T6473] ? map_freeze+0x420/0x420 [ 125.646253][ T6473] ? __might_fault+0xaa/0x120 [ 125.650931][ T6473] ? __lock_acquire+0x7d80/0x7d80 [ 125.655973][ T6473] ? file_end_write+0x159/0x250 [ 125.660824][ T6473] ? __might_fault+0xaa/0x120 [ 125.665497][ T6473] ? __might_fault+0xc6/0x120 [ 125.670167][ T6473] ? __might_fault+0xaa/0x120 [ 125.674842][ T6473] ? bpf_lsm_bpf+0x9/0x10 [ 125.679190][ T6473] ? security_bpf+0x7e/0xa0 [ 125.683718][ T6473] __sys_bpf+0x5ba/0x890 [ 125.688011][ T6473] ? bpf_link_show_fdinfo+0x390/0x390 [ 125.693396][ T6473] ? lock_chain_count+0x20/0x20 [ 125.698254][ T6473] __x64_sys_bpf+0x7c/0x90 [ 125.702700][ T6473] do_syscall_64+0x55/0xb0 [ 125.707112][ T6473] ? clear_bhb_loop+0x40/0x90 [ 125.711784][ T6473] ? clear_bhb_loop+0x40/0x90 [ 125.716481][ T6473] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 125.722402][ T6473] RIP: 0033:0x7f1e6c79ce59 [ 125.726841][ T6473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 125.746462][ T6473] RSP: 002b:00007f1e6d614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 125.754899][ T6473] RAX: ffffffffffffffda RBX: 00007f1e6ca15fa0 RCX: 00007f1e6c79ce59 [ 125.762901][ T6473] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 125.770872][ T6473] RBP: 00007f1e6d614090 R08: 0000000000000000 R09: 0000000000000000 [ 125.779006][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.786994][ T6473] R13: 00007f1e6ca16038 R14: 00007f1e6ca15fa0 R15: 00007fff74cbad98 [ 125.794982][ T6473] [ 125.828246][ T5780] Bluetooth: hci4: command tx timeout [ 125.837626][ T6422] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.850976][ T6422] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.858885][ T6473] syz.0.164: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 125.902860][ T6422] bridge_slave_0: entered allmulticast mode [ 125.910375][ T6422] bridge_slave_0: entered promiscuous mode [ 125.919388][ T6422] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.926625][ T6422] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.934750][ T6422] bridge_slave_1: entered allmulticast mode [ 125.939825][ T6473] CPU: 1 PID: 6473 Comm: syz.0.164 Not tainted syzkaller #0 [ 125.942580][ T6422] bridge_slave_1: entered promiscuous mode [ 125.947948][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 125.947960][ T6473] Call Trace: [ 125.947967][ T6473] [ 125.947974][ T6473] dump_stack_lvl+0x18c/0x250 [ 125.974782][ T6473] ? show_regs_print_info+0x20/0x20 [ 125.980004][ T6473] ? load_image+0x420/0x420 [ 125.984531][ T6473] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 125.990967][ T6473] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 125.997502][ T6473] warn_alloc+0x246/0x340 [ 126.001868][ T6473] ? slab_free_freelist_hook+0x130/0x1a0 [ 126.007535][ T6473] ? zone_watermark_ok_safe+0x230/0x230 [ 126.013121][ T6473] ? __get_vm_area_node+0x17b/0x370 [ 126.018361][ T6473] ? __get_vm_area_node+0x17b/0x370 [ 126.023609][ T6473] __vmalloc_node_range+0x394/0x1320 [ 126.028917][ T6473] ? mark_lock+0x94/0x320 [ 126.033259][ T6473] ? __lock_acquire+0x1336/0x7d80 [ 126.038329][ T6473] ? aa_get_newest_label+0xfd/0x5c0 [ 126.043568][ T6473] ? free_vm_area+0x50/0x50 [ 126.048107][ T6473] ? end_current_label_crit_section+0x170/0x170 [ 126.054385][ T6473] ? verify_lock_unused+0x140/0x140 [ 126.059627][ T6473] ? bpf_prog_alloc_no_stats+0x46/0x430 [ 126.065205][ T6473] __vmalloc+0x7a/0x90 [ 126.069365][ T6473] ? bpf_prog_alloc_no_stats+0x46/0x430 [ 126.074950][ T6473] bpf_prog_alloc_no_stats+0x46/0x430 [ 126.080363][ T6473] bpf_prog_alloc+0x3d/0x1a0 [ 126.084994][ T6473] bpf_prog_load+0x6b2/0x1610 [ 126.089718][ T6473] ? map_freeze+0x420/0x420 [ 126.094348][ T6473] ? __might_fault+0xaa/0x120 [ 126.099055][ T6473] ? __lock_acquire+0x7d80/0x7d80 [ 126.104120][ T6473] ? file_end_write+0x159/0x250 [ 126.109009][ T6473] ? __might_fault+0xaa/0x120 [ 126.113807][ T6473] ? __might_fault+0xc6/0x120 [ 126.118513][ T6473] ? __might_fault+0xaa/0x120 [ 126.123222][ T6473] ? bpf_lsm_bpf+0x9/0x10 [ 126.127581][ T6473] ? security_bpf+0x7e/0xa0 [ 126.132127][ T6473] __sys_bpf+0x5ba/0x890 [ 126.136403][ T6473] ? bpf_link_show_fdinfo+0x390/0x390 [ 126.141836][ T6473] ? lock_chain_count+0x20/0x20 [ 126.146728][ T6473] __x64_sys_bpf+0x7c/0x90 [ 126.151203][ T6473] do_syscall_64+0x55/0xb0 [ 126.155658][ T6473] ? clear_bhb_loop+0x40/0x90 [ 126.160366][ T6473] ? clear_bhb_loop+0x40/0x90 [ 126.165081][ T6473] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 126.171010][ T6473] RIP: 0033:0x7f1e6c79ce59 [ 126.175452][ T6473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.195084][ T6473] RSP: 002b:00007f1e6d614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 126.203539][ T6473] RAX: ffffffffffffffda RBX: 00007f1e6ca15fa0 RCX: 00007f1e6c79ce59 [ 126.211539][ T6473] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 126.219540][ T6473] RBP: 00007f1e6d614090 R08: 0000000000000000 R09: 0000000000000000 [ 126.227625][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.235625][ T6473] R13: 00007f1e6ca16038 R14: 00007f1e6ca15fa0 R15: 00007fff74cbad98 [ 126.243639][ T6473] [ 126.246703][ C1] vkms_vblank_simulate: vblank timer overrun [ 126.262959][ T6473] Mem-Info: [ 126.266137][ T6473] active_anon:6020 inactive_anon:0 isolated_anon:0 [ 126.266137][ T6473] active_file:1982 inactive_file:40015 isolated_file:0 [ 126.266137][ T6473] unevictable:768 dirty:599 writeback:0 [ 126.266137][ T6473] slab_reclaimable:10117 slab_unreclaimable:93302 [ 126.266137][ T6473] mapped:25340 shmem:1428 pagetables:619 [ 126.266137][ T6473] sec_pagetables:0 bounce:0 [ 126.266137][ T6473] kernel_misc_reclaimable:0 [ 126.266137][ T6473] free:1359084 free_pcp:10042 free_cma:0 [ 126.275630][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.342015][ T6473] Node 0 active_anon:24080kB inactive_anon:0kB active_file:7928kB inactive_file:159860kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101260kB dirty:2392kB writeback:0kB shmem:4176kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10888kB pagetables:2476kB sec_pagetables:0kB all_unreclaimable? no [ 126.375972][ T6473] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 126.406226][ T6473] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 126.433482][ T6473] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 126.439392][ T6473] Node 0 DMA32 free:1528372kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:24044kB inactive_anon:0kB active_file:7928kB inactive_file:159036kB unevictable:1536kB writepending:2388kB present:3129332kB managed:2586936kB mlocked:0kB bounce:0kB free_pcp:23300kB local_pcp:5276kB free_cma:0kB [ 126.471238][ T6473] lowmem_reserve[]: 0 0 0 0 0 [ 126.475989][ T6473] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:4kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 126.502839][ T6473] lowmem_reserve[]: 0 0 0 0 0 [ 126.507619][ T6473] Node 1 Normal free:3892604kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17220kB local_pcp:5088kB free_cma:0kB [ 126.592011][ T6422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 126.618440][ T6473] lowmem_reserve[]: 0 0 0 0 0 [ 126.635482][ T6473] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 126.681799][ T6422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 126.686061][ T6473] Node 0 DMA32: 1025*4kB (UM) 382*8kB (UME) 64*16kB (UME) 86*32kB (UME) 75*64kB (UME) 108*128kB (UM) 49*256kB (ME) 16*512kB (UM) 5*1024kB (ME) 5*2048kB (UME) 357*4096kB (UM) = 1527924kB [ 126.740323][ T6473] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 126.762657][ T6473] Node 1 Normal: 125*4kB (UE) 25*8kB (UE) 20*16kB (UE) 54*32kB (UE) 15*64kB (UME) 2*128kB (ME) 2*256kB (UM) 2*512kB (UE) 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3892604kB [ 126.774247][ T6422] team0: Port device team_slave_0 added [ 126.800197][ T6473] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 126.813601][ T6422] team0: Port device team_slave_1 added [ 126.823832][ T6473] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 126.843607][ T6473] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 126.856753][ T6485] loop1: detected capacity change from 0 to 4096 [ 126.884610][ T6473] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 126.907748][ T6485] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 126.936779][ T6473] 43845 total pagecache pages [ 126.991621][ T6473] 0 pages in swap cache [ 127.021790][ T6473] Free swap = 124984kB [ 127.026079][ T6473] Total swap = 124996kB [ 127.064650][ T6473] 2097051 pages RAM [ 127.089269][ T6473] 0 pages HighMem/MovableOnly [ 127.094009][ T6473] 416931 pages reserved [ 127.101147][ T6485] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 127.108864][ T6473] 0 pages cma reserved [ 127.157407][ T6485] ntfs3: loop1: Failed to load $Extend (-22). [ 127.168395][ T6485] ntfs3: loop1: Failed to initialize $Extend. [ 127.296143][ T6501] kAFS: unable to lookup cell '(,c¾Ì' [ 127.305473][ T6485] vlan2: entered promiscuous mode [ 127.318243][ T6485] bridge0: entered promiscuous mode [ 127.393843][ T6502] ntfs3: loop1: ino=0, attr_set_size [ 127.562806][ T6505] loop0: detected capacity change from 0 to 256 [ 127.604153][ T6485] ntfs3: loop1: ino=0, attr_set_size [ 127.698742][ T6485] ntfs3: loop1: ino=0, attr_set_size [ 128.063411][ T5780] Bluetooth: hci4: command tx timeout [ 128.173346][ T6422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.180544][ T6422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.207230][ T6422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.238566][ T6422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.245565][ T6422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.279505][ T6422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.353217][ T6508] overlayfs: failed to clone upperpath [ 128.769755][ T6422] hsr_slave_0: entered promiscuous mode [ 128.794509][ T6422] hsr_slave_1: entered promiscuous mode [ 128.826203][ T6422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.872221][ T6422] Cannot create hsr debugfs directory [ 129.263620][ T6511] loop1: detected capacity change from 0 to 32768 [ 129.326105][ T6511] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz.1.170 (6511) [ 129.369204][ T6511] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 129.397830][ T6511] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 129.515491][ T6511] BTRFS info (device loop1): enabling disk space caching [ 129.626416][ T6511] BTRFS info (device loop1): force clearing of disk cache [ 129.776590][ T6511] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 130.003309][ T6511] BTRFS info (device loop1): use zstd compression, level 3 [ 130.128363][ T5780] Bluetooth: hci4: command tx timeout [ 130.164336][ T6511] BTRFS info (device loop1): disk space caching is enabled [ 130.389701][ T6511] BTRFS info (device loop1): enabling ssd optimizations [ 130.411130][ T6511] BTRFS info (device loop1): auto enabling async discard [ 130.425702][ T6511] BTRFS info (device loop1): rebuilding free space tree [ 130.491465][ T6511] BTRFS info (device loop1): disabling free space tree [ 130.498908][ T6511] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 130.512509][ T6511] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 130.552451][ T6541] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 130.620040][ T6541] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 130.640155][ T6541] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 132.115626][ T42] hsr_slave_0: left promiscuous mode [ 132.198514][ T42] hsr_slave_1: left promiscuous mode [ 132.224411][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.238371][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 132.249631][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.268217][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.276358][ T42] bridge_slave_1: left allmulticast mode [ 132.282325][ T42] bridge_slave_1: left promiscuous mode [ 132.300689][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.302196][ T6583] loop0: detected capacity change from 0 to 4096 [ 132.334596][ T42] bridge_slave_0: left allmulticast mode [ 132.354815][ T42] bridge_slave_0: left promiscuous mode [ 132.361162][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.476354][ T5769] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 132.489993][ T42] veth1_macvtap: left promiscuous mode [ 132.497206][ T42] veth0_macvtap: left promiscuous mode [ 132.517516][ T42] veth1_vlan: left promiscuous mode [ 132.525681][ T42] veth0_vlan: left promiscuous mode [ 133.096386][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.105720][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.194499][ T6603] FAULT_INJECTION: forcing a failure. [ 133.194499][ T6603] name failslab, interval 1, probability 0, space 0, times 0 [ 133.228247][ T6603] CPU: 1 PID: 6603 Comm: syz.1.182 Not tainted syzkaller #0 [ 133.235696][ T6603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 133.245875][ T6603] Call Trace: [ 133.249230][ T6603] [ 133.252198][ T6603] dump_stack_lvl+0x18c/0x250 [ 133.256924][ T6603] ? show_regs_print_info+0x20/0x20 [ 133.262263][ T6603] ? load_image+0x420/0x420 [ 133.266822][ T6603] ? __might_sleep+0xe0/0xe0 [ 133.271459][ T6603] ? __lock_acquire+0x7d80/0x7d80 [ 133.276522][ T6603] should_fail_ex+0x394/0x4c0 [ 133.281238][ T6603] should_failslab+0x9/0x20 [ 133.285770][ T6603] slab_pre_alloc_hook+0x59/0x300 [ 133.290921][ T6603] ? sock_kmalloc+0x96/0xf0 [ 133.295491][ T6603] ? sock_kmalloc+0x96/0xf0 [ 133.300118][ T6603] __kmem_cache_alloc_node+0x53/0x250 [ 133.305527][ T6603] ? sock_kmalloc+0x96/0xf0 [ 133.310058][ T6603] __kmalloc+0xa7/0x240 [ 133.314252][ T6603] sock_kmalloc+0x96/0xf0 [ 133.318649][ T6603] skcipher_recvmsg+0x4ef/0xdd0 [ 133.323535][ T6603] ? __lock_acquire+0x1262/0x7d80 [ 133.328620][ T6603] ? skcipher_sendmsg+0xf0/0xf0 [ 133.333503][ T6603] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 133.338856][ T6603] ? security_socket_recvmsg+0x89/0xb0 [ 133.341721][ T6607] FAULT_INJECTION: forcing a failure. [ 133.341721][ T6607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.344418][ T6603] ? skcipher_sendmsg+0xf0/0xf0 [ 133.362318][ T6603] ____sys_recvmsg+0x2bd/0x5d0 [ 133.367118][ T6603] ? __sys_recvmsg_sock+0x50/0x50 [ 133.372190][ T6603] ? import_iovec+0x73/0xa0 [ 133.376721][ T6603] ___sys_recvmsg+0x214/0x590 [ 133.381514][ T6603] ? __sys_recvmsg+0x2a0/0x2a0 [ 133.386296][ T6603] ? ksys_write+0x1d2/0x260 [ 133.390833][ T6603] ? __fget_files+0x3fc/0x460 [ 133.395568][ T6603] __x64_sys_recvmsg+0x21e/0x2f0 [ 133.400619][ T6603] ? ___sys_recvmsg+0x590/0x590 [ 133.405507][ T6603] ? lockdep_hardirqs_on+0x98/0x150 [ 133.410742][ T6603] do_syscall_64+0x55/0xb0 [ 133.415186][ T6603] ? clear_bhb_loop+0x40/0x90 [ 133.419900][ T6603] ? clear_bhb_loop+0x40/0x90 [ 133.424605][ T6603] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 133.430529][ T6603] RIP: 0033:0x7f786f19ce59 [ 133.434984][ T6603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.454617][ T6603] RSP: 002b:00007f78700cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 133.463057][ T6603] RAX: ffffffffffffffda RBX: 00007f786f415fa0 RCX: 00007f786f19ce59 [ 133.471146][ T6603] RDX: 0000000000000021 RSI: 0000200000000700 RDI: 0000000000000004 [ 133.479142][ T6603] RBP: 00007f78700cd090 R08: 0000000000000000 R09: 0000000000000000 [ 133.487129][ T6603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.495120][ T6603] R13: 00007f786f416038 R14: 00007f786f415fa0 R15: 00007fffc0ee7198 [ 133.503144][ T6603] [ 133.506830][ T6607] CPU: 0 PID: 6607 Comm: syz.0.185 Not tainted syzkaller #0 [ 133.514154][ T6607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 133.524755][ T6607] Call Trace: [ 133.528058][ T6607] [ 133.531112][ T6607] dump_stack_lvl+0x18c/0x250 [ 133.535823][ T6607] ? show_regs_print_info+0x20/0x20 [ 133.541059][ T6607] ? load_image+0x420/0x420 [ 133.545597][ T6607] ? __might_fault+0xaa/0x120 [ 133.550308][ T6607] ? __lock_acquire+0x7d80/0x7d80 [ 133.555612][ T6607] should_fail_ex+0x394/0x4c0 [ 133.560506][ T6607] _copy_to_iter+0x1ce/0x1110 [ 133.565225][ T6607] ? __mutex_lock+0x30d/0xc80 [ 133.569941][ T6607] ? iov_iter_init+0x1e0/0x1e0 [ 133.574736][ T6607] ? pipe_read+0x12b/0x1330 [ 133.579276][ T6607] ? mutex_lock_nested+0x20/0x20 [ 133.584247][ T6607] ? __lock_acquire+0x7d80/0x7d80 [ 133.589316][ T6607] ? page_copy_sane+0x4e/0x270 [ 133.594123][ T6607] copy_page_to_iter+0xa7/0x150 [ 133.599015][ T6607] pipe_read+0x539/0x1330 [ 133.603388][ T6607] ? import_ubuf+0x130/0x230 [ 133.608013][ T6607] ? pipe_wait_writable+0x5c0/0x5c0 [ 133.613251][ T6607] ? end_current_label_crit_section+0x149/0x170 [ 133.619616][ T6607] ? common_file_perm+0x198/0x1f0 [ 133.624682][ T6607] ? fsnotify_perm+0x271/0x5e0 [ 133.629661][ T6607] ? pipe_wait_writable+0x5c0/0x5c0 [ 133.634885][ T6607] io_read+0x659/0x1c40 [ 133.639095][ T6607] ? io_writev_prep_async+0x120/0x120 [ 133.644526][ T6607] ? verify_lock_unused+0x140/0x140 [ 133.649811][ T6607] ? seqcount_lockdep_reader_access+0x12b/0x1d0 [ 133.656090][ T6607] ? lockdep_hardirqs_on+0x98/0x150 [ 133.661331][ T6607] ? ktime_get_coarse_real_ts64+0x2f/0x120 [ 133.667189][ T6607] io_issue_sqe+0x295/0xc60 [ 133.671749][ T6607] io_req_task_submit+0x130/0x220 [ 133.676812][ T6607] io_poll_task_func+0xe15/0x14b0 [ 133.681977][ T6607] ? io_ringfd_unregister+0x300/0x300 [ 133.687469][ T6607] ? percpu_ref_get_many+0x21/0x1e0 [ 133.692694][ T6607] ? percpu_ref_get_many+0x182/0x1e0 [ 133.698009][ T6607] tctx_task_work+0x311/0x800 [ 133.702795][ T6607] ? percpu_ref_get_many+0x1e0/0x1e0 [ 133.708102][ T6607] ? _raw_spin_unlock_irq+0x23/0x50 [ 133.713304][ T6607] ? lockdep_hardirqs_on+0x98/0x150 [ 133.718503][ T6607] task_work_run+0x1d4/0x260 [ 133.723189][ T6607] ? task_work_cancel+0x220/0x220 [ 133.728226][ T6607] ? pipe_read+0x1330/0x1330 [ 133.732841][ T6607] get_signal+0x11da/0x1390 [ 133.737411][ T6607] ? lock_chain_count+0x20/0x20 [ 133.742265][ T6607] arch_do_signal_or_restart+0xc2/0x7b0 [ 133.747814][ T6607] ? get_sigframe_size+0x20/0x20 [ 133.752767][ T6607] ? ksys_write+0x201/0x260 [ 133.757313][ T6607] ? exit_to_user_mode_loop+0x3b/0x110 [ 133.762777][ T6607] exit_to_user_mode_loop+0x70/0x110 [ 133.768064][ T6607] exit_to_user_mode_prepare+0xee/0x180 [ 133.773612][ T6607] syscall_exit_to_user_mode+0x1a/0x50 [ 133.779099][ T6607] do_syscall_64+0x61/0xb0 [ 133.783538][ T6607] ? clear_bhb_loop+0x40/0x90 [ 133.788398][ T6607] ? clear_bhb_loop+0x40/0x90 [ 133.793077][ T6607] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 133.798983][ T6607] RIP: 0033:0x7f1e6c79ce59 [ 133.803400][ T6607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.823011][ T6607] RSP: 002b:00007f1e6d5f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.831428][ T6607] RAX: 0000000000000090 RBX: 00007f1e6ca16090 RCX: 00007f1e6c79ce59 [ 133.839401][ T6607] RDX: 0000000000000090 RSI: 00002000000024c0 RDI: 0000000000000004 [ 133.847371][ T6607] RBP: 00007f1e6d5f3090 R08: 0000000000000000 R09: 0000000000000000 [ 133.855350][ T6607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.863496][ T6607] R13: 00007f1e6ca16128 R14: 00007f1e6ca16090 R15: 00007fff74cbad98 [ 133.871570][ T6607] [ 134.186385][ T6611] loop1: detected capacity change from 0 to 4096 [ 136.461626][ T42] team0 (unregistering): Port device team_slave_1 removed [ 136.521035][ T42] team0 (unregistering): Port device team_slave_0 removed [ 136.571172][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 136.622339][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 136.975492][ T42] bond0 (unregistering): Released all slaves [ 137.092776][ T6619] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 137.095877][ T6422] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 137.110647][ T6619] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 137.121020][ T6619] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 137.164881][ T6622] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 137.171853][ T6422] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 137.199272][ T6422] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 137.210121][ T6622] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 137.237894][ T6622] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 137.314265][ T6422] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 137.506265][ T6631] loop0: detected capacity change from 0 to 4096 [ 137.541860][ T6631] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 137.604915][ T6422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.663580][ T6422] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.699092][ T6631] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 137.716115][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.724020][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.735317][ T6631] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 137.770241][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.777503][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.895822][ T6422] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 137.924522][ T6422] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 138.041793][ T6631] ntfs3: loop0: mft corrupted [ 138.252930][ T6642] vlan2: entered promiscuous mode [ 138.258023][ T6642] bridge0: entered promiscuous mode [ 138.610750][ T6422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.157698][ T6422] veth0_vlan: entered promiscuous mode [ 139.186769][ T6422] veth1_vlan: entered promiscuous mode [ 139.258061][ T6422] veth0_macvtap: entered promiscuous mode [ 139.287599][ T6422] veth1_macvtap: entered promiscuous mode [ 139.360685][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.390269][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.429728][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.446301][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.459344][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 139.470360][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.491141][ T6422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 139.599560][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.695385][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 139.793024][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 139.912208][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.019778][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.177259][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.349254][ T6422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 140.431698][ T6422] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.448688][ T6422] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.457459][ T6422] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.476819][ T6422] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.531371][ T6693] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 140.591884][ T6693] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 140.641932][ T6693] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 140.830183][ T5898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.853206][ T5898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.901815][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.918223][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.030273][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 141.131829][ T6717] FAULT_INJECTION: forcing a failure. [ 141.131829][ T6717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.147492][ T6717] CPU: 1 PID: 6717 Comm: syz.0.206 Not tainted syzkaller #0 [ 141.154843][ T6717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 141.164928][ T6717] Call Trace: [ 141.168225][ T6717] [ 141.171177][ T6717] dump_stack_lvl+0x18c/0x250 [ 141.175891][ T6717] ? show_regs_print_info+0x20/0x20 [ 141.181123][ T6717] ? load_image+0x420/0x420 [ 141.185651][ T6717] ? __lock_acquire+0x7d80/0x7d80 [ 141.190704][ T6717] ? snprintf+0xe9/0x140 [ 141.194981][ T6717] should_fail_ex+0x394/0x4c0 [ 141.199707][ T6717] _copy_to_user+0x2f/0xa0 [ 141.204168][ T6717] simple_read_from_buffer+0xe7/0x150 [ 141.209715][ T6717] proc_fail_nth_read+0x1e8/0x260 [ 141.214781][ T6717] ? proc_fault_inject_write+0x360/0x360 [ 141.220453][ T6717] ? fsnotify_perm+0x271/0x5e0 [ 141.225254][ T6717] ? proc_fault_inject_write+0x360/0x360 [ 141.230227][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 141.231084][ T6717] vfs_read+0x298/0x990 [ 141.231118][ T6717] ? kernel_read+0x1e0/0x1e0 [ 141.231138][ T6717] ? __fget_files+0x28/0x460 [ 141.231158][ T6717] ? __fget_files+0x3fc/0x460 [ 141.231182][ T6717] ? __fdget_pos+0x2a3/0x330 [ 141.231200][ T6717] ? ksys_read+0x74/0x260 [ 141.231222][ T6717] ksys_read+0x151/0x260 [ 141.231246][ T6717] ? vfs_write+0x9a0/0x9a0 [ 141.231268][ T6717] ? lockdep_hardirqs_on+0x98/0x150 [ 141.231295][ T6717] do_syscall_64+0x55/0xb0 [ 141.231312][ T6717] ? clear_bhb_loop+0x40/0x90 [ 141.231329][ T6717] ? clear_bhb_loop+0x40/0x90 [ 141.231347][ T6717] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 141.231370][ T6717] RIP: 0033:0x7f1e6c75d68e [ 141.231388][ T6717] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 141.231402][ T6717] RSP: 002b:00007f1e6d613fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 141.252938][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 141.256000][ T6717] RAX: ffffffffffffffda RBX: 00007f1e6d6146c0 RCX: 00007f1e6c75d68e [ 141.278654][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 141.283464][ T6717] RDX: 000000000000000f RSI: 00007f1e6d6140a0 RDI: 0000000000000007 [ 141.294551][ T8] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 141.297312][ T6717] RBP: 00007f1e6d614090 R08: 0000000000000000 R09: 0000000000000000 [ 141.297330][ T6717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.297339][ T6717] R13: 00007f1e6ca16038 R14: 00007f1e6ca15fa0 R15: 00007fff74cbad98 [ 141.297366][ T6717] [ 141.485853][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.521991][ T8] usb 2-1: Product: syz [ 141.526286][ T8] usb 2-1: Manufacturer: syz [ 141.553638][ T8] usb 2-1: SerialNumber: syz [ 141.575060][ T6726] loop0: detected capacity change from 0 to 512 [ 141.585595][ T8] usb 2-1: config 0 descriptor?? [ 141.633481][ T6726] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 141.660868][ T6726] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 141.835658][ T8] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 142.155259][ T8] usb 2-1: USB disconnect, device number 5 [ 143.167742][ T6770] netlink: 'syz.4.217': attribute type 2 has an invalid length. [ 143.598353][ T5757] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 143.828316][ T5757] usb 5-1: Using ep0 maxpacket: 32 [ 143.840540][ T5757] usb 5-1: config 6 has an invalid interface number: 132 but max is 0 [ 143.862747][ T5757] usb 5-1: config 6 has no interface number 0 [ 143.873813][ T5757] usb 5-1: config 6 interface 132 altsetting 6 endpoint 0xA has an invalid bInterval 248, changing to 7 [ 143.885546][ T5757] usb 5-1: config 6 interface 132 altsetting 6 endpoint 0x4 has invalid maxpacket 1040, setting to 64 [ 143.909234][ T5757] usb 5-1: config 6 interface 132 has no altsetting 0 [ 143.933231][ T5757] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=d3.7e [ 143.968468][ T5757] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.031715][ T5757] usb 5-1: Product: syz [ 144.035948][ T5757] usb 5-1: Manufacturer: syz [ 144.102179][ T5757] usb 5-1: SerialNumber: syz [ 144.825425][ T6796] FAULT_INJECTION: forcing a failure. [ 144.825425][ T6796] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.908394][ T6796] CPU: 1 PID: 6796 Comm: syz.0.223 Not tainted syzkaller #0 [ 144.915753][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 144.925836][ T6796] Call Trace: [ 144.929140][ T6796] [ 144.932279][ T6796] dump_stack_lvl+0x18c/0x250 [ 144.936996][ T6796] ? show_regs_print_info+0x20/0x20 [ 144.942248][ T6796] ? load_image+0x420/0x420 [ 144.946969][ T6796] ? __might_fault+0xaa/0x120 [ 144.951681][ T6796] ? __lock_acquire+0x7d80/0x7d80 [ 144.956738][ T6796] should_fail_ex+0x394/0x4c0 [ 144.961449][ T6796] _copy_from_user+0x2f/0xe0 [ 144.966074][ T6796] get_user_ifreq+0x6b/0x180 [ 144.970702][ T6796] sock_ioctl+0x6f1/0x7e0 [ 144.975151][ T6796] ? sock_poll+0x3e0/0x3e0 [ 144.979603][ T6796] ? bpf_lsm_file_ioctl+0x9/0x10 [ 144.984580][ T6796] ? security_file_ioctl+0x80/0xa0 [ 144.989720][ T6796] ? sock_poll+0x3e0/0x3e0 [ 144.994177][ T6796] __se_sys_ioctl+0xfd/0x170 [ 144.998814][ T6796] do_syscall_64+0x55/0xb0 [ 145.003280][ T6796] ? clear_bhb_loop+0x40/0x90 [ 145.007986][ T6796] ? clear_bhb_loop+0x40/0x90 [ 145.012696][ T6796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 145.018628][ T6796] RIP: 0033:0x7f1e6c79ce59 [ 145.023067][ T6796] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 145.032986][ T6800] kAFS: unable to lookup cell '(,c¾Ì' [ 145.042764][ T6796] RSP: 002b:00007f1e6d614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 145.042791][ T6796] RAX: ffffffffffffffda RBX: 00007f1e6ca15fa0 RCX: 00007f1e6c79ce59 [ 145.042802][ T6796] RDX: 0000200000001440 RSI: 00000000000089f0 RDI: 0000000000000003 [ 145.042813][ T6796] RBP: 00007f1e6d614090 R08: 0000000000000000 R09: 0000000000000000 [ 145.042823][ T6796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.042832][ T6796] R13: 00007f1e6ca16038 R14: 00007f1e6ca15fa0 R15: 00007fff74cbad98 [ 145.042856][ T6796] [ 145.610676][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 145.832103][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 145.861291][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 145.894836][ T8] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 145.907029][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 145.932908][ T8] usb 2-1: SerialNumber: syz [ 146.182423][ T8] usb 2-1: 0:2 : does not exist [ 146.234463][ T8] usb 2-1: unit 5: unexpected type 0x0a [ 146.337581][ T8] usb 2-1: USB disconnect, device number 6 [ 146.344265][ T5757] usbtest 5-1:6.132: couldn't get endpoints, -22 [ 146.372520][ T5757] usbtest: probe of 5-1:6.132 failed with error -22 [ 146.433017][ T5757] usb 5-1: USB disconnect, device number 2 [ 146.480332][ T5762] udevd[5762]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 147.082767][ T5898] Bluetooth: hci0: Frame reassembly failed (-84) [ 147.712956][ T6863] loop4: detected capacity change from 0 to 1024 [ 147.739767][ T6863] EXT4-fs: Ignoring removed orlov option [ 147.745555][ T6863] EXT4-fs: Ignoring removed orlov option [ 147.831951][ T6863] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.994641][ T6422] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.142402][ T28] audit: type=1326 audit(1782074028.916:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.3.243" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd5fd9ce59 code=0x0 [ 148.183296][ T6883] loop0: detected capacity change from 0 to 128 [ 148.209075][ T6883] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 148.461082][ T11] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 148.582251][ T6891] loop0: detected capacity change from 0 to 8192 [ 148.598304][ T6891] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 148.619912][ T6891] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 148.627196][ T6891] ntfs3: loop0: Failed to load $BadClus (-22). [ 149.026689][ T6891] loop0: detected capacity change from 0 to 40427 [ 149.049875][ T6891] F2FS-fs (loop0): build fault injection attr: rate: 14, type: 0x7ffff [ 149.089006][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 149.096634][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 149.196470][ T6891] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0xe4 [ 149.266194][ T6891] F2FS-fs (loop0): invalid crc value [ 149.290788][ T6900] loop4: detected capacity change from 0 to 64 [ 149.307602][ T6891] F2FS-fs (loop0): Found nat_bits in checkpoint [ 149.435322][ T6891] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x665/0x970 [ 149.486602][ T6891] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 149.520760][ T6891] F2FS-fs (loop0): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x885/0x1a80 [ 149.720434][ T55] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 149.966943][ T5770] syz-executor: attempt to access beyond end of device [ 149.966943][ T5770] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 150.041027][ T5770] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 150.080357][ T55] usb 5-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc [ 150.089880][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.106091][ T55] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280 [ 150.309724][ T6929] loop1: detected capacity change from 0 to 4096 [ 150.322503][ T55] gspca_sn9c20x: Write register 1000 failed -71 [ 150.335790][ T55] gspca_sn9c20x: Device initialization failed [ 150.342080][ T6929] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 150.351292][ T55] gspca_sn9c20x: probe of 5-1:252.0 failed with error -71 [ 150.372185][ T55] usb 5-1: USB disconnect, device number 3 [ 150.444171][ T6929] ntfs3: loop1: Failed to initialize $Secure (-22). [ 150.657936][ T6279] Bluetooth: hci0: Frame reassembly failed (-84) [ 150.780626][ T5757] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 150.952832][ T6939] mmap: syz.3.263 (6939) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 150.968375][ T5757] usb 2-1: Using ep0 maxpacket: 32 [ 150.985931][ T5757] usb 2-1: config 0 has an invalid interface number: 196 but max is 0 [ 150.995248][ T5757] usb 2-1: config 0 has no interface number 0 [ 151.003007][ T5757] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 151.016198][ T5757] usb 2-1: config 0 interface 196 has no altsetting 0 [ 151.028010][ T5757] usb 2-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 151.043132][ T5757] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.051551][ T5757] usb 2-1: Product: syz [ 151.055763][ T5757] usb 2-1: Manufacturer: syz [ 151.065899][ T5757] usb 2-1: SerialNumber: syz [ 151.073624][ T5757] usb 2-1: config 0 descriptor?? [ 151.084973][ T6929] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 151.249308][ T8] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 151.449996][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 151.460041][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 151.471041][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 255, setting to 64 [ 151.482021][ T8] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 151.491634][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.503226][ T8] usb 5-1: config 0 descriptor?? [ 151.509360][ T6942] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 151.540785][ T5757] ipheth 2-1:0.196: ipheth_get_macaddr: usb_control_msg: -71 [ 151.553262][ T5757] ipheth: probe of 2-1:0.196 failed with error -71 [ 151.566551][ T5757] usb 2-1: USB disconnect, device number 7 [ 151.778039][ T8] ath6kl: Failed to submit usb control message: -71 [ 151.785536][ T8] ath6kl: unable to send the bmi data to the device: -71 [ 151.794079][ T8] ath6kl: Unable to send get target info: -71 [ 151.815153][ T8] ath6kl: Failed to init ath6kl core: -71 [ 151.840857][ T8] ath6kl_usb: probe of 5-1:0.0 failed with error -71 [ 151.854046][ T8] usb 5-1: USB disconnect, device number 4 [ 152.398431][ T9] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 152.512411][ T6978] x_tables: duplicate underflow at hook 1 [ 152.601465][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 152.610165][ T9] usb 2-1: not running at top speed; connect to a high speed hub [ 152.619317][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.632869][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 152.644882][ T9] usb 2-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 152.654099][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.662341][ T9] usb 2-1: Product: syz [ 152.666963][ T9] usb 2-1: Manufacturer: syz [ 152.673932][ T9] usb 2-1: SerialNumber: syz [ 152.688365][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 152.892244][ T6983] loop0: detected capacity change from 0 to 64 [ 152.933829][ T9] usb 2-1: 0:1 : does not exist [ 152.943973][ T9] usb 2-1: 0:2 : does not exist [ 152.976223][ T9] usb 2-1: 6:0: failed to get current value for ch 1 (-22) [ 153.035073][ T9] usb 2-1: 6:0: failed to get current value for ch 0 (-22) [ 153.073658][ T9] usb 2-1: 6:0: failed to get current value for ch 1 (-22) [ 153.140940][ T9] usb 2-1: USB disconnect, device number 8 [ 153.198340][ T5807] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 153.235248][ T5762] udevd[5762]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 153.391311][ T5807] usb 1-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc [ 153.407485][ T5807] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.432202][ T5807] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280 [ 153.638300][ T5807] gspca_sn9c20x: Write register 1000 failed -71 [ 153.664627][ T5807] gspca_sn9c20x: Device initialization failed [ 153.675787][ T5807] gspca_sn9c20x: probe of 1-1:252.0 failed with error -71 [ 153.686396][ T5807] usb 1-1: USB disconnect, device number 4 [ 154.213712][ T7036] netlink: 'syz.3.286': attribute type 1 has an invalid length. [ 154.305717][ T7036] 8021q: adding VLAN 0 to HW filter on device bond1 [ 154.362679][ T7041] gretap1: entered promiscuous mode [ 154.377118][ T7041] bond1: (slave gretap1): making interface the new active one [ 154.393734][ T7041] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 154.413673][ T7036] macvlan2: entered promiscuous mode [ 154.419096][ T7036] macvlan2: entered allmulticast mode [ 154.425089][ T7036] bond1: entered promiscuous mode [ 154.434107][ T7036] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 154.443289][ T7036] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 154.461083][ T7036] bond1: left promiscuous mode [ 154.859869][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 154.895126][ T7050] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.290'. [ 155.068523][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 155.136586][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 155.207258][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.274529][ T9] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 155.372023][ T9] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 155.408418][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 155.426774][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 155.611565][ T9] usb 1-1: New USB device found, idVendor=09e8, idProduct=0021, bcdDevice= 0.40 [ 155.756984][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.834588][ T9] usb 1-1: Product: syz [ 155.863028][ T9] usb 1-1: Manufacturer: syz [ 155.867704][ T9] usb 1-1: SerialNumber: syz [ 156.286821][ T7048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.308462][ T5807] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 156.390844][ T7048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.652866][ T9] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 156.660832][ T5807] usb 2-1: Using ep0 maxpacket: 8 [ 156.671221][ T9] usb 1-1: MIDIStreaming interface descriptor not found [ 156.671750][ T5807] usb 2-1: config 1 has an invalid interface number: 128 but max is 1 [ 156.692450][ T5807] usb 2-1: config 1 has an invalid descriptor of length 76, skipping remainder of the config [ 156.704333][ T5807] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 156.728096][ T5807] usb 2-1: config 1 has no interface number 0 [ 156.734476][ T5807] usb 2-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.747845][ T9] usb 1-1: USB disconnect, device number 5 [ 156.765052][ T5807] usb 2-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.812692][ T5807] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 156.822582][ T5807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.836622][ T5807] usb 2-1: Product: syz [ 156.841305][ T5807] usb 2-1: Manufacturer: syz [ 156.846088][ T5807] usb 2-1: SerialNumber: syz [ 156.872735][ T6013] udevd[6013]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 156.892153][ T5807] cdc_wdm 2-1:1.128: skipping garbage [ 156.907047][ T5807] cdc_wdm 2-1:1.128: cdc-wdm0: USB WDM device [ 156.917058][ T5807] cdc_wdm 2-1:1.128: Unknown control protocol [ 157.105250][ T5807] usb 2-1: USB disconnect, device number 9 [ 159.276016][ T11] Bluetooth: hci0: Frame reassembly failed (-84) [ 159.498352][ T23] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 159.702736][ T23] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 159.716020][ T23] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 159.725865][ T23] usb 5-1: Product: syz [ 159.736696][ T23] usb 5-1: SerialNumber: syz [ 159.755869][ T23] usb 5-1: config 0 descriptor?? [ 159.906273][ T7116] netlink: 'syz.3.308': attribute type 21 has an invalid length. [ 159.919489][ T7116] netlink: 'syz.3.308': attribute type 20 has an invalid length. [ 159.927399][ T7116] IPv6: NLM_F_CREATE should be specified when creating new route [ 160.045712][ T7121] loop0: detected capacity change from 0 to 512 [ 160.105527][ T7121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 160.279040][ T7121] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.384097][ T7121] EXT4-fs warning (device loop0): verify_group_input:151: Cannot add at group 1768042286 (only 1 groups) [ 160.671521][ T7121] binder: 7119:7121 ioctl c0306201 2000000004c0 returned -14 [ 160.866730][ T7121] binder: 7119:7121 ioctl c0306201 2000000001c0 returned -14 [ 160.994589][ T7121] binder: 7119:7121 ioctl c0306201 200000000180 returned -14 [ 161.206326][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 161.328866][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 161.335728][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 162.618762][ T7174] loop0: detected capacity change from 0 to 2048 [ 162.851098][ T7172] NILFS error (device loop0): nilfs_lookup: deleted inode referenced: 12 [ 162.938556][ T7177] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 162.978759][ T5757] usb 5-1: USB disconnect, device number 5 [ 162.989984][ T7172] Remounting filesystem read-only [ 163.316957][ T7181] syzkaller0: entered promiscuous mode [ 163.349274][ T7181] syzkaller0: entered allmulticast mode [ 163.463281][ T7183] loop1: detected capacity change from 0 to 512 [ 163.471601][ T7183] ext4: Unknown parameter 'syzkaller0' [ 163.491397][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 163.526502][ T7069] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 163.570796][ T7183] binder: 7182:7183 ioctl c0306201 2000000004c0 returned -14 [ 163.595858][ T7183] binder: 7182:7183 ioctl c0306201 2000000001c0 returned -14 [ 163.622517][ T7183] binder: 7182:7183 ioctl c0306201 200000000180 returned -14 [ 164.044823][ T7210] syzkaller0: entered promiscuous mode [ 164.063541][ T7210] syzkaller0: entered allmulticast mode [ 164.358255][ T5879] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 164.578548][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 164.602663][ T5879] usb 5-1: config 7 has an invalid interface number: 208 but max is 0 [ 164.666488][ T5879] usb 5-1: config 7 has no interface number 0 [ 164.757887][ T5879] usb 5-1: config 7 interface 208 altsetting 0 endpoint 0xD has an invalid bInterval 252, changing to 7 [ 164.948952][ T5879] usb 5-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice=5f.ef [ 165.102884][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.168384][ T5879] usb 5-1: Product: syz [ 165.172620][ T5879] usb 5-1: Manufacturer: syz [ 165.226870][ T5879] usb 5-1: SerialNumber: syz [ 165.254380][ T7235] netlink: 16 bytes leftover after parsing attributes in process `syz.3.330'. [ 165.498314][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 166.100982][ T5879] appletouch 5-1:7.208: Could not find int-in endpoint [ 166.270438][ T5879] appletouch: probe of 5-1:7.208 failed with error -5 [ 166.448976][ T5879] usbhid 5-1:7.208: couldn't find an input interrupt endpoint [ 166.776766][ T5879] usb 5-1: USB disconnect, device number 6 [ 167.288239][ T5879] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 167.495861][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 167.524912][ T5879] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 167.557204][ T5879] usb 5-1: config 0 has no interface number 0 [ 167.594722][ T5879] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 167.608608][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.628085][ T5879] usb 5-1: Product: syz [ 167.635947][ T5879] usb 5-1: Manufacturer: syz [ 167.645303][ T5879] usb 5-1: SerialNumber: syz [ 167.660892][ T5879] usb 5-1: config 0 descriptor?? [ 167.705633][ T5879] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 168.004263][ T5879] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 168.029425][ T5879] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 168.896515][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 168.911529][ T5879] usb 5-1: USB disconnect, device number 7 [ 169.116524][ T5879] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 169.506265][ T5879] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 169.758090][ T5879] quatech2 5-1:0.51: device disconnected [ 169.900546][ T7268] loop1: detected capacity change from 0 to 40427 [ 169.945759][ T7268] F2FS-fs (loop1): invalid crc value [ 169.984287][ T7268] F2FS-fs (loop1): Found nat_bits in checkpoint [ 170.157418][ T61] Bluetooth: hci0: Frame reassembly failed (-84) [ 170.258875][ T7268] F2FS-fs (loop1): Start checkpoint disabled! [ 170.319740][ T7268] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 170.728485][ T55] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 170.895171][ T7319] netlink: 12 bytes leftover after parsing attributes in process `syz.3.348'. [ 170.920342][ T55] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.941874][ T55] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.968311][ T55] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 170.977438][ T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.006738][ T55] usb 2-1: config 0 descriptor?? [ 171.093256][ T7307] loop0: detected capacity change from 0 to 40427 [ 171.107499][ T7307] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 171.123486][ T7307] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 171.150243][ T7307] F2FS-fs (loop0): Found nat_bits in checkpoint [ 171.222457][ T7307] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 171.238237][ T7307] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 171.252295][ T7326] fuse: Unknown parameter '000000000000000000060x0000000000000006' [ 171.367998][ T5770] syz-executor: attempt to access beyond end of device [ 171.367998][ T5770] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 171.396761][ T5770] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 171.640344][ T55] usbhid 2-1:0.0: can't add hid device: -71 [ 171.646602][ T55] usbhid: probe of 2-1:0.0 failed with error -71 [ 171.682332][ T55] usb 2-1: USB disconnect, device number 10 [ 172.208640][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 172.324025][ T49] kworker/u4:3: attempt to access beyond end of device [ 172.324025][ T49] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 172.346124][ T49] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 172.356046][ T49] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 172.369523][ T49] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 173.163837][ T7348] loop4: detected capacity change from 0 to 32768 [ 173.874601][ T5879] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 174.051899][ T7368] netlink: 40 bytes leftover after parsing attributes in process `syz.0.363'. [ 174.088358][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 174.098739][ T7370] netlink: 6 bytes leftover after parsing attributes in process `syz.3.364'. [ 174.102362][ T5879] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 174.120130][ T7370] netlink: 6 bytes leftover after parsing attributes in process `syz.3.364'. [ 174.143629][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.170260][ T5879] usb 5-1: Product: syz [ 174.174494][ T5879] usb 5-1: Manufacturer: syz [ 174.188458][ T5879] usb 5-1: SerialNumber: syz [ 174.204419][ T5879] usb 5-1: config 0 descriptor?? [ 174.225877][ T5879] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 174.416398][ T7361] loop1: detected capacity change from 0 to 40427 [ 174.432406][ T7361] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 174.450700][ T7361] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 174.488236][ T7361] F2FS-fs (loop1): Found nat_bits in checkpoint [ 174.574848][ T7361] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 174.584573][ T7361] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 174.695900][ T5769] syz-executor: attempt to access beyond end of device [ 174.695900][ T5769] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 174.713586][ T5769] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 175.033495][ T7384] loop1: detected capacity change from 0 to 4096 [ 175.041216][ T7384] ntfs3: Unknown parameter 'á' [ 175.051358][ T7384] netlink: 60 bytes leftover after parsing attributes in process `syz.1.370'. [ 175.368868][ T7392] netlink: 6 bytes leftover after parsing attributes in process `syz.3.374'. [ 175.405976][ T7392] netlink: 6 bytes leftover after parsing attributes in process `syz.3.374'. [ 175.785114][ T5879] gspca_ov534_9: reg_r err -32 [ 176.289274][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 176.296818][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 176.416280][ T7412] netlink: 6 bytes leftover after parsing attributes in process `syz.1.379'. [ 176.428297][ T5879] gspca_ov534_9: Unknown sensor 0000 [ 176.428383][ T5879] ov534_9: probe of 5-1:0.0 failed with error -22 [ 176.463728][ T7412] netlink: 6 bytes leftover after parsing attributes in process `syz.1.379'. [ 176.591557][ T3461] Bluetooth: hci0: Frame reassembly failed (-84) [ 176.857017][ T5827] usb 5-1: USB disconnect, device number 8 [ 177.458643][ T7444] loop1: detected capacity change from 0 to 256 [ 177.530153][ T7447] nbd: couldn't find a device at index 16 [ 177.654136][ T7448] loop4: detected capacity change from 0 to 256 [ 177.792615][ T7448] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 177.793332][ T7451] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 177.817036][ T7451] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 177.827308][ T7451] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 177.838599][ T28] audit: type=1800 audit(1782074059.615:6): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.386" name="file1" dev="loop1" ino=1048599 res=0 errno=0 [ 177.860296][ T7451] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 177.871322][ T7451] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 177.881533][ T7451] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 178.608245][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 178.608274][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 178.999868][ T7470] block device autoloading is deprecated and will be removed. [ 179.704613][ T7488] FAULT_INJECTION: forcing a failure. [ 179.704613][ T7488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.718008][ T7488] CPU: 1 PID: 7488 Comm: syz.1.400 Not tainted syzkaller #0 [ 179.725417][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 179.735592][ T7488] Call Trace: [ 179.738979][ T7488] [ 179.742010][ T7488] dump_stack_lvl+0x18c/0x250 [ 179.746715][ T7488] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 179.752378][ T7488] ? show_regs_print_info+0x20/0x20 [ 179.757680][ T7488] ? load_image+0x420/0x420 [ 179.762224][ T7488] should_fail_ex+0x394/0x4c0 [ 179.766925][ T7488] _copy_to_user+0x2f/0xa0 [ 179.771363][ T7488] do_tcp_getsockopt+0x15c9/0x25b0 [ 179.776597][ T7488] ? tcp_get_timestamping_opt_stats+0x12b0/0x12b0 [ 179.783042][ T7488] ? sock_recv_errqueue+0x510/0x5e0 [ 179.788383][ T7488] ? aa_sk_perm+0x970/0x970 [ 179.793009][ T7488] ? verify_lock_unused+0x140/0x140 [ 179.798257][ T7488] ? asan.module_dtor+0x20/0x20 [ 179.803142][ T7488] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 179.809176][ T7488] ? __might_fault+0xaa/0x120 [ 179.813873][ T7488] ? __lock_acquire+0x7d80/0x7d80 [ 179.818913][ T7488] ? syscall_enter_from_user_mode+0x40/0x80 [ 179.824833][ T7488] tcp_getsockopt+0x85/0x130 [ 179.829560][ T7488] ? sock_recv_errqueue+0x510/0x5e0 [ 179.834788][ T7488] ? sock_recv_errqueue+0x510/0x5e0 [ 179.840013][ T7488] ? sock_recv_errqueue+0x5e0/0x5e0 [ 179.845318][ T7488] do_sock_getsockopt+0x379/0x450 [ 179.850539][ T7488] ? __ia32_sys_setsockopt+0x200/0x200 [ 179.856018][ T7488] ? syscall_enter_from_user_mode+0x40/0x80 [ 179.861952][ T7488] __x64_sys_getsockopt+0x1d6/0x280 [ 179.867172][ T7488] ? syscall_enter_from_user_mode+0x40/0x80 [ 179.873101][ T7488] ? syscall_enter_from_user_mode+0x40/0x80 [ 179.879019][ T7488] do_syscall_64+0x55/0xb0 [ 179.883450][ T7488] ? clear_bhb_loop+0x40/0x90 [ 179.888136][ T7488] ? clear_bhb_loop+0x40/0x90 [ 179.892909][ T7488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.898825][ T7488] RIP: 0033:0x7f786f19ce59 [ 179.903260][ T7488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.922989][ T7488] RSP: 002b:00007f787008b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 179.931437][ T7488] RAX: ffffffffffffffda RBX: 00007f786f416180 RCX: 00007f786f19ce59 [ 179.939469][ T7488] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000005 [ 179.947712][ T7488] RBP: 00007f787008b090 R08: 0000200000001040 R09: 0000000000000000 [ 179.955894][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.963895][ T7488] R13: 00007f786f416218 R14: 00007f786f416180 R15: 00007fffc0ee7198 [ 179.971907][ T7488] [ 180.185258][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 180.210925][ T12] Bluetooth: hci0: Frame reassembly failed (-90) [ 180.231896][ T7490] Bluetooth: hci0: Frame reassembly failed (-84) [ 180.360363][ T7480] loop4: detected capacity change from 0 to 40427 [ 180.374597][ T7480] F2FS-fs (loop4): invalid crc value [ 180.391068][ T7480] F2FS-fs (loop4): Found nat_bits in checkpoint [ 180.546471][ T7480] F2FS-fs (loop4): Start checkpoint disabled! [ 180.578048][ T7480] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 180.797266][ T143] kworker/u4:5: attempt to access beyond end of device [ 180.797266][ T143] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 180.816471][ T143] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 180.825811][ T143] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 181.731594][ T7505] comedi: valid board names for 8255 driver are: [ 181.758557][ T7505] 8255 [ 181.766948][ T7505] comedi: valid board names for vmk80xx driver are: [ 181.790743][ T7505] vmk80xx [ 181.797297][ T7505] comedi: valid board names for usbduxsigma driver are: [ 181.816681][ T7505] usbduxsigma [ 181.827010][ T7505] comedi: valid board names for usbduxfast driver are: [ 181.978554][ T7505] usbduxfast [ 182.000234][ T7505] comedi: valid board names for usbdux driver are: [ 182.019458][ T7505] usbdux [ 182.025827][ T7505] comedi: valid board names for ni6501 driver are: [ 182.045032][ T7505] ni6501 [ 182.085576][ T7505] comedi: valid board names for dt9812 driver are: [ 182.096644][ T7505] dt9812 [ 182.101041][ T7505] comedi: valid board names for ni_labpc_cs driver are: [ 182.114738][ T7505] ni_labpc_cs [ 182.118866][ T7505] comedi: valid board names for ni_daq_700 driver are: [ 182.126852][ T7505] ni_daq_700 [ 182.130940][ T7505] comedi: valid board names for labpc_pci driver are: [ 182.137908][ T7505] labpc_pci [ 182.143772][ T7505] comedi: valid board names for adl_pci9118 driver are: [ 182.153238][ T7505] pci9118dg [ 182.158035][ T7505] pci9118hg [ 182.163981][ T7505] pci9118hr [ 182.167436][ T7505] comedi: valid board names for 8255_pci driver are: [ 182.176744][ T7505] 8255_pci [ 182.181345][ T7505] comedi: valid board names for s526 driver are: [ 182.217982][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 182.237907][ T7505] s526 [ 182.254509][ T7505] comedi: valid board names for multiq3 driver are: [ 182.288423][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 182.409530][ T7505] multiq3 [ 182.552144][ T7505] comedi: valid board names for pcmuio driver are: [ 182.702582][ T7505] pcmuio48 [ 182.705776][ T7505] pcmuio96 [ 182.717693][ T7505] comedi: valid board names for pcmmio driver are: [ 182.748235][ T7505] pcmmio [ 182.758418][ T7505] comedi: valid board names for pcmda12 driver are: [ 182.768604][ T7505] pcmda12 [ 182.775018][ T7505] comedi: valid board names for pcmad driver are: [ 182.789794][ T7505] pcmad12 [ 182.796439][ T7505] pcmad16 [ 182.820057][ T7505] comedi: valid board names for ni_labpc driver are: [ 182.827058][ T7505] lab-pc-1200 [ 182.880381][ T7505] lab-pc-1200ai [ 182.883994][ T7505] lab-pc+ [ 182.887030][ T7505] comedi: valid board names for atmio16 driver are: [ 182.963086][ T7505] atmio16 [ 182.966230][ T7505] atmio16d [ 182.992326][ T7505] comedi: valid board names for ni_at_ao driver are: [ 183.009734][ T7505] at-ao-6 [ 183.012819][ T7505] at-ao-10 [ 183.058360][ T7505] comedi: valid board names for ni_at_a2150 driver are: [ 183.066446][ T7505] ni_at_a2150 [ 183.086497][ T7520] FAULT_INJECTION: forcing a failure. [ 183.086497][ T7520] name failslab, interval 1, probability 0, space 0, times 0 [ 183.099517][ T7505] comedi: valid board names for adq12b driver are: [ 183.099565][ T7505] adq12b [ 183.099573][ T7505] comedi: valid board names for mpc624 driver are: [ 183.099582][ T7505] mpc624 [ 183.099589][ T7505] comedi: valid board names for c6xdigio driver are: [ 183.099598][ T7505] c6xdigio [ 183.099604][ T7505] comedi: valid board names for aio_iiro_16 driver are: [ 183.099613][ T7505] aio_iiro_16 [ 183.099620][ T7505] comedi: valid board names for aio_aio12_8 driver are: [ 183.099628][ T7505] aio_aio12_8 [ 183.099634][ T7505] aio_ai12_8 [ 183.099640][ T7505] aio_ao12_4 [ 183.099647][ T7505] comedi: valid board names for fl512 driver are: [ 183.099655][ T7505] fl512 [ 183.099660][ T7505] comedi: valid board names for dmm32at driver are: [ 183.099669][ T7505] dmm32at [ 183.099675][ T7505] comedi: valid board names for dt282x driver are: [ 183.115134][ T7520] CPU: 1 PID: 7520 Comm: syz.4.410 Not tainted syzkaller #0 [ 183.188647][ T7520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 183.198724][ T7520] Call Trace: [ 183.202026][ T7520] [ 183.204976][ T7520] dump_stack_lvl+0x18c/0x250 [ 183.209688][ T7520] ? show_regs_print_info+0x20/0x20 [ 183.214912][ T7520] ? load_image+0x420/0x420 [ 183.219439][ T7520] ? __might_sleep+0xe0/0xe0 [ 183.224062][ T7520] ? __lock_acquire+0x7d80/0x7d80 [ 183.229116][ T7520] should_fail_ex+0x394/0x4c0 [ 183.233819][ T7520] should_failslab+0x9/0x20 [ 183.238348][ T7520] slab_pre_alloc_hook+0x59/0x300 [ 183.243397][ T7520] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 183.249174][ T7520] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 183.254916][ T7520] __kmem_cache_alloc_node+0x53/0x250 [ 183.260321][ T7520] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 183.266066][ T7520] __kmalloc+0xa7/0x240 [ 183.270263][ T7520] tomoyo_realpath_from_path+0xe6/0x5c0 [ 183.275971][ T7520] ? tomoyo_domain+0xd6/0x120 [ 183.280693][ T7520] tomoyo_path_number_perm+0x248/0x5e0 [ 183.286187][ T7520] ? tomoyo_path_number_perm+0x217/0x5e0 [ 183.291845][ T7520] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 183.297393][ T7520] ? ksys_write+0x1d2/0x260 [ 183.301956][ T7520] ? __fget_files+0x28/0x460 [ 183.306592][ T7520] security_file_ioctl+0x70/0xa0 [ 183.311554][ T7520] __se_sys_ioctl+0x48/0x170 [ 183.316171][ T7520] do_syscall_64+0x55/0xb0 [ 183.320608][ T7520] ? clear_bhb_loop+0x40/0x90 [ 183.325302][ T7520] ? clear_bhb_loop+0x40/0x90 [ 183.330038][ T7520] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 183.335971][ T7520] RIP: 0033:0x7f8c5fb9ce59 [ 183.340415][ T7520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 183.360046][ T7520] RSP: 002b:00007f8c60ac8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 183.368490][ T7520] RAX: ffffffffffffffda RBX: 00007f8c5fe15fa0 RCX: 00007f8c5fb9ce59 [ 183.376490][ T7520] RDX: 0000200000000140 RSI: 0000000000005412 RDI: 0000000000000003 [ 183.384480][ T7520] RBP: 00007f8c60ac8090 R08: 0000000000000000 R09: 0000000000000000 [ 183.392570][ T7520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.400664][ T7520] R13: 00007f8c5fe16038 R14: 00007f8c5fe15fa0 R15: 00007ffcc422b038 [ 183.408676][ T7520] [ 183.413921][ T7520] ERROR: Out of memory at tomoyo_realpath_from_path. [ 183.598723][ T7505] dt2821 [ 183.605049][ T7505] dt2821-f [ 183.753629][ T7505] dt2821-g [ 183.756811][ T7505] dt2823 [ 183.759968][ T7505] dt2824-pgh [ 183.763724][ T7505] dt2824-pgl [ 183.772629][ T7505] dt2825 [ 183.775621][ T7505] dt2827 [ 183.792361][ T7505] dt2828 [ 183.812599][ T7505] dt2829 [ 183.815610][ T7505] dt21-ez [ 183.843035][ T7505] dt23-ez [ 183.846125][ T7505] dt24-ez [ 183.892571][ T7505] dt24-ez-pgl [ 183.921220][ T7505] comedi: valid board names for dt2817 driver are: [ 183.981022][ T7505] dt2817 [ 184.017259][ T7505] comedi: valid board names for dt2815 driver are: [ 184.048743][ T7505] dt2815 [ 184.051841][ T7505] comedi: valid board names for dt2814 driver are: [ 184.074118][ T7505] dt2814 [ 184.077117][ T7505] comedi: valid board names for dt2811 driver are: [ 184.095357][ T7505] dt2811-pgh [ 184.111647][ T7505] dt2811-pgl [ 184.114999][ T7505] comedi: valid board names for dt2801 driver are: [ 184.180244][ T7505] dt2801 [ 184.183248][ T7505] comedi: valid board names for das6402 driver are: [ 184.214511][ T7505] das6402-12 [ 184.237516][ T7505] das6402-16 [ 184.246716][ T7505] comedi: valid board names for das1800 driver are: [ 184.282937][ T7505] das-1701st [ 184.300981][ T7505] das-1701st-da [ 184.322709][ T7505] das-1702st [ 184.343367][ T7505] das-1702st-da [ 184.347156][ T7505] das-1702hr [ 184.386130][ T7505] das-1702hr-da [ 184.406500][ T7505] das-1701ao [ 184.433768][ T7505] das-1702ao [ 184.454786][ T7505] das-1801st [ 184.474307][ T7505] das-1801st-da [ 184.479807][ T7518] loop0: detected capacity change from 0 to 40427 [ 184.487883][ T7518] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 184.504272][ T7505] das-1802st [ 184.517005][ T7518] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 184.525963][ T7505] das-1802st-da [ 184.541998][ T7505] das-1802hr [ 184.556218][ T7518] F2FS-fs (loop0): Found nat_bits in checkpoint [ 184.556725][ T7505] das-1802hr-da [ 184.595986][ T7505] das-1801hc [ 184.609470][ T7505] das-1802hc [ 184.626202][ T7505] das-1801ao [ 184.637517][ T7505] das-1802ao [ 184.663455][ T7505] comedi: valid board names for das800 driver are: [ 184.693974][ T7505] das-800 [ 184.707165][ T7505] cio-das800 [ 184.713113][ T7518] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 184.729657][ T7518] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 184.778076][ T7505] das-801 [ 184.784250][ T7505] cio-das801 [ 184.799981][ T7505] das-802 [ 184.813724][ T7505] cio-das802 [ 184.827663][ T7505] cio-das802/16 [ 184.835042][ T7505] comedi: valid board names for isa-das08 driver are: [ 184.880394][ T7505] isa-das08 [ 184.894815][ T7505] das08-pgm [ 184.910687][ T7505] das08-pgh [ 184.914043][ T7505] das08-pgl [ 184.923144][ T5770] syz-executor: attempt to access beyond end of device [ 184.923144][ T5770] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 184.956979][ T5770] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 184.982299][ T7505] das08-aoh [ 185.005905][ T7505] das08-aol [ 185.014161][ T7505] das08-aom [ 185.029029][ T7505] das08/jr-ao [ 185.032570][ T7505] das08jr-16-ao [ 185.037755][ T7505] pc104-das08 [ 185.047876][ T7505] das08jr/16 [ 185.057993][ T7505] comedi: valid board names for das16m1 driver are: [ 185.068680][ T7505] das16m1 [ 185.078366][ T7505] comedi: valid board names for dac02 driver are: [ 185.090293][ T7505] dac02 [ 185.098280][ T7505] comedi: valid board names for rti802 driver are: [ 185.108294][ T7505] rti802 [ 185.115056][ T7505] comedi: valid board names for rti800 driver are: [ 185.122766][ T7505] rti800 [ 185.127432][ T7505] rti815 [ 185.130567][ T7505] comedi: valid board names for pcm3724 driver are: [ 185.137358][ T7505] pcm3724 [ 185.146286][ T7505] comedi: valid board names for pcl818 driver are: [ 185.153633][ T7505] pcl818l [ 185.156912][ T7505] pcl818h [ 185.164883][ T7505] pcl818hd [ 185.168641][ T7505] pcl818hg [ 185.171887][ T7505] pcl818 [ 185.174957][ T7505] pcl718 [ 185.177971][ T7505] pcm3718 [ 185.185683][ T7505] comedi: valid board names for pcl816 driver are: [ 185.194385][ T7505] pcl816 [ 185.197505][ T7505] pcl814b [ 185.202353][ T7505] comedi: valid board names for pcl812 driver are: [ 185.210618][ T7505] pcl812 [ 185.213661][ T7505] pcl812pg [ 185.216858][ T7505] acl8112pg [ 185.220741][ T7505] acl8112dg [ 185.224045][ T7505] acl8112hg [ 185.233244][ T7505] a821pgl [ 185.236492][ T7505] a821pglnda [ 185.241063][ T7505] a821pgh [ 185.247514][ T7505] a822pgl [ 185.258809][ T7505] a822pgh [ 185.265296][ T7505] a823pgl [ 185.276251][ T7505] a823pgh [ 185.283836][ T7505] pcl813 [ 185.291072][ T7505] pcl813b [ 185.294173][ T7505] acl8113 [ 185.297238][ T7505] iso813 [ 185.308491][ T7505] acl8216 [ 185.311572][ T7505] a826pg [ 185.314519][ T7505] comedi: valid board names for pcl730 driver are: [ 185.352369][ T7505] pcl730 [ 185.355382][ T7505] iso730 [ 185.359080][ T7505] acl7130 [ 185.368347][ T7505] pcm3730 [ 185.371520][ T7505] pcl725 [ 185.374477][ T7505] p8r8dio [ 185.377523][ T7505] acl7225b [ 185.393985][ T7505] p16r16dio [ 185.558300][ T7505] pcl733 [ 185.561739][ T7505] pcl734 [ 185.586671][ T7505] opmm-1616-xt [ 185.618724][ T7505] pearl-mm-p [ 185.622332][ T7505] ir104-pbf [ 185.625628][ T7505] comedi: valid board names for pcl726 driver are: [ 185.634063][ T7505] pcl726 [ 185.644253][ T7505] pcl727 [ 185.647250][ T7505] pcl728 [ 185.650688][ T7505] acl6126 [ 185.653837][ T7505] acl6128 [ 185.656950][ T7505] comedi: valid board names for pcl724 driver are: [ 185.668400][ T7505] pcl724 [ 185.671401][ T7505] pcl722 [ 185.674355][ T7505] pcl731 [ 185.819733][ T7505] acl7122 [ 185.902346][ T7505] acl7124 [ 185.959965][ T7505] pet48dio [ 186.020885][ T7505] pcmio48 [ 186.078242][ T7505] onyx-mm-dio [ 186.141633][ T7505] comedi: valid board names for pcl711 driver are: [ 186.271815][ T7505] pcl711 [ 186.274925][ T7505] pcl711b [ 186.277997][ T7505] acl8112hg [ 186.314081][ T7505] acl8112dg [ 186.317356][ T7505] comedi: valid board names for amplc_pc263 driver are: [ 186.325676][ T7505] pc263 [ 186.330830][ T7505] comedi: valid board names for amplc_pc236 driver are: [ 186.348732][ T7505] pc36at [ 186.358096][ T7505] comedi: valid board names for amplc_dio200 driver are: [ 186.390535][ T7353] Bluetooth: hci0: Frame reassembly failed (-84) [ 186.406830][ T7505] pc212e [ 186.409961][ T7505] pc214e [ 186.412926][ T7505] pc215e [ 186.415875][ T7505] pc218e [ 186.419587][ T7505] pc272e [ 186.422553][ T7505] comedi: valid board names for comedi_parport driver are: [ 186.429808][ T7505] comedi_parport [ 186.433461][ T7505] comedi: valid board names for comedi_test driver are: [ 186.435372][ T7546] Bluetooth: hci0: Frame reassembly failed (-90) [ 186.440481][ T7505] comedi_test [ 186.440497][ T7505] comedi: valid board names for comedi_bond driver are: [ 186.440505][ T7505] comedi_bond [ 188.448266][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 188.468594][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 189.496112][ T7585] loop1: detected capacity change from 0 to 1024 [ 189.513150][ T7585] EXT4-fs: Ignoring removed nomblk_io_submit option [ 189.571031][ T7585] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.881621][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.438501][ T28] audit: type=1326 audit(1782074072.185:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.1.439" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f786f19ce59 code=0x0 [ 191.607175][ T7627] loop4: detected capacity change from 0 to 256 [ 192.002198][ T7636] netlink: 32 bytes leftover after parsing attributes in process `syz.4.446'. [ 192.366979][ T7353] Bluetooth: hci0: Frame reassembly failed (-84) [ 192.391694][ T7642] Bluetooth: hci0: Frame reassembly failed (-90) [ 193.692659][ T7640] loop4: detected capacity change from 0 to 40427 [ 193.703193][ T7640] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 193.710476][ T7640] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 193.727739][ T7640] F2FS-fs (loop4): Found nat_bits in checkpoint [ 193.825517][ T7640] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 193.837758][ T7640] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 193.944500][ T6422] syz-executor: attempt to access beyond end of device [ 193.944500][ T6422] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 193.980291][ T6422] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 194.368270][ T5777] Bluetooth: hci0: command 0x1003 tx timeout [ 194.375376][ T5780] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 194.558005][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.564508][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.878402][ T7680] netlink: 76 bytes leftover after parsing attributes in process `syz.4.462'. [ 195.328781][ T23] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 195.509794][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 195.517651][ T23] usb 1-1: unable to get BOS descriptor or descriptor too short [ 195.527191][ T23] usb 1-1: config 8 has an invalid interface number: 251 but max is 0 [ 195.536061][ T23] usb 1-1: config 8 has no interface number 0 [ 195.542496][ T23] usb 1-1: config 8 interface 251 has no altsetting 0 [ 195.618257][ T55] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 195.651829][ T23] usb 1-1: string descriptor 0 read error: -22 [ 195.659149][ T23] usb 1-1: New USB device found, idVendor=10c4, idProduct=89fb, bcdDevice=4a.8e [ 195.668699][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.684234][ T23] cp210x 1-1:8.251: cp210x converter detected [ 195.838556][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 195.867724][ T55] usb 5-1: config 3 has an invalid interface number: 67 but max is 0 [ 195.887827][ T55] usb 5-1: config 3 has no interface number 0 [ 195.907741][ T55] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 195.925359][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.978333][ T55] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 196.156678][ T55] gspca_nw80x: reg_w err -71 [ 196.168362][ T55] nw80x: probe of 5-1:3.67 failed with error -71 [ 196.196864][ T55] usb 5-1: USB disconnect, device number 9 [ 196.420931][ T23] cp210x 1-1:8.251: failed to get vendor val 0x370b size 1: -71 [ 196.446976][ T23] cp210x 1-1:8.251: querying part number failed [ 196.481467][ T23] usb 1-1: cp210x converter now attached to ttyUSB0 [ 196.501744][ T23] usb 1-1: USB disconnect, device number 6 [ 196.524843][ T23] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 196.546489][ T23] cp210x 1-1:8.251: device disconnected [ 196.610550][ T5782] Bluetooth: hci1: command 0x0406 tx timeout [ 196.616696][ T5775] Bluetooth: hci2: command 0x0406 tx timeout [ 196.625748][ T5775] Bluetooth: hci3: command 0x0406 tx timeout [ 196.634508][ T7704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.470'. [ 196.660757][ T28] audit: type=1326 audit(1782074080.434:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7705 comm="syz.0.469" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1e6c79ce59 code=0x0 [ 198.080068][ T7729] netlink: 32 bytes leftover after parsing attributes in process `syz.4.476'. [ 199.769647][ T7736] loop4: detected capacity change from 0 to 40427 [ 201.416281][ T7736] F2FS-fs (loop4): invalid crc value [ 201.436831][ T7736] F2FS-fs (loop4): Found nat_bits in checkpoint [ 201.641958][ T7736] F2FS-fs (loop4): Start checkpoint disabled! [ 201.707882][ T7736] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 201.781920][ T7734] syz.4.478: attempt to access beyond end of device [ 201.781920][ T7734] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 202.607520][ T28] audit: type=1326 audit(1782074087.384:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.3.482" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd5fd9ce59 code=0x0 [ 202.609095][ T7735] syz.4.478 (7735): drop_caches: 1 [ 202.747153][ T61] kworker/u4:4: attempt to access beyond end of device [ 202.747153][ T61] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 202.761535][ T61] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 202.814314][ T61] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 202.873540][ T61] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 203.658252][ T9] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 203.852964][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 203.881548][ T9] usb 1-1: config 0 has no interface number 0 [ 203.902929][ T9] usb 1-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 203.938453][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.967801][ T9] usb 1-1: Product: syz [ 203.993644][ T9] usb 1-1: Manufacturer: syz [ 204.003375][ T9] usb 1-1: SerialNumber: syz [ 204.025542][ T9] usb 1-1: config 0 descriptor?? [ 204.042019][ T9] usb 1-1: selecting invalid altsetting 1 [ 204.064081][ T7769] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 204.064176][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 204.085114][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 205.437600][ T9] DVB: Unable to find symbol stv0299_attach() [ 208.284380][ T9] DVB: Unable to find symbol tda8083_attach() [ 208.299611][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 208.322595][ T9] usb 1-1: USB disconnect, device number 7 [ 210.091743][ T7814] FAULT_INJECTION: forcing a failure. [ 210.091743][ T7814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.105200][ T7814] CPU: 0 PID: 7814 Comm: syz.0.500 Not tainted syzkaller #0 [ 210.112513][ T7814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 210.122594][ T7814] Call Trace: [ 210.125872][ T7814] [ 210.128810][ T7814] dump_stack_lvl+0x18c/0x250 [ 210.133496][ T7814] ? show_regs_print_info+0x20/0x20 [ 210.138695][ T7814] ? load_image+0x420/0x420 [ 210.143209][ T7814] ? __might_fault+0xaa/0x120 [ 210.147990][ T7814] ? __lock_acquire+0x7d80/0x7d80 [ 210.153029][ T7814] should_fail_ex+0x394/0x4c0 [ 210.157741][ T7814] _copy_from_user+0x2f/0xe0 [ 210.162369][ T7814] core_sys_select+0x680/0xa80 [ 210.167182][ T7814] ? poll_select_set_timeout+0x150/0x150 [ 210.172871][ T7814] ? sigprocmask+0x190/0x190 [ 210.177502][ T7814] __se_sys_pselect6+0x272/0x340 [ 210.182483][ T7814] ? __x64_sys_pselect6+0xf0/0xf0 [ 210.187547][ T7814] ? __x64_sys_pselect6+0x21/0xf0 [ 210.192614][ T7814] do_syscall_64+0x55/0xb0 [ 210.197058][ T7814] ? clear_bhb_loop+0x40/0x90 [ 210.201741][ T7814] ? clear_bhb_loop+0x40/0x90 [ 210.206432][ T7814] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 210.212342][ T7814] RIP: 0033:0x7f1e6c79ce59 [ 210.216778][ T7814] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 210.236855][ T7814] RSP: 002b:00007f1e6d614028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 210.245478][ T7814] RAX: ffffffffffffffda RBX: 00007f1e6ca15fa0 RCX: 00007f1e6c79ce59 [ 210.253454][ T7814] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000040 [ 210.261427][ T7814] RBP: 00007f1e6d614090 R08: 0000200000000480 R09: 0000000000000000 [ 210.269399][ T7814] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 210.277556][ T7814] R13: 00007f1e6ca16038 R14: 00007f1e6ca15fa0 R15: 00007fff74cbad98 [ 210.285584][ T7814] [ 211.388241][ T5828] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 211.579926][ T5828] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 211.591131][ T5828] usb 5-1: config 0 has no interface number 0 [ 211.600135][ T5828] usb 5-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 211.609394][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.617448][ T5828] usb 5-1: Product: syz [ 211.621681][ T5828] usb 5-1: Manufacturer: syz [ 211.626288][ T5828] usb 5-1: SerialNumber: syz [ 211.632723][ T5828] usb 5-1: config 0 descriptor?? [ 211.641481][ T5828] usb 5-1: selecting invalid altsetting 1 [ 211.651736][ T5828] dvb_ttusb_budget: ttusb_init_controller: error [ 211.658255][ T5828] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 211.695763][ T5828] DVB: Unable to find symbol stv0299_attach() [ 211.725576][ T5828] DVB: Unable to find symbol tda8083_attach() [ 211.733781][ T5828] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 213.009847][ T5780] Bluetooth: hci0: command 0x1003 tx timeout [ 213.017702][ T5777] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 214.349710][ T5780] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 214.361128][ T5780] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 214.372681][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 214.405825][ T5807] usb 5-1: USB disconnect, device number 10 [ 214.420210][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 214.449260][ T5780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 214.465190][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 216.059296][ T7844] chnl_net:caif_netlink_parms(): no params data found [ 216.231993][ T7844] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.239369][ T7844] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.246787][ T7844] bridge_slave_0: entered allmulticast mode [ 216.256002][ T7844] bridge_slave_0: entered promiscuous mode [ 216.265050][ T7844] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.272765][ T7844] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.280422][ T7844] bridge_slave_1: entered allmulticast mode [ 216.287805][ T7844] bridge_slave_1: entered promiscuous mode [ 216.320453][ T7844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.337483][ T7844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.415642][ T7844] team0: Port device team_slave_0 added [ 216.461110][ T7844] team0: Port device team_slave_1 added [ 216.529756][ T5780] Bluetooth: hci0: command tx timeout [ 216.530942][ T7844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.544167][ T7844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.638277][ T7844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.678290][ T7844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.698263][ T7844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.761195][ T7844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.841074][ T7844] hsr_slave_0: entered promiscuous mode [ 216.853235][ T7844] hsr_slave_1: entered promiscuous mode [ 216.865043][ T7844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 216.876134][ T7844] Cannot create hsr debugfs directory [ 217.921925][ T7353] Bluetooth: hci5: Frame reassembly failed (-90) [ 217.939763][ T7903] Bluetooth: hci5: Frame reassembly failed (-84) [ 217.950870][ T7903] Bluetooth: hci5: Frame reassembly failed (-84) [ 218.030427][ T7844] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 218.047835][ T7844] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 218.069384][ T7844] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 218.099391][ T7844] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 218.269635][ T7844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.292422][ T7920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.529'. [ 218.341258][ T7844] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.357254][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.364495][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.387269][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.394515][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.608310][ T5777] Bluetooth: hci0: command tx timeout [ 218.760976][ T7844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.944935][ T7923] loop4: detected capacity change from 0 to 40427 [ 218.960416][ T7923] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 218.978394][ T7923] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 219.011280][ T7923] F2FS-fs (loop4): Found nat_bits in checkpoint [ 219.114180][ T7923] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 219.151150][ T7923] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 219.209351][ T7844] veth0_vlan: entered promiscuous mode [ 219.279003][ T7844] veth1_vlan: entered promiscuous mode [ 219.362996][ T6422] syz-executor: attempt to access beyond end of device [ 219.362996][ T6422] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 219.380521][ T7844] veth0_macvtap: entered promiscuous mode [ 219.382851][ T6422] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 219.475506][ T7844] veth1_macvtap: entered promiscuous mode [ 219.970261][ T5777] Bluetooth: hci5: command 0x1003 tx timeout [ 219.988336][ T5780] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 220.043233][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.103396][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.135646][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.151848][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.166639][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.188358][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.208241][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.242260][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.271542][ T7844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.316008][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.348587][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.378293][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.398208][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.415873][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.430044][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.440132][ T7844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.450836][ T7844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.463308][ T7844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.481151][ T7947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.535'. [ 220.567339][ T7844] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.688310][ T5780] Bluetooth: hci0: command tx timeout [ 220.705108][ T7844] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.725201][ T7844] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.734274][ T7844] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.008591][ T7954] loop0: detected capacity change from 0 to 2048 [ 221.016211][ T7954] EXT4-fs: Ignoring removed nomblk_io_submit option [ 221.120933][ T7954] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.148658][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.199821][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.239429][ T7954] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.364170][ T5899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.413377][ T5899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.671847][ T7975] netlink: 'syz.5.504': attribute type 4 has an invalid length. [ 221.683237][ T7975] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.504'. [ 221.868347][ T5827] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 222.099454][ T5827] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 222.118208][ T5827] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 222.137702][ T5827] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 222.147380][ T5827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.432467][ T5827] usb 1-1: config 0 descriptor?? [ 222.445373][ T7972] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 222.496334][ T5827] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 222.588555][ T7993] netlink: 'syz.3.548': attribute type 3 has an invalid length. [ 222.768555][ T5780] Bluetooth: hci0: command tx timeout [ 224.242714][ T8025] bridge_slave_0: left allmulticast mode [ 224.266043][ T8025] bridge_slave_0: left promiscuous mode [ 224.288647][ T8025] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.320121][ T8030] netlink: 20 bytes leftover after parsing attributes in process `syz.4.561'. [ 224.437415][ T8025] bridge_slave_1: left allmulticast mode [ 224.443851][ T8025] bridge_slave_1: left promiscuous mode [ 224.480993][ T8025] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.582928][ T8025] bond0: (slave bond_slave_0): Releasing backup interface [ 224.654382][ T5809] usb 1-1: USB disconnect, device number 8 [ 224.708431][ T8025] bond0: (slave bond_slave_1): Releasing backup interface [ 224.932300][ T8025] team0: Port device team_slave_0 removed [ 225.028317][ T5827] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 225.142055][ T8025] team0: Port device team_slave_1 removed [ 225.168343][ T8025] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.184059][ T8025] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.242279][ T8025] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.268642][ T5827] usb 5-1: Using ep0 maxpacket: 8 [ 225.275589][ T5827] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 225.284448][ T5827] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 225.294582][ T8025] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.303019][ T5827] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 225.324781][ T5827] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 225.371943][ T5827] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 225.392722][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.464516][ T5827] usbtmc 5-1:16.0: bulk endpoints not found [ 225.468683][ T5828] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 225.678790][ T5828] usb 1-1: Using ep0 maxpacket: 16 [ 225.774886][ T5828] usb 1-1: unable to get BOS descriptor or descriptor too short [ 225.796629][ T5828] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 225.806293][ T5828] usb 1-1: can't read configurations, error -71 [ 225.854784][ T8062] syz.3.572 uses obsolete (PF_INET,SOCK_PACKET) [ 226.045436][ T8070] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.573'. [ 226.147206][ T8075] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 228.148494][ T8088] fuse: Bad value for 'fd' [ 228.545380][ T55] usb 5-1: USB disconnect, device number 11 [ 230.044934][ T8104] netlink: 8 bytes leftover after parsing attributes in process `syz.4.587'. [ 230.427941][ T8116] overlayfs: failed to clone upperpath [ 233.092274][ T8148] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 233.558317][ T5828] usb 5-1: new low-speed USB device number 12 using dummy_hcd [ 233.786931][ T5828] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 233.811183][ T5828] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 233.858294][ T5828] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 233.913242][ T5828] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 233.930998][ T5828] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 233.962592][ T5828] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 234.003770][ T5828] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 234.021648][ T5828] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 234.063100][ T5828] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 234.081636][ T5828] usb 5-1: string descriptor 0 read error: -22 [ 234.091411][ T5828] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 234.119330][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.142532][ T5828] adutux 5-1:168.0: interrupt endpoints not found [ 234.409014][ T5807] usb 5-1: USB disconnect, device number 12 [ 237.521071][ T8183] befs: (loop5): No write support. Marking filesystem read-only [ 237.551906][ T8183] syz.5.610: attempt to access beyond end of device [ 237.551906][ T8183] loop5: rw=0, sector=0, nr_sectors = 2 limit=0 [ 237.599289][ T8183] befs: (loop5): unable to read superblock [ 237.755314][ T8186] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 241.715737][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d349400: rx timeout, send abort [ 242.217360][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d34a000: rx timeout, send abort [ 242.226085][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d349400: abort rx timeout. Force session deactivation [ 242.725720][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d34a000: abort rx timeout. Force session deactivation [ 242.729726][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c41b400: rx timeout, send abort [ 244.055453][ T8227] netlink: 'syz.0.619': attribute type 10 has an invalid length. [ 244.230972][ T8231] netlink: 'syz.3.620': attribute type 11 has an invalid length. [ 244.256494][ T8227] team0 (unregistering): Port device team_slave_0 removed [ 244.271271][ T8227] team0 (unregistering): Port device team_slave_1 removed [ 246.045454][ T8263] 9pnet_virtio: no channels available for device syz [ 248.656125][ T5828] kernel write not supported for file /admmidi2 (pid: 5828 comm: kworker/0:6) [ 250.478245][ T8351] netlink: 12 bytes leftover after parsing attributes in process `syz.4.651'. [ 251.676545][ T8387] netlink: 96 bytes leftover after parsing attributes in process `syz.0.658'. [ 252.939588][ T5827] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 253.158323][ T5827] usb 1-1: Using ep0 maxpacket: 16 [ 253.195759][ T5827] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 95, changing to 10 [ 253.223393][ T5827] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9840, setting to 1024 [ 253.278428][ T5827] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 253.715609][ T5827] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 253.725171][ T5827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.789401][ T5827] usb 1-1: config 0 descriptor?? [ 253.797133][ T8399] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 253.819422][ T5827] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input14 [ 254.258125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 254.278153][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 254.288113][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 254.298147][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 254.318145][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 254.348149][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 254.390027][ T5827] usb 1-1: USB disconnect, device number 11 [ 254.390097][ C1] pxrc 1-1:0.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 255.018905][ T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 255.248870][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.291446][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.355067][ T8] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 255.414766][ T8441] syzkaller0: entered promiscuous mode [ 255.415110][ T8] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 255.420498][ T8441] syzkaller0: entered allmulticast mode [ 255.538740][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.623148][ T8] usb 6-1: config 0 descriptor?? [ 255.955582][ T55] kernel write not supported for file /admmidi2 (pid: 55 comm: kworker/0:2) [ 255.972068][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.978505][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.072500][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 256.108493][ T8] usbhid: probe of 6-1:0.0 failed with error -71 [ 256.159329][ T8] usb 6-1: USB disconnect, device number 2 [ 256.408628][ T5827] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 256.494383][ T8461] netlink: 28 bytes leftover after parsing attributes in process `syz.3.677'. [ 256.616057][ T5827] usb 1-1: Using ep0 maxpacket: 8 [ 256.647786][ T5827] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 256.661174][ T5827] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 256.675315][ T5827] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 256.705268][ T5827] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 256.728145][ T5827] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 256.778378][ T5827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.791915][ T5827] usbtmc 1-1:16.0: bulk endpoints not found [ 256.875040][ T8465] comedi comedi3: No hardware detected at I/O base 0x3c4 [ 257.168458][ T5827] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 257.358989][ T5827] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 257.451306][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.460367][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.471420][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.480402][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.490405][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.502189][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.510841][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.530165][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.563509][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.575539][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.615004][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.651447][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.669383][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.691534][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.717259][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.729984][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.752914][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.781568][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.796919][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.816432][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.843283][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.862310][ T5827] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 257.879504][ T5827] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 257.907179][ T5827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 257.923278][ T5827] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 257.932706][ T5827] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 257.950104][ T5827] usb 6-1: Product: syz [ 257.959949][ T5827] usb 6-1: Manufacturer: syz [ 257.974947][ T5827] usb 6-1: SerialNumber: syz [ 257.990506][ T5827] usb 6-1: config 0 descriptor?? [ 258.009582][ T5827] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 258.068456][ T8474] 9pnet_fd: Insufficient options for proto=fd [ 258.889146][ T55] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 259.259695][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 259.359225][ T55] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 259.398105][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 259.494374][ T55] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 259.614153][ T55] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 259.740129][ T55] usb 5-1: Product: syz [ 259.814041][ T55] usb 5-1: Manufacturer: syz [ 259.896630][ T55] usb 5-1: SerialNumber: syz [ 259.938645][ C1] usb 6-1: yurex_control_callback - control failed: -2 [ 259.946673][ C1] usb 6-1: yurex_control_callback - control failed: -32 [ 260.074462][ T23] usb 1-1: USB disconnect, device number 12 [ 260.085499][ T55] usb 5-1: config 0 descriptor?? [ 260.175196][ T8487] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 260.636157][ T9] usb 6-1: USB disconnect, device number 3 [ 260.894984][ T9] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 261.550905][ T8497] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 261.568367][ T8497] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 261.739829][ T5827] usb 5-1: USB disconnect, device number 13 [ 262.948275][ T23] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 264.269978][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 264.348822][ T23] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 264.357491][ T23] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.372385][ T23] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.383452][ T23] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 264.396970][ T23] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.409008][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.428899][ T23] usbtmc 1-1:16.0: bulk endpoints not found [ 264.696349][ T8582] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1392088490 (2784176980 ns) > initial count (866907526 ns). Using initial count to start timer. [ 265.028296][ T5757] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 265.239140][ T5757] usb 5-1: Using ep0 maxpacket: 8 [ 265.261710][ T5757] usb 5-1: config index 0 descriptor too short (expected 47, got 36) [ 265.282413][ T5757] usb 5-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 265.304265][ T5757] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 265.332970][ T5757] usb 5-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 265.357253][ T5757] usb 5-1: config index 1 descriptor too short (expected 47, got 36) [ 265.374790][ T5757] usb 5-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 265.398145][ T5757] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 265.420626][ T5757] usb 5-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 265.445631][ T5757] usb 5-1: config index 2 descriptor too short (expected 47, got 36) [ 265.464033][ T5757] usb 5-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 265.483513][ T5757] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 265.505755][ T5757] usb 5-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 265.531216][ T5757] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 265.564370][ T5757] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.591054][ T5757] usb 5-1: Product: syz [ 265.608308][ T5757] usb 5-1: Manufacturer: syz [ 265.620861][ T5757] usb 5-1: SerialNumber: syz [ 265.858407][ T5757] usb 5-1: USB disconnect, device number 14 [ 266.090608][ T5807] usb 1-1: USB disconnect, device number 13 [ 266.430104][ T5757] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 266.748596][ T5757] usb 5-1: Using ep0 maxpacket: 8 [ 266.785275][ T5757] usb 5-1: config index 0 descriptor too short (expected 47, got 36) [ 266.798350][ T5757] usb 5-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 266.807367][ T5757] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 266.818354][ T5757] usb 5-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 266.870799][ T5757] usb 5-1: config index 1 descriptor too short (expected 47, got 36) [ 266.887454][ T5757] usb 5-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 266.901377][ T5757] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 266.942775][ T5757] usb 5-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 267.093451][ T5757] usb 5-1: config index 2 descriptor too short (expected 47, got 36) [ 267.177640][ T5757] usb 5-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 267.206885][ T5757] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 267.218160][ T5757] usb 5-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 267.260412][ T5757] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 267.313185][ T5757] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.338171][ T5757] usb 5-1: Product: syz [ 267.342564][ T5757] usb 5-1: Manufacturer: syz [ 267.374881][ T5757] usb 5-1: SerialNumber: syz [ 267.615122][ T5757] usb 5-1: USB disconnect, device number 15 [ 269.206142][ T8640] netlink: 24 bytes leftover after parsing attributes in process `syz.5.718'. [ 269.228916][ T8640] netlink: 24 bytes leftover after parsing attributes in process `syz.5.718'. [ 269.647286][ T8655] 9pnet_fd: Insufficient options for proto=fd [ 270.138530][ T8668] Bluetooth: MGMT ver 1.22 [ 276.658884][ T8699] 9pnet_fd: Insufficient options for proto=fd [ 276.704618][ T8701] overlayfs: failed to resolve './file0': -2 [ 277.813701][ T8723] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 278.898302][ T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 279.080764][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 279.091588][ T8] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 279.103691][ T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 279.128395][ T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 279.159330][ T8] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 279.234574][ T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 279.383254][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.633128][ T8] usbtmc 6-1:16.0: bulk endpoints not found [ 280.119498][ T8742] 9pnet_fd: Insufficient options for proto=fd [ 280.319103][ T8749] netlink: 64 bytes leftover after parsing attributes in process `syz.3.751'. [ 282.559241][ T5757] usb 6-1: USB disconnect, device number 4 [ 285.420065][ T8784] 9pnet_fd: Insufficient options for proto=fd [ 285.973170][ T8794] netlink: 24 bytes leftover after parsing attributes in process `syz.0.759'. [ 287.479686][ T8814] 9pnet_fd: Insufficient options for proto=fd [ 287.567572][ T8816] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 287.581151][ T8816] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 289.894714][ T8847] 9pnet_fd: Insufficient options for proto=fd [ 290.039528][ T8852] siw: device registration error -23 [ 292.558257][ T5757] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 292.751107][ T5757] usb 1-1: Using ep0 maxpacket: 8 [ 292.769836][ T5757] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 292.787368][ T5757] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.814316][ T5757] pvrusb2: Hardware description: Terratec Grabster AV400 [ 292.834369][ T5757] pvrusb2: ********** [ 292.846817][ T5757] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 292.868747][ T5757] pvrusb2: Important functionality might not be entirely working. [ 292.877645][ T5757] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 292.902145][ T5757] pvrusb2: ********** [ 293.056919][ T2321] pvrusb2: Invalid write control endpoint [ 293.252474][ T5827] usb 1-1: USB disconnect, device number 14 [ 293.276218][ T2321] pvrusb2: Invalid write control endpoint [ 293.284998][ T2321] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 293.296957][ T2321] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 293.305387][ T2321] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 293.323781][ T2321] pvrusb2: Device being rendered inoperable [ 293.334680][ T2321] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 293.355468][ T2321] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 293.400322][ T2321] pvrusb2: Attached sub-driver cx25840 [ 293.416027][ T2321] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 293.434441][ T2321] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 293.899540][ T8896] siw: device registration error -23 [ 295.518389][ T23] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 295.729031][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 295.738663][ T23] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 295.747090][ T23] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 295.769577][ T23] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 295.783172][ T23] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 295.805243][ T23] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 295.841643][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.862219][ T23] usbtmc 1-1:16.0: bulk endpoints not found [ 295.935674][ T8910] 9pnet_fd: Insufficient options for proto=fd [ 296.866219][ T8923] netlink: 4 bytes leftover after parsing attributes in process `syz.5.803'. [ 298.132932][ T8934] siw: device registration error -23 [ 299.038722][ T23] usb 1-1: USB disconnect, device number 15 [ 304.123464][ T8978] netlink: 76 bytes leftover after parsing attributes in process `syz.4.819'. [ 304.436197][ T8983] siw: device registration error -23 [ 304.765034][ T8986] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'. [ 304.912557][ T8986] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.242513][ T8986] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.265675][ T8986] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.265709][ T8986] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 308.024577][ T9009] syzkaller0: entered promiscuous mode [ 308.081127][ T9009] syzkaller0: entered allmulticast mode [ 310.511983][ T9034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.837'. [ 312.672021][ T9046] siw: device registration error -23 [ 314.687350][ T9070] netlink: 60 bytes leftover after parsing attributes in process `syz.5.853'. [ 315.331121][ T9081] netlink: 76 bytes leftover after parsing attributes in process `syz.0.850'. [ 315.672875][ T9086] siw: device registration error -23 [ 317.008521][ T9098] netlink: 60 bytes leftover after parsing attributes in process `syz.4.858'. [ 317.875382][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.885879][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.415872][ T9109] 9pnet_virtio: no channels available for device syz [ 318.497127][ T9111] netlink: 76 bytes leftover after parsing attributes in process `syz.4.865'. [ 318.506364][ T9111] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 318.893686][ T9122] netlink: 12 bytes leftover after parsing attributes in process `syz.5.868'. [ 318.997855][ T9125] netlink: 244 bytes leftover after parsing attributes in process `syz.3.870'. [ 320.303386][ T28] audit: type=1326 audit(1782074206.091:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9145 comm="syz.0.878" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1e6c79ce59 code=0x0 [ 320.326805][ C0] vkms_vblank_simulate: vblank timer overrun [ 320.458013][ T9150] 9pnet_virtio: no channels available for device syz [ 323.786196][ T9162] netlink: 244 bytes leftover after parsing attributes in process `syz.4.881'. [ 325.111611][ T9176] netlink: 12 bytes leftover after parsing attributes in process `syz.5.885'. [ 325.438148][ T9177] netlink: 244 bytes leftover after parsing attributes in process `syz.0.886'. [ 326.093930][ T9192] cgroup: Unknown subsys name 'dont_measure' [ 327.001785][ T9203] overlayfs: failed to clone upperpath [ 327.961917][ T9214] 9pnet_fd: Insufficient options for proto=fd [ 328.267721][ T9220] overlayfs: failed to resolve './file0': -2 [ 328.495510][ T28] audit: type=1326 audit(1782074214.281:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.5.904" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f687bf9ce59 code=0x0 [ 328.663645][ T9236] 9pnet_virtio: no channels available for device syz [ 330.031605][ T9244] netlink: 244 bytes leftover after parsing attributes in process `syz.3.909'. [ 330.208934][ T9249] netlink: 244 bytes leftover after parsing attributes in process `syz.5.908'. [ 330.993595][ T9257] 9pnet_fd: Insufficient options for proto=fd [ 331.520493][ T28] audit: type=1326 audit(1782074217.311:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9265 comm="syz.4.918" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c5fb9ce59 code=0x0 [ 331.783753][ T9271] 9pnet_virtio: no channels available for device syz [ 332.036904][ T9281] 9pnet_virtio: no channels available for device syz [ 332.478680][ T9290] cgroup: Unknown subsys name 'dont_measure' [ 333.785127][ T9301] netlink: 244 bytes leftover after parsing attributes in process `syz.5.923'. [ 334.917547][ T9312] netlink: 12 bytes leftover after parsing attributes in process `syz.4.928'. [ 335.195950][ T28] audit: type=1326 audit(1782074220.981:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9316 comm="syz.5.931" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f687bf9ce59 code=0x0 [ 335.322662][ T9325] autofs4:pid:9325:autofs_fill_super: called with bogus options [ 335.368272][ T5807] libceph: connect (1)[c::]:6789 error -101 [ 335.381238][ T5807] libceph: mon0 (1)[c::]:6789 connect error [ 335.413713][ T5807] libceph: connect (1)[c::]:6789 error -101 [ 335.426302][ T5807] libceph: mon0 (1)[c::]:6789 connect error [ 335.738558][ T23] libceph: connect (1)[c::]:6789 error -101 [ 335.744861][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 336.019451][ T9320] ceph: No mds server is up or the cluster is laggy [ 336.304975][ T9342] netlink: 8 bytes leftover after parsing attributes in process `syz.5.940'. [ 336.417948][ T9345] netlink: 8 bytes leftover after parsing attributes in process `syz.5.940'. [ 336.432964][ T9345] netlink: 8 bytes leftover after parsing attributes in process `syz.5.940'. [ 336.443814][ T9345] netlink: 8 bytes leftover after parsing attributes in process `syz.5.940'. [ 337.378133][ T7704] unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 [ 337.854618][ T9352] 9pnet_fd: Insufficient options for proto=fd