last executing test programs: 40.337704013s ago: executing program 4 (id=1080): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_request\x00', r1, 0x0, 0x7f}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100002006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 38.731357911s ago: executing program 4 (id=1086): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x3741, 0x0, 0x1, 0xc}]}) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prlimit64(0x0, 0xb, &(0x7f00000007c0)={0x10000, 0x54}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$FS_IOC_MEASURE_VERITY(r2, 0xc0046686, &(0x7f0000000100)={0x0, 0xb, "2b168bc123afd1c2a25cdb"}) socket$unix(0x1, 0x2, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0x0, 0x0) r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) close(r5) sendto$inet6(r4, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$netlink(r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e80)={&(0x7f0000000cc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1, 0x101}, 0x28) mkdir(&(0x7f0000000180)='./file0\x00', 0x30) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x1, 0x100, @private0, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000040)={r8, 0x8, 0x92d, 0x909a, 0x7, 0xff}, &(0x7f0000000080)=0x14) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) 37.020700078s ago: executing program 4 (id=1093): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e1f, @remote}, 0x10) r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x0) syz_usb_connect(0x6, 0x87, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x74, 0x58, 0xdd, 0x40, 0x403, 0xf2d0, 0x6e60, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x44, 0x7f, 0x0, 0x9d, 0x44, 0x77, 0x2c, [@uac_control={{0xa, 0x24, 0x1, 0x9, 0x75}}]}}, {{0x9, 0x4, 0x7d, 0x50, 0x3, 0x76, 0x81, 0x68, 0x4, [@generic={0x2, 0x8}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x1000, 0x9b6, 0x5}, [@dmm={0x7, 0x24, 0x14, 0xb803, 0xaa5f}, @mbim_extended={0x8, 0x24, 0x1c, 0x6, 0x1, 0xffff}]}], [{{0x9, 0x5, 0x7, 0x10, 0x20, 0x7, 0x7, 0xde}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x5, 0x7f, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x5}]}}, {{0x9, 0x5, 0xb, 0x1, 0x19f, 0xfd, 0x8, 0x7f}}]}}]}}]}}, 0x0) timer_create(0x2, &(0x7f0000000180)={0x0, 0x4, 0x4}, 0x0) r2 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r2) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f0000000040)=@generic={0x1, 0xeffffffffffffffc, 0x9}) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)) syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r6, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000040)='\b', 0x1}], 0x1}}], 0x1, 0x14018891) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r6, 0x84, 0x78, &(0x7f0000000100), 0x4) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000003c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) r8 = eventfd2(0x9, 0x80000) ioctl$VHOST_SET_VRING_KICK(r7, 0x4008af20, &(0x7f00000000c0)={0x0, r8}) 33.217437101s ago: executing program 4 (id=1102): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r1 = syz_open_dev$sg(&(0x7f0000000280), 0xa, 0xa4800) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)={0x0, 0xe, 0x1e}) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = timerfd_create(0x7, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00') bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) pipe2$9p(&(0x7f0000001900), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000280)='gid_map\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x275a, 0x0) socket$inet6(0xa, 0x3, 0x5) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f00000002c0)=ANY=[@ANYRES64=r5], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r6, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r7, 0x541c, &(0x7f0000000000)) setns(r4, 0x0) readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, r8, 0x28543634fae43ad, 0x70bd2b, 0x0, {0xd}}, 0x14}}, 0x0) 31.247229024s ago: executing program 4 (id=1109): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c) 30.385172954s ago: executing program 4 (id=1112): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) fcntl$setstatus(r6, 0x4, 0x2000) syz_usb_disconnect(r5) close_range(r4, 0xffffffffffffffff, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14) syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd5002c65a78833789800100109022400010000800009040bfd0233776100090507020004", @ANYRESHEX=0x0, @ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRES8=r1], 0x0) 15.265606198s ago: executing program 32 (id=1112): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) fcntl$setstatus(r6, 0x4, 0x2000) syz_usb_disconnect(r5) close_range(r4, 0xffffffffffffffff, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14) syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd5002c65a78833789800100109022400010000800009040bfd0233776100090507020004", @ANYRESHEX=0x0, @ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRES8=r1], 0x0) 14.042642138s ago: executing program 3 (id=1164): r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x200800, 0x0) r1 = syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f00000020c0)=ANY=[@ANYBLOB="7c2f0aec9d222ea5ee20e6b25cf191669d6293d87d67cbc22a8dca55b40c545d1439d9ab278a279afd807e25e3c9aacca664836fec718e063c9b06cd66442b6407fec5c3e5cd9d0f1001c90a801c4fadce8e13a5e0209edf5c5693acccefa24d4f5a2ef062e701d054d19e9e6340a1651e05fd87b70942c679234426f9b19c0723563d0e38ec970aec02a6154ab61081aae03050d00192bd9d59977bb2f1297a7cd0571a0dfc5688a8e3d5f4a226b7e397b43c186967c74821bc70005059ab5606c70045a6a9915285c8215b9abd839f50530dde8ad500d70d8f7c1a0093293e6d632f8e8939f3199ab4ec92caed14c26975b57578c8ea666a2e4253ca9516f3c07bdc5ad27c2ff29e1569795f9dfbd1b92919432e423ff4f9a35b77419d6a8540fc9431ca78e05e278bef5a21b1423a3c9f7c1e2bd16a1ecdfde51cfa4aef38e6afb92770bcefb5fcb277ccede1ddc8647db538661b3d10effa1b6f705ef1b74e5bea20b4f98421b7b4be4c5c6be101f5503a4ecaffae335ef565920d678ed5b41031122b21f9d9b7f270b95f94624a7ddc657c83d3722a8d01f321fd7f685fc74d61a4e1914dda6df4be639c4910c56a84c24a41b9ef07eee4083dd9a30a53a58b50186c12180da4186fe5845b6b325fd112378a82d53bee449bc9d4c2d4331a1323c69c99c778560fc2142d138b23000c5403156cd8223f07a73811ab5b81e287bd6ad95c2fefce002ac77a1ac74d5e868870f29277da69987652b0055b3072efab2fe56fe0fe287f7d51aa772b2e3ae77954a938be2792442e1ab2e6fc078d821c70222142568b6db9609f1db23e8a4a460b9fbbeb48469e6bf0acffd85af86e69535a95c02c30d5ad776002c48e19e134688780bbafaf81097358b0c8f63bcefb61d8f29aacb3dc1a485bb7343539387f1e83b9283674bdc0d7fe8bf86948439f4b4a20e2832c560c743e4c2d37eddbf341c47f71a93101a08a533e96601f98752531428944d88c836c7d7a082859a3120721afd99130e83f689720638e889ddf4a23228dc23e955ae67fe5447e134b63f4c72e5664d2ed8a7406568e08f3582661006cf5800615fc4a5ec88ef3361ea027d2a1a550ac3e017a212570cd145fcc2e1984e4fca28bf4110f33a5ac847fcd3605e546ee8ea49a7de5d4b599926a76028e9d5259db7fd6f908c7a8657d42f895380c88ac85cdc183f6b61172b966a41888ceae895eaf18cb8da8d1918411b297959a8abacf8c4cee15ca87048aae13ffe068dee23a9edc2b259aeb0595b7ed2633431067a999f915934aef1be5f360f0db726f24e8eb89adb8db535de6fd7c06678831d17e47c67cd22f047b92d8fba83a49a1285def4dfdf634408cb05ae73f24df76e7393d1e90d40c50bd388bb53e281b889084a1a19efdfa6be16aed1a621d964c1ac332b65765e7440ccc75ef44851409c458905127bd161bf98cb6a3681af073e3650f52d5ee691c347e86360c3aebae4a691b2485d68c57d09e269656b1efbfd3413d54c8d3e467c0bfa84669d0cc5e9cfd50b9c79171f8b6a5e66e8c6f66c0916083b8e8a464498aed3badd2f267fb56adb0953b9ebd0370f941d796abffa81722d502c8d1e9d844802f4197067598b2394dddf76641f9c2ec0403bd379e8f712668b98e1121a27888b227104875999cd562fa9833458879652bfeffabc6bbb5c354dc36ad91354ccb5050d69b28b562a72bbf277f96bd1d5dc6408329f6f850a96762a6aebf2a7b5bacbbc032be8b29c453867a47094289f6b8aa38f85051fc4d4478a02af664b3250a396583001a7971cfa6f5a4931e32e7bfb7b4c3f7be3bc5f91ba46554773b9102dbd4aba4344c6fe87bd050f79175d7918d57bc137cde33a884bba63a1adf6e7e71ba783eb1fe689b23d3ad18627b0b229c0d982631308a88c4bf1e2079eb0fcc486ef864e7c6a75cce17b133577fa88d62807398b8a795ae2bb7610f8b17cfc56ff11b8ffc4aa316e612fc76955dc44e66467c4d632657d4cac3cc1bda8c2c6207915a89f76bf1fd61c156ba8720bb8048601cd1221f6996e6f04e44b842e00a4487cd59501a65db1f6ade7f22ba5d7ee8e67125e284eef41ad5f2069a48cc71c621eb08d832ef8592874199c5c03249d3ee03422535c2be6919c43724277d56a885ab67753ae8d7f1317b7e534bb1a111a0edb5d298c1374c7824a80fb00ae268f2fd641f1b2a12f712d9a5e027957941ffb4218c6d8a8e7950dca0b4c9018dcfb67244a30080d54781b5111c85cd89e08f51c55975301ff389baf2242ef0fb662122a2eb89c1dcaf82d6391906a1b235635e6c484cd5fa32bc80ce68d505df9a9c6b21e222c3b9330243b8e02a3e661c20e0da633d88f7debaf6643654050ab73613dbea6176109b5c35c4d280739aee77f81a1b58efa9e606259f45745b69523bc81828cfcfffd185ad51b4b183b7a1ef86757172ef67a4f153b7c3a3e99f15ef5b09d81cd1ccec8016ecc9864ccf2efdbf7a79ff9ba814a4a9e3124d735a591c649cdefa98bd569c5f4db18a537c55544c671d398ec50d9fc2b1ca1f9b0278acc9a21779c3815fcb0ee1c66c774b6591e8f6b5c9828db8a5d104213cd4513974be404a50c11009c15a1e2aaa81abc6c706c341f145f975717819c4429007ee648f6c3fca45d714981cd9240beea8b02a19e0ddb083dc8115d64d75ab087c87e00792b8b83551ca82b311444067923656b0e70015ca4775da3d5e984ea8af20955f92d9cbd9acca8cd258df4276a118505d440b74e93bd0b97caeb0e24dbb09e7dbdfe0c3b4bdc0983a7d1eee02bee9c5d381bfbd7dfbb6329539698477f3a8bc7f82c01588d679a167e91487f150e5923cbf3030f09c8fb89cf178f5e953618887b7e56afdfd6a6b5e3003cecdbcba76ed86bc48907fada5e0178f9194970323ae9c818215ae2feb1ee56b289d83e8e9d2ab27056ede5651d2a92a93dd3d6c519ac128a44f1414f93e96c55485a73f3cb7e4750d0f2a2acef87e46a7012a30712f7cfe2ac9372af0efcb6475e3a1a8db1961040002915038412b892eee569aae8f38fb07c27aef5bbab7750a244a7c3b0193004246afa1a72368db45cd3649a89b54e880ea12c92beb59e366d7893f725bb8080aebcd35857ff686d03eddc33af248cecc5198bda6f395b55294821f6853232cb5bde67a4166a35224cd9c5b54e6b5a38376b1fdfaeb7563a8ea93148997e2bf490c67916f059e3e1992a986f96d2720a6418cf8c57d6e72eb90d7ca59a3a20fd414e404900aa4a45f381ff7828e15558b4862055bf795c9134836878999200e71e9ba9f83a2e28955c7b37244f3abc8f9d15a5e6c3d9b2f76620b3b2bcb13c0c44c63b9bddd51e339aedfc3a4d995df0eca66c6891ca9099923577e7cd84cb58cf0d6d6eda2baeb00775c4e717e31dbc881615d5f1a0898017954e882a444017e947b1fc05fdcf4495c5dbe3b7b4ce4c1535070fbc64d135df094fe4f6cdd452e7a5f844145af9b746dc5eecede9a834de1ff65525ea3017478ee08dc1bcff852a9d2ad94f46840bdcf1b6226fb0cdb620787692e52aae3b9b703f30b3ce6ca6dcaeb8b3a5884c30c570b29741c70ad99f5d7f463c7e5e1b4bbaafae33e789c0ae1114674732d50c0a799bfa6388365c392d47c3e0d2992a61d21e4ca034ed3d386fe959a94601a4007f1f2060b59359747635b076db7697ba5ad45af0423dbb9966113fa5eb59118cac394c2e2b17ebec1b7ce18ede120b1f56956b12a95de708e780ba7a1ac3a9e31267a2c195acfcb3b20c2f5d20de288846045211da53649a6d8b23008449b763fe6a58243cde95093a9755e5725307af09c997520f159f4ec7d1e687a0cf5148721062ecc6b080f65a550730da9257f1515a10830e29b85de3138a77ee8d2f0cb129c971417d7bbcd982d684b697364084c5764bafb4e2211a82e8c962eefb1f000ac8f5f2567b580931676943cea9b95977d842c247a98672b5c73594eb51f927ee5ec2b0c45eda29fb83a092880e542c60113ca653923aa0c16e2e1604e5f437876cb7fa7d1498584f8800ff80804d41c7b89e9cba341fed8d260a6abd0fc242ba6b3d624c91c468e269069d0a121f0951c3765f18693a2c547d9bc924058d0ecece5c7802126d293d3033d6bbf83d4b8b0144d27cbb985dba465d75b62a93bf7a438cce59f", @ANYRES64=r0]) r2 = openat$cgroup(r0, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x1f, 0x0, @val=@iter={&(0x7f0000000080)=@cgroup={0x4, r0, 0xf8}, 0x10}}, 0x20) shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x1000) 10.216348898s ago: executing program 3 (id=1172): r0 = syz_open_dev$vcsa(0x0, 0x1, 0x40002) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90b, 0xffffc002, '\x00', @p_u8=&(0x7f0000000280)}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3, 0x2, 0x80000000, 0x1, 0x7}}) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x3, 0x2, 0xeeee8000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) 7.831814242s ago: executing program 3 (id=1176): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000300)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c561e1174", 0x13}], 0x1) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x1, 0x0) fchdir(r3) r4 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(r4, r4, &(0x7f0000000080)=0x2, 0x7f03) r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r5, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r6 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f00000008c0)={'team0\x00', 0xe761}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000240)=r7) 6.692274662s ago: executing program 0 (id=1178): r0 = socket(0xf, 0x4, 0xa) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) bind$packet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r2) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000780)="f4", 0x1}], 0x1}}], 0x1, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000017c0)={0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xf809c5cac7f088fc, 0xd3beebef3d4c2bf7}, 0x94) r6 = socket$netlink(0x10, 0x3, 0x9) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd27, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xfffffffffffffe25, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff7e]}}]}}]}, 0x8c}}, 0x0) 6.58964727s ago: executing program 2 (id=1179): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000001714000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4010}, 0x4008050) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000020000000a3c000000120a09000000000000000000020000000900020073797a320000000008000440040000000900010073797a30000000000800034000000007"], 0x64}, 0x1, 0x0, 0x0, 0x44800}, 0x1000000) 6.400791814s ago: executing program 2 (id=1180): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c0000000000611350fffe000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67200000000000140600000fff07006706000020000000350200000ee60000bf25000000000000bd350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000014000000000000009500000000000000db13d5d8b740f2cdaabc8383c8f56b8c2b84a800ea6553f3ef4392b3815dcf00c3eebc52267b042d19d6e31e25e589d5f2692c75a547d6f186641ae8c557ccff3878a93b51a0389749df734f49ed5078b10f1e7f2b37626a3ace1ea89f7d2c570720a86853e26168761f0a53358f7ee2baa0e6a67a98a0d57ac09f36cfefbbc7492bbe7cdf64971a57fd64efd46c26"], &(0x7f0000000380)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x10, 0x0, 0x57}, 0x48) 5.692313691s ago: executing program 0 (id=1182): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x8, [@struct={0x4, 0x0, 0x0, 0x4, 0x0, 0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20, 0x0, 0x0, 0x2}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}, {0x0, [0x61, 0x0, 0x2e, 0x2e, 0x61, 0x61]}}, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, @void, @value=0x3c000000}, 0x28) 5.612222994s ago: executing program 3 (id=1183): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24004054) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000700000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000058000000060a010400000000000000000100000008000b4000000000300004802c0001800b00010074617267ff7400001c0002800400030009000100534e41540000000008000240000000020900010073797a3000000000140000001100010000000000000000000000000a11d081bb8d56bc4726da44645f79867af648dd32533775fbd35c014ca096f05a012e0a308a4da38382a86e1fdbf4919e75577e58386d72578fd9d2ab08ffe3e3d40118ca448d8e6df3b837534a8727c288dd4097a8176c655dc0ce475cba220d2ecf9857149c19b29e7a64ddd8ffdecb4a5eaf13a74fa32416a27a0fff9256f0b34b9e8493307eed88bfa59fd82069ea66f70d05c897de1ef38326c61cc2579abec1fffc80786a7302839780d8809e7ed1cb110ebb68b0d9b874e22f8e1ceffcd0878b918ebb7e18f6a768b8092b78a8686f61b8767946aeb4dfef53cd2e63c65546dd32d481f9d2deae8a96c26d78921d60b204fa"], 0xcc}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0), 0x10082, 0x0) 5.548513174s ago: executing program 2 (id=1184): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='map_files\x00') getdents64(r2, &(0x7f0000000080)=""/101, 0x1d) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0) r6 = socket$l2tp(0x2, 0x2, 0x73) getsockname(r6, 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000040)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e20, @private=0xa010102}}, 0x24) ioctl$TIOCSSOFTCAR(r5, 0x5453, 0x0) r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) write$6lowpan_enable(r7, &(0x7f0000000340)='0', 0x1) ioctl$TIOCMGET(r5, 0x5415, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00') r9 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, 0x0) symlink(0x0, &(0x7f00000000c0)='./file1\x00') socket$inet_mptcp(0x2, 0x1, 0x106) 5.383098168s ago: executing program 0 (id=1185): r0 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x3, 0x980001, 0x3}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x820000, 0x0) setxattr$incfs_id(0x0, &(0x7f0000000100), &(0x7f0000000140)={'0000000000000000000000000000000', 0x33}, 0x20, 0x3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x2f126000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000010000904040000000000080000000000", @ANYRES32=r3, @ANYBLOB="00000000000000003c001280110001006272696467655f736c6176650000000024000580050009000000000005000a000000000005001e"], 0x5c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000003c0)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write(0xffffffffffffffff, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000140)=0x7) r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x98, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'rose0\x00', 'wg2\x00'}, 0xa00, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0xb8, 0xe0, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'snmp\x00'}}]}, @REJECT={0x28}}, {{@ip={@remote, @dev, 0x0, 0x0, 'batadv_slave_0\x00', 'rose0\x00'}, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@inet=@socket1={{0x28}}, @common=@addrtype={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@broadcast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0xc048aec8, &(0x7f00000000c0)={0x2, 0xffffffffffffffff, 0xff7ffffe}) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$sock_buf(r7, 0x1, 0x1c, 0x0, &(0x7f0000000000)=0xe) 3.833094809s ago: executing program 2 (id=1186): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000006c0)={0x15, 0x110, 0xfa00, {r1, 0x7, 0x30, 0x30, 0x0, @in6={0x1b, 0x0, 0x0, @loopback, 0x3ff}, @ib={0x1b, 0xffff, 0x4, {"0000000000000000071393000000dd00"}, 0x0, 0x0, 0x7fff}}}, 0x118) 3.539838323s ago: executing program 3 (id=1188): chdir(0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$read(0xb, 0x0, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020200090f0000000000000000005f0005000600000000000a0000000000000000000000000000000000000000000000000000000000000002000100000004d20000020300000020050005002f8000000a00000000000000ff0100000000000000000000000000010000000000000000010018"], 0x78}}, 0x0) 3.269267271s ago: executing program 0 (id=1189): r0 = socket(0x2b, 0x80801, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) sendto$llc(r0, 0x0, 0x0, 0x4004801, &(0x7f0000000380)={0x1a, 0x33a, 0x3, 0x7, 0xfc, 0x84, @random="842616d7c7bd"}, 0x10) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000600)={0x2, 'veth0_to_batadv\x00'}, 0x44) 3.001635526s ago: executing program 2 (id=1190): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x4, &(0x7f0000006680)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff2}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000040c0)='system.posix_acl_default\x00', 0x0, 0x39, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000001c0)={@empty, 0x2, 0x2, 0x1, 0x1, 0x3f}, 0x20) 2.277316653s ago: executing program 0 (id=1191): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@delqdisc={0xd8, 0x25, 0x20, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x2, 0xc}, {0x9, 0xffe6}, {0x10, 0xfff1}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x2c80000}, @TCA_RATE={0x6, 0x5, {0xf9}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf3, 0x7, 0x3, 0x1, 0x2, 0x7c, 0x3, 0x1}}, {0x6, 0x2, [0x6]}}]}, @TCA_RATE={0x6, 0x5, {0x4, 0x8e}}, @qdisc_kind_options=@q_cbq={{0x8}, {0x64, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x9c, '\x00', 0xffff8000, 0x10000, 0x6d, 0x101}}, @TCA_CBS_PARMS={0x18, 0x1, {0x4, '\x00', 0x4950, 0x8a4, 0x0, 0x4}}, @TCA_CBS_PARMS={0x18, 0x1, {0xe0, '\x00', 0x4, 0x0, 0x0, 0x8}}, @TCA_CBS_PARMS={0x18, 0x1, {0x40, '\x00', 0x100, 0x81, 0x4, 0x3}}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x400}]}, 0xd8}}, 0x40004060) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0003230c1100"}) r3 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="36400000260091"], 0xfe33) 2.255275243s ago: executing program 1 (id=1192): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000a00000d000300686173683a6e6574"], 0x5c}}, 0x0) 2.097400692s ago: executing program 1 (id=1193): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async) syz_open_dev$dri(0x0, 0x4, 0x901) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) (async, rerun: 64) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x5, 0x0) (async) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) (async) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000340)=ANY=[], 0x1ec}, 0x1, 0x0, 0x0, 0x4000000}, 0x64804) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) (async) r2 = landlock_create_ruleset(0x0, 0x0, 0x1) landlock_restrict_self(r2, 0x1) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x40810) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) (async) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x2}) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200)) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6) (async) syz_clone3(&(0x7f00000005c0)={0x11000, &(0x7f0000000240)=0xffffffffffffffff, &(0x7f0000000540), &(0x7f00000002c0), {0x1b}, &(0x7f0000000400)=""/227, 0xe3, &(0x7f0000000700)=""/116, &(0x7f0000000500)=[0x0], 0x1}, 0x58) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r4, &(0x7f00000006c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYRESHEX=r2, @ANYRES32=r1, @ANYRES64=r2, @ANYRESHEX=r1, @ANYRESOCT=r2, @ANYRESHEX=r0, @ANYBLOB="08001c00", @ANYRESHEX=r5, @ANYRES32=r7], 0x34}}, 0x4084) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]}) 1.385993817s ago: executing program 1 (id=1194): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x8, 0x6, 0x678, 0x370, 0x488, 0xd0, 0x270, 0xd0, 0x5a8, 0x5a8, 0x5a8, 0x5a8, 0x5a8, 0x6, 0x0, {[{{@ipv6={@private1, @remote, [0xff, 0xffffff00, 0xffffffff, 0xff], [0xff, 0xffffffff, 0xffffffff, 0x1fe000000], 'dummy0\x00', 'caif0\x00', {0xff}, {0xff}, 0x5c, 0xc0, 0x7, 0x40}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@dev, @private2, [], [0x0, 0x0, 0xffffffff], 'pimreg0\x00', 'nicvf0\x00'}, 0x0, 0x178, 0x1a0, 0x0, {0x5002}, [@common=@unspec=@physdev={{0x68}, {'ipvlan0\x00', {}, 'netpci0\x00', {}, 0x0, 0x15}}, @common=@unspec=@physdev={{0x68}, {'veth1_to_bridge\x00', {}, 'gretap0\x00', {}, 0x0, 0x10}}]}, @common=@unspec=@CLASSIFY={0x28}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {0x800000000000000}, [@common=@inet=@dccp={{0x30}, {[], [], 0x8}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv4=@loopback, 0x0, 0x3d}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @inet=@TOS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d8) 1.229456617s ago: executing program 1 (id=1195): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r2 = socket$inet6(0xa, 0x3, 0x88) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x10000000004e20, 0xfffffffd, @mcast1, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff020000000000000000000000000001"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@newlink={0x4c, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_FLAGS={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 705.208592ms ago: executing program 0 (id=1196): r0 = syz_open_dev$vcsa(0x0, 0x1, 0x40002) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90b, 0xffffc002, '\x00', @p_u8=&(0x7f0000000280)}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3, 0x2, 0x80000000, 0x1, 0x7}}) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x3, 0x2, 0xeeee8000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) 697.807619ms ago: executing program 1 (id=1197): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_request\x00', r1, 0x0, 0x7f}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100003e06"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 605.612041ms ago: executing program 2 (id=1198): r0 = syz_open_dev$vcsa(0x0, 0x1, 0x40002) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90b, 0xffffc002, '\x00', @p_u8=&(0x7f0000000280)}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3, 0x2, 0x80000000, 0x1, 0x7}}) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x3, 0x2, 0xeeee8000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) 481.456789ms ago: executing program 1 (id=1199): mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000001000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c000280080001400000000808000340000001"], 0xc4}}, 0x20050800) 0s ago: executing program 3 (id=1200): socket$key(0xf, 0x3, 0x2) openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00'}, 0x10) r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xb}, 0x18) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000240)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20002801}}], 0x1, 0x4000000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000018000061136c0000000000bf3000000000000007000000ee0016055e03010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) kernel console output (not intermixed with test programs): usb 4-1: Using ep0 maxpacket: 8 [ 214.683884][ T5871] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 214.693182][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.763304][ T5871] usb 4-1: Product: syz [ 214.784189][ T5871] usb 4-1: Manufacturer: syz [ 214.802006][ T5871] usb 4-1: SerialNumber: syz [ 214.828817][ T5871] usb 4-1: config 0 descriptor?? [ 214.848479][ T5871] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244) [ 215.172360][ T7271] tmpfs: Bad value for 'mpol' [ 215.175075][ T7252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.756565][ T7252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.105657][ T7276] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 216.155762][ T7276] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 217.041256][ T5871] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 217.106249][ T5871] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 217.130393][ T5871] usb 4-1: USB disconnect, device number 6 [ 217.249127][ T7283] __vm_enough_memory: pid: 7283, comm: syz.3.368, bytes: 21200231698432 not enough memory for the allocation [ 217.385507][ T5909] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 218.443990][ T5909] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 218.486620][ T5909] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 218.902967][ T7295] No such timeout policy "syz0" [ 218.948229][ T5909] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 219.461381][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 219.471280][ T5909] usb 5-1: SerialNumber: syz [ 219.693105][ T5909] usb 5-1: 0:2 : does not exist [ 221.050300][ T5909] usb 5-1: unit 48 not found! [ 221.107459][ T5909] usb 5-1: USB disconnect, device number 12 [ 221.531116][ T7312] bridge2: entered promiscuous mode [ 221.545311][ T7312] bridge2: entered allmulticast mode [ 221.563746][ T7312] team0: Port device bridge2 added [ 221.928667][ T7326] netlink: 'syz.4.381': attribute type 3 has an invalid length. [ 221.972643][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 222.011753][ T7326] netlink: 'syz.4.381': attribute type 1 has an invalid length. [ 222.038368][ T7326] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.381'. [ 222.989581][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 223.176222][ T24] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 223.195515][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.293802][ T24] usb 3-1: Product: syz [ 223.313535][ T7336] netlink: 'syz.1.382': attribute type 3 has an invalid length. [ 223.321388][ T24] usb 3-1: Manufacturer: syz [ 223.321412][ T24] usb 3-1: SerialNumber: syz [ 223.332814][ T24] usb 3-1: config 0 descriptor?? [ 223.352010][ T24] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244) [ 223.369784][ T7336] netlink: 'syz.1.382': attribute type 3 has an invalid length. [ 223.385205][ T7336] netlink: 16 bytes leftover after parsing attributes in process `syz.1.382'. [ 223.551435][ T7342] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 223.564624][ T7316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.595982][ T7316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.751418][ T7348] netlink: 268 bytes leftover after parsing attributes in process `syz.0.388'. [ 224.633770][ T24] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 224.717293][ T24] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 225.184602][ T5871] usb 3-1: USB disconnect, device number 3 [ 228.986039][ T7375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.397'. [ 230.601928][ T7385] tmpfs: Bad value for 'mpol' [ 230.843190][ T7389] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 232.805087][ T6020] libceph: connect (1)[c::]:6789 error -101 [ 232.821747][ T6020] libceph: mon0 (1)[c::]:6789 connect error [ 233.391159][ T6020] libceph: connect (1)[c::]:6789 error -101 [ 233.442847][ T6020] libceph: mon0 (1)[c::]:6789 connect error [ 233.472110][ T7408] ceph: No mds server is up or the cluster is laggy [ 233.704641][ T7427] openvswitch: netlink: Message has 187 unknown bytes. [ 233.711667][ T7427] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 234.456975][ T6020] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 234.603009][ T7436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.624647][ T7448] tmpfs: Bad value for 'mpol' [ 234.961981][ T7436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.997848][ T7440] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 235.010123][ T7436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.059581][ T7436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.239096][ T7455] tmpfs: Bad value for 'mpol' [ 235.266371][ T6020] usb 5-1: device descriptor read/all, error -61 [ 235.485975][ T7459] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 235.645574][ T6020] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 236.920119][ T7462] : entered promiscuous mode [ 237.219111][ T6020] usb 5-1: device descriptor read/64, error -71 [ 237.343715][ T6020] usb usb5-port1: attempt power cycle [ 237.523848][ T7471] netlink: 'syz.3.421': attribute type 3 has an invalid length. [ 237.542235][ T7471] netlink: 'syz.3.421': attribute type 3 has an invalid length. [ 237.552519][ T7471] netlink: 16 bytes leftover after parsing attributes in process `syz.3.421'. [ 238.643259][ T7486] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.652337][ T7486] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 238.785521][ T5871] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 239.034330][ T5871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 239.104005][ T5871] usb 4-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 239.149808][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.317316][ T5871] usb 4-1: config 0 descriptor?? [ 239.477049][ T5871] smsusb:smsusb_probe: board id=8, interface number 0 [ 239.515694][ T5871] smsusb:smsusb_probe: Device initialized with return code -19 [ 239.566851][ T7498] loop2: detected capacity change from 0 to 7 [ 239.666340][ T5847] Dev loop2: unable to read RDB block 7 [ 239.710442][ T5847] loop2: unable to read partition table [ 239.776970][ T5847] loop2: partition table beyond EOD, truncated [ 239.792337][ T5871] usb 4-1: USB disconnect, device number 7 [ 239.885430][ T7498] Dev loop2: unable to read RDB block 7 [ 239.969489][ T7498] loop2: unable to read partition table [ 240.007298][ T7498] loop2: partition table beyond EOD, truncated [ 240.037223][ T7498] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 241.652822][ T7527] No such timeout policy "syz0" [ 242.827985][ T7546] netlink: 24 bytes leftover after parsing attributes in process `syz.1.442'. [ 243.255771][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 244.665637][ T7566] netlink: 420 bytes leftover after parsing attributes in process `syz.3.448'. [ 245.081083][ T7569] netlink: 'syz.0.449': attribute type 1 has an invalid length. [ 245.191264][ T7569] 8021q: adding VLAN 0 to HW filter on device bond1 [ 245.330682][ T7573] bond1: (slave veth5): Enslaving as an active interface with a down link [ 245.514794][ T7578] No such timeout policy "syz0" [ 246.393525][ T7582] No such timeout policy "syz0" [ 246.831195][ T7588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.454'. [ 246.855130][ T7588] netlink: 'syz.3.454': attribute type 7 has an invalid length. [ 246.864992][ T7588] netlink: 'syz.3.454': attribute type 8 has an invalid length. [ 246.887788][ T7588] netlink: 4 bytes leftover after parsing attributes in process `syz.3.454'. [ 246.920499][ T7590] netlink: 36 bytes leftover after parsing attributes in process `syz.0.455'. [ 247.019338][ T7588] gretap0: entered promiscuous mode [ 247.050640][ T7588] batadv_slave_1: entered promiscuous mode [ 247.087351][ T7588] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network [ 247.309866][ T7597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 247.533525][ T7602] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 247.730647][ T7605] FAULT_INJECTION: forcing a failure. [ 247.730647][ T7605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 247.744058][ T7605] CPU: 0 UID: 0 PID: 7605 Comm: syz.2.460 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 247.744083][ T7605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 247.744093][ T7605] Call Trace: [ 247.744101][ T7605] [ 247.744110][ T7605] dump_stack_lvl+0x189/0x250 [ 247.744137][ T7605] ? __pfx____ratelimit+0x10/0x10 [ 247.744158][ T7605] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.744180][ T7605] ? __pfx__printk+0x10/0x10 [ 247.744218][ T7605] should_fail_ex+0x414/0x560 [ 247.744243][ T7605] _copy_from_user+0x2d/0xb0 [ 247.744270][ T7605] ___bpf_copy_key+0xa5/0x110 [ 247.744291][ T7605] map_update_elem+0x200/0x750 [ 247.744322][ T7605] ? bpf_lsm_bpf+0x9/0x20 [ 247.744349][ T7605] __sys_bpf+0x6a9/0x860 [ 247.744378][ T7605] ? __pfx___sys_bpf+0x10/0x10 [ 247.744419][ T7605] ? ksys_write+0x22a/0x250 [ 247.744440][ T7605] ? __pfx_ksys_write+0x10/0x10 [ 247.744466][ T7605] __x64_sys_bpf+0x7c/0x90 [ 247.744490][ T7605] do_syscall_64+0xfa/0x3b0 [ 247.744509][ T7605] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.744525][ T7605] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 247.744543][ T7605] ? clear_bhb_loop+0x60/0xb0 [ 247.744567][ T7605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.744585][ T7605] RIP: 0033:0x7feafe38ebe9 [ 247.744602][ T7605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.744617][ T7605] RSP: 002b:00007feaff217038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 247.744637][ T7605] RAX: ffffffffffffffda RBX: 00007feafe5b6180 RCX: 00007feafe38ebe9 [ 247.744652][ T7605] RDX: 0000000000000020 RSI: 0000200000001000 RDI: 0000000000000002 [ 247.744664][ T7605] RBP: 00007feaff217090 R08: 0000000000000000 R09: 0000000000000000 [ 247.744676][ T7605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.744687][ T7605] R13: 00007feafe5b6218 R14: 00007feafe5b6180 R15: 00007ffec34ae878 [ 247.744718][ T7605] [ 247.938569][ C0] vkms_vblank_simulate: vblank timer overrun [ 249.617050][ T7622] FAULT_INJECTION: forcing a failure. [ 249.617050][ T7622] name failslab, interval 1, probability 0, space 0, times 0 [ 249.659550][ T7622] CPU: 0 UID: 0 PID: 7622 Comm: syz.2.464 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 249.659576][ T7622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 249.659587][ T7622] Call Trace: [ 249.659594][ T7622] [ 249.659602][ T7622] dump_stack_lvl+0x189/0x250 [ 249.659627][ T7622] ? __pfx____ratelimit+0x10/0x10 [ 249.659647][ T7622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.659668][ T7622] ? __pfx__printk+0x10/0x10 [ 249.659706][ T7622] should_fail_ex+0x414/0x560 [ 249.659732][ T7622] should_failslab+0xa8/0x100 [ 249.659764][ T7622] __kmalloc_cache_noprof+0x70/0x3d0 [ 249.659781][ T7622] ? sctp_add_bind_addr+0x8c/0x370 [ 249.659807][ T7622] sctp_add_bind_addr+0x8c/0x370 [ 249.659834][ T7622] sctp_copy_local_addr_list+0x30b/0x4e0 [ 249.659861][ T7622] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 249.659883][ T7622] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 249.659908][ T7622] ? sctp_v6_is_any+0x64/0x80 [ 249.659934][ T7622] ? sctp_copy_one_addr+0x93/0x360 [ 249.659959][ T7622] sctp_bind_addr_copy+0xb3/0x3c0 [ 249.659982][ T7622] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 249.660005][ T7622] sctp_connect_new_asoc+0x2e0/0x690 [ 249.660036][ T7622] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 249.660061][ T7622] ? __local_bh_enable_ip+0x12d/0x1c0 [ 249.660089][ T7622] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 249.660109][ T7622] ? security_sctp_bind_connect+0x7e/0x2e0 [ 249.660135][ T7622] sctp_sendmsg+0x155c/0x2810 [ 249.660175][ T7622] ? __pfx_sctp_sendmsg+0x10/0x10 [ 249.660224][ T7622] ? sock_rps_record_flow+0x19/0x410 [ 249.660249][ T7622] ? inet_sendmsg+0x2f4/0x370 [ 249.660275][ T7622] __sock_sendmsg+0x19c/0x270 [ 249.660303][ T7622] ____sys_sendmsg+0x505/0x830 [ 249.660338][ T7622] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.660378][ T7622] ? import_iovec+0x74/0xa0 [ 249.660408][ T7622] ___sys_sendmsg+0x21f/0x2a0 [ 249.660440][ T7622] ? __pfx____sys_sendmsg+0x10/0x10 [ 249.660510][ T7622] ? __fget_files+0x2a/0x420 [ 249.660530][ T7622] ? __fget_files+0x3a0/0x420 [ 249.660563][ T7622] __x64_sys_sendmsg+0x19b/0x260 [ 249.660594][ T7622] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 249.660634][ T7622] ? __pfx_ksys_write+0x10/0x10 [ 249.660646][ T7622] ? rcu_is_watching+0x15/0xb0 [ 249.660671][ T7622] ? do_syscall_64+0xbe/0x3b0 [ 249.660697][ T7622] do_syscall_64+0xfa/0x3b0 [ 249.660716][ T7622] ? lockdep_hardirqs_on+0x9c/0x150 [ 249.660742][ T7622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.660761][ T7622] ? clear_bhb_loop+0x60/0xb0 [ 249.660785][ T7622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.660803][ T7622] RIP: 0033:0x7feafe38ebe9 [ 249.660820][ T7622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.660835][ T7622] RSP: 002b:00007feaff259038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.660854][ T7622] RAX: ffffffffffffffda RBX: 00007feafe5b5fa0 RCX: 00007feafe38ebe9 [ 249.660868][ T7622] RDX: 0000000004048043 RSI: 0000200000000800 RDI: 0000000000000003 [ 249.660880][ T7622] RBP: 00007feaff259090 R08: 0000000000000000 R09: 0000000000000000 [ 249.660891][ T7622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 249.660902][ T7622] R13: 00007feafe5b6038 R14: 00007feafe5b5fa0 R15: 00007ffec34ae878 [ 249.660935][ T7622] [ 249.745329][ T7625] x_tables: ip6_tables: dccp match: only valid for protocol 33 [ 249.746749][ C0] vkms_vblank_simulate: vblank timer overrun [ 249.999280][ C0] vkms_vblank_simulate: vblank timer overrun [ 250.408482][ T7631] openvswitch: : Dropping previously announced user features [ 251.775779][ T1209] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 251.790474][ T5909] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 252.138641][ T1209] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.157908][ T1209] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 252.169538][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.189313][ T5909] usb 5-1: config 4 has an invalid interface number: 203 but max is 0 [ 252.205491][ T5909] usb 5-1: config 4 has no interface number 0 [ 252.211636][ T5909] usb 5-1: New USB device found, idVendor=19d2, idProduct=1063, bcdDevice=a1.17 [ 252.224568][ T1209] usb 4-1: Product: syz [ 252.231344][ T1209] usb 4-1: Manufacturer: syz [ 252.238997][ T1209] usb 4-1: SerialNumber: syz [ 252.244817][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.255615][ T1209] usb 4-1: config 0 descriptor?? [ 252.376321][ T1209] garmin_gps 4-1:0.0: Garmin GPS usb/tty converter detected [ 252.409174][ T1209] garmin_gps ttyUSB0: failed to submit interrupt urb: -22 [ 252.650091][ T7654] netlink: 24 bytes leftover after parsing attributes in process `syz.3.470'. [ 253.003959][ T1209] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22 [ 253.018948][ T5909] option 5-1:4.203: GSM modem (1-port) converter detected [ 253.045678][ T1209] usb 4-1: USB disconnect, device number 8 [ 253.064172][ T1209] garmin_gps 4-1:0.0: device disconnected [ 253.313762][ T5871] usb 5-1: USB disconnect, device number 16 [ 253.365654][ T1209] libceph: connect (1)[c::]:6789 error -101 [ 253.370652][ T5871] option 5-1:4.203: device disconnected [ 253.372388][ T1209] libceph: mon0 (1)[c::]:6789 connect error [ 253.618632][ T7666] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.478'. [ 253.695207][ T7669] netlink: 12 bytes leftover after parsing attributes in process `syz.2.479'. [ 253.704401][ T7669] openvswitch: netlink: Flow actions attr not present in new flow. [ 253.853073][ T1209] libceph: connect (1)[c::]:6789 error -101 [ 253.930015][ T1209] libceph: mon0 (1)[c::]:6789 connect error [ 254.247758][ T7672] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 254.403218][ T7662] ceph: No mds server is up or the cluster is laggy [ 255.041017][ T43] IPVS: starting estimator thread 0... [ 255.155675][ T7683] IPVS: using max 49 ests per chain, 117600 per kthread [ 255.481566][ T7692] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 255.501065][ T7692] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 256.041047][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.047620][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.437522][ T7708] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 257.447862][ T7708] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 258.805815][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.1.491'. [ 258.816219][ T7716] openvswitch: netlink: Flow actions attr not present in new flow. [ 259.853589][ T7734] netlink: 'syz.4.497': attribute type 10 has an invalid length. [ 259.874170][ T7734] syz_tun: entered promiscuous mode [ 259.879963][ T7730] netlink: 8 bytes leftover after parsing attributes in process `syz.1.496'. [ 259.980087][ T7734] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 260.148771][ T7740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.500'. [ 260.306742][ T7738] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 260.393704][ T7746] xt_policy: neither incoming nor outgoing policy selected [ 261.948271][ T7761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.506'. [ 261.958136][ T7761] openvswitch: netlink: Flow actions attr not present in new flow. [ 262.381789][ T7766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.508'. [ 263.742282][ T7772] bond1: option mode: unable to set because the bond device has slaves [ 263.823360][ T7772] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 263.893304][ T7772] bond1: (slave macvlan3): Enslaving as a backup interface with an up link [ 264.548622][ T7792] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.515'. [ 264.765577][ T7794] block nbd4: Device being setup by another task [ 264.826320][ T7790] block nbd4: NBD_DISCONNECT [ 264.889765][ T7786] block nbd4: Disconnected due to user request. [ 264.928865][ T7786] block nbd4: shutting down sockets [ 267.017002][ T7809] netlink: 'syz.3.519': attribute type 6 has an invalid length. [ 267.416196][ T1209] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 268.290141][ T1209] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 268.350015][ T1209] usb 4-1: config 0 interface 0 has no altsetting 0 [ 268.382470][ T1209] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 268.676828][ T7820] tmpfs: Bad value for 'mpol' [ 268.805505][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 268.824567][ T1209] usb 4-1: Product: syz [ 268.828944][ T1209] usb 4-1: Manufacturer: syz [ 268.855568][ T1209] usb 4-1: SerialNumber: syz [ 268.992393][ T1209] usb 4-1: config 0 descriptor?? [ 269.797120][ T1209] usb 4-1: can't set config #0, error -71 [ 269.818214][ T1209] usb 4-1: USB disconnect, device number 9 [ 269.859907][ T7827] netlink: 28 bytes leftover after parsing attributes in process `syz.4.526'. [ 269.868921][ T7827] netlink: 28 bytes leftover after parsing attributes in process `syz.4.526'. [ 269.917439][ T7827] dummy0: entered promiscuous mode [ 269.924177][ T7827] team0: entered promiscuous mode [ 269.931342][ T7827] team_slave_0: entered promiscuous mode [ 269.955808][ T7827] team_slave_1: entered promiscuous mode [ 269.968501][ T7827] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 269.981062][ T7817] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 270.009582][ T7827] Cannot create hsr debugfs directory [ 270.693550][ T7840] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 270.748289][ T7840] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 272.645502][ T7857] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 272.808458][ T1209] libceph: connect (1)[c::]:6789 error -101 [ 272.814584][ T1209] libceph: mon0 (1)[c::]:6789 connect error [ 273.008548][ T7867] ceph: No mds server is up or the cluster is laggy [ 273.085832][ T1209] libceph: connect (1)[c::]:6789 error -101 [ 273.094250][ T1209] libceph: mon0 (1)[c::]:6789 connect error [ 273.985727][ T5922] libceph: connect (1)[c::]:6789 error -101 [ 273.991867][ T5922] libceph: mon0 (1)[c::]:6789 connect error [ 274.695511][ T7886] netlink: 'syz.4.543': attribute type 10 has an invalid length. [ 274.703338][ T7886] netlink: 40 bytes leftover after parsing attributes in process `syz.4.543'. [ 274.769143][ T7886] batman_adv: batadv0: Adding interface: virt_wifi0 [ 274.776655][ T7886] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.804842][ T7886] batman_adv: batadv0: Not using interface virt_wifi0 (retrying later): interface not active [ 274.989075][ T7890] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 275.007406][ T7890] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 276.200467][ T5922] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 276.358682][ T5922] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 276.388913][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.432346][ T5922] usb 3-1: config 0 descriptor?? [ 276.485147][ T5922] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 276.515574][ T7900] sp0: Synchronizing with TNC [ 276.549224][ T7895] netlink: 8 bytes leftover after parsing attributes in process `syz.4.547'. [ 277.217863][ T5922] gspca_stv06xx: vv6410 sensor detected [ 277.765945][ T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 278.313055][ T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0044, bcdDevice=af.57 [ 278.328004][ T7915] tipc: Enabling of bearer rejected, media not registered [ 278.565538][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.575333][ T24] usb 5-1: Product: syz [ 278.599116][ T24] usb 5-1: Manufacturer: syz [ 278.603760][ T24] usb 5-1: SerialNumber: syz [ 278.637278][ T24] usb 5-1: config 0 descriptor?? [ 279.662957][ T5922] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -71 [ 279.832132][ T7923] netlink: 20 bytes leftover after parsing attributes in process `syz.4.550'. [ 279.842953][ T7923] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 279.968801][ T5922] usb 3-1: USB disconnect, device number 4 [ 280.667333][ T5922] usb 5-1: USB disconnect, device number 17 [ 281.305621][ T5922] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 281.535467][ T5922] usb 3-1: Using ep0 maxpacket: 32 [ 281.651594][ T5922] usb 3-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88 [ 281.768887][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.881273][ T5922] usb 3-1: Product: syz [ 281.895232][ T7955] tipc: Enabling of bearer rejected, media not registered [ 282.218024][ T7959] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 282.240648][ T5922] usb 3-1: Manufacturer: syz [ 282.251808][ T5922] usb 3-1: SerialNumber: syz [ 282.272128][ T5922] usb 3-1: config 0 descriptor?? [ 282.314920][ T7960] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 282.324599][ T5922] as10x_usb: device has been detected [ 282.325327][ T7960] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 282.337944][ T5922] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan) [ 282.431139][ T5922] usb 3-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)... [ 282.539574][ T5922] as10x_usb: error during firmware upload part1 [ 282.611225][ T5922] Registered device Abilis Systems DVB-Titan [ 282.764330][ T5922] usb 3-1: USB disconnect, device number 5 [ 283.132218][ T5922] Unregistered device Abilis Systems DVB-Titan [ 283.151482][ T5922] as10x_usb: device has been disconnected [ 283.306825][ T7976] netlink: 186984 bytes leftover after parsing attributes in process `syz.2.571'. [ 284.506835][ T7989] netlink: 420 bytes leftover after parsing attributes in process `syz.2.573'. [ 287.273065][ T8011] xt_connbytes: Forcing CT accounting to be enabled [ 287.279764][ T8011] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 287.326268][ T8013] x_tables: ip6_tables: dccp match: only valid for protocol 33 [ 287.375494][ T6020] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 287.522773][ T8020] netlink: 'syz.4.584': attribute type 10 has an invalid length. [ 287.547076][ T6020] usb 3-1: config 3 has an invalid interface number: 216 but max is 0 [ 288.341083][ T6020] usb 3-1: config 3 has no interface number 0 [ 288.348491][ T6020] usb 3-1: config 3 interface 216 altsetting 7 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 288.360626][ T6020] usb 3-1: config 3 interface 216 has no altsetting 0 [ 288.376486][ T6020] usb 3-1: New USB device found, idVendor=2c24, idProduct=ab13, bcdDevice=ac.4a [ 288.386567][ T6020] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.394842][ T6020] usb 3-1: Product: syz [ 288.399388][ T6020] usb 3-1: Manufacturer: syz [ 288.405588][ T6020] usb 3-1: SerialNumber: syz [ 288.417880][ T8009] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 288.662707][ T8009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.716740][ T8009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.773655][ T8020] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 288.798948][ T8023] Falling back ldisc for ptm0. [ 288.820288][ T6020] usb 3-1: bad CDC descriptors [ 288.841536][ T8020] team0: Port device wlan1 added [ 288.850946][ T8017] netlink: 8 bytes leftover after parsing attributes in process `syz.3.583'. [ 288.863802][ T8020] syz.4.584 (8020) used greatest stack depth: 19304 bytes left [ 288.890222][ T6020] usb 3-1: USB disconnect, device number 6 [ 289.002012][ T8034] loop2: detected capacity change from 0 to 7 [ 289.205785][ T8034] Dev loop2: unable to read RDB block 7 [ 289.235611][ T8034] loop2: unable to read partition table [ 289.890985][ T8034] loop2: partition table beyond EOD, truncated [ 289.947834][ T8040] Invalid ELF section header size [ 289.949287][ T8034] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 291.372869][ T8059] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.596'. [ 291.392935][ T8060] xt_hashlimit: size too large, truncated to 1048576 [ 291.584898][ T8066] FAULT_INJECTION: forcing a failure. [ 291.584898][ T8066] name failslab, interval 1, probability 0, space 0, times 0 [ 291.597659][ T8066] CPU: 1 UID: 0 PID: 8066 Comm: syz.0.599 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 291.597692][ T8066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 291.597703][ T8066] Call Trace: [ 291.597711][ T8066] [ 291.597719][ T8066] dump_stack_lvl+0x189/0x250 [ 291.597746][ T8066] ? __pfx____ratelimit+0x10/0x10 [ 291.597767][ T8066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.597788][ T8066] ? __pfx__printk+0x10/0x10 [ 291.597820][ T8066] ? __pfx___might_resched+0x10/0x10 [ 291.597840][ T8066] ? fs_reclaim_acquire+0x7d/0x100 [ 291.597873][ T8066] should_fail_ex+0x414/0x560 [ 291.597899][ T8066] should_failslab+0xa8/0x100 [ 291.597922][ T8066] __kmalloc_noprof+0xcb/0x4f0 [ 291.597937][ T8066] ? kfree+0x4d/0x440 [ 291.598083][ T8066] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 291.598116][ T8066] tomoyo_realpath_from_path+0xe3/0x5d0 [ 291.598144][ T8066] ? tomoyo_domain+0xda/0x130 [ 291.598176][ T8066] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 291.598197][ T8066] tomoyo_path_number_perm+0x1e8/0x5a0 [ 291.598221][ T8066] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 291.598245][ T8066] ? sb_end_write+0xe9/0x1c0 [ 291.598269][ T8066] ? vfs_write+0x8d8/0xa90 [ 291.598326][ T8066] ? ksys_write+0x1e1/0x250 [ 291.598351][ T8066] security_file_ioctl+0xcb/0x2d0 [ 291.598376][ T8066] __se_sys_ioctl+0x47/0x170 [ 291.598406][ T8066] do_syscall_64+0xfa/0x3b0 [ 291.598430][ T8066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.598447][ T8066] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 291.598466][ T8066] ? clear_bhb_loop+0x60/0xb0 [ 291.598489][ T8066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.598508][ T8066] RIP: 0033:0x7f1c5538ebe9 [ 291.598524][ T8066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.598541][ T8066] RSP: 002b:00007f1c56110038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 291.598561][ T8066] RAX: ffffffffffffffda RBX: 00007f1c555b5fa0 RCX: 00007f1c5538ebe9 [ 291.598575][ T8066] RDX: 0000200000000000 RSI: 0000000000004b4a RDI: 0000000000000003 [ 291.598588][ T8066] RBP: 00007f1c56110090 R08: 0000000000000000 R09: 0000000000000000 [ 291.598599][ T8066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.598611][ T8066] R13: 00007f1c555b6038 R14: 00007f1c555b5fa0 R15: 00007fff6c62a9b8 [ 291.598644][ T8066] [ 291.609663][ T8066] ERROR: Out of memory at tomoyo_realpath_from_path. [ 291.839839][ T5909] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 291.839884][ T43] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 292.066424][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 292.066445][ T5909] usb 3-1: Using ep0 maxpacket: 8 [ 292.082861][ T43] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 292.089383][ T5909] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 292.101402][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.106948][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.121986][ T5909] usb 3-1: Product: syz [ 292.124783][ T43] usb 4-1: Product: syz [ 292.134277][ T5909] usb 3-1: Manufacturer: syz [ 292.157434][ T5909] usb 3-1: SerialNumber: syz [ 292.173764][ T43] usb 4-1: Manufacturer: syz [ 292.185179][ T43] usb 4-1: SerialNumber: syz [ 292.206713][ T43] usb 4-1: config 0 descriptor?? [ 292.257964][ T43] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244) [ 292.358531][ T5909] usb 3-1: config 0 descriptor?? [ 292.367628][ T5909] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244) [ 292.420628][ T8057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.448824][ T8057] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.179550][ T8054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.204021][ T8054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.482605][ T43] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 293.728263][ T5909] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 293.738605][ T5909] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 293.749863][ T43] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 293.797986][ T43] usb 4-1: USB disconnect, device number 10 [ 294.863209][ T5871] usb 3-1: USB disconnect, device number 7 [ 294.943761][ T8096] loop2: detected capacity change from 0 to 7 [ 295.033018][ T8096] Dev loop2: unable to read RDB block 7 [ 295.039832][ T8096] loop2: unable to read partition table [ 295.045812][ T8096] loop2: partition table beyond EOD, truncated [ 295.052001][ T8096] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 296.404261][ T8112] netlink: 420 bytes leftover after parsing attributes in process `syz.0.612'. [ 298.125521][ T5871] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 298.405904][ T5871] usb 5-1: Using ep0 maxpacket: 8 [ 298.421248][ T5871] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 298.437888][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.446420][ T5871] usb 5-1: Product: syz [ 298.452892][ T5871] usb 5-1: Manufacturer: syz [ 298.471611][ T5871] usb 5-1: SerialNumber: syz [ 298.481225][ T5871] usb 5-1: config 0 descriptor?? [ 298.496271][ T5871] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244) [ 298.820226][ T8125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 298.939894][ T8125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.939257][ T5871] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 299.976031][ T5871] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 299.989047][ T5871] usb 5-1: USB disconnect, device number 18 [ 301.428342][ T8157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.625'. [ 301.695134][ T8169] netlink: 236 bytes leftover after parsing attributes in process `syz.1.629'. [ 302.292812][ T8167] team0: Port device bridge1 added [ 302.566624][ T8176] tipc: Started in network mode [ 302.572230][ T8176] tipc: Node identity ac1414aa, cluster identity 4711 [ 302.699726][ T8179] loop8: detected capacity change from 0 to 7 [ 303.136002][ T8179] Dev loop8: unable to read RDB block 7 [ 303.141670][ T8179] loop8: AHDI p1 p2 p3 [ 303.145930][ T8179] loop8: partition table partially beyond EOD, truncated [ 303.153078][ T8179] loop8: p1 start 1601398130 is beyond EOD, truncated [ 303.160028][ T8179] loop8: p2 start 1702059890 is beyond EOD, truncated [ 303.182875][ T8176] tipc: Enabled bearer , priority 10 [ 303.255635][ T8175] netlink: 20 bytes leftover after parsing attributes in process `syz.2.631'. [ 303.865489][ T43] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 304.248216][ T5909] tipc: Node number set to 2886997162 [ 304.252932][ T43] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 192, changing to 11 [ 304.289140][ T43] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 304.312098][ T43] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 304.520766][ T43] usb 5-1: Manufacturer: syz [ 304.533388][ T43] usb 5-1: SerialNumber: syz [ 304.763722][ T43] usbhid 5-1:36.0: couldn't find an input interrupt endpoint [ 305.015302][ T43] usb 5-1: USB disconnect, device number 19 [ 305.341006][ T5838] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 305.379323][ T8208] netlink: 28 bytes leftover after parsing attributes in process `syz.3.642'. [ 305.395566][ T8208] netlink: 28 bytes leftover after parsing attributes in process `syz.3.642'. [ 305.410250][ T8208] dummy0: entered promiscuous mode [ 305.418718][ T8208] team0: entered promiscuous mode [ 305.424200][ T8208] team_slave_0: entered promiscuous mode [ 305.433344][ T8208] team_slave_1: entered promiscuous mode [ 306.380925][ T8225] netlink: 268 bytes leftover after parsing attributes in process `syz.1.647'. [ 306.652709][ T8222] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.868531][ T8240] netlink: 'syz.1.652': attribute type 10 has an invalid length. [ 306.877576][ T8222] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.971250][ T8240] syz_tun: entered promiscuous mode [ 307.001409][ T8240] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 307.089245][ T8222] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.643638][ T30] kauditd_printk_skb: 708 callbacks suppressed [ 307.643652][ T30] audit: type=1326 audit(1755864568.370:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.009039][ T30] audit: type=1326 audit(1755864568.370:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.030545][ T30] audit: type=1326 audit(1755864568.370:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.060365][ T30] audit: type=1326 audit(1755864568.370:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.148058][ T30] audit: type=1326 audit(1755864568.370:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.189973][ T30] audit: type=1326 audit(1755864568.370:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.248980][ T8222] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.259687][ T30] audit: type=1326 audit(1755864568.370:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.345628][ T30] audit: type=1326 audit(1755864568.370:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.390026][ T30] audit: type=1326 audit(1755864568.370:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.468379][ T30] audit: type=1326 audit(1755864568.370:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8239 comm="syz.1.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7fc00000 [ 308.655591][ T8255] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 308.664958][ T8255] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 308.684168][ T8222] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.813166][ T8222] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.854758][ T8222] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.911130][ T8222] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.117946][ T8273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.660'. [ 310.745303][ T8276] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.657'. [ 312.397262][ T8294] sp0: Synchronizing with TNC [ 314.692672][ T8303] UHID_CREATE from different security context by process 506 (syz.0.668), this is not allowed. [ 314.708831][ T8307] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 314.718039][ T8307] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 317.111803][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.118343][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.009972][ T8341] bridge2: entered promiscuous mode [ 320.016361][ T8341] bridge2: entered allmulticast mode [ 320.027818][ T8341] team0: Port device bridge2 added [ 320.213930][ T8336] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 320.222878][ T8336] overlayfs: failed to set xattr on upper [ 320.229548][ T8336] overlayfs: ...falling back to redirect_dir=nofollow. [ 320.237740][ T8336] overlayfs: ...falling back to index=off. [ 320.243623][ T8336] overlayfs: ...falling back to uuid=null. [ 320.532657][ T8343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 320.576550][ T8345] netlink: 236 bytes leftover after parsing attributes in process `syz.0.681'. [ 322.649390][ T8358] x_tables: ip6_tables: dccp match: only valid for protocol 33 [ 324.816969][ T8374] tmpfs: Bad value for 'mpol' [ 325.315759][ T8374] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 326.068930][ T8396] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 326.078125][ T8396] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 328.696447][ T8421] netlink: 80 bytes leftover after parsing attributes in process `syz.2.702'. [ 329.683905][ T8432] tmpfs: Bad value for 'mpol' [ 329.722560][ T8432] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 330.125790][ T8442] netlink: 92 bytes leftover after parsing attributes in process `syz.1.710'. [ 331.375870][ T8453] netlink: 5 bytes leftover after parsing attributes in process `syz.0.712'. [ 331.844001][ T8457] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 331.854005][ T8457] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 332.057787][ T8460] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 332.145931][ T8463] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 337.602660][ T8485] mkiss: ax0: crc mode is auto. [ 340.986708][ T8518] xt_hashlimit: size too large, truncated to 1048576 [ 341.093898][ T8521] –: renamed from vxcan1 (while UP) [ 341.386032][ T8521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.735'. [ 345.079444][ T8549] netlink: 420 bytes leftover after parsing attributes in process `syz.3.741'. [ 345.664684][ T8560] FAULT_INJECTION: forcing a failure. [ 345.664684][ T8560] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 345.689238][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz.1.747 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 345.689264][ T8560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 345.689286][ T8560] Call Trace: [ 345.689294][ T8560] [ 345.689302][ T8560] dump_stack_lvl+0x189/0x250 [ 345.689329][ T8560] ? __pfx____ratelimit+0x10/0x10 [ 345.689349][ T8560] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.689370][ T8560] ? __pfx__printk+0x10/0x10 [ 345.689394][ T8560] ? fs_reclaim_acquire+0x7d/0x100 [ 345.689423][ T8560] should_fail_ex+0x414/0x560 [ 345.689448][ T8560] prepare_alloc_pages+0x213/0x610 [ 345.689479][ T8560] __alloc_frozen_pages_noprof+0x123/0x370 [ 345.689505][ T8560] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 345.689526][ T8560] ? __lock_acquire+0xab9/0xd20 [ 345.689549][ T8560] ? policy_nodemask+0x27c/0x720 [ 345.689574][ T8560] alloc_pages_mpol+0x232/0x4a0 [ 345.689597][ T8560] alloc_pages_noprof+0xa9/0x190 [ 345.689619][ T8560] __pud_alloc+0x3a/0x260 [ 345.689643][ T8560] __handle_mm_fault+0x3573/0x5620 [ 345.689689][ T8560] ? mt_find+0x46f/0x5f0 [ 345.689712][ T8560] ? mt_find+0x15c/0x5f0 [ 345.689736][ T8560] ? __pfx___handle_mm_fault+0x10/0x10 [ 345.689787][ T8560] ? find_vma+0xe7/0x160 [ 345.689804][ T8560] ? __pfx_find_vma+0x10/0x10 [ 345.689826][ T8560] handle_mm_fault+0x2d5/0x7f0 [ 345.689871][ T8560] do_user_addr_fault+0x764/0x1390 [ 345.689917][ T8560] exc_page_fault+0x76/0xf0 [ 345.689940][ T8560] asm_exc_page_fault+0x26/0x30 [ 345.689957][ T8560] RIP: 0010:__put_user_4+0xd/0x20 [ 345.689977][ T8560] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 345.689994][ T8560] RSP: 0018:ffffc90003c5fc88 EFLAGS: 00050206 [ 345.690011][ T8560] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000000 [ 345.690024][ T8560] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40 [ 345.690037][ T8560] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8208a560 [ 345.690050][ T8560] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000200000000000 [ 345.690070][ T8560] R13: 0000000000000000 R14: 0000200000000000 R15: ffff888056988800 [ 345.690091][ T8560] ? __might_fault+0xb0/0x130 [ 345.690117][ T8560] vt_do_diacrit+0x534/0xa40 [ 345.690146][ T8560] vt_ioctl+0x101a/0x1f00 [ 345.690172][ T8560] ? __pfx_vt_ioctl+0x10/0x10 [ 345.690192][ T8560] ? __asan_memset+0x22/0x50 [ 345.690216][ T8560] ? smack_file_ioctl+0x24a/0x340 [ 345.690236][ T8560] ? __pfx_smack_file_ioctl+0x10/0x10 [ 345.690281][ T8560] tty_ioctl+0x926/0xde0 [ 345.690309][ T8560] ? __pfx_tty_ioctl+0x10/0x10 [ 345.690332][ T8560] __se_sys_ioctl+0xfc/0x170 [ 345.690363][ T8560] do_syscall_64+0xfa/0x3b0 [ 345.690383][ T8560] ? lockdep_hardirqs_on+0x9c/0x150 [ 345.690402][ T8560] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.690419][ T8560] ? clear_bhb_loop+0x60/0xb0 [ 345.690440][ T8560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.690455][ T8560] RIP: 0033:0x7f1a0d58ebe9 [ 345.690471][ T8560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.690486][ T8560] RSP: 002b:00007f1a0e444038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 345.690504][ T8560] RAX: ffffffffffffffda RBX: 00007f1a0d7b5fa0 RCX: 00007f1a0d58ebe9 [ 345.690518][ T8560] RDX: 0000200000000000 RSI: 0000000000004b4a RDI: 0000000000000003 [ 345.690530][ T8560] RBP: 00007f1a0e444090 R08: 0000000000000000 R09: 0000000000000000 [ 345.690542][ T8560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.690552][ T8560] R13: 00007f1a0d7b6038 R14: 00007f1a0d7b5fa0 R15: 00007ffeef84e9b8 [ 345.690583][ T8560] [ 346.244312][ T8569] 8021q: adding VLAN 0 to HW filter on device bond2 [ 346.270407][ T8572] bond_slave_0: entered promiscuous mode [ 346.276166][ T8572] bond_slave_1: entered promiscuous mode [ 346.279864][ T8566] netlink: 'syz.3.745': attribute type 28 has an invalid length. [ 346.490287][ T8572] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 346.501269][ T8572] bond2: (slave macvlan2): Enslaving as a backup interface with an up link [ 347.358977][ T8584] netlink: 32 bytes leftover after parsing attributes in process `syz.4.754'. [ 347.381707][ T8584] netlink: 32 bytes leftover after parsing attributes in process `syz.4.754'. [ 347.444251][ T8587] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 347.705320][ T8583] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.753'. [ 347.873650][ T8594] netlink: 'syz.3.757': attribute type 4 has an invalid length. [ 347.922879][ T8594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'. [ 349.561443][ T8623] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 349.572883][ T8623] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 350.105225][ T8633] sctp: [Deprecated]: syz.0.769 (pid 8633) Use of int in maxseg socket option. [ 350.105225][ T8633] Use struct sctp_assoc_value instead [ 350.128581][ T8635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.141405][ T8635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.150693][ T8630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.164402][ T8635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.173638][ T8630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.190027][ T8635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 351.235450][ T1209] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 351.373992][ T8642] netlink: 28 bytes leftover after parsing attributes in process `syz.4.771'. [ 351.384448][ T8642] netlink: 28 bytes leftover after parsing attributes in process `syz.4.771'. [ 351.405548][ T1209] usb 2-1: Using ep0 maxpacket: 16 [ 351.413064][ T1209] usb 2-1: config 1 has an invalid interface number: 105 but max is 0 [ 351.421499][ T1209] usb 2-1: config 1 has no interface number 0 [ 351.427990][ T1209] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 351.438231][ T1209] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 351.459497][ T1209] usb 2-1: config 1 interface 105 has no altsetting 0 [ 351.478556][ T1209] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 351.488296][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.496494][ T1209] usb 2-1: Product: syz [ 351.500966][ T1209] usb 2-1: Manufacturer: syz [ 351.505740][ T1209] usb 2-1: SerialNumber: syz [ 351.522929][ T8632] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 351.533672][ T8632] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 351.695711][ T5922] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 351.875509][ T5922] usb 3-1: device descriptor read/64, error -71 [ 352.165949][ T5922] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 352.365617][ T5922] usb 3-1: device descriptor read/64, error -71 [ 352.526266][ T5922] usb usb3-port1: attempt power cycle [ 352.615103][ T5871] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 352.765576][ T5871] usb 5-1: Using ep0 maxpacket: 32 [ 352.779592][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.801122][ T5871] usb 5-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 352.810471][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.822945][ T5871] usb 5-1: config 0 descriptor?? [ 352.875698][ T5922] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 352.920017][ T5922] usb 3-1: device descriptor read/8, error -71 [ 353.246357][ T5922] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 353.426375][ T5922] usb 3-1: device descriptor read/8, error -71 [ 353.456670][ C1] raw-gadget.6 gadget.4: ignoring, device is not running [ 353.464495][ C1] raw-gadget.6 gadget.4: ignoring, device is not running [ 353.472210][ T5871] usbhid 5-1:0.0: can't add hid device: -71 [ 353.478288][ T5871] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 353.491407][ T5871] usb 5-1: USB disconnect, device number 20 [ 353.609426][ T1209] aqc111 2-1:1.105: probe with driver aqc111 failed with error -71 [ 353.626501][ T1209] usb 2-1: USB disconnect, device number 12 [ 353.725993][ T5922] usb usb3-port1: unable to enumerate USB device [ 354.130665][ T8673] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 355.089605][ T8677] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 355.241326][ T8680] netlink: 236 bytes leftover after parsing attributes in process `syz.0.783'. [ 355.944821][ T8687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.786'. [ 357.005471][ T5922] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 357.336595][ T5922] usb 3-1: Using ep0 maxpacket: 16 [ 357.349843][ T5922] usb 3-1: unable to get BOS descriptor or descriptor too short [ 357.367017][ T5922] usb 3-1: config 9 has an invalid interface number: 48 but max is 0 [ 357.379096][ T5922] usb 3-1: config 9 has no interface number 0 [ 357.395676][ T5922] usb 3-1: config 9 interface 48 has no altsetting 0 [ 357.414750][ T5922] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=f3.7b [ 357.435088][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.451524][ T5922] usb 3-1: Product: syz [ 357.460888][ T5922] usb 3-1: Manufacturer: syz [ 357.475450][ T5922] usb 3-1: SerialNumber: syz [ 357.700196][ T5922] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 357.757514][ T8702] netlink: 48 bytes leftover after parsing attributes in process `syz.3.790'. [ 358.060644][ T1209] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 358.245482][ T1209] usb 4-1: Using ep0 maxpacket: 8 [ 358.615743][ T5922] gspca_vc032x: reg_r err -110 [ 358.620633][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.940017][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.947995][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.953367][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.959073][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.964443][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.969892][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.975254][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.980936][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.986577][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.992991][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 358.999413][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.005543][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.015720][ T1209] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 359.073381][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.349143][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.407725][ T1209] usb 4-1: Product: syz [ 359.417910][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.465333][ T1209] usb 4-1: Manufacturer: syz [ 359.610130][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.637206][ T1209] usb 4-1: SerialNumber: syz [ 359.664825][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.677050][ T1209] usb 4-1: config 0 descriptor?? [ 359.685623][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.709393][ T5922] gspca_vc032x: I2c Bus Busy Wait 00 [ 359.740751][ T1209] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244) [ 359.763751][ T5922] gspca_vc032x: Unknown sensor... [ 359.782485][ T5922] vc032x 3-1:9.48: probe with driver vc032x failed with error -22 [ 359.798428][ T8727] FAULT_INJECTION: forcing a failure. [ 359.798428][ T8727] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 359.813598][ T8724] 9pnet_fd: Insufficient options for proto=fd [ 359.843521][ T8727] CPU: 1 UID: 0 PID: 8727 Comm: syz.0.797 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 359.843548][ T8727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 359.843560][ T8727] Call Trace: [ 359.843567][ T8727] [ 359.843576][ T8727] dump_stack_lvl+0x189/0x250 [ 359.843604][ T8727] ? __pfx____ratelimit+0x10/0x10 [ 359.843624][ T8727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.843645][ T8727] ? __pfx__printk+0x10/0x10 [ 359.843672][ T8727] ? fs_reclaim_acquire+0x7d/0x100 [ 359.843705][ T8727] should_fail_ex+0x414/0x560 [ 359.843731][ T8727] prepare_alloc_pages+0x213/0x610 [ 359.843763][ T8727] __alloc_frozen_pages_noprof+0x123/0x370 [ 359.843792][ T8727] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 359.843828][ T8727] ? policy_nodemask+0x27c/0x720 [ 359.843846][ T8727] ? do_raw_spin_lock+0x121/0x290 [ 359.843877][ T8727] alloc_pages_mpol+0x232/0x4a0 [ 359.843903][ T8727] alloc_pages_noprof+0xa9/0x190 [ 359.843925][ T8727] __pmd_alloc+0x3a/0x3b0 [ 359.843949][ T8727] __handle_mm_fault+0xa63/0x5620 [ 359.843985][ T8727] ? mt_find+0x46f/0x5f0 [ 359.844015][ T8727] ? __pfx___handle_mm_fault+0x10/0x10 [ 359.844061][ T8727] ? find_vma+0xe7/0x160 [ 359.844079][ T8727] ? __pfx_find_vma+0x10/0x10 [ 359.844109][ T8727] handle_mm_fault+0x2d5/0x7f0 [ 359.844151][ T8727] do_user_addr_fault+0x764/0x1390 [ 359.844198][ T8727] exc_page_fault+0x76/0xf0 [ 359.844222][ T8727] asm_exc_page_fault+0x26/0x30 [ 359.844241][ T8727] RIP: 0010:__put_user_4+0xd/0x20 [ 359.844262][ T8727] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 359.844279][ T8727] RSP: 0018:ffffc9000517fc88 EFLAGS: 00050206 [ 359.844297][ T8727] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000000 [ 359.844309][ T8727] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40 [ 359.844323][ T8727] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8208a560 [ 359.844336][ T8727] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000200000000000 [ 359.844350][ T8727] R13: 0000000000000000 R14: 0000200000000000 R15: ffff888026d84800 [ 359.844371][ T8727] ? __might_fault+0xb0/0x130 [ 359.844400][ T8727] vt_do_diacrit+0x534/0xa40 [ 359.844435][ T8727] vt_ioctl+0x101a/0x1f00 [ 359.844463][ T8727] ? __pfx_vt_ioctl+0x10/0x10 [ 359.844483][ T8727] ? __asan_memset+0x22/0x50 [ 359.844510][ T8727] ? smack_file_ioctl+0x24a/0x340 [ 359.844532][ T8727] ? __pfx_smack_file_ioctl+0x10/0x10 [ 359.844573][ T8727] tty_ioctl+0x926/0xde0 [ 359.844600][ T8727] ? __pfx_tty_ioctl+0x10/0x10 [ 359.844626][ T8727] __se_sys_ioctl+0xfc/0x170 [ 359.844658][ T8727] do_syscall_64+0xfa/0x3b0 [ 359.844679][ T8727] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.844699][ T8727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.844718][ T8727] ? clear_bhb_loop+0x60/0xb0 [ 359.844742][ T8727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.844761][ T8727] RIP: 0033:0x7f1c5538ebe9 [ 359.844778][ T8727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.844795][ T8727] RSP: 002b:00007f1c56110038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 359.844814][ T8727] RAX: ffffffffffffffda RBX: 00007f1c555b5fa0 RCX: 00007f1c5538ebe9 [ 359.844829][ T8727] RDX: 0000200000000000 RSI: 0000000000004b4a RDI: 0000000000000003 [ 359.844842][ T8727] RBP: 00007f1c56110090 R08: 0000000000000000 R09: 0000000000000000 [ 359.844854][ T8727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.844866][ T8727] R13: 00007f1c555b6038 R14: 00007f1c555b5fa0 R15: 00007fff6c62a9b8 [ 359.844900][ T8727] [ 360.236221][ T8702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 360.295355][ T8702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 360.313939][ T8702] netlink: 12 bytes leftover after parsing attributes in process `syz.3.790'. [ 360.389106][ T43] usb 3-1: USB disconnect, device number 12 [ 361.047659][ T1209] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 361.193332][ T1209] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 361.764561][ T1209] usb 4-1: USB disconnect, device number 11 [ 361.919949][ T8749] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 361.937830][ T8749] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 362.261985][ T8752] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 363.934381][ T8767] xt_CT: You must specify a L4 protocol and not use inversions on it [ 364.173278][ T8766] bridge1: entered promiscuous mode [ 364.179191][ T8748] xt_SECMARK: invalid mode: 2 [ 364.189978][ T8766] team0: Port device bridge1 added [ 364.435311][ T8772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.810'. [ 364.909346][ T8781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.813'. [ 364.943398][ T8781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.813'. [ 365.927496][ T8791] loop2: detected capacity change from 0 to 7 [ 366.531013][ T8791] Dev loop2: unable to read RDB block 7 [ 366.537435][ T8791] loop2: unable to read partition table [ 366.545609][ T8791] loop2: partition table beyond EOD, truncated [ 366.551938][ T8791] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 366.847025][ T8796] netlink: 420 bytes leftover after parsing attributes in process `syz.3.817'. [ 367.719624][ T8808] netlink: 16 bytes leftover after parsing attributes in process `syz.4.818'. [ 368.453362][ T8810] tmpfs: Bad value for 'mpol' [ 368.817030][ T8806] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 370.272533][ T8828] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 371.414806][ T8835] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 371.568127][ T8837] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 371.577560][ T8837] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 371.679882][ T8841] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 372.318736][ T8856] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 372.327643][ T8856] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 373.810698][ T8865] ubi31: attaching mtd0 [ 373.815302][ T8865] ubi31 error: ubi_attach_mtd_dev: bad VID header (12288) or data offsets (12352) [ 373.901291][ T8875] netlink: 92 bytes leftover after parsing attributes in process `syz.1.836'. [ 375.270672][ T8887] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.843'. [ 375.374685][ T8889] loop2: detected capacity change from 0 to 7 [ 375.383266][ T8889] Dev loop2: unable to read RDB block 7 [ 375.425282][ T8889] loop2: unable to read partition table [ 375.459092][ T8889] loop2: partition table beyond EOD, truncated [ 375.465305][ T8889] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 375.679129][ T8897] qnx4: no qnx4 filesystem (no root dir). [ 375.844695][ T8900] x_tables: ip6_tables: dccp match: only valid for protocol 33 [ 377.485343][ T8909] netlink: 8 bytes leftover after parsing attributes in process `syz.4.850'. [ 377.695986][ T8925] 9pnet_fd: Insufficient options for proto=fd [ 378.547558][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.554330][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.555764][ T6020] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 379.128376][ T1209] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 379.236826][ T6020] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 379.303927][ T6020] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 379.347254][ T6020] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 379.353045][ T8952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.861'. [ 379.361276][ T6020] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 379.398650][ T1209] usb 3-1: Using ep0 maxpacket: 32 [ 379.404253][ T6020] usb 2-1: SerialNumber: syz [ 379.572912][ T6020] usb 2-1: bad CDC descriptors [ 379.600335][ T6020] usb-storage 2-1:1.0: USB Mass Storage device detected [ 379.644301][ T1209] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 379.703747][ T1209] usb 3-1: config 0 has no interface number 0 [ 380.335756][ T6020] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 380.352641][ T6020] scsi host1: usb-storage 2-1:1.0 [ 380.365724][ T1209] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 380.515096][ T1209] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.543492][ T1209] usb 3-1: Product: syz [ 380.562042][ T1209] usb 3-1: Manufacturer: syz [ 380.580519][ T1209] usb 3-1: SerialNumber: syz [ 380.591421][ T1209] usb 3-1: config 0 descriptor?? [ 380.618213][ T1209] smsc95xx v2.0.0 [ 380.787010][ T8965] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 380.797162][ T8965] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 380.920079][ T1209] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 381.118592][ T1209] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 381.380133][ T6020] usb 2-1: USB disconnect, device number 13 [ 381.480751][ T1209] usb 3-1: USB disconnect, device number 13 [ 381.629946][ T8979] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[8979] [ 381.642966][ T8979] xt_cgroup: invalid path, errno=-2 [ 382.397283][ T8995] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 382.878515][ T43] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 383.043931][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 383.080187][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.874'. [ 384.569390][ T43] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 384.615507][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.623561][ T43] usb 2-1: Product: syz [ 384.640167][ T43] usb 2-1: Manufacturer: syz [ 384.644809][ T43] usb 2-1: SerialNumber: syz [ 385.779992][ T43] usb 2-1: config 0 descriptor?? [ 386.337337][ T43] usb 2-1: can't set config #0, error -71 [ 386.344954][ T43] usb 2-1: USB disconnect, device number 14 [ 386.487572][ T9032] sp0: Synchronizing with TNC [ 388.177939][ T9036] FAULT_INJECTION: forcing a failure. [ 388.177939][ T9036] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 388.222201][ T9036] CPU: 1 UID: 0 PID: 9036 Comm: syz.3.881 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 388.222229][ T9036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 388.222244][ T9036] Call Trace: [ 388.222255][ T9036] [ 388.222265][ T9036] dump_stack_lvl+0x189/0x250 [ 388.222293][ T9036] ? __pfx____ratelimit+0x10/0x10 [ 388.222314][ T9036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 388.222336][ T9036] ? __pfx__printk+0x10/0x10 [ 388.222363][ T9036] ? fs_reclaim_acquire+0x7d/0x100 [ 388.222396][ T9036] should_fail_ex+0x414/0x560 [ 388.222422][ T9036] prepare_alloc_pages+0x213/0x610 [ 388.222455][ T9036] __alloc_frozen_pages_noprof+0x123/0x370 [ 388.222484][ T9036] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 388.222513][ T9036] ? __lock_acquire+0xab9/0xd20 [ 388.222543][ T9036] alloc_pages_mpol+0x232/0x4a0 [ 388.222570][ T9036] alloc_pages_noprof+0xa9/0x190 [ 388.222594][ T9036] pte_alloc_one+0x21/0x170 [ 388.222617][ T9036] __pte_alloc+0x25/0x1a0 [ 388.222645][ T9036] __handle_mm_fault+0x4b8a/0x5620 [ 388.222694][ T9036] ? __pfx___handle_mm_fault+0x10/0x10 [ 388.222743][ T9036] ? find_vma+0xe7/0x160 [ 388.222761][ T9036] ? __pfx_find_vma+0x10/0x10 [ 388.222782][ T9036] handle_mm_fault+0x2d5/0x7f0 [ 388.222825][ T9036] do_user_addr_fault+0x764/0x1390 [ 388.222871][ T9036] exc_page_fault+0x76/0xf0 [ 388.222895][ T9036] asm_exc_page_fault+0x26/0x30 [ 388.222914][ T9036] RIP: 0010:__put_user_4+0xd/0x20 [ 388.222934][ T9036] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 388.222952][ T9036] RSP: 0018:ffffc90003877c88 EFLAGS: 00050206 [ 388.222970][ T9036] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000000 [ 388.222984][ T9036] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffffffff8be1ba40 [ 388.222998][ T9036] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8208a560 [ 388.223012][ T9036] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000200000000000 [ 388.223026][ T9036] R13: 0000000000000000 R14: 0000200000000000 R15: ffff888056e62000 [ 388.223048][ T9036] ? __might_fault+0xb0/0x130 [ 388.223077][ T9036] vt_do_diacrit+0x534/0xa40 [ 388.223118][ T9036] vt_ioctl+0x101a/0x1f00 [ 388.223147][ T9036] ? __pfx_vt_ioctl+0x10/0x10 [ 388.223165][ T9036] ? __asan_memset+0x22/0x50 [ 388.223191][ T9036] ? smack_file_ioctl+0x24a/0x340 [ 388.223213][ T9036] ? __pfx_smack_file_ioctl+0x10/0x10 [ 388.223254][ T9036] tty_ioctl+0x926/0xde0 [ 388.223281][ T9036] ? __pfx_tty_ioctl+0x10/0x10 [ 388.223307][ T9036] __se_sys_ioctl+0xfc/0x170 [ 388.223338][ T9036] do_syscall_64+0xfa/0x3b0 [ 388.223361][ T9036] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.223379][ T9036] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 388.223398][ T9036] ? clear_bhb_loop+0x60/0xb0 [ 388.223422][ T9036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.223441][ T9036] RIP: 0033:0x7fdce878ebe9 [ 388.223457][ T9036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.223474][ T9036] RSP: 002b:00007fdce95d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 388.223493][ T9036] RAX: ffffffffffffffda RBX: 00007fdce89b5fa0 RCX: 00007fdce878ebe9 [ 388.223507][ T9036] RDX: 0000200000000000 RSI: 0000000000004b4a RDI: 0000000000000003 [ 388.223521][ T9036] RBP: 00007fdce95d1090 R08: 0000000000000000 R09: 0000000000000000 [ 388.223533][ T9036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 388.223545][ T9036] R13: 00007fdce89b6038 R14: 00007fdce89b5fa0 R15: 00007ffd66b30298 [ 388.223578][ T9036] [ 388.579033][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.762005][ T9044] unsupported nlmsg_type 40 [ 389.339767][ T9046] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 389.348457][ T9046] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 389.812213][ T9054] No such timeout policy "syz0" [ 391.758502][ T9062] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.890'. [ 391.965715][ T9071] tmpfs: Bad value for 'mpol' [ 392.242623][ T9073] netlink: 60 bytes leftover after parsing attributes in process `syz.0.894'. [ 393.875822][ T9068] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 394.115075][ T9088] netlink: 420 bytes leftover after parsing attributes in process `syz.0.896'. [ 394.868789][ T9086] netlink: 12 bytes leftover after parsing attributes in process `syz.1.898'. [ 395.038721][ T9095] sp0: Synchronizing with TNC [ 396.362678][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 396.398839][ T9092] netlink: 8 bytes leftover after parsing attributes in process `syz.2.899'. [ 396.689189][ T9102] No such timeout policy "syz0" [ 396.702257][ T9079] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 396.720437][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 397.159301][ T9079] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 397.297747][ T9079] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 397.306310][ T9079] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 397.343240][ T9079] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 397.357274][ T9079] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 397.488186][ T9079] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 397.494646][ T9079] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 397.524936][ T9079] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 397.527740][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 397.527757][ T30] audit: type=1326 audit(1755864658.257:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.531453][ T9079] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 397.540835][ T30] audit: type=1326 audit(1755864658.257:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.607678][ T9109] pim6reg: entered allmulticast mode [ 397.642035][ T9109] pim6reg: left allmulticast mode [ 397.691624][ T30] audit: type=1326 audit(1755864658.317:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.718864][ T30] audit: type=1326 audit(1755864658.317:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.741061][ T30] audit: type=1326 audit(1755864658.317:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.787611][ T30] audit: type=1326 audit(1755864658.317:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.809916][ T30] audit: type=1326 audit(1755864658.317:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.832206][ T30] audit: type=1326 audit(1755864658.317:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.853611][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.943226][ T30] audit: type=1326 audit(1755864658.317:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 397.966671][ T30] audit: type=1326 audit(1755864658.357:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.4.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819298ebe9 code=0x7ffc0000 [ 398.045143][ T9118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.906'. [ 398.104581][ T9120] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.907'. [ 398.395632][ T43] usb 5-1: new low-speed USB device number 21 using dummy_hcd [ 399.541515][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 399.545576][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 399.547652][ T5851] Bluetooth: hci2: command 0x0406 tx timeout [ 399.553606][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 399.575928][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 399.668967][ T43] usb 5-1: config index 0 descriptor too short (expected 6427, got 27) [ 399.683840][ T43] usb 5-1: config 0 has an invalid interface number: 21 but max is 0 [ 399.692432][ T43] usb 5-1: config 0 has no interface number 0 [ 399.698917][ T43] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0x21, changing to 0x1 [ 399.718596][ T43] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 399.730005][ T43] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 399.739883][ T43] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 399.749544][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.760376][ T43] usb 5-1: config 0 descriptor?? [ 400.031760][ T1209] usb 5-1: USB disconnect, device number 21 [ 400.170602][ T9142] No such timeout policy "syz0" [ 401.011416][ T9149] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.917'. [ 401.124751][ T9151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.914'. [ 401.336977][ T9155] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.919'. [ 401.352171][ T9149] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!' [ 401.384237][ T9149] CPU: 0 UID: 0 PID: 9149 Comm: syz.0.917 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 401.384255][ T9149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 401.384262][ T9149] Call Trace: [ 401.384268][ T9149] [ 401.384273][ T9149] dump_stack_lvl+0x189/0x250 [ 401.384292][ T9149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 401.384304][ T9149] ? __pfx__printk+0x10/0x10 [ 401.384318][ T9149] ? kernfs_path_from_node+0x2c/0x260 [ 401.384332][ T9149] ? kernfs_path_from_node+0x2c/0x260 [ 401.384343][ T9149] ? kernfs_path_from_node+0x2c/0x260 [ 401.384360][ T9149] ? kernfs_path_from_node+0x22c/0x260 [ 401.384370][ T9149] ? kernfs_path_from_node+0x2c/0x260 [ 401.384384][ T9149] sysfs_warn_dup+0x8e/0xa0 [ 401.384397][ T9149] sysfs_do_create_link_sd+0xc0/0x110 [ 401.384411][ T9149] device_add_class_symlinks+0x1cf/0x240 [ 401.384429][ T9149] device_add+0x475/0xb50 [ 401.384446][ T9149] wiphy_register+0x199a/0x26b0 [ 401.384470][ T9149] ? __pfx_wiphy_register+0x10/0x10 [ 401.384482][ T9149] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 401.384502][ T9149] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 401.384520][ T9149] ieee80211_register_hw+0x33e1/0x4120 [ 401.384546][ T9149] ? ieee80211_register_hw+0x1471/0x4120 [ 401.384566][ T9149] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 401.384584][ T9149] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 401.384605][ T9149] ? __hrtimer_setup+0x187/0x210 [ 401.384615][ T9149] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 401.384633][ T9149] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 401.384665][ T9149] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 401.384678][ T9149] ? trace_kmalloc+0x1f/0xd0 [ 401.384688][ T9149] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 401.384699][ T9149] ? kstrndup+0xbf/0x160 [ 401.384717][ T9149] hwsim_new_radio_nl+0xea4/0x1b10 [ 401.384734][ T9149] ? __pfx___nla_validate_parse+0x10/0x10 [ 401.384755][ T9149] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 401.384777][ T9149] ? __nla_parse+0x40/0x60 [ 401.384792][ T9149] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 401.384817][ T9149] genl_family_rcv_msg_doit+0x215/0x300 [ 401.384834][ T9149] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 401.384853][ T9149] ? bpf_lsm_capable+0x9/0x20 [ 401.384866][ T9149] ? security_capable+0x7e/0x2e0 [ 401.384884][ T9149] genl_rcv_msg+0x60e/0x790 [ 401.384899][ T9149] ? __pfx_genl_rcv_msg+0x10/0x10 [ 401.384908][ T9149] ? ref_tracker_free+0x63a/0x7d0 [ 401.384919][ T9149] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 401.384933][ T9149] ? __pfx_ref_tracker_free+0x10/0x10 [ 401.384952][ T9149] netlink_rcv_skb+0x205/0x470 [ 401.384968][ T9149] ? __pfx_genl_rcv_msg+0x10/0x10 [ 401.384979][ T9149] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 401.385003][ T9149] ? down_read+0x1ad/0x2e0 [ 401.385017][ T9149] genl_rcv+0x28/0x40 [ 401.385026][ T9149] netlink_unicast+0x75c/0x8e0 [ 401.385046][ T9149] netlink_sendmsg+0x805/0xb30 [ 401.385069][ T9149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 401.385089][ T9149] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 401.385099][ T9149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 401.385113][ T9149] __sock_sendmsg+0x21c/0x270 [ 401.385134][ T9149] ____sys_sendmsg+0x505/0x830 [ 401.385154][ T9149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 401.385176][ T9149] ? import_iovec+0x74/0xa0 [ 401.385193][ T9149] ___sys_sendmsg+0x21f/0x2a0 [ 401.385211][ T9149] ? __pfx____sys_sendmsg+0x10/0x10 [ 401.385249][ T9149] ? __fget_files+0x2a/0x420 [ 401.385260][ T9149] ? __fget_files+0x3a0/0x420 [ 401.385277][ T9149] __x64_sys_sendmsg+0x19b/0x260 [ 401.385295][ T9149] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 401.385317][ T9149] ? rcu_is_watching+0x15/0xb0 [ 401.385331][ T9149] ? do_syscall_64+0xbe/0x3b0 [ 401.385345][ T9149] do_syscall_64+0xfa/0x3b0 [ 401.385360][ T9149] ? lockdep_hardirqs_on+0x9c/0x150 [ 401.385378][ T9149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.385395][ T9149] ? clear_bhb_loop+0x60/0xb0 [ 401.385417][ T9149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.385435][ T9149] RIP: 0033:0x7f1c5538ebe9 [ 401.385451][ T9149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.385467][ T9149] RSP: 002b:00007f1c56110038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 401.385488][ T9149] RAX: ffffffffffffffda RBX: 00007f1c555b5fa0 RCX: 00007f1c5538ebe9 [ 401.385502][ T9149] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 401.385514][ T9149] RBP: 00007f1c55411e19 R08: 0000000000000000 R09: 0000000000000000 [ 401.385526][ T9149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.385537][ T9149] R13: 00007f1c555b6038 R14: 00007f1c555b5fa0 R15: 00007fff6c62a9b8 [ 401.385570][ T9149] [ 401.837526][ C0] vkms_vblank_simulate: vblank timer overrun [ 401.885537][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 401.891603][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 401.898287][ T5851] Bluetooth: hci2: command 0x0406 tx timeout [ 401.904352][ T5851] Bluetooth: hci1: command 0x0406 tx timeout [ 402.615847][ T1209] kernel write not supported for file /input/mouse0 (pid: 1209 comm: kworker/0:3) [ 402.631654][ T9167] netlink: 20 bytes leftover after parsing attributes in process `syz.2.923'. [ 402.641001][ T9167] netlink: 20 bytes leftover after parsing attributes in process `syz.2.923'. [ 403.086899][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 403.105424][ T30] audit: type=1326 audit(1755864663.817:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 403.275143][ T30] audit: type=1326 audit(1755864663.817:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 403.355809][ T30] audit: type=1326 audit(1755864663.817:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 403.860019][ T30] audit: type=1326 audit(1755864663.817:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 403.913181][ T30] audit: type=1326 audit(1755864663.817:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 403.965577][ T30] audit: type=1326 audit(1755864663.817:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 404.027953][ T30] audit: type=1326 audit(1755864663.827:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 404.060189][ T30] audit: type=1326 audit(1755864663.837:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1a0d585ba7 code=0x7ffc0000 [ 404.081734][ T30] audit: type=1326 audit(1755864663.837:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1a0d52ade9 code=0x7ffc0000 [ 404.103511][ T30] audit: type=1326 audit(1755864663.837:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.1.924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1a0d585ba7 code=0x7ffc0000 [ 404.939342][ T9196] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 404.948996][ T9196] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 405.399777][ T9204] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.931'. [ 405.428060][ T9204] debugfs: Directory 'Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!' with parent 'ieee80211' already present! [ 405.621245][ T9211] netlink: 268 bytes leftover after parsing attributes in process `syz.2.934'. [ 405.753940][ T9205] netlink: 28 bytes leftover after parsing attributes in process `syz.4.931'. [ 414.150516][ T9277] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 414.535885][ T1209] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 414.634523][ T9298] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 414.643844][ T9298] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 414.876743][ T1209] usb 3-1: device descriptor read/64, error -71 [ 415.247316][ T1209] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 415.946956][ T1209] usb 3-1: device descriptor read/64, error -71 [ 416.068294][ T1209] usb usb3-port1: attempt power cycle [ 416.725467][ T1209] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 417.621139][ T9333] bridge2: entered promiscuous mode [ 417.627766][ T9333] team0: Port device bridge2 added [ 417.739687][ T1209] usb 3-1: device descriptor read/8, error -71 [ 417.841593][ T9335] ======================================================= [ 417.841593][ T9335] WARNING: The mand mount option has been deprecated and [ 417.841593][ T9335] and is ignored by this kernel. Remove the mand [ 417.841593][ T9335] option from the mount to silence this warning. [ 417.841593][ T9335] ======================================================= [ 418.939809][ T9353] No such timeout policy "syz0" [ 419.703027][ T9358] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 419.711500][ T9358] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 419.773548][ T9348] netfs: Couldn't get user pages (rc=-4) [ 420.223285][ T9372] fuse: Unknown parameter 'fâ' [ 420.223285][ T9370] fuse: Unknown parameter 'fâ' [ 420.625524][ T6020] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 420.864019][ T9387] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 420.897678][ T9387] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 421.625671][ T6020] usb 2-1: Using ep0 maxpacket: 8 [ 421.700226][ T6020] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 421.732643][ T6020] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.736592][ T9391] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.990'. [ 421.744514][ T6020] usb 2-1: Product: syz [ 421.810650][ T6020] usb 2-1: Manufacturer: syz [ 421.847516][ T6020] usb 2-1: SerialNumber: syz [ 421.883155][ T6020] usb 2-1: config 0 descriptor?? [ 421.911915][ T6020] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244) [ 422.026671][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.991'. [ 423.097853][ T9375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 423.152520][ T6020] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -32 [ 423.260732][ T9375] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 423.312735][ T6020] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 425.001284][ T9418] FAULT_INJECTION: forcing a failure. [ 425.001284][ T9418] name failslab, interval 1, probability 0, space 0, times 0 [ 425.013931][ T9418] CPU: 0 UID: 0 PID: 9418 Comm: syz.2.997 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 425.013945][ T9418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 425.013952][ T9418] Call Trace: [ 425.013958][ T9418] [ 425.013963][ T9418] dump_stack_lvl+0x189/0x250 [ 425.013981][ T9418] ? __pfx____ratelimit+0x10/0x10 [ 425.013992][ T9418] ? __pfx_dump_stack_lvl+0x10/0x10 [ 425.014004][ T9418] ? __pfx__printk+0x10/0x10 [ 425.014020][ T9418] ? __pfx___might_resched+0x10/0x10 [ 425.014031][ T9418] ? fs_reclaim_acquire+0x7d/0x100 [ 425.014046][ T9418] should_fail_ex+0x414/0x560 [ 425.014060][ T9418] should_failslab+0xa8/0x100 [ 425.014073][ T9418] __kmalloc_noprof+0xcb/0x4f0 [ 425.014082][ T9418] ? kfree+0x4d/0x440 [ 425.014096][ T9418] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 425.014113][ T9418] tomoyo_realpath_from_path+0xe3/0x5d0 [ 425.014128][ T9418] ? tomoyo_domain+0xda/0x130 [ 425.014144][ T9418] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 425.014155][ T9418] tomoyo_path_number_perm+0x1e8/0x5a0 [ 425.014167][ T9418] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 425.014188][ T9418] ? __lock_acquire+0xab9/0xd20 [ 425.014209][ T9418] ? __fget_files+0x2a/0x420 [ 425.014223][ T9418] ? __fget_files+0x2a/0x420 [ 425.014233][ T9418] ? __fget_files+0x3a0/0x420 [ 425.014243][ T9418] ? __fget_files+0x2a/0x420 [ 425.014257][ T9418] security_file_ioctl+0xcb/0x2d0 [ 425.014270][ T9418] __se_sys_ioctl+0x47/0x170 [ 425.014287][ T9418] do_syscall_64+0xfa/0x3b0 [ 425.014298][ T9418] ? lockdep_hardirqs_on+0x9c/0x150 [ 425.014309][ T9418] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.014320][ T9418] ? clear_bhb_loop+0x60/0xb0 [ 425.014332][ T9418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.014342][ T9418] RIP: 0033:0x7feafe38ebe9 [ 425.014352][ T9418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.014362][ T9418] RSP: 002b:00007feaff238038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 425.014378][ T9418] RAX: ffffffffffffffda RBX: 00007feafe5b6090 RCX: 00007feafe38ebe9 [ 425.014386][ T9418] RDX: 0000200000000040 RSI: 0000000040044104 RDI: 0000000000000007 [ 425.014396][ T9418] RBP: 00007feaff238090 R08: 0000000000000000 R09: 0000000000000000 [ 425.014403][ T9418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.014409][ T9418] R13: 00007feafe5b6128 R14: 00007feafe5b6090 R15: 00007ffec34ae878 [ 425.014425][ T9418] [ 425.014430][ T9418] ERROR: Out of memory at tomoyo_realpath_from_path. [ 425.652648][ T43] usb 2-1: USB disconnect, device number 15 [ 425.717896][ T9426] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1001'. [ 425.913330][ T9437] 8021q: adding VLAN 0 to HW filter on device bond1 [ 425.934989][ T9437] bond_slave_0: entered promiscuous mode [ 425.940753][ T9437] bond_slave_1: entered promiscuous mode [ 425.947858][ T9437] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 425.955442][ T1209] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 425.958920][ T9437] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 426.107396][ T1209] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.125465][ T1209] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 426.144962][ T1209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.180314][ T1209] usb 4-1: config 0 descriptor?? [ 426.505950][ T43] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 427.371388][ T1209] koneplus 0003:1E7D:2E22.0003: hidraw0: USB HID vff.fe Device [HID 1e7d:2e22] on usb-dummy_hcd.3-1/input0 [ 428.213931][ T43] usb 5-1: too many endpoints for config 0 interface 0 altsetting 185: 33, using maximum allowed: 30 [ 428.454987][ T43] usb 5-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.465109][ T43] usb 5-1: config 0 interface 0 altsetting 185 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 428.478278][ T43] usb 5-1: config 0 interface 0 has no altsetting 0 [ 428.484936][ T43] usb 5-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 428.494023][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.636529][ T43] usb 5-1: config 0 descriptor?? [ 429.438392][ T24] usb 4-1: USB disconnect, device number 12 [ 429.488828][ T43] usbhid 5-1:0.0: can't add hid device: -71 [ 429.494942][ T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 429.530669][ T43] usb 5-1: USB disconnect, device number 22 [ 429.791695][ T9467] loop2: detected capacity change from 0 to 7 [ 429.799244][ T9467] Dev loop2: unable to read RDB block 7 [ 429.805014][ T9467] loop2: unable to read partition table [ 430.786136][ T9467] loop2: partition table beyond EOD, truncated [ 430.794627][ T9467] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 431.695519][ T9468] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 431.950207][ T9474] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1014'. [ 433.036533][ T9506] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1024'. [ 434.348632][ T9529] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1028'. [ 434.609479][ T9531] macvlan2: entered promiscuous mode [ 434.936518][ T9540] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 434.956451][ T9540] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 436.188321][ T9564] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1039'. [ 436.249818][ T9568] 9pnet_fd: Insufficient options for proto=fd [ 436.283575][ T9567] FAULT_INJECTION: forcing a failure. [ 436.283575][ T9567] name failslab, interval 1, probability 0, space 0, times 0 [ 436.297182][ T9567] CPU: 0 UID: 0 PID: 9567 Comm: syz.3.1038 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 436.297207][ T9567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 436.297220][ T9567] Call Trace: [ 436.297228][ T9567] [ 436.297236][ T9567] dump_stack_lvl+0x189/0x250 [ 436.297263][ T9567] ? __pfx____ratelimit+0x10/0x10 [ 436.297283][ T9567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 436.297305][ T9567] ? __pfx__printk+0x10/0x10 [ 436.297331][ T9567] ? __pfx___might_resched+0x10/0x10 [ 436.297353][ T9567] ? fs_reclaim_acquire+0x7d/0x100 [ 436.297381][ T9567] should_fail_ex+0x414/0x560 [ 436.297407][ T9567] should_failslab+0xa8/0x100 [ 436.297429][ T9567] __kmalloc_noprof+0xcb/0x4f0 [ 436.297447][ T9567] ? tomoyo_encode+0x28b/0x550 [ 436.297476][ T9567] tomoyo_encode+0x28b/0x550 [ 436.297506][ T9567] tomoyo_realpath_from_path+0x58d/0x5d0 [ 436.297543][ T9567] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 436.297563][ T9567] tomoyo_path_number_perm+0x1e8/0x5a0 [ 436.297598][ T9567] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 436.297638][ T9567] ? __lock_acquire+0xab9/0xd20 [ 436.297678][ T9567] ? __fget_files+0x2a/0x420 [ 436.297703][ T9567] ? __fget_files+0x2a/0x420 [ 436.297723][ T9567] ? __fget_files+0x3a0/0x420 [ 436.297742][ T9567] ? __fget_files+0x2a/0x420 [ 436.297766][ T9567] security_file_ioctl+0xcb/0x2d0 [ 436.297790][ T9567] __se_sys_ioctl+0x47/0x170 [ 436.297819][ T9567] do_syscall_64+0xfa/0x3b0 [ 436.297839][ T9567] ? lockdep_hardirqs_on+0x9c/0x150 [ 436.297860][ T9567] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.297879][ T9567] ? clear_bhb_loop+0x60/0xb0 [ 436.297902][ T9567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.297919][ T9567] RIP: 0033:0x7fdce878ebe9 [ 436.297935][ T9567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.297952][ T9567] RSP: 002b:00007fdce95b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 436.297972][ T9567] RAX: ffffffffffffffda RBX: 00007fdce89b6090 RCX: 00007fdce878ebe9 [ 436.297986][ T9567] RDX: 0000200000000040 RSI: 0000000040044104 RDI: 0000000000000007 [ 436.297997][ T9567] RBP: 00007fdce95b0090 R08: 0000000000000000 R09: 0000000000000000 [ 436.298007][ T9567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.298018][ T9567] R13: 00007fdce89b6128 R14: 00007fdce89b6090 R15: 00007ffd66b30298 [ 436.298044][ T9567] [ 436.538661][ T9567] ERROR: Out of memory at tomoyo_realpath_from_path. [ 436.552091][ T9569] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1041'. [ 436.804970][ T9577] uprobe: syz.1.1042:9577 failed to unregister, leaking uprobe [ 437.017531][ T9583] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1044'. [ 437.026906][ T9583] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1044'. [ 438.023848][ T9594] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 438.033272][ T9594] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 439.225880][ T9613] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1053'. [ 439.986558][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.993354][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.015716][ T5953] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 440.158175][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 440.158223][ T30] audit: type=1326 audit(1755864700.887:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.200929][ T5953] usb 2-1: Using ep0 maxpacket: 16 [ 440.297508][ T5953] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 440.314666][ T5953] usb 2-1: can't read configurations, error -71 [ 440.354981][ T30] audit: type=1326 audit(1755864700.887:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.536366][ T30] audit: type=1326 audit(1755864700.887:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.575481][ T30] audit: type=1326 audit(1755864700.917:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.615565][ T30] audit: type=1326 audit(1755864700.917:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.655487][ T30] audit: type=1326 audit(1755864700.917:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.695450][ T30] audit: type=1326 audit(1755864700.917:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdce878ebe9 code=0x7ffc0000 [ 440.735461][ T30] audit: type=1326 audit(1755864700.927:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdce8785ba7 code=0x7ffc0000 [ 440.760177][ T30] audit: type=1326 audit(1755864700.927:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdce872ade9 code=0x7ffc0000 [ 440.782869][ T30] audit: type=1326 audit(1755864700.927:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9618 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdce8785ba7 code=0x7ffc0000 [ 440.940623][ T9629] xt_SECMARK: invalid mode: 2 [ 441.338362][ T9634] netlink: 'syz.1.1058': attribute type 10 has an invalid length. [ 441.346577][ T9634] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1058'. [ 441.360201][ T9634] batman_adv: batadv0: Adding interface: virt_wifi0 [ 441.367178][ T9634] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.393377][ T9634] batman_adv: batadv0: Not using interface virt_wifi0 (retrying later): interface not active [ 442.158717][ T9641] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 442.167183][ T9641] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 442.590042][ T9650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1062'. [ 443.556431][ T9661] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1068'. [ 444.993464][ T9661] hsr_slave_1 (unregistering): left promiscuous mode [ 446.864138][ T9711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1079'. [ 446.881273][ T9711] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1079'. [ 447.054237][ T9712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1079'. [ 447.311115][ T9722] x_tables: duplicate underflow at hook 3 [ 447.823320][ T9726] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.1085'. [ 447.898693][ T9726] debugfs: Directory 'Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!' with parent 'ieee80211' already present! [ 447.941607][ T9727] FAULT_INJECTION: forcing a failure. [ 447.941607][ T9727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.954728][ T9727] CPU: 1 UID: 0 PID: 9727 Comm: syz.0.1083 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 447.954760][ T9727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 447.954772][ T9727] Call Trace: [ 447.954779][ T9727] [ 447.954787][ T9727] dump_stack_lvl+0x189/0x250 [ 447.954814][ T9727] ? __pfx____ratelimit+0x10/0x10 [ 447.954836][ T9727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 447.954857][ T9727] ? __pfx__printk+0x10/0x10 [ 447.954896][ T9727] should_fail_ex+0x414/0x560 [ 447.954922][ T9727] _copy_to_user+0x31/0xb0 [ 447.954951][ T9727] simple_read_from_buffer+0xe1/0x170 [ 447.954978][ T9727] proc_fail_nth_read+0x1df/0x250 [ 447.955005][ T9727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 447.955033][ T9727] ? rw_verify_area+0x258/0x650 [ 447.955062][ T9727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 447.955087][ T9727] vfs_read+0x200/0x980 [ 447.955123][ T9727] ? __pfx___mutex_lock+0x10/0x10 [ 447.955146][ T9727] ? __pfx_vfs_read+0x10/0x10 [ 447.955177][ T9727] ? __fget_files+0x2a/0x420 [ 447.955204][ T9727] ? __fget_files+0x3a0/0x420 [ 447.955225][ T9727] ? __fget_files+0x2a/0x420 [ 447.955256][ T9727] ksys_read+0x145/0x250 [ 447.955278][ T9727] ? __pfx_ksys_read+0x10/0x10 [ 447.955302][ T9727] ? do_syscall_64+0xbe/0x3b0 [ 447.955328][ T9727] do_syscall_64+0xfa/0x3b0 [ 447.955353][ T9727] ? lockdep_hardirqs_on+0x9c/0x150 [ 447.955370][ T9727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.955388][ T9727] ? clear_bhb_loop+0x60/0xb0 [ 447.955410][ T9727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.955427][ T9727] RIP: 0033:0x7f1c5538d5fc [ 447.955444][ T9727] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 447.955461][ T9727] RSP: 002b:00007f1c535f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 447.955482][ T9727] RAX: ffffffffffffffda RBX: 00007f1c555b6090 RCX: 00007f1c5538d5fc [ 447.955496][ T9727] RDX: 000000000000000f RSI: 00007f1c535f60a0 RDI: 0000000000000008 [ 447.955508][ T9727] RBP: 00007f1c535f6090 R08: 0000000000000000 R09: 0000000000000000 [ 447.955520][ T9727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.955531][ T9727] R13: 00007f1c555b6128 R14: 00007f1c555b6090 R15: 00007fff6c62a9b8 [ 447.955561][ T9727] [ 449.368243][ T9741] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 449.618696][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 449.621687][ T30] audit: type=1326 audit(1755864710.347:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 449.665817][ T9748] bond1: option mode: unable to set because the bond device has slaves [ 449.682231][ T9748] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 449.866188][ T30] audit: type=1326 audit(1755864710.347:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 449.887807][ C1] vkms_vblank_simulate: vblank timer overrun [ 450.075855][ T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 450.371271][ T30] audit: type=1326 audit(1755864710.347:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.403578][ T30] audit: type=1326 audit(1755864710.347:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.545655][ T24] usb 5-1: device descriptor read/64, error -71 [ 450.577909][ T30] audit: type=1326 audit(1755864710.347:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.600710][ T30] audit: type=1326 audit(1755864710.347:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.622540][ T30] audit: type=1326 audit(1755864710.347:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.665646][ T30] audit: type=1326 audit(1755864710.347:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.834180][ T30] audit: type=1326 audit(1755864710.347:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.840609][ T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 450.875449][ T30] audit: type=1326 audit(1755864710.347:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9734 comm="syz.0.1089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5538ebe9 code=0x7ffc0000 [ 450.971139][ T9759] netlink: 420 bytes leftover after parsing attributes in process `syz.2.1094'. [ 451.636832][ T24] usb 5-1: device descriptor read/64, error -71 [ 451.796059][ T24] usb usb5-port1: attempt power cycle [ 452.218218][ T24] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 452.626116][ T24] usb 5-1: device descriptor read/8, error -71 [ 452.875880][ T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 453.229573][ T24] usb 5-1: device descriptor read/8, error -71 [ 453.320273][ T9779] can0: slcan on ptm0. [ 453.358851][ T24] usb usb5-port1: unable to enumerate USB device [ 454.867471][ T9778] can0 (unregistered): slcan off ptm0. [ 456.748778][ T1209] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 457.518363][ T1209] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 457.528067][ T1209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.536146][ T1209] usb 5-1: Product: syz [ 457.540413][ T1209] usb 5-1: Manufacturer: syz [ 457.545020][ T1209] usb 5-1: SerialNumber: syz [ 457.566470][ T1209] usb 5-1: config 0 descriptor?? [ 457.579119][ T9838] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.1120'. [ 457.601663][ T9838] sysfs: cannot create duplicate filename '/class/ieee80211/Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!' [ 457.615285][ T9838] CPU: 1 UID: 0 PID: 9838 Comm: syz.2.1120 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 457.615313][ T9838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 457.615325][ T9838] Call Trace: [ 457.615334][ T9838] [ 457.615343][ T9838] dump_stack_lvl+0x189/0x250 [ 457.615378][ T9838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 457.615399][ T9838] ? __pfx__printk+0x10/0x10 [ 457.615424][ T9838] ? kernfs_path_from_node+0x2c/0x260 [ 457.615447][ T9838] ? kernfs_path_from_node+0x2c/0x260 [ 457.615467][ T9838] ? kernfs_path_from_node+0x2c/0x260 [ 457.615490][ T9838] ? kernfs_path_from_node+0x22c/0x260 [ 457.615509][ T9838] ? kernfs_path_from_node+0x2c/0x260 [ 457.615534][ T9838] sysfs_warn_dup+0x8e/0xa0 [ 457.615555][ T9838] sysfs_do_create_link_sd+0xc0/0x110 [ 457.615579][ T9838] device_add_class_symlinks+0x1cf/0x240 [ 457.615612][ T9838] device_add+0x475/0xb50 [ 457.615642][ T9838] wiphy_register+0x199a/0x26b0 [ 457.615682][ T9838] ? __pfx_wiphy_register+0x10/0x10 [ 457.615705][ T9838] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 457.615741][ T9838] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 457.615775][ T9838] ieee80211_register_hw+0x33e1/0x4120 [ 457.615823][ T9838] ? ieee80211_register_hw+0x1471/0x4120 [ 457.615873][ T9838] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 457.615904][ T9838] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 457.615942][ T9838] ? __hrtimer_setup+0x187/0x210 [ 457.615960][ T9838] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 457.615994][ T9838] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 457.616053][ T9838] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 457.616078][ T9838] ? trace_kmalloc+0x1f/0xd0 [ 457.616095][ T9838] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 457.616113][ T9838] ? kstrndup+0xbf/0x160 [ 457.616147][ T9838] hwsim_new_radio_nl+0xea4/0x1b10 [ 457.616177][ T9838] ? __pfx___nla_validate_parse+0x10/0x10 [ 457.616220][ T9838] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 457.616260][ T9838] ? __nla_parse+0x40/0x60 [ 457.616287][ T9838] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 457.616316][ T9838] genl_family_rcv_msg_doit+0x215/0x300 [ 457.616345][ T9838] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 457.616381][ T9838] ? bpf_lsm_capable+0x9/0x20 [ 457.616403][ T9838] ? security_capable+0x7e/0x2e0 [ 457.616436][ T9838] genl_rcv_msg+0x60e/0x790 [ 457.616463][ T9838] ? __pfx_genl_rcv_msg+0x10/0x10 [ 457.616483][ T9838] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 457.616527][ T9838] netlink_rcv_skb+0x205/0x470 [ 457.616554][ T9838] ? __pfx_genl_rcv_msg+0x10/0x10 [ 457.616577][ T9838] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 457.616621][ T9838] ? down_read+0x1ad/0x2e0 [ 457.616646][ T9838] genl_rcv+0x28/0x40 [ 457.616663][ T9838] netlink_unicast+0x75c/0x8e0 [ 457.616699][ T9838] netlink_sendmsg+0x805/0xb30 [ 457.616733][ T9838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.616769][ T9838] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 457.616787][ T9838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.616814][ T9838] __sock_sendmsg+0x21c/0x270 [ 457.616840][ T9838] ____sys_sendmsg+0x505/0x830 [ 457.616884][ T9838] ? __pfx_____sys_sendmsg+0x10/0x10 [ 457.616923][ T9838] ? import_iovec+0x74/0xa0 [ 457.616953][ T9838] ___sys_sendmsg+0x21f/0x2a0 [ 457.616985][ T9838] ? __pfx____sys_sendmsg+0x10/0x10 [ 457.617057][ T9838] ? __fget_files+0x2a/0x420 [ 457.617078][ T9838] ? __fget_files+0x3a0/0x420 [ 457.617111][ T9838] __x64_sys_sendmsg+0x19b/0x260 [ 457.617143][ T9838] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 457.617186][ T9838] ? rcu_is_watching+0x15/0xb0 [ 457.617214][ T9838] ? do_syscall_64+0xbe/0x3b0 [ 457.617240][ T9838] do_syscall_64+0xfa/0x3b0 [ 457.617259][ T9838] ? lockdep_hardirqs_on+0x9c/0x150 [ 457.617287][ T9838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.617306][ T9838] ? clear_bhb_loop+0x60/0xb0 [ 457.617330][ T9838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.617349][ T9838] RIP: 0033:0x7feafe38ebe9 [ 457.617367][ T9838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.617385][ T9838] RSP: 002b:00007feaff259038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 457.617407][ T9838] RAX: ffffffffffffffda RBX: 00007feafe5b5fa0 RCX: 00007feafe38ebe9 [ 457.617423][ T9838] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 457.617436][ T9838] RBP: 00007feafe411e19 R08: 0000000000000000 R09: 0000000000000000 [ 457.617449][ T9838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.617461][ T9838] R13: 00007feafe5b6038 R14: 00007feafe5b5fa0 R15: 00007ffec34ae878 [ 457.617496][ T9838] [ 458.083382][ T24] usb 5-1: USB disconnect, device number 27 [ 458.588707][ T9848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1123'. [ 458.610340][ T9854] sp0: Synchronizing with TNC [ 462.194637][ T9862] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1127'. [ 462.320850][ T9862] macvtap1: entered promiscuous mode [ 462.326230][ T9862] erspan0: entered promiscuous mode [ 462.331595][ T9862] macvtap1: entered allmulticast mode [ 462.337028][ T9862] erspan0: entered allmulticast mode [ 462.352823][ T9862] erspan0: left allmulticast mode [ 462.359349][ T9862] erspan0: left promiscuous mode [ 462.371191][ T9863] overlayfs: upper fs does not support tmpfile. [ 462.578266][ T9868] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 463.633207][ T9879] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 463.655836][ T9879] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 464.970076][ T30] kauditd_printk_skb: 101 callbacks suppressed [ 464.970111][ T30] audit: type=1326 audit(1755864725.687:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.275469][ T30] audit: type=1326 audit(1755864725.687:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.433767][ T30] audit: type=1326 audit(1755864725.687:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.487276][ T30] audit: type=1326 audit(1755864725.697:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.509454][ T30] audit: type=1326 audit(1755864725.697:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.531349][ T30] audit: type=1326 audit(1755864725.697:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.553137][ T30] audit: type=1326 audit(1755864725.697:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.668979][ T30] audit: type=1326 audit(1755864725.697:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9893 comm="syz.2.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 465.693594][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1140'. [ 466.403149][ T9908] sp0: Synchronizing with TNC [ 466.751886][ T9910] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1141'. [ 466.791910][ T9912] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1143'. [ 466.968355][ T9916] bridge0: port 3(gretap0) entered blocking state [ 466.992460][ T9916] bridge0: port 3(gretap0) entered disabled state [ 467.006164][ T9916] gretap0: entered allmulticast mode [ 467.015138][ T9916] gretap0: entered promiscuous mode [ 467.503243][ T9926] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 467.528652][ T9926] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 467.782408][ T9930] gretap0: left allmulticast mode [ 467.787731][ T9930] gretap0: left promiscuous mode [ 467.794725][ T9930] bridge0: port 3(gretap0) entered disabled state [ 469.063275][ T30] audit: type=1326 audit(1755864729.657:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9941 comm="syz.1.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 469.162244][ T30] audit: type=1326 audit(1755864729.657:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9941 comm="syz.1.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0d58ebe9 code=0x7ffc0000 [ 469.492000][ T9955] tmpfs: Bad value for 'mpol' [ 470.168250][ T24] IPVS: starting estimator thread 0... [ 470.265149][ T9951] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 470.288318][ T9959] IPVS: using max 30 ests per chain, 72000 per kthread [ 471.625720][ T43] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 471.826115][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 471.879254][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 471.879328][ T30] audit: type=1326 audit(1755864732.517:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 471.990005][ T43] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 472.085479][ T30] audit: type=1326 audit(1755864732.517:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 472.135593][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 472.157864][ T43] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 472.167118][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.175184][ T43] usb 2-1: Product: syz [ 472.204110][ T43] usb 2-1: Manufacturer: syz [ 472.247530][ T30] audit: type=1326 audit(1755864732.547:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 472.272480][ T43] usb 2-1: SerialNumber: syz [ 472.285074][ T30] audit: type=1326 audit(1755864732.587:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 472.349003][ T43] usb 2-1: config 0 descriptor?? [ 472.494211][ T43] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 472.535474][ T43] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 472.745935][ T30] audit: type=1326 audit(1755864732.587:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 473.108515][ T30] audit: type=1326 audit(1755864732.637:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 473.198561][ T5848] bond0: (slave syz_tun): Releasing backup interface [ 473.205515][ T30] audit: type=1326 audit(1755864732.647:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 473.265637][ T30] audit: type=1326 audit(1755864732.647:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9981 comm="syz.2.1161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feafe38ebe9 code=0x7ffc0000 [ 473.367383][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 473.377057][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 473.384927][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 473.393192][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 473.401062][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 473.545493][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 473.972016][ T9997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.070587][ T43] em28xx 2-1:0.0: chip ID is em2870 [ 474.079832][ T9997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.103330][ T9994] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 474.275487][ T24] usb 4-1: device descriptor read/64, error -71 [ 474.398884][T10002] chnl_net:caif_netlink_parms(): no params data found [ 474.526969][ T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 474.665991][ T24] usb 4-1: device descriptor read/64, error -71 [ 474.813991][ T24] usb usb4-port1: attempt power cycle [ 475.185550][ T24] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 475.218930][ T24] usb 4-1: device descriptor read/8, error -71 [ 475.231305][ T3602] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.276461][ T6020] usb 2-1: USB disconnect, device number 18 [ 475.283901][ T6020] em28xx 2-1:0.0: Disconnecting em28xx [ 475.295191][ T6020] em28xx 2-1:0.0: Freeing device [ 475.496329][ T5845] Bluetooth: hci4: command tx timeout [ 475.604528][T10023] loop8: detected capacity change from 0 to 7 [ 476.056179][T10023] Dev loop8: unable to read RDB block 7 [ 476.061933][T10023] loop8: AHDI p1 p2 p3 [ 476.066493][T10023] loop8: partition table partially beyond EOD, truncated [ 476.073826][T10023] loop8: p1 start 1601398130 is beyond EOD, truncated [ 476.080836][T10023] loop8: p2 start 1702059890 is beyond EOD, truncated [ 476.111004][ T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 476.173254][ T3602] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.255955][ T24] usb 4-1: device descriptor read/8, error -71 [ 476.459341][ T24] usb usb4-port1: unable to enumerate USB device [ 477.576028][ T5845] Bluetooth: hci4: command tx timeout [ 478.307588][ T3602] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.345675][T10002] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.365891][T10002] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.374896][T10002] bridge_slave_0: entered allmulticast mode [ 478.384423][T10002] bridge_slave_0: entered promiscuous mode [ 478.401150][T10035] bond1: option mode: unable to set because the bond device has slaves [ 478.419220][T10035] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 478.467372][T10002] bridge0: port 2(bridge_slave_1) entered blocking state [ 478.474593][T10002] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.494525][T10002] bridge_slave_1: entered allmulticast mode [ 478.503114][T10002] bridge_slave_1: entered promiscuous mode [ 479.157087][ T3602] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.635688][T10038] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 479.663069][ T5845] Bluetooth: hci4: command tx timeout [ 479.792140][T10002] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.825101][T10043] team_slave_1: mtu greater than device maximum [ 479.831555][T10043] team0: Device team_slave_1 failed to change mtu [ 479.844747][T10002] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 480.115709][T10002] team0: Port device team_slave_0 added [ 480.694023][T10002] team0: Port device team_slave_1 added [ 481.027392][T10060] xt_policy: neither incoming nor outgoing policy selected [ 481.715886][T10002] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.731348][T10002] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.736133][ T5845] Bluetooth: hci4: command tx timeout [ 481.770961][T10002] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.535557][T10002] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.542827][T10002] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.568845][T10002] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.637558][T10074] Falling back ldisc for ptm0. [ 482.695915][T10071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1185'. [ 483.222404][T10002] hsr_slave_0: entered promiscuous mode [ 483.233748][T10002] hsr_slave_1: entered promiscuous mode [ 483.249753][T10002] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.259862][T10002] Cannot create hsr debugfs directory [ 483.281928][ T3602] bridge_slave_1: left allmulticast mode [ 483.288300][ T3602] bridge_slave_1: left promiscuous mode [ 483.511222][ T3602] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.524412][ T3602] bridge_slave_0: left allmulticast mode [ 483.530211][ T3602] bridge_slave_0: left promiscuous mode [ 483.537144][ T3602] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.277843][ T3602] bond_slave_0: left promiscuous mode [ 484.283672][ T3602] bond_slave_1: left promiscuous mode [ 485.185793][T10111] x_tables: ip6_tables: dccp match: only valid for protocol 33 [ 485.392368][ T3602] team0: Port device bridge2 removed [ 485.531041][ T3602] bond1 (unregistering): (slave macvlan2): Removing an active aggregator [ 485.543498][ T3602] bond1 (unregistering): (slave macvlan2): Releasing backup interface [ 485.561463][ T3602] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 485.573421][ T3602] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 485.584091][ T3602] bond0 (unregistering): Released all slaves [ 485.678261][ T3602] bond1 (unregistering): Released all slaves [ 485.703198][T10099] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1191'. [ 485.713708][T10113] bridge0: Device is already in use. [ 487.876122][ T3602] [ 487.878499][ T3602] ====================================================== [ 487.885528][ T3602] WARNING: possible circular locking dependency detected [ 487.892557][ T3602] 6.16.0-syzkaller #0 Not tainted [ 487.897598][ T3602] ------------------------------------------------------ [ 487.904627][ T3602] kworker/u8:11/3602 is trying to acquire lock: [ 487.910871][ T3602] ffff8880355b0e00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0 [ 487.920491][ T3602] [ 487.920491][ T3602] but task is already holding lock: [ 487.927851][ T3602] ffff88802a498768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 487.938220][ T3602] [ 487.938220][ T3602] which lock already depends on the new lock. [ 487.938220][ T3602] [ 487.948665][ T3602] [ 487.948665][ T3602] the existing dependency chain (in reverse order) is: [ 487.957677][ T3602] [ 487.957677][ T3602] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 487.965420][ T3602] lock_acquire+0x120/0x360 [ 487.970442][ T3602] __mutex_lock+0x182/0xe80 [ 487.975483][ T3602] ieee80211_open+0xed/0x1f0 [ 487.980600][ T3602] __dev_open+0x470/0x880 [ 487.985452][ T3602] netif_open+0xaa/0x170 [ 487.990221][ T3602] dev_open+0x125/0x260 [ 487.994905][ T3602] team_add_slave+0xb36/0x2840 [ 488.000203][ T3602] do_set_master+0x530/0x6d0 [ 488.005324][ T3602] do_setlink+0xcf0/0x41c0 [ 488.010267][ T3602] rtnl_newlink+0x160b/0x1c70 [ 488.015473][ T3602] rtnetlink_rcv_msg+0x7cc/0xb70 [ 488.020941][ T3602] netlink_rcv_skb+0x205/0x470 [ 488.026231][ T3602] netlink_unicast+0x75c/0x8e0 [ 488.031521][ T3602] netlink_sendmsg+0x805/0xb30 [ 488.036813][ T3602] __sock_sendmsg+0x21c/0x270 [ 488.042100][ T3602] ____sys_sendmsg+0x505/0x830 [ 488.047389][ T3602] ___sys_sendmsg+0x21f/0x2a0 [ 488.052598][ T3602] __x64_sys_sendmsg+0x19b/0x260 [ 488.058066][ T3602] do_syscall_64+0xfa/0x3b0 [ 488.063095][ T3602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.069509][ T3602] [ 488.069509][ T3602] -> #0 (team->team_lock_key#5){+.+.}-{4:4}: [ 488.077704][ T3602] validate_chain+0xb9b/0x2140 [ 488.082993][ T3602] __lock_acquire+0xab9/0xd20 [ 488.088190][ T3602] lock_acquire+0x120/0x360 [ 488.093213][ T3602] __mutex_lock+0x182/0xe80 [ 488.098239][ T3602] team_del_slave+0x32/0x1c0 [ 488.103358][ T3602] team_device_event+0x285/0xa20 [ 488.108812][ T3602] notifier_call_chain+0x1b3/0x3e0 [ 488.114443][ T3602] unregister_netdevice_many_notify+0x15d8/0x2320 [ 488.121387][ T3602] unregister_netdevice_queue+0x33c/0x380 [ 488.127657][ T3602] _cfg80211_unregister_wdev+0x165/0x590 [ 488.133903][ T3602] ieee80211_remove_interfaces+0x49a/0x6d0 [ 488.140238][ T3602] ieee80211_unregister_hw+0x5d/0x2c0 [ 488.146144][ T3602] mac80211_hwsim_del_radio+0x275/0x460 [ 488.152249][ T3602] hwsim_exit_net+0x584/0x640 [ 488.157453][ T3602] ops_undo_list+0x497/0x990 [ 488.162568][ T3602] cleanup_net+0x4c5/0x800 [ 488.167515][ T3602] process_scheduled_works+0xade/0x17b0 [ 488.173591][ T3602] worker_thread+0x8a0/0xda0 [ 488.178707][ T3602] kthread+0x70e/0x8a0 [ 488.183300][ T3602] ret_from_fork+0x3fc/0x770 [ 488.188410][ T3602] ret_from_fork_asm+0x1a/0x30 [ 488.193701][ T3602] [ 488.193701][ T3602] other info that might help us debug this: [ 488.193701][ T3602] [ 488.203923][ T3602] Possible unsafe locking scenario: [ 488.203923][ T3602] [ 488.211370][ T3602] CPU0 CPU1 [ 488.216731][ T3602] ---- ---- [ 488.222093][ T3602] lock(&rdev->wiphy.mtx); [ 488.226639][ T3602] lock(team->team_lock_key#5); [ 488.234110][ T3602] lock(&rdev->wiphy.mtx); [ 488.241146][ T3602] lock(team->team_lock_key#5); [ 488.246108][ T3602] [ 488.246108][ T3602] *** DEADLOCK *** [ 488.246108][ T3602] [ 488.254247][ T3602] 5 locks held by kworker/u8:11/3602: [ 488.259611][ T3602] #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 488.270633][ T3602] #1: ffffc9000ca47bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 488.281188][ T3602] #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 488.290533][ T3602] #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 [ 488.300401][ T3602] #4: ffff88802a498768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 488.311297][ T3602] [ 488.311297][ T3602] stack backtrace: [ 488.317354][ T3602] CPU: 0 UID: 0 PID: 3602 Comm: kworker/u8:11 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 488.317378][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 488.317392][ T3602] Workqueue: netns cleanup_net [ 488.317418][ T3602] Call Trace: [ 488.317428][ T3602] [ 488.317437][ T3602] dump_stack_lvl+0x189/0x250 [ 488.317461][ T3602] ? __pfx_dump_stack_lvl+0x10/0x10 [ 488.317481][ T3602] ? __pfx__printk+0x10/0x10 [ 488.317505][ T3602] ? print_lock_name+0xde/0x100 [ 488.317529][ T3602] print_circular_bug+0x2ee/0x310 [ 488.317553][ T3602] check_noncircular+0x134/0x160 [ 488.317584][ T3602] validate_chain+0xb9b/0x2140 [ 488.317607][ T3602] ? bpf_trace_run2+0x322/0x4b0 [ 488.317631][ T3602] ? lockdep_hardirqs_on+0x9c/0x150 [ 488.317649][ T3602] ? bpf_trace_run2+0x186/0x4b0 [ 488.317677][ T3602] __lock_acquire+0xab9/0xd20 [ 488.317697][ T3602] ? team_del_slave+0x32/0x1c0 [ 488.317721][ T3602] lock_acquire+0x120/0x360 [ 488.317737][ T3602] ? team_del_slave+0x32/0x1c0 [ 488.317763][ T3602] ? __mutex_trylock_common+0x153/0x260 [ 488.317788][ T3602] __mutex_lock+0x182/0xe80 [ 488.317808][ T3602] ? team_del_slave+0x32/0x1c0 [ 488.317831][ T3602] ? rcu_is_watching+0x15/0xb0 [ 488.317853][ T3602] ? team_del_slave+0x32/0x1c0 [ 488.317878][ T3602] ? __pfx___mutex_lock+0x10/0x10 [ 488.317898][ T3602] ? bond_netdev_event+0xd9/0xe80 [ 488.317925][ T3602] ? __pfx___mutex_lock+0x10/0x10 [ 488.317945][ T3602] ? __pfx_bond_netdev_event+0x10/0x10 [ 488.317974][ T3602] team_del_slave+0x32/0x1c0 [ 488.318000][ T3602] team_device_event+0x285/0xa20 [ 488.318020][ T3602] notifier_call_chain+0x1b3/0x3e0 [ 488.318044][ T3602] unregister_netdevice_many_notify+0x15d8/0x2320 [ 488.318072][ T3602] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 488.318095][ T3602] ? __lock_acquire+0xab9/0xd20 [ 488.318122][ T3602] unregister_netdevice_queue+0x33c/0x380 [ 488.318143][ T3602] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 488.318167][ T3602] _cfg80211_unregister_wdev+0x165/0x590 [ 488.318195][ T3602] ieee80211_remove_interfaces+0x49a/0x6d0 [ 488.318217][ T3602] ? __pfx_synchronize_rcu+0x10/0x10 [ 488.318239][ T3602] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 488.318261][ T3602] ? rcu_is_watching+0x15/0xb0 [ 488.318283][ T3602] ieee80211_unregister_hw+0x5d/0x2c0 [ 488.318313][ T3602] mac80211_hwsim_del_radio+0x275/0x460 [ 488.318342][ T3602] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 488.318373][ T3602] hwsim_exit_net+0x584/0x640 [ 488.318398][ T3602] ? __pfx_hwsim_exit_net+0x10/0x10 [ 488.318423][ T3602] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 488.318451][ T3602] ops_undo_list+0x497/0x990 [ 488.318478][ T3602] ? __pfx_ops_undo_list+0x10/0x10 [ 488.318507][ T3602] cleanup_net+0x4c5/0x800 [ 488.318532][ T3602] ? __pfx_cleanup_net+0x10/0x10 [ 488.318558][ T3602] ? _raw_spin_unlock_irq+0x23/0x50 [ 488.318579][ T3602] ? process_scheduled_works+0x9ef/0x17b0 [ 488.318598][ T3602] ? process_scheduled_works+0x9ef/0x17b0 [ 488.318619][ T3602] process_scheduled_works+0xade/0x17b0 [ 488.318650][ T3602] ? __pfx_process_scheduled_works+0x10/0x10 [ 488.318677][ T3602] worker_thread+0x8a0/0xda0 [ 488.318698][ T3602] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 488.318730][ T3602] ? __kthread_parkme+0x7b/0x200 [ 488.318755][ T3602] kthread+0x70e/0x8a0 [ 488.318779][ T3602] ? __pfx_worker_thread+0x10/0x10 [ 488.318799][ T3602] ? __pfx_kthread+0x10/0x10 [ 488.318821][ T3602] ? _raw_spin_unlock_irq+0x23/0x50 [ 488.318838][ T3602] ? lockdep_hardirqs_on+0x9c/0x150 [ 488.318855][ T3602] ? __pfx_kthread+0x10/0x10 [ 488.318878][ T3602] ret_from_fork+0x3fc/0x770 [ 488.318897][ T3602] ? __pfx_ret_from_fork+0x10/0x10 [ 488.318917][ T3602] ? __switch_to_asm+0x39/0x70 [ 488.318938][ T3602] ? __switch_to_asm+0x33/0x70 [ 488.318959][ T3602] ? __pfx_kthread+0x10/0x10 [ 488.318982][ T3602] ret_from_fork_asm+0x1a/0x30 [ 488.319012][ T3602] [ 488.821518][ T3602] mac80211_hwsim hwsim11 wlan1 (unregistering): left promiscuous mode [ 488.836182][ T3602] team0: Port device wlan1 removed [ 489.312974][T10002] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 489.322721][T10002] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 489.334048][T10002] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 489.343791][ T3602] dummy0: left promiscuous mode [ 489.349504][ T3602] team0: left promiscuous mode [ 489.354347][ T3602] team_slave_0: left promiscuous mode [ 489.359904][ T3602] team_slave_1: left promiscuous mode [ 489.368721][ T3602] hsr_slave_0: left promiscuous mode [ 489.374421][ T3602] hsr_slave_1: left promiscuous mode [ 489.380613][ T3602] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 489.388202][ T3602] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 489.396863][ T3602] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 489.404292][ T3602] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 489.412024][ T3602] batman_adv: batadv0: Removing interface: virt_wifi0 [ 489.422587][ T3602] veth1_macvtap: left promiscuous mode [ 489.428147][ T3602] veth0_macvtap: left promiscuous mode [ 489.433734][ T3602] veth1_vlan: left promiscuous mode [ 489.439100][ T3602] veth0_vlan: left promiscuous mode [ 489.573417][ T3602] team0 (unregistering): Port device team_slave_1 removed [ 489.643215][ T3602] team0 (unregistering): Port device team_slave_0 removed [ 489.762277][T10002] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 489.813022][T10002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 489.835981][T10002] 8021q: adding VLAN 0 to HW filter on device team0 [ 489.853974][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 489.861139][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 489.874230][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.881355][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 490.015190][T10002] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 490.150862][T10002] veth0_vlan: entered promiscuous mode [ 490.163242][T10002] veth1_vlan: entered promiscuous mode [ 490.181691][T10002] veth0_macvtap: entered promiscuous mode [ 490.190184][T10002] veth1_macvtap: entered promiscuous mode [ 490.202230][T10002] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 490.215100][T10002] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 490.226102][T10002] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.234969][T10002] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.244472][T10002] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.253406][T10002] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.276913][T10002] ieee80211 phy22: Selected rate control algorithm 'minstrel_ht' [ 490.295253][ T3602] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 490.296919][T10002] ieee80211 phy23: Selected rate control algorithm 'minstrel_ht' [ 490.305696][ T3602] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 490.327012][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 490.334895][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50