last executing test programs: 18m18.672638399s ago: executing program 4 (id=5): openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x2c4000, 0x0) syz_open_dev$dri(0x0, 0xd21, 0x4000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) readv(r2, &(0x7f00000001c0)=[{&(0x7f0000002cc0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/212, 0xd4}, {&(0x7f0000003cc0)=""/4096, 0x1000}, {&(0x7f0000000300)=""/236, 0xec}, {&(0x7f0000000640)=""/246, 0xf6}, {0x0}, {0x0}], 0x7) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) creat(0x0, 0x122) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580), 0x0, 0x0, 0x0}) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f00000009c0)={0x2020}, 0x2020) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)={0x2c, r8, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x2c}}, 0x18) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) 18m5.772584207s ago: executing program 4 (id=23): ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000100)=[0x0], 0x1, 0x80000}) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_usb_connect(0x0, 0x36, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x560e, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x85}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 17m50.70756295s ago: executing program 32 (id=23): ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000100)=[0x0], 0x1, 0x80000}) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_usb_connect(0x0, 0x36, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x560e, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x85}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 17m12.340661079s ago: executing program 0 (id=103): socket$unix(0x1, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0x2, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r0 = syz_io_uring_setup(0x4190, &(0x7f00000000c0)={0x0, 0xfee1, 0x30001, 0x0, 0x1e}, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x25b9, 0x100, 0x0, 0x215, 0x0, r0}, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a80)) socket$kcm(0x21, 0x2, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r2 = socket(0x400000000010, 0x3, 0x0) write(r2, 0x0, 0x0) 17m10.83658872s ago: executing program 0 (id=106): write$binfmt_script(0xffffffffffffffff, &(0x7f00000004c0), 0x208e24b) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x4000000002a82, 0x0) r1 = dup(r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r2, &(0x7f0000000000)=ANY=[], 0xff2e) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f000041a000/0x4000)=nil, 0x4000, 0x3000008, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) listen(0xffffffffffffffff, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) r4 = openat$nullb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0) 17m5.045540406s ago: executing program 0 (id=110): ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, 0x0) r0 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0) add_key$user(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, r0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) syz_usb_connect(0x6, 0x1fc, &(0x7f0000000780)=ANY=[@ANYBLOB="12015002b8005108101407a0683e010203010902ea01030e00300309040309027f54cc00090502040004040403800109661bede31b6d40ffd5a6457d3483a7c64a2cf09c6b30e3afe9caf13ed9a2924ed053d2b4b24aedb4035d4212c8a5f7df3b67916187c245f81035efe9b53a8d79988d4b00a8aa5926f8b9103fd0e543"], 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x7}}, 0x14}}, 0x0) 17m3.595676278s ago: executing program 0 (id=113): getpid() connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a0104000000000000000007"], 0xb0}}, 0x80c4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x27, &(0x7f0000000340)=0x9, 0x4) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) fsmount(0xffffffffffffffff, 0x0, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x8000000000000}, 0x18) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) 16m55.483881405s ago: executing program 0 (id=119): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ptrace$peek(0x2, r0, &(0x7f00000001c0)) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000080)={0x2, 0x10002000, 0x9, 0x84880}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r3}, 0x18) r4 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 16m54.423835362s ago: executing program 0 (id=120): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getrusage(0x0, &(0x7f0000000340)) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x60}, {}, {0x3}, {}, {}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) 16m37.864486811s ago: executing program 33 (id=120): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getrusage(0x0, &(0x7f0000000340)) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x60}, {}, {0x3}, {}, {}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) 13m52.652347714s ago: executing program 2 (id=381): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x301, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x810}, 0x20004000) 13m52.627373116s ago: executing program 2 (id=382): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be5216344841", 0xe}, {&(0x7f00000024c0)="e86127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1099005eabe97b4dc33a47d3a160da988456d30026b433186f53cdcdb93a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f1820d43e9c6ad7d2a8103ef2f4b93766b9a2150f355511ede83955866f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af03dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060fcc0a12bea48cb90a08b0563da32416bf1a4b3cc722184e445484658952ca1b7cc5022f21f9f2b690435bae2d73e80e2b449902b51842e18680f50de5c721c44fec3ee4748c5a3c272efc33428319b98c66f8ffccefa05092d46bc0123c78efe6759969dfceeaca7e95cda6cc2a93ab1775593ea89a7725de924006df2da2365831b6a3ab020dc77a1795a8d9be4e3bf7c5fdcfdb0cfaa346f4ba358a54757610f70e9c959c0110214498f9c4d6e3a047bab342419b7b57b88d8c3b2b8cf09df1954b8f005f56fd4cb964e9454931c31c2ad1fd506572a67ce19c40ad00"/411, 0x19b}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {0x0}], 0x4, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x15328f68b332e188}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 13m52.540879079s ago: executing program 2 (id=383): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYRES16=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3af7}, 0xfffffffffffffe42) syz_init_net_socket$rose(0xb, 0x5, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) socket$netlink(0x10, 0x3, 0xe) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00'}) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000d80)={0x1c, &(0x7f00000000c0)=ANY=[@ANYBLOB="203106000000c93e33dd"], 0x0, 0x0}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c", 0x2c}], 0x1}, 0x0) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x801, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @default, @default]}) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r5, 0x26, &(0x7f0000000280)={0x1, 0x1, 0xb8, 0x403}) syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) read$char_usb(0xffffffffffffffff, &(0x7f00000000c0)=""/192, 0xc0) syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[], 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b7182500fd000000060000000000000005f77666375a9930060000000000000058c71bc44491399d249dc804a9c94f8fa1ca48407de6e488fb5848975fb0f9ae821107bdafd1317b16370b9548c18abc79a2f26ef1f96bacb58ecd9e8f4fec3175f680392840a0da0894d08bdfe94d2b59ff4c99120c3749bd483fc54050964c5f6dc6dbdbb35b752c762571807ec2e62e9bb6e005f36f334ef114b82c1de6bd3c9871e66e0a656b45acc521a9f7a7ee2a120cf6fea9fa55bbaed43167b7855740927a381ec0df6522ef5dbec5"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23) 13m48.987890363s ago: executing program 2 (id=390): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') symlinkat(0x0, r1, &(0x7f0000000100)='./control\x00') syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="1a0000000212a277", 0x8) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r2, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) 13m47.190147683s ago: executing program 2 (id=397): mkdir(&(0x7f0000000040)='./file0\x00', 0x3) socket$phonet(0x23, 0x2, 0x1) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) socket(0x10, 0x80002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000001640)=0x8, 0x4) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 13m46.021624552s ago: executing program 2 (id=399): getpid() connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x80c4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x27, &(0x7f0000000340)=0x9, 0x4) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x8000000000000}, 0x18) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) 13m30.130349436s ago: executing program 34 (id=399): getpid() connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x80c4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x27, &(0x7f0000000340)=0x9, 0x4) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x8000000000000}, 0x18) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) 11m27.431100539s ago: executing program 3 (id=602): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fd"], 0xfc}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000100000000200000000000018000000040000000000000db43721000700000085100000e14655ffc5269e80bf900000000000000200000095000000"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x27, &(0x7f0000000000)=""/114}, 0xa8) 11m27.098756329s ago: executing program 3 (id=604): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) socket(0x10, 0x80002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0x8, 0x4) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 11m25.810668437s ago: executing program 3 (id=605): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000002400)=[{&(0x7f0000000140)='i', 0x1}], 0x1}}], 0x2, 0x8010) shutdown(r0, 0x1) r1 = io_uring_setup(0x664b, &(0x7f0000000500)) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001d906e20501dc6609b620103000109021b0001000010000904f7000176246700090582020002"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, 0x1a, 0x7) close_range(r1, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x2, 0xa}, 0x8) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000b80), 0x2, 0x0) write$FUSE_LSEEK(r4, &(0x7f0000000040)={0x18, 0x9, 0x0, {0x8000}}, 0x18) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf251900000008000300", @ANYRES32=0x0, @ANYBLOB="0100600001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004840) 11m23.99365638s ago: executing program 3 (id=608): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) writev(r3, &(0x7f0000000880)=[{&(0x7f0000000340)="ec", 0x1}], 0x1) close(0x3) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) socket(0x1e, 0x1, 0x0) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x80001) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x20c01, 0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 11m22.36142468s ago: executing program 3 (id=612): mount$9p_fd(0x0, &(0x7f0000000200)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000240), 0xa00000, &(0x7f0000000180)=ANY=[@ANYRES64]) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x2}, {{}, {0x7, 0x0, 0x2}, {}, {0x85, 0x0, 0x0, 0x9c}}}, &(0x7f0000000c80)='syzkaller\x00'}, 0x94) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}]}, 0x1c}}, 0x0) 11m20.150844511s ago: executing program 3 (id=614): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 11m4.324957517s ago: executing program 35 (id=614): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1m0.244585404s ago: executing program 1 (id=1233): r0 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sendmsg$key(r0, 0x0, 0x0) 1m0.154448056s ago: executing program 1 (id=1235): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be5216344841", 0xe}, {&(0x7f00000024c0)="e86127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1099005eabe97b4dc33a47d3a160da988456d30026b433186f53cdcdb93a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f1820d43e9c6ad7d2a8103ef2f4b93766b9a2150f355511ede83955866f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af03dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060fcc0a12bea48cb90a08b0563da32416bf1a4b3cc722184e445484658952ca1b7cc5022f21f9f2b690435bae2d73e80e2b449902b51842e18680f50de5c721c44fec3ee4748c5a3c272efc33428319b98c66f8ffccefa05092d46bc0123c78efe6759969dfceeaca7e95cda6cc2a93ab1775593ea89a7725de924006df2da2365831b6a3ab020dc77a1795a8d9be4e3bf7c5fdcfdb0cfaa346f4ba358a54757610f70e9c959c0110214498f9c4d6e3a047bab342419b7b57b88d8c3b2b8cf09df1954b8f005f56fd4cb964e9454931c31c2ad1fd506572a67ce19c40", 0x18e}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095", 0x4a}, {&(0x7f0000000540)="1e5b835bbf38ef510097d9cfddc0d8ebbb79e5000138bd484797", 0x1a}], 0x4, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x15328f68b332e188}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1m0.059624493s ago: executing program 1 (id=1236): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) r3 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) bind$inet(r3, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendmmsg$inet(r3, &(0x7f0000002700)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2000c044) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x1, 0x0, 0x0, 0xd}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r6, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xb}) close_range(r4, 0xffffffffffffffff, 0x0) 57.620133572s ago: executing program 1 (id=1239): connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e1f, @remote}, 0x10) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3d, &(0x7f0000000080), 0x8) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@txtime={{0x18, 0x1, 0x3d, 0x800000000}}], 0x18}}], 0x1, 0x0) 57.532172179s ago: executing program 1 (id=1240): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x1a, &(0x7f0000000240)={0x0, 'vlan0\x00'}, 0x18) syz_emit_ethernet(0xbe, &(0x7f0000000700)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa0800450000b00000000000019078ac1e0001ac1414aa0300907803240000450000040000000000010000ac1e0001ac141437867200000000050ce256b28c04000000fb520509789607671442eb00127434914373561de584b703c8c02c31170009e706d30bd224f80607cfa11cab1a0010c600000000000000000000000000050a6580a5e97612fe86001273bc2300ad9d19a300000000000000000009c8f46976e79e56830b0ae0000001ffffffff0000005f771b01c960bdb47e2c378cdd5f90f7ad1e5b67925aac969cbdd3bdc7727cb1daf788df5cd0"], 0x0) epoll_create1(0x0) epoll_create1(0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000240), 0x13000, &(0x7f0000000280)=ANY=[@ANYBLOB='uid=', @ANYRESHEX, @ANYBLOB=',mAsk=MAY_EXEC,dont_measure,\x00']) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYRES16=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r3, &(0x7f0000000040), 0x10) listen(r3, 0x5) socket(0x28, 0x5, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f00000002c0)=[0x0, 0x0], 0x0, 0x0, 0x0, 0x2}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x9, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000680)={r7, 0x1ff, 0x0, 0x1, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800020], [0x0, 0x1001000, 0x1], [0x0, 0x0, 0xfffffffffefffffc, 0x9]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r8, 0x0, 0x0, r9], [0x2b8], [0x0, 0x0, 0x0, 0x7ff]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) 57.479813163s ago: executing program 1 (id=1241): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, 0x0, 0x0, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 41.516290822s ago: executing program 36 (id=1241): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, 0x0, 0x0, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1.863763716s ago: executing program 5 (id=1316): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='mm_vmscan_lru_shrink_active\x00', r3}, 0x18) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000780)=ANY=[@ANYBLOB="1d000000040000000200000000000045d6f9bdc0563be05e539cfcdd75f7aa3b03e64700dcaa67fcb9fed25cde0249af95f8384a0708337f070060d85c89ff25a9e66a3fd1a2731dc412c811d84df376d15a54c8bd2c55dcddd7cce760001fe58d3af198fa3cddd95944ae3e269aefbfee8c6429050b7675fc41756cbb6ad1b2d8c46503006cbea460e2741c8b7744c32fc6aa6dd9cb2265e4", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000500"/28], 0x50) r5 = socket$unix(0x1, 0x5, 0x0) mkdir(0x0, 0x151) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETA(r0, 0x5405, 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x25, 0x29, @val=@perf_event={0x7}}, 0x18) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0) readv(r5, &(0x7f0000000280)=[{&(0x7f0000000580)=""/255, 0xff}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f00000001c0)=""/58, 0x3a}], 0x3) eventfd(0xffffffff) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0xc0702, 0x0) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000240)=""/3, 0x3}], 0x1) socket$nl_generic(0x10, 0x3, 0x10) 428.130611ms ago: executing program 5 (id=1317): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60c5895) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000380)={0x21, 0x0, [{0x298, 0x0, 0x100}]}) 298.03406ms ago: executing program 5 (id=1318): sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) sched_setscheduler(0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x1040, 0x1) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r1, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c7a", 0xfe60}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000), 0x1}}], 0x3, 0x1c000) mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) write$uinput_user_dev(r0, &(0x7f0000000ac0)={'syz0\x00', {0x7, 0xfff7, 0x100, 0x4}, 0x19, [0xd7b3, 0x2, 0x7, 0x3, 0x80, 0x1, 0x3, 0xfffffff8, 0x4a, 0x40, 0x60d, 0x7, 0x3, 0x98, 0x8, 0x8, 0x8, 0x8, 0x10, 0x8, 0xfffff801, 0x9, 0xe9, 0x5, 0x101, 0x8, 0x3, 0x6aa1, 0x95, 0x2, 0x100, 0x2, 0x983, 0xf4, 0x24, 0x7f, 0x4, 0x8b60, 0x7, 0x1, 0x9, 0x7, 0x1, 0x7, 0x51, 0x10001, 0x6, 0x8, 0x9c, 0x9, 0x9, 0x3, 0x1, 0xf2, 0x9658, 0x7fff, 0x9, 0x1, 0x9, 0x9, 0x8, 0x7, 0x6, 0x1], [0x1, 0x3, 0x5, 0xff, 0x10001, 0x496e, 0x6, 0x2, 0x10, 0x400, 0x1, 0x7fffffff, 0x1, 0x6, 0x8000, 0xfffffff7, 0x80000001, 0xe44, 0x5, 0x8, 0xe, 0x4, 0x10000, 0x3, 0x7fff, 0x2, 0x3, 0x100, 0x0, 0x6, 0xe, 0x6, 0xb, 0x3, 0x3, 0x9, 0x0, 0x7, 0x40, 0x5, 0x1000, 0x5, 0x9, 0x6, 0x1, 0x7, 0x7, 0x100, 0xdc, 0x2, 0x2, 0x0, 0x6, 0x1, 0x4369, 0x3, 0x2c8, 0x0, 0x6, 0x4, 0x5, 0x10, 0x6, 0xed600], [0x0, 0x9, 0x2, 0x70, 0xfffffffc, 0x40, 0x800, 0x7ff, 0xb, 0x5, 0x80000001, 0x8, 0x3, 0x5, 0x0, 0x6, 0x9, 0x4, 0x8, 0xfffffff8, 0x8, 0x9c5b, 0x6, 0x2, 0x5, 0x8, 0x3ff, 0x29b7367c, 0x3, 0x3, 0xd, 0x3, 0x0, 0x6, 0xfffffffa, 0x7, 0x7, 0x1000, 0x6, 0xfffffffc, 0x9, 0x400, 0xfffffffc, 0x8, 0x3, 0x3, 0x6f20, 0x7, 0x5, 0x10, 0x1, 0xfff, 0x8, 0x94, 0x80000000, 0x8, 0x80000001, 0xff, 0xa, 0x9, 0x2, 0x7f, 0x3, 0xb], [0x0, 0xc7, 0xffff, 0x80b9, 0x100, 0x0, 0x9, 0x6, 0x8214, 0x3, 0x45cc8c1f, 0xbe, 0x8, 0x2, 0x81, 0xfffffffd, 0xfffffffc, 0x3, 0x7, 0x5, 0x9, 0x4, 0xfffffff9, 0x4, 0x101, 0x8, 0x2daf, 0x3, 0x4, 0x1, 0x6, 0x3, 0x3, 0x0, 0x10001, 0x2b, 0xff, 0x5, 0x4, 0x270e, 0x4, 0xf, 0x0, 0x3, 0x8000, 0xc9, 0xb0, 0x6, 0x7, 0x0, 0x2, 0xe649, 0x1dff, 0x8, 0x5, 0xb, 0x5, 0x2, 0x1, 0x846f, 0x5a000000, 0x2574, 0x458f, 0x1]}, 0x45c) 213.32038ms ago: executing program 5 (id=1319): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0x1000}, 0x2d, 0xfffffffffffffff9) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$revoke(0x3, r0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r1, @ANYRESOCT=r1, @ANYRES64=r1, @ANYRES32, @ANYBLOB="010000000100"/28], 0x50) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000040)={0x6a, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000080)={0xa0002000}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b40)={r1, &(0x7f0000000a80), &(0x7f0000000ac0)=""/68}, 0x20) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000680)={0x15, 0x110, 0xfa08, {r5, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x0, @remote}}}, 0x118) 127.691735ms ago: executing program 5 (id=1320): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x28, 0x0, &(0x7f0000000440)="b90103606943058c3c270040e700009e0ff008001ffff2e1ffff8100632f0806a5b9f9304a96dc6b", 0x0, 0x8104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 5 (id=1321): clock_gettime(0x9b66eb86abcbcaed, 0x0) r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000080), 0x4, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='rpcgss_oid_to_mech\x00', r0, 0x0, 0xa9a}, 0x18) sendmsg$IPSET_CMD_TEST(r0, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)={0x120, 0xb, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xffffffff}, @IPSET_ATTR_ADT={0x1c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x41}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x73}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x619}, @IPSET_ATTR_COMMENT={0xd, 0x1a, 'FREEZING\x00'}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}, @IPSET_ATTR_ADT={0xa4, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x9, 0x1a, 'rfdno'}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth1_to_batadv\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xa}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x9}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xab}}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x4000001}, 0x80) write$binfmt_elf64(r0, &(0x7f00000005c0)={{0x7f, 0x45, 0x4c, 0x46, 0xc9, 0xe2, 0x4, 0x9, 0x5, 0x3, 0x0, 0x1, 0x3e4, 0x40, 0x2a5, 0xe3e, 0x3ff, 0x38, 0x4, 0xb, 0xf091, 0xff81}, [{0x2, 0x6, 0x0, 0x0, 0x6, 0x5, 0x38, 0x100000001}, {0x0, 0x1, 0xfff, 0xffffffffffffffff, 0x1, 0x80000001, 0x7fff, 0x2}, {0x60000000, 0x7fffffff, 0xa75d, 0x2, 0xc0000000, 0x40, 0x401, 0x3}, {0x3, 0x10000, 0x8, 0xc0a, 0x25de, 0x0, 0x1, 0xbcf}], "dd50432d41eb75fc59d8381b3491332765520cdb2f3ede6c3acd44e1349449783f4fcd050088be0dd51d2a21d4794929174687a3367564acf058ec399fac9d709d631b702a60b2b5c21dc40bdad3ba1f37351f5ff2a9b7bf483225bf445f79de399da7a334e7168c0e3a3230ab2dde157ae7efefd012c599b9587064416a0397aaba270ec55aded10f8dd160cbb80429681ab5accb25c2cc714d0ca625dcd3e9e4dd708e39c67e8a91dced3128fa3e1dbcfb1874773fd56370ebd40ccf26af91688603a50f8ba6e8c304050000000000000034702ecea531d4a422c5297a0c14943e614132486e735db0685e0f", ['\x00', '\x00']}, 0x40d) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="34000000190001002dbd7000fcdbdf050a001400000401040011000008001e0006000000100016"], 0x34}, 0x1, 0x0, 0x0, 0x4008851}, 0x44000) ioctl$int_in(r1, 0x5421, &(0x7f0000000040)=0x3) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @any, 0xb}, 0xa) close(r1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x2e, 0x2, 0x70bd27, 0x0, {0x4}, [@typed={0xc, 0x18, 0x0, 0x0, @binary="05ac0f0002ac0f00"}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r4, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000304ffffffff0000000000000400", @ANYRES32=0x0, @ANYBLOB="0003000002800000140012800a00010069706f69620000000400028008000500", @ANYRES8=r5, @ANYBLOB='t'], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8042, 0x0) write$cgroup_freezer_state(r6, &(0x7f00000001c0)='FREEZING\x00', 0x9) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$SEG6(&(0x7f0000002040), r7) sendmsg$SEG6_CMD_SETHMAC(r7, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000002080)={0x34, r8, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x4]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x882}, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000008c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd67450000000000000080df8aa0a992f0e79882000000ffffac1414aaff0200000000000000000000000000010301"], 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r6, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r8, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0x4]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0x4008000) kernel console output (not intermixed with test programs): 6][T11526] bridge0: port 2(bridge_slave_1) entered disabled state [ 937.783921][T11526] bridge_slave_1: entered allmulticast mode [ 937.785579][T11526] bridge_slave_1: entered promiscuous mode [ 938.110093][T11526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 938.166153][T11526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 940.425017][T11526] team0: Port device team_slave_0 added [ 940.544658][T11526] team0: Port device team_slave_1 added [ 940.561746][T11536] bridge0: port 1(bridge_slave_0) entered blocking state [ 940.561869][T11536] bridge0: port 1(bridge_slave_0) entered disabled state [ 940.562050][T11536] bridge_slave_0: entered allmulticast mode [ 940.587078][T11536] bridge_slave_0: entered promiscuous mode [ 940.718655][T11536] bridge0: port 2(bridge_slave_1) entered blocking state [ 940.718773][T11536] bridge0: port 2(bridge_slave_1) entered disabled state [ 940.718996][T11536] bridge_slave_1: entered allmulticast mode [ 940.720672][T11536] bridge_slave_1: entered promiscuous mode [ 940.961522][T11526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 940.961544][T11526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 940.961558][T11526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 941.134122][T11526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 941.134133][T11526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 941.134148][T11526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 941.145599][T11536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 941.548553][T11536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 942.554755][T11536] team0: Port device team_slave_0 added [ 942.655988][T11536] team0: Port device team_slave_1 added [ 942.844702][T11526] hsr_slave_0: entered promiscuous mode [ 942.846106][T11526] hsr_slave_1: entered promiscuous mode [ 942.847096][T11526] debugfs: 'hsr0' already exists in 'hsr' [ 942.847119][T11526] Cannot create hsr debugfs directory [ 943.703455][T11621] input: syz1 as /devices/virtual/input/input16 [ 946.453996][T11536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 946.454014][T11536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 946.454041][T11536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 946.794732][T11631] netlink: 40 bytes leftover after parsing attributes in process `syz.1.984'. [ 946.814240][T11536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 946.814253][T11536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 946.814267][T11536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 948.148286][T11386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 948.316063][T11536] hsr_slave_0: entered promiscuous mode [ 948.318839][T11536] hsr_slave_1: entered promiscuous mode [ 948.319847][T11536] debugfs: 'hsr0' already exists in 'hsr' [ 948.319869][T11536] Cannot create hsr debugfs directory [ 950.344661][T11386] 8021q: adding VLAN 0 to HW filter on device team0 [ 950.448517][ T69] bridge_slave_1: left allmulticast mode [ 950.448542][ T69] bridge_slave_1: left promiscuous mode [ 950.448782][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.534748][ T69] bridge_slave_0: left allmulticast mode [ 950.534769][ T69] bridge_slave_0: left promiscuous mode [ 950.534940][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.605810][ T69] bridge_slave_1: left allmulticast mode [ 950.605831][ T69] bridge_slave_1: left promiscuous mode [ 950.605981][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.673637][ T69] bridge_slave_0: left allmulticast mode [ 950.673658][ T69] bridge_slave_0: left promiscuous mode [ 950.673835][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.765001][ T69] bridge_slave_1: left allmulticast mode [ 950.765022][ T69] bridge_slave_1: left promiscuous mode [ 950.765177][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.844019][ T69] bridge_slave_0: left allmulticast mode [ 950.844048][ T69] bridge_slave_0: left promiscuous mode [ 950.844315][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.556991][ T9195] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 951.561508][ T9195] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 951.589537][ T9195] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 951.591375][ T9195] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 951.592193][ T9195] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 951.810843][T11652] syz2: rxe_newlink: already configured on ipvlan0 [ 953.685844][T11089] Bluetooth: hci3: command tx timeout [ 953.735133][T11654] netlink: 52 bytes leftover after parsing attributes in process `syz.1.989'. [ 953.873325][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 953.953152][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 954.021513][ T69] bond0 (unregistering): Released all slaves [ 954.403121][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 954.483137][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 954.544347][ T69] bond0 (unregistering): Released all slaves [ 955.763012][T11089] Bluetooth: hci3: command tx timeout [ 956.317619][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 956.373092][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 956.435096][ T69] bond0 (unregistering): Released all slaves [ 956.481596][ T1382] bridge0: port 1(bridge_slave_0) entered blocking state [ 956.481845][ T1382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 956.501125][T11482] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 956.649218][T11482] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 957.714160][T11482] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 957.842540][T11089] Bluetooth: hci3: command tx timeout [ 958.151590][T11482] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 959.024647][T11482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 959.073299][T11667] syz.1.992 (11667) used greatest stack depth: 17624 bytes left [ 959.518324][T11482] 8021q: adding VLAN 0 to HW filter on device team0 [ 959.805881][ T6032] bridge0: port 1(bridge_slave_0) entered blocking state [ 959.809683][ T6032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 959.838079][ T4283] bridge0: port 2(bridge_slave_1) entered blocking state [ 959.838278][ T4283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 959.922620][T11089] Bluetooth: hci3: command tx timeout [ 960.292479][ T69] hsr_slave_0: left promiscuous mode [ 960.334232][ T69] hsr_slave_1: left promiscuous mode [ 960.335745][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 960.363960][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 960.512538][ T69] hsr_slave_0: left promiscuous mode [ 960.555169][ T69] hsr_slave_1: left promiscuous mode [ 960.555805][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 960.593083][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 960.762589][ T69] hsr_slave_0: left promiscuous mode [ 960.782566][ T69] hsr_slave_1: left promiscuous mode [ 960.784639][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 960.823078][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 961.613090][ T69] team0 (unregistering): Port device team_slave_1 removed [ 963.240273][ T69] team0 (unregistering): Port device team_slave_0 removed [ 967.366840][ T69] team0 (unregistering): Port device team_slave_1 removed [ 967.563870][ T69] team0 (unregistering): Port device team_slave_0 removed [ 969.117215][ T69] team0 (unregistering): Port device team_slave_1 removed [ 969.284442][ T69] team0 (unregistering): Port device team_slave_0 removed [ 972.958590][T11649] chnl_net:caif_netlink_parms(): no params data found [ 973.054969][T11715] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1001'. [ 975.075359][T11649] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.075577][T11649] bridge0: port 1(bridge_slave_0) entered disabled state [ 975.075828][T11649] bridge_slave_0: entered allmulticast mode [ 975.078723][T11649] bridge_slave_0: entered promiscuous mode [ 975.118417][T11649] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.119154][T11649] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.119393][T11649] bridge_slave_1: entered allmulticast mode [ 975.121983][T11649] bridge_slave_1: entered promiscuous mode [ 975.482449][T11526] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 975.773738][ T9195] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 975.778575][ T9195] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 975.780545][ T9195] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 975.782047][ T9195] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 975.837771][ T9195] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 975.929005][T11649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 975.929533][T11526] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 976.196597][T11732] ntfs3(nullb0): Primary boot signature is not NTFS. [ 976.198151][T11732] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 976.547074][T11649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 976.667725][T11526] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 977.834204][T11526] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 978.634435][T11089] Bluetooth: hci4: command tx timeout [ 978.798612][T11649] team0: Port device team_slave_0 added [ 978.859114][T11649] team0: Port device team_slave_1 added [ 979.432992][T11649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 979.433010][T11649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 979.433031][T11649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 979.464234][T11649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 979.464254][T11649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 979.464281][T11649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 979.599711][T11536] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 979.910638][T11536] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 980.013645][T11536] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 980.194039][T11649] hsr_slave_0: entered promiscuous mode [ 980.195219][T11649] hsr_slave_1: entered promiscuous mode [ 980.244596][T11536] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 980.389847][T11757] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1008'. [ 980.656946][T11089] Bluetooth: hci4: command tx timeout [ 982.722955][T11089] Bluetooth: hci4: command tx timeout [ 983.210493][T11790] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1011'. [ 984.303447][T11794] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1012'. [ 984.814661][T11089] Bluetooth: hci4: command tx timeout [ 985.423096][T11728] chnl_net:caif_netlink_parms(): no params data found [ 986.913846][T11728] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.916033][T11728] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.916211][T11728] bridge_slave_0: entered allmulticast mode [ 986.917627][T11728] bridge_slave_0: entered promiscuous mode [ 986.962166][T11526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 986.962926][T11728] bridge0: port 2(bridge_slave_1) entered blocking state [ 986.963052][T11728] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.963275][T11728] bridge_slave_1: entered allmulticast mode [ 986.965702][T11728] bridge_slave_1: entered promiscuous mode [ 987.207765][T11728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 987.275315][T11728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 987.410661][T11813] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1015'. [ 988.517561][T11728] team0: Port device team_slave_0 added [ 988.536454][T11536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 988.661390][T11728] team0: Port device team_slave_1 added [ 988.950698][T11728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 988.950716][T11728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 988.950742][T11728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 989.010710][T11728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 989.010727][T11728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 989.010754][T11728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 989.224046][ T69] bridge_slave_1: left allmulticast mode [ 989.224075][ T69] bridge_slave_1: left promiscuous mode [ 989.224301][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 989.323749][ T9195] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 989.329161][ T9195] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 989.330444][ T9195] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 989.331935][ T9195] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 989.334891][ T69] bridge_slave_0: left allmulticast mode [ 989.334917][ T69] bridge_slave_0: left promiscuous mode [ 989.335158][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 989.347721][ T9195] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 989.400497][ T69] bridge_slave_1: left allmulticast mode [ 989.400525][ T69] bridge_slave_1: left promiscuous mode [ 989.400770][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 989.474169][ T69] bridge_slave_0: left allmulticast mode [ 989.474199][ T69] bridge_slave_0: left promiscuous mode [ 989.474466][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 990.693304][ T9195] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 990.727504][ T9195] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 990.729354][ T9195] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 990.730827][ T9195] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 990.731515][ T9195] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 991.522453][T11089] Bluetooth: hci1: command tx timeout [ 991.553255][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 992.094721][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 992.116160][ T69] bond0 (unregistering): Released all slaves [ 993.683318][T11089] Bluetooth: hci5: command tx timeout [ 993.684506][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.684573][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.743789][T11089] Bluetooth: hci1: command tx timeout [ 995.293064][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 995.353155][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 995.414505][ T69] bond0 (unregistering): Released all slaves [ 995.774046][ T9195] Bluetooth: hci1: command tx timeout [ 995.774133][T11089] Bluetooth: hci5: command tx timeout [ 996.076167][T11649] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 996.134212][T11866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1022'. [ 996.205944][T11649] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 996.297697][T11728] hsr_slave_0: entered promiscuous mode [ 996.511238][T11728] hsr_slave_1: entered promiscuous mode [ 996.521047][T11728] debugfs: 'hsr0' already exists in 'hsr' [ 996.521077][T11728] Cannot create hsr debugfs directory [ 996.538600][T11649] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 996.813996][T11649] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 997.842734][ T9195] Bluetooth: hci1: command tx timeout [ 997.842780][T11089] Bluetooth: hci5: command tx timeout [ 997.872717][ T69] hsr_slave_0: left promiscuous mode [ 997.916628][ T69] hsr_slave_1: left promiscuous mode [ 997.917760][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 997.972750][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 998.092586][ T69] hsr_slave_0: left promiscuous mode [ 998.136724][ T69] hsr_slave_1: left promiscuous mode [ 998.138364][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 998.194954][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 999.932648][T11089] Bluetooth: hci5: command tx timeout [ 1000.073177][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1000.473832][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1004.323704][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1004.493547][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1006.525531][T11912] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1029'. [ 1009.081214][T11649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1009.333970][T11835] chnl_net:caif_netlink_parms(): no params data found [ 1009.355967][T11958] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1033'. [ 1011.813363][T11649] 8021q: adding VLAN 0 to HW filter on device team0 [ 1013.373258][T11835] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.374443][T11835] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.374693][T11835] bridge_slave_0: entered allmulticast mode [ 1013.377472][T11835] bridge_slave_0: entered promiscuous mode [ 1013.488907][T11844] chnl_net:caif_netlink_parms(): no params data found [ 1013.949076][T11835] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.951942][ T9195] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1013.976007][T11835] bridge0: port 2(bridge_slave_1) entered disabled state [ 1013.976239][T11835] bridge_slave_1: entered allmulticast mode [ 1014.023233][T11835] bridge_slave_1: entered promiscuous mode [ 1014.044816][ T9195] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1014.052947][ T9195] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1014.054760][ T9195] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1014.055424][ T9195] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1014.890644][T12008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1036'. [ 1015.150507][T11835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1015.466808][T11835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1016.059496][T11728] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1016.165186][T11089] Bluetooth: hci2: command tx timeout [ 1016.214716][T11728] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1016.636171][T11835] team0: Port device team_slave_0 added [ 1016.648559][T11728] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1016.787541][T11835] team0: Port device team_slave_1 added [ 1016.788392][T11728] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1016.854721][T11844] bridge0: port 1(bridge_slave_0) entered blocking state [ 1016.857068][T11844] bridge0: port 1(bridge_slave_0) entered disabled state [ 1016.857304][T11844] bridge_slave_0: entered allmulticast mode [ 1016.888812][T11844] bridge_slave_0: entered promiscuous mode [ 1017.265284][T11844] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.265394][T11844] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.265560][T11844] bridge_slave_1: entered allmulticast mode [ 1017.267046][T11844] bridge_slave_1: entered promiscuous mode [ 1017.517101][T11835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1017.517113][T11835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1017.517128][T11835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1017.850733][T11835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1017.850750][T11835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1017.850765][T11835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1018.035787][T11844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1018.242737][T11089] Bluetooth: hci2: command tx timeout [ 1019.311748][T11844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1020.016822][T11844] team0: Port device team_slave_0 added [ 1020.035653][T11844] team0: Port device team_slave_1 added [ 1020.069152][T11835] hsr_slave_0: entered promiscuous mode [ 1020.071304][T11835] hsr_slave_1: entered promiscuous mode [ 1020.072156][T11835] debugfs: 'hsr0' already exists in 'hsr' [ 1020.072172][T11835] Cannot create hsr debugfs directory [ 1020.362612][T11089] Bluetooth: hci2: command tx timeout [ 1020.637180][T11844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1020.637198][T11844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1020.637232][T11844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1020.776701][T11844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1020.776721][T11844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1020.776747][T11844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1021.260325][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1042'. [ 1022.412626][T11089] Bluetooth: hci2: command tx timeout [ 1024.003319][T11844] hsr_slave_0: entered promiscuous mode [ 1024.035961][T11844] hsr_slave_1: entered promiscuous mode [ 1024.069799][T11844] debugfs: 'hsr0' already exists in 'hsr' [ 1024.069830][T11844] Cannot create hsr debugfs directory [ 1026.357055][T11990] chnl_net:caif_netlink_parms(): no params data found [ 1027.262491][ T6001] usb 2-1: new low-speed USB device number 61 using dummy_hcd [ 1027.415606][ T6001] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1027.415642][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1027.415656][ T6001] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1027.415669][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1027.415682][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1027.417626][ T6001] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1027.417663][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1027.417677][ T6001] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1027.417690][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1027.417703][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1027.419759][ T6001] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1027.419793][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1027.419808][ T6001] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1027.419824][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1027.419836][ T6001] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1027.637190][ T6001] usb 2-1: string descriptor 0 read error: -22 [ 1027.637277][ T6001] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1027.637289][ T6001] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1027.697275][ T6001] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1028.121290][ T31] usb 2-1: USB disconnect, device number 61 [ 1028.642130][T11990] bridge0: port 1(bridge_slave_0) entered blocking state [ 1028.647635][T11990] bridge0: port 1(bridge_slave_0) entered disabled state [ 1028.647881][T11990] bridge_slave_0: entered allmulticast mode [ 1028.667648][T11990] bridge_slave_0: entered promiscuous mode [ 1028.693897][T11990] bridge0: port 2(bridge_slave_1) entered blocking state [ 1028.694080][T11990] bridge0: port 2(bridge_slave_1) entered disabled state [ 1028.694328][T11990] bridge_slave_1: entered allmulticast mode [ 1028.698071][T11990] bridge_slave_1: entered promiscuous mode [ 1028.717018][T11728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1029.733508][T11990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1029.831763][T11990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1030.238560][T11990] team0: Port device team_slave_0 added [ 1030.298332][T11728] 8021q: adding VLAN 0 to HW filter on device team0 [ 1030.341671][T11990] team0: Port device team_slave_1 added [ 1031.231002][ T69] bridge_slave_1: left allmulticast mode [ 1031.231030][ T69] bridge_slave_1: left promiscuous mode [ 1031.231287][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1031.303987][ T69] bridge_slave_0: left allmulticast mode [ 1031.304016][ T69] bridge_slave_0: left promiscuous mode [ 1031.304266][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1031.378219][ T69] bridge_slave_1: left allmulticast mode [ 1031.378248][ T69] bridge_slave_1: left promiscuous mode [ 1031.378490][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1031.493273][ T69] bridge_slave_0: left allmulticast mode [ 1031.493295][ T69] bridge_slave_0: left promiscuous mode [ 1031.493461][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1031.585800][ T69] bridge_slave_1: left allmulticast mode [ 1031.585831][ T69] bridge_slave_1: left promiscuous mode [ 1031.586080][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1031.684718][ T69] bridge_slave_0: left allmulticast mode [ 1031.684745][ T69] bridge_slave_0: left promiscuous mode [ 1031.684981][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1034.578099][T12277] loop5: detected capacity change from 0 to 7 [ 1034.583810][T12277] Dev loop5: unable to read RDB block 7 [ 1034.583857][T12277] loop5: unable to read partition table [ 1034.584066][T12277] loop5: partition table beyond EOD, truncated [ 1034.584082][T12277] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1036.133425][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1036.213256][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1036.284567][ T69] bond0 (unregistering): Released all slaves [ 1037.959730][ T9195] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1037.970582][ T9195] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1037.971893][ T9195] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1037.986708][ T9195] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1037.988397][ T9195] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1038.153538][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1038.263328][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1038.334362][ T69] bond0 (unregistering): Released all slaves [ 1040.103243][T11089] Bluetooth: hci3: command tx timeout [ 1040.163330][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1040.244441][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1040.305311][ T69] bond0 (unregistering): Released all slaves [ 1040.853192][ T808] bridge0: port 1(bridge_slave_0) entered blocking state [ 1040.853321][ T808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1040.855132][T11990] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1040.855142][T11990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1040.855156][T11990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1040.863248][T11990] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1040.863263][T11990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1040.863288][T11990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1041.731019][T11990] hsr_slave_0: entered promiscuous mode [ 1041.735150][T11990] hsr_slave_1: entered promiscuous mode [ 1041.736763][T11990] debugfs: 'hsr0' already exists in 'hsr' [ 1041.736786][T11990] Cannot create hsr debugfs directory [ 1042.168970][T11089] Bluetooth: hci3: command tx timeout [ 1043.512564][ T69] hsr_slave_0: left promiscuous mode [ 1043.532674][ T69] hsr_slave_1: left promiscuous mode [ 1043.533710][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1043.574464][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1044.118746][ T69] hsr_slave_0: left promiscuous mode [ 1044.132758][ T69] hsr_slave_1: left promiscuous mode [ 1044.133884][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1044.183358][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1044.242869][T11089] Bluetooth: hci3: command tx timeout [ 1044.382720][ T69] hsr_slave_0: left promiscuous mode [ 1044.409327][ T69] hsr_slave_1: left promiscuous mode [ 1044.409972][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1044.436183][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1045.383386][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1045.543128][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1046.345288][T11089] Bluetooth: hci3: command tx timeout [ 1047.913833][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1048.085642][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1049.753079][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1049.943195][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1051.470893][T12297] chnl_net:caif_netlink_parms(): no params data found [ 1051.547836][ T9195] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1051.598128][ T9195] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1051.611088][ T9195] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1051.616017][ T9195] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1051.617553][ T9195] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1052.538999][T12353] loop5: detected capacity change from 0 to 7 [ 1052.541763][T12353] Dev loop5: unable to read RDB block 7 [ 1052.541811][T12353] loop5: unable to read partition table [ 1052.542020][T12353] loop5: partition table beyond EOD, truncated [ 1052.542055][T12353] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1052.701965][T11089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1052.718825][T11089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1052.730241][T11089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1052.732856][T11089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1052.733661][T11089] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1053.018043][T12297] bridge0: port 1(bridge_slave_0) entered blocking state [ 1053.018428][T12297] bridge0: port 1(bridge_slave_0) entered disabled state [ 1053.018665][T12297] bridge_slave_0: entered allmulticast mode [ 1053.022174][T12297] bridge_slave_0: entered promiscuous mode [ 1053.033459][T12297] bridge0: port 2(bridge_slave_1) entered blocking state [ 1053.033594][T12297] bridge0: port 2(bridge_slave_1) entered disabled state [ 1053.033768][T12297] bridge_slave_1: entered allmulticast mode [ 1053.036480][T12297] bridge_slave_1: entered promiscuous mode [ 1053.692604][ T9195] Bluetooth: hci4: command tx timeout [ 1053.876577][T12297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1053.886664][T12297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1054.275231][T12297] team0: Port device team_slave_0 added [ 1054.296278][T12297] team0: Port device team_slave_1 added [ 1054.488987][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.489054][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.719110][T12297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1054.719124][T12297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1054.719145][T12297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1054.804829][ T9195] Bluetooth: hci1: command tx timeout [ 1054.821322][T12297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1054.821334][T12297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1054.821349][T12297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1055.208496][T12297] hsr_slave_0: entered promiscuous mode [ 1055.209339][T12297] hsr_slave_1: entered promiscuous mode [ 1055.296506][T11990] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1055.391472][T11990] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1055.524352][T12372] capability: warning: `syz.1.1061' uses deprecated v2 capabilities in a way that may be insecure [ 1055.564359][T11990] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1055.700485][T11990] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1055.745913][T12378] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1055.748251][T12378] FAULT_INJECTION: forcing a failure. [ 1055.748251][T12378] name failslab, interval 1, probability 0, space 0, times 1 [ 1055.748343][T12378] CPU: 1 UID: 0 PID: 12378 Comm: syz.1.1064 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1055.748358][T12378] Tainted: [L]=SOFTLOCKUP [ 1055.748362][T12378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1055.748374][T12378] Call Trace: [ 1055.748381][T12378] [ 1055.748388][T12378] dump_stack_lvl+0xe8/0x150 [ 1055.748407][T12378] should_fail_ex+0x46c/0x600 [ 1055.748424][T12378] ? getname_flags+0xb8/0x540 [ 1055.748434][T12378] should_failslab+0xa8/0x100 [ 1055.748445][T12378] ? getname_flags+0xb8/0x540 [ 1055.748453][T12378] kmem_cache_alloc_noprof+0x84/0x6c0 [ 1055.748471][T12378] getname_flags+0xb8/0x540 [ 1055.748483][T12378] user_path_at+0x24/0x60 [ 1055.748496][T12378] do_utimes+0x131/0x2a0 [ 1055.748510][T12378] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1055.748559][T12378] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1055.748593][T12378] ? __pfx_do_utimes+0x10/0x10 [ 1055.748612][T12378] __x64_sys_utime+0x13e/0x200 [ 1055.748629][T12378] ? ksys_write+0x230/0x260 [ 1055.748643][T12378] ? __pfx___x64_sys_utime+0x10/0x10 [ 1055.748663][T12378] do_syscall_64+0xec/0xf80 [ 1055.748694][T12378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.748704][T12378] ? trace_irq_disable+0x37/0x100 [ 1055.748715][T12378] ? clear_bhb_loop+0x60/0xb0 [ 1055.748730][T12378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.748740][T12378] RIP: 0033:0x7f50310cf749 [ 1055.748754][T12378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1055.748763][T12378] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084 [ 1055.748776][T12378] RAX: ffffffffffffffda RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1055.748784][T12378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0 [ 1055.748790][T12378] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1055.748796][T12378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1055.748802][T12378] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1055.748819][T12378] [ 1055.773897][ T9195] Bluetooth: hci4: command tx timeout [ 1056.147407][T12341] chnl_net:caif_netlink_parms(): no params data found [ 1056.883995][ T9195] Bluetooth: hci1: command tx timeout [ 1056.884376][T12341] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.884544][T12341] bridge0: port 1(bridge_slave_0) entered disabled state [ 1056.884720][T12341] bridge_slave_0: entered allmulticast mode [ 1056.886278][T12341] bridge_slave_0: entered promiscuous mode [ 1056.888318][T12354] chnl_net:caif_netlink_parms(): no params data found [ 1057.034098][T12341] bridge0: port 2(bridge_slave_1) entered blocking state [ 1057.034262][T12341] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.034510][T12341] bridge_slave_1: entered allmulticast mode [ 1057.036122][T12341] bridge_slave_1: entered promiscuous mode [ 1057.842631][ T9195] Bluetooth: hci4: command tx timeout [ 1057.852140][T12341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1057.906377][T12341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1058.901493][T12341] team0: Port device team_slave_0 added [ 1059.518101][ T9195] Bluetooth: hci1: command tx timeout [ 1059.842284][T12341] team0: Port device team_slave_1 added [ 1060.027473][ T9195] Bluetooth: hci4: command tx timeout [ 1060.057445][T12354] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.057573][T12354] bridge0: port 1(bridge_slave_0) entered disabled state [ 1060.057850][T12354] bridge_slave_0: entered allmulticast mode [ 1060.059264][T12354] bridge_slave_0: entered promiscuous mode [ 1061.010324][T12430] FAULT_INJECTION: forcing a failure. [ 1061.010324][T12430] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.010358][T12430] CPU: 0 UID: 0 PID: 12430 Comm: syz.1.1075 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1061.010383][T12430] Tainted: [L]=SOFTLOCKUP [ 1061.010390][T12430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1061.010401][T12430] Call Trace: [ 1061.010408][T12430] [ 1061.010416][T12430] dump_stack_lvl+0xe8/0x150 [ 1061.010444][T12430] should_fail_ex+0x46c/0x600 [ 1061.010473][T12430] should_failslab+0xa8/0x100 [ 1061.010492][T12430] __kmalloc_noprof+0xe0/0x7e0 [ 1061.010516][T12430] ? kfree+0x4d/0x900 [ 1061.010534][T12430] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1061.010556][T12430] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1061.010574][T12430] ? tomoyo_domain+0xd9/0x130 [ 1061.010597][T12430] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1061.010621][T12430] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1061.010646][T12430] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1061.010673][T12430] ? sb_end_write+0xe9/0x1c0 [ 1061.010692][T12430] ? vfs_write+0x965/0xb40 [ 1061.010744][T12430] ? ksys_write+0x1e7/0x260 [ 1061.010775][T12430] security_file_ioctl+0xcb/0x2d0 [ 1061.010802][T12430] __se_sys_ioctl+0x47/0x170 [ 1061.010828][T12430] do_syscall_64+0xec/0xf80 [ 1061.010847][T12430] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.010865][T12430] ? trace_irq_disable+0x37/0x100 [ 1061.010885][T12430] ? clear_bhb_loop+0x60/0xb0 [ 1061.010908][T12430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.010926][T12430] RIP: 0033:0x7f50310cf749 [ 1061.010943][T12430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1061.010959][T12430] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1061.010979][T12430] RAX: ffffffffffffffda RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1061.010993][T12430] RDX: 0000200000000080 RSI: 000000004068aea3 RDI: 0000000000000005 [ 1061.011006][T12430] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1061.011017][T12430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1061.011028][T12430] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1061.011060][T12430] [ 1061.011068][T12430] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1061.243035][T12432] input: syz1 as /devices/virtual/input/input17 [ 1061.305697][T12354] bridge0: port 2(bridge_slave_1) entered blocking state [ 1061.305786][T12354] bridge0: port 2(bridge_slave_1) entered disabled state [ 1061.305978][T12354] bridge_slave_1: entered allmulticast mode [ 1061.307497][T12354] bridge_slave_1: entered promiscuous mode [ 1061.514144][T12341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1061.514159][T12341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1061.514180][T12341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1061.527559][ T9195] Bluetooth: hci1: command tx timeout [ 1061.614145][T12341] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1061.614163][T12341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1061.614189][T12341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1061.683197][T12354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1061.695058][T12354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1061.742798][T12435] FAULT_INJECTION: forcing a failure. [ 1061.742798][T12435] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1061.742834][T12435] CPU: 0 UID: 0 PID: 12435 Comm: syz.1.1077 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1061.742860][T12435] Tainted: [L]=SOFTLOCKUP [ 1061.742866][T12435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1061.742878][T12435] Call Trace: [ 1061.742885][T12435] [ 1061.742893][T12435] dump_stack_lvl+0xe8/0x150 [ 1061.742921][T12435] should_fail_ex+0x46c/0x600 [ 1061.742951][T12435] _copy_from_user+0x2d/0xb0 [ 1061.742977][T12435] __sys_connect+0x124/0x450 [ 1061.743000][T12435] ? __pfx___sys_connect+0x10/0x10 [ 1061.743031][T12435] ? __pfx_ksys_write+0x10/0x10 [ 1061.743064][T12435] __x64_sys_connect+0x7a/0x90 [ 1061.743085][T12435] do_syscall_64+0xec/0xf80 [ 1061.743103][T12435] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.743122][T12435] ? trace_irq_disable+0x37/0x100 [ 1061.743141][T12435] ? clear_bhb_loop+0x60/0xb0 [ 1061.743163][T12435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.743181][T12435] RIP: 0033:0x7f50310cf749 [ 1061.743197][T12435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1061.743213][T12435] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1061.743233][T12435] RAX: ffffffffffffffda RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1061.743247][T12435] RDX: 000000000000000a RSI: 0000200000000240 RDI: 0000000000000004 [ 1061.743259][T12435] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1061.743271][T12435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1061.743283][T12435] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1061.743312][T12435] [ 1062.321777][T12354] team0: Port device team_slave_0 added [ 1062.376128][T12341] hsr_slave_0: entered promiscuous mode [ 1062.376966][T12341] hsr_slave_1: entered promiscuous mode [ 1062.377636][T12341] debugfs: 'hsr0' already exists in 'hsr' [ 1062.377651][T12341] Cannot create hsr debugfs directory [ 1062.382089][T12354] team0: Port device team_slave_1 added [ 1062.735067][T12354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1062.735079][T12354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1062.735093][T12354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1062.825230][T12354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1062.825247][T12354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1062.825271][T12354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1062.900372][T12297] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1063.025410][T12297] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1063.071785][T12297] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1063.184948][T12297] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1063.558060][T12354] hsr_slave_0: entered promiscuous mode [ 1063.559071][T12354] hsr_slave_1: entered promiscuous mode [ 1063.559712][T12354] debugfs: 'hsr0' already exists in 'hsr' [ 1063.559734][T12354] Cannot create hsr debugfs directory [ 1063.796970][T11990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1064.137391][T11990] 8021q: adding VLAN 0 to HW filter on device team0 [ 1064.365758][ T1520] bridge0: port 1(bridge_slave_0) entered blocking state [ 1064.461337][ T1520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1065.231916][ T1382] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.232141][ T1382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1065.586420][T12297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1066.446289][ T69] bridge_slave_1: left allmulticast mode [ 1066.446309][ T69] bridge_slave_1: left promiscuous mode [ 1066.446463][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.523423][ T69] bridge_slave_0: left allmulticast mode [ 1066.523446][ T69] bridge_slave_0: left promiscuous mode [ 1066.523719][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1066.595075][ T69] bridge_slave_1: left allmulticast mode [ 1066.595097][ T69] bridge_slave_1: left promiscuous mode [ 1066.595242][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.654127][ T69] bridge_slave_0: left allmulticast mode [ 1066.654149][ T69] bridge_slave_0: left promiscuous mode [ 1066.654916][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1066.726786][ T69] bridge_slave_1: left allmulticast mode [ 1066.726811][ T69] bridge_slave_1: left promiscuous mode [ 1066.731110][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.783492][ T69] bridge_slave_0: left allmulticast mode [ 1066.783514][ T69] bridge_slave_0: left promiscuous mode [ 1066.783671][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1067.183174][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1067.303123][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1069.031853][ T69] bond0 (unregistering): Released all slaves [ 1069.323302][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1069.446106][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1069.505299][ T69] bond0 (unregistering): Released all slaves [ 1071.775025][T12493] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1071.775318][T12493] block device autoloading is deprecated and will be removed. [ 1072.365823][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1072.443293][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1072.504344][ T69] bond0 (unregistering): Released all slaves [ 1072.530812][T12489] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1094'. [ 1072.547401][T12489] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1094'. [ 1072.821416][T12297] 8021q: adding VLAN 0 to HW filter on device team0 [ 1072.856357][ T1382] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.856500][ T1382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1072.864774][ T1520] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.864918][ T1520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1073.291500][T11990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1074.943043][T12297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1075.103643][T11089] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1075.108743][T11089] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1075.120009][T11089] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1075.123655][T11089] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1075.124460][T11089] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1075.852637][ T69] hsr_slave_0: left promiscuous mode [ 1075.872651][ T69] hsr_slave_1: left promiscuous mode [ 1075.873358][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1075.903197][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1076.055695][ T69] hsr_slave_0: left promiscuous mode [ 1076.085846][ T69] hsr_slave_1: left promiscuous mode [ 1076.086495][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1076.133068][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1076.394644][ T69] hsr_slave_0: left promiscuous mode [ 1076.432507][ T69] hsr_slave_1: left promiscuous mode [ 1076.443915][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1076.642291][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1077.219655][T11089] Bluetooth: hci5: command tx timeout [ 1078.213077][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1078.394053][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1079.282873][T11089] Bluetooth: hci5: command tx timeout [ 1079.583203][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1079.743109][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1080.903963][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1081.043213][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1081.370625][T11089] Bluetooth: hci5: command tx timeout [ 1083.385329][T12297] veth0_vlan: entered promiscuous mode [ 1083.452459][T11089] Bluetooth: hci5: command tx timeout [ 1083.454940][T12297] veth1_vlan: entered promiscuous mode [ 1083.598611][T12535] loop5: detected capacity change from 0 to 7 [ 1083.599494][T12535] Dev loop5: unable to read RDB block 7 [ 1083.599537][T12535] loop5: unable to read partition table [ 1083.599747][T12535] loop5: partition table beyond EOD, truncated [ 1083.599763][T12535] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1083.710833][T12297] veth0_macvtap: entered promiscuous mode [ 1083.822923][T12297] veth1_macvtap: entered promiscuous mode [ 1084.056804][T12297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1084.125333][T12297] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1084.278509][ T6756] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.284160][ T6756] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.284206][ T6756] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.284242][ T6756] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.382027][T12341] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1084.599392][T12341] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1084.631304][T12341] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1084.739547][T12341] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1085.122801][T12515] chnl_net:caif_netlink_parms(): no params data found [ 1085.271721][T12354] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1086.430614][T12354] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1087.338396][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1087.338416][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1087.348502][T12354] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1087.411150][T12563] loop5: detected capacity change from 0 to 7 [ 1087.432211][T12528] Dev loop5: unable to read RDB block 7 [ 1087.432265][T12528] loop5: unable to read partition table [ 1087.434678][T12528] loop5: partition table beyond EOD, truncated [ 1087.463930][T12563] Dev loop5: unable to read RDB block 7 [ 1087.463964][T12563] loop5: unable to read partition table [ 1087.464094][T12563] loop5: partition table beyond EOD, truncated [ 1087.464125][T12563] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1087.510044][T12354] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1087.900600][T12515] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.902049][T12515] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.902875][T12515] bridge_slave_0: entered allmulticast mode [ 1087.905398][T12515] bridge_slave_0: entered promiscuous mode [ 1087.963128][T12515] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.963265][T12515] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.963507][T12515] bridge_slave_1: entered allmulticast mode [ 1087.971636][T12515] bridge_slave_1: entered promiscuous mode [ 1088.013121][ T6136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1088.013144][ T6136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1088.222756][T12515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1088.269318][T12515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1088.530314][T12515] team0: Port device team_slave_0 added [ 1088.536662][T12515] team0: Port device team_slave_1 added [ 1088.868075][T12515] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1088.868091][T12515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1088.868115][T12515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1088.875790][T12515] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1088.875807][T12515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1088.875831][T12515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1090.035020][T12594] loop5: detected capacity change from 0 to 7 [ 1090.035849][T12594] Dev loop5: unable to read RDB block 7 [ 1090.035888][T12594] loop5: unable to read partition table [ 1090.036079][T12594] loop5: partition table beyond EOD, truncated [ 1090.036096][T12594] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1090.412767][T12600] FAULT_INJECTION: forcing a failure. [ 1090.412767][T12600] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1090.412825][T12600] CPU: 1 UID: 0 PID: 12600 Comm: syz.5.1115 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1090.412852][T12600] Tainted: [L]=SOFTLOCKUP [ 1090.412859][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1090.412872][T12600] Call Trace: [ 1090.412879][T12600] [ 1090.412888][T12600] dump_stack_lvl+0xe8/0x150 [ 1090.412919][T12600] should_fail_ex+0x46c/0x600 [ 1090.412950][T12600] _copy_from_user+0x2d/0xb0 [ 1090.412970][T12600] ___sys_sendmsg+0x158/0x2a0 [ 1090.412997][T12600] ? __pfx____sys_sendmsg+0x10/0x10 [ 1090.413055][T12600] ? __fget_files+0x2a/0x420 [ 1090.413074][T12600] ? __fget_files+0x3a6/0x420 [ 1090.413104][T12600] __x64_sys_sendmsg+0x1a1/0x260 [ 1090.413131][T12600] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1090.413164][T12600] ? __pfx_ksys_write+0x10/0x10 [ 1090.413202][T12600] do_syscall_64+0xec/0xf80 [ 1090.413232][T12600] ? rcu_is_watching+0x15/0xb0 [ 1090.413250][T12600] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1090.413278][T12600] ? clear_bhb_loop+0x60/0xb0 [ 1090.413301][T12600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1090.413320][T12600] RIP: 0033:0x7f9004b4f749 [ 1090.413337][T12600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1090.413354][T12600] RSP: 002b:00007f9002d74038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1090.413374][T12600] RAX: ffffffffffffffda RBX: 00007f9004da6180 RCX: 00007f9004b4f749 [ 1090.413389][T12600] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000005 [ 1090.413401][T12600] RBP: 00007f9002d74090 R08: 0000000000000000 R09: 0000000000000000 [ 1090.413414][T12600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1090.413425][T12600] R13: 00007f9004da6218 R14: 00007f9004da6180 R15: 00007ffffc1211b8 [ 1090.413461][T12600] [ 1092.552895][T12617] loop5: detected capacity change from 0 to 7 [ 1092.570339][T12528] Dev loop5: unable to read RDB block 7 [ 1092.570374][T12528] loop5: unable to read partition table [ 1092.570515][T12528] loop5: partition table beyond EOD, truncated [ 1092.573188][T12617] Dev loop5: unable to read RDB block 7 [ 1092.573233][T12617] loop5: unable to read partition table [ 1092.573441][T12617] loop5: partition table beyond EOD, truncated [ 1092.573462][T12617] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1092.823510][T12515] hsr_slave_0: entered promiscuous mode [ 1092.824351][T12515] hsr_slave_1: entered promiscuous mode [ 1092.824868][T12515] debugfs: 'hsr0' already exists in 'hsr' [ 1092.824882][T12515] Cannot create hsr debugfs directory [ 1093.232491][ T5988] usb 2-1: new low-speed USB device number 62 using dummy_hcd [ 1093.435833][ T5988] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1093.435905][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1093.435934][ T5988] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1093.435958][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1093.435981][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1093.439061][ T5988] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1093.439111][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1093.439137][ T5988] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1093.439160][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1093.439184][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1093.539094][ T5988] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1093.539714][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1093.539730][ T5988] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1093.539743][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1093.539756][ T5988] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1093.617855][ T5988] usb 2-1: string descriptor 0 read error: -22 [ 1093.618068][ T5988] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1093.618091][ T5988] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.631502][T12341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1093.720275][ T5988] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1094.019667][ T5911] usb 2-1: USB disconnect, device number 62 [ 1094.221960][T12341] 8021q: adding VLAN 0 to HW filter on device team0 [ 1094.316709][ T1382] bridge0: port 1(bridge_slave_0) entered blocking state [ 1094.316833][ T1382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1094.544303][ T69] bridge_slave_1: left allmulticast mode [ 1094.544333][ T69] bridge_slave_1: left promiscuous mode [ 1094.544580][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1094.656673][ T69] bridge_slave_0: left allmulticast mode [ 1094.656702][ T69] bridge_slave_0: left promiscuous mode [ 1094.656947][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1094.742257][T12640] loop5: detected capacity change from 0 to 7 [ 1094.753937][T12640] Dev loop5: unable to read RDB block 7 [ 1094.753988][T12640] loop5: unable to read partition table [ 1094.754185][T12640] loop5: partition table beyond EOD, truncated [ 1094.761614][T12640] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1097.646997][T12669] FAULT_INJECTION: forcing a failure. [ 1097.646997][T12669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1097.647033][T12669] CPU: 1 UID: 0 PID: 12669 Comm: syz.1.1142 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1097.647059][T12669] Tainted: [L]=SOFTLOCKUP [ 1097.647066][T12669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1097.647078][T12669] Call Trace: [ 1097.647085][T12669] [ 1097.647093][T12669] dump_stack_lvl+0xe8/0x150 [ 1097.647124][T12669] should_fail_ex+0x46c/0x600 [ 1097.647154][T12669] _copy_from_iter+0x1cd/0x1630 [ 1097.647182][T12669] ? kmalloc_reserve+0xbd/0x290 [ 1097.647204][T12669] ? rcu_is_watching+0x15/0xb0 [ 1097.647228][T12669] ? __pfx__copy_from_iter+0x10/0x10 [ 1097.647255][T12669] ? __build_skb_around+0x22d/0x3c0 [ 1097.647278][T12669] ? __alloc_skb+0x198/0x3a0 [ 1097.647299][T12669] ? netlink_sendmsg+0x642/0xb30 [ 1097.647425][T12669] ? skb_put+0x11b/0x210 [ 1097.647449][T12669] netlink_sendmsg+0x6b2/0xb30 [ 1097.647483][T12669] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1097.647515][T12669] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1097.647540][T12669] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1097.647565][T12669] __sock_sendmsg+0x21c/0x270 [ 1097.647603][T12669] ____sys_sendmsg+0x508/0x810 [ 1097.647632][T12669] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1097.647665][T12669] ? import_iovec+0x74/0xa0 [ 1097.647686][T12669] ___sys_sendmsg+0x21f/0x2a0 [ 1097.647712][T12669] ? __pfx____sys_sendmsg+0x10/0x10 [ 1097.647769][T12669] ? __fget_files+0x2a/0x420 [ 1097.647789][T12669] ? __fget_files+0x3a6/0x420 [ 1097.647819][T12669] __x64_sys_sendmsg+0x1a1/0x260 [ 1097.647845][T12669] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1097.647877][T12669] ? __pfx_ksys_write+0x10/0x10 [ 1097.647915][T12669] do_syscall_64+0xec/0xf80 [ 1097.647934][T12669] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.647953][T12669] ? trace_irq_disable+0x37/0x100 [ 1097.647973][T12669] ? clear_bhb_loop+0x60/0xb0 [ 1097.647996][T12669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.648015][T12669] RIP: 0033:0x7f50310cf749 [ 1097.648032][T12669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1097.648048][T12669] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1097.648069][T12669] RAX: ffffffffffffffda RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1097.648083][T12669] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000008 [ 1097.648096][T12669] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1097.648108][T12669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1097.648119][T12669] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1097.648150][T12669] [ 1098.617916][ T37] audit: type=1326 audit(1766740446.403:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12686 comm="syz.1.1149" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f50310cf749 code=0x0 [ 1099.193265][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1099.263444][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1099.309608][ T69] bond0 (unregistering): Released all slaves [ 1099.358600][T12354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1099.430093][ T6136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.430199][ T6136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1099.519975][T12703] FAULT_INJECTION: forcing a failure. [ 1099.519975][T12703] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.520021][T12703] CPU: 0 UID: 0 PID: 12703 Comm: syz.1.1156 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1099.520048][T12703] Tainted: [L]=SOFTLOCKUP [ 1099.520055][T12703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1099.520066][T12703] Call Trace: [ 1099.520074][T12703] [ 1099.520082][T12703] dump_stack_lvl+0xe8/0x150 [ 1099.520121][T12703] should_fail_ex+0x46c/0x600 [ 1099.520152][T12703] should_failslab+0xa8/0x100 [ 1099.520176][T12703] __kmalloc_noprof+0xe0/0x7e0 [ 1099.520202][T12703] ? kfree+0x4d/0x900 [ 1099.520222][T12703] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1099.520255][T12703] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1099.520276][T12703] ? tomoyo_domain+0xd9/0x130 [ 1099.520301][T12703] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1099.520326][T12703] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1099.520353][T12703] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1099.520380][T12703] ? sb_end_write+0xe9/0x1c0 [ 1099.520400][T12703] ? vfs_write+0x965/0xb40 [ 1099.520458][T12703] ? ksys_write+0x1e7/0x260 [ 1099.520503][T12703] security_file_ioctl+0xcb/0x2d0 [ 1099.520532][T12703] __se_sys_ioctl+0x47/0x170 [ 1099.520560][T12703] do_syscall_64+0xec/0xf80 [ 1099.520580][T12703] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.520598][T12703] ? trace_irq_disable+0x37/0x100 [ 1099.520619][T12703] ? clear_bhb_loop+0x60/0xb0 [ 1099.520642][T12703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.520660][T12703] RIP: 0033:0x7f50310cf749 [ 1099.520678][T12703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1099.520695][T12703] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1099.520724][T12703] RAX: ffffffffffffffda RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1099.520738][T12703] RDX: 0000000000000000 RSI: 0000000000005385 RDI: 0000000000000003 [ 1099.520749][T12703] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1099.520761][T12703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1099.520773][T12703] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1099.520805][T12703] [ 1099.520960][T12703] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1100.005151][T12354] 8021q: adding VLAN 0 to HW filter on device team0 [ 1100.089885][ T1504] bridge0: port 1(bridge_slave_0) entered blocking state [ 1100.090092][ T1504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1100.123883][ T1504] bridge0: port 2(bridge_slave_1) entered blocking state [ 1100.124020][ T1504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1100.732976][ T5911] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1100.993347][ T5911] usb 6-1: Using ep0 maxpacket: 8 [ 1101.051977][ T5911] usb 6-1: config 2 has an invalid interface number: 31 but max is 0 [ 1101.052006][ T5911] usb 6-1: config 2 has no interface number 0 [ 1101.052040][ T5911] usb 6-1: config 2 interface 31 has no altsetting 0 [ 1101.083601][ T5911] usb 6-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1101.083633][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.083652][ T5911] usb 6-1: Product: syz [ 1101.083709][ T5911] usb 6-1: Manufacturer: syz [ 1101.083723][ T5911] usb 6-1: SerialNumber: syz [ 1101.266170][ T5911] ch9200 6-1:2.31: probe with driver ch9200 failed with error -22 [ 1101.412493][ T69] hsr_slave_0: left promiscuous mode [ 1101.454306][ T69] hsr_slave_1: left promiscuous mode [ 1101.455268][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1101.461668][T12717] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1163'. [ 1101.463771][ T5886] usb 6-1: USB disconnect, device number 2 [ 1101.513396][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1103.324583][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1103.782867][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1113.537355][T12515] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1113.613656][T12515] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1113.644631][ T9195] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1113.699889][ T9195] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1113.709799][ T9195] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1113.711541][ T9195] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1113.716740][ T9195] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1114.157323][T12515] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1114.622900][T12515] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1114.645542][T12835] loop5: detected capacity change from 0 to 7 [ 1114.648441][T12835] Dev loop5: unable to read RDB block 7 [ 1114.648718][T12835] loop5: unable to read partition table [ 1114.651486][T12835] loop5: partition table beyond EOD, truncated [ 1114.651510][T12835] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1114.754901][T11089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1114.759643][T11089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1114.796063][T11089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1114.801360][T11089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1114.802215][T11089] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1114.952460][ T31] usb 2-1: new low-speed USB device number 63 using dummy_hcd [ 1115.117923][ T31] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1115.117977][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1115.117992][ T31] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1115.118005][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1115.118017][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1115.182597][ T31] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1115.182649][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1115.182725][ T31] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1115.182799][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1115.182873][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1115.186804][ T31] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1115.187187][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1115.187255][ T31] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1115.187327][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1115.187400][ T31] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1115.309964][ T31] usb 2-1: string descriptor 0 read error: -22 [ 1115.310065][ T31] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1115.310079][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1115.361265][ T31] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1115.441240][T12851] tmpfs: Bad value for 'mpol' [ 1115.611945][ T5886] usb 2-1: USB disconnect, device number 63 [ 1115.762704][T11089] Bluetooth: hci2: command tx timeout [ 1115.928667][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.928735][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.403039][ T5886] usb 2-1: new full-speed USB device number 64 using dummy_hcd [ 1116.894250][T11089] Bluetooth: hci1: command tx timeout [ 1117.060577][ T5886] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 1117.060604][ T5886] usb 2-1: config 0 has no interface number 0 [ 1117.060634][ T5886] usb 2-1: config 0 interface 128 has no altsetting 0 [ 1117.064248][ T5886] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91 [ 1117.064277][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1117.064306][ T5886] usb 2-1: Product: syz [ 1117.064319][ T5886] usb 2-1: Manufacturer: syz [ 1117.064332][ T5886] usb 2-1: SerialNumber: syz [ 1117.074170][ T5886] usb 2-1: config 0 descriptor?? [ 1117.085513][ T5886] radio-si470x 2-1:0.128: could not find interrupt in endpoint [ 1117.085597][ T5886] radio-si470x 2-1:0.128: probe with driver radio-si470x failed with error -5 [ 1117.086061][ T5886] usbhid 2-1:0.128: couldn't find an input interrupt endpoint [ 1117.301137][ T31] usb 2-1: USB disconnect, device number 64 [ 1117.849718][T11089] Bluetooth: hci2: command tx timeout [ 1117.889970][T12875] loop5: detected capacity change from 0 to 7 [ 1117.892142][T12843] Dev loop5: unable to read RDB block 7 [ 1117.892186][T12843] loop5: unable to read partition table [ 1117.892999][T12843] loop5: partition table beyond EOD, truncated [ 1117.902136][T12875] Dev loop5: unable to read RDB block 7 [ 1117.902179][T12875] loop5: unable to read partition table [ 1117.902570][T12875] loop5: partition table beyond EOD, truncated [ 1117.910831][T12875] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1118.116366][T12877] netlink: 1008 bytes leftover after parsing attributes in process `syz.5.1201'. [ 1118.529363][T12515] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1118.965892][T11089] Bluetooth: hci1: command tx timeout [ 1119.072094][T12822] chnl_net:caif_netlink_parms(): no params data found [ 1119.185866][T12836] chnl_net:caif_netlink_parms(): no params data found [ 1119.707643][T12904] FAULT_INJECTION: forcing a failure. [ 1119.707643][T12904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1119.707681][T12904] CPU: 0 UID: 0 PID: 12904 Comm: syz.1.1207 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1119.707706][T12904] Tainted: [L]=SOFTLOCKUP [ 1119.707713][T12904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1119.707723][T12904] Call Trace: [ 1119.707729][T12904] [ 1119.707737][T12904] dump_stack_lvl+0xe8/0x150 [ 1119.707761][T12904] should_fail_ex+0x46c/0x600 [ 1119.707783][T12904] copy_fpstate_to_sigframe+0xa60/0xcc0 [ 1119.707821][T12904] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 1119.707854][T12904] ? rt_spin_lock+0x1c1/0x3e0 [ 1119.707893][T12904] ? rt_spin_lock+0x1c1/0x3e0 [ 1119.707922][T12904] ? do_raw_spin_lock+0x121/0x290 [ 1119.707946][T12904] ? fpu__alloc_mathframe+0xad/0x130 [ 1119.707965][T12904] get_sigframe+0x58d/0x7d0 [ 1119.707998][T12904] ? __pfx_get_sigframe+0x10/0x10 [ 1119.708025][T12904] ? rt_mutex_slowunlock+0x493/0x8a0 [ 1119.708047][T12904] ? reacquire_held_locks+0x104/0x190 [ 1119.708070][T12904] ? rt_spin_lock+0x1c1/0x3e0 [ 1119.708098][T12904] x64_setup_rt_frame+0x15c/0xd40 [ 1119.708122][T12904] ? rt_spin_unlock+0x150/0x200 [ 1119.708149][T12904] ? rt_spin_unlock+0x161/0x200 [ 1119.708173][T12904] ? get_signal+0x1121/0x1310 [ 1119.708199][T12904] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 1119.708234][T12904] arch_do_signal_or_restart+0x3d6/0x7a0 [ 1119.708269][T12904] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1119.708314][T12904] exit_to_user_mode_loop+0x87/0x4e0 [ 1119.708339][T12904] ? rcu_is_watching+0x15/0xb0 [ 1119.708358][T12904] do_syscall_64+0x2b7/0xf80 [ 1119.708373][T12904] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.708391][T12904] ? clear_bhb_loop+0x60/0xb0 [ 1119.708413][T12904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.708431][T12904] RIP: 0033:0x7f50310cf749 [ 1119.708448][T12904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1119.708471][T12904] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb [ 1119.708490][T12904] RAX: 0000000000000000 RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1119.708503][T12904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 1119.708522][T12904] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1119.708531][T12904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1119.708540][T12904] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1119.708570][T12904] [ 1119.727810][T12515] 8021q: adding VLAN 0 to HW filter on device team0 [ 1119.923657][T11089] Bluetooth: hci2: command tx timeout [ 1120.134220][T12919] netlink: 1008 bytes leftover after parsing attributes in process `syz.5.1210'. [ 1121.044661][T11089] Bluetooth: hci1: command tx timeout [ 1121.243360][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state [ 1121.243565][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1121.691681][T12920] Set syz1 is full, maxelem 65536 reached [ 1122.302866][T11089] Bluetooth: hci2: command tx timeout [ 1122.584463][T12931] FAULT_INJECTION: forcing a failure. [ 1122.584463][T12931] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1122.584504][T12931] CPU: 1 UID: 0 PID: 12931 Comm: syz.1.1214 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1122.584530][T12931] Tainted: [L]=SOFTLOCKUP [ 1122.584536][T12931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1122.584548][T12931] Call Trace: [ 1122.584555][T12931] [ 1122.584563][T12931] dump_stack_lvl+0xe8/0x150 [ 1122.584593][T12931] should_fail_ex+0x46c/0x600 [ 1122.584623][T12931] _copy_from_user+0x2d/0xb0 [ 1122.584642][T12931] ___sys_recvmsg+0x12e/0x510 [ 1122.584673][T12931] ? __pfx____sys_recvmsg+0x10/0x10 [ 1122.584701][T12931] ? __fget_files+0x2a/0x420 [ 1122.584737][T12931] ? __fget_files+0x3a6/0x420 [ 1122.584766][T12931] do_recvmmsg+0x30d/0x770 [ 1122.584798][T12931] ? __pfx_do_recvmmsg+0x10/0x10 [ 1122.584833][T12931] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1122.584872][T12931] __x64_sys_recvmmsg+0x190/0x240 [ 1122.584903][T12931] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1122.584938][T12931] do_syscall_64+0xec/0xf80 [ 1122.584955][T12931] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.584973][T12931] ? trace_irq_disable+0x37/0x100 [ 1122.584996][T12931] ? clear_bhb_loop+0x60/0xb0 [ 1122.585019][T12931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.585037][T12931] RIP: 0033:0x7f50310cf749 [ 1122.585053][T12931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1122.585073][T12931] RSP: 002b:00007f502f32e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1122.585093][T12931] RAX: ffffffffffffffda RBX: 00007f5031325fa0 RCX: 00007f50310cf749 [ 1122.585107][T12931] RDX: 0000000000000001 RSI: 0000200000008cc0 RDI: 0000000000000003 [ 1122.585119][T12931] RBP: 00007f502f32e090 R08: 0000000000000000 R09: 0000000000000000 [ 1122.585131][T12931] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1122.585142][T12931] R13: 00007f5031326038 R14: 00007f5031325fa0 R15: 00007fffc7d6ba08 [ 1122.585172][T12931] [ 1122.977886][T12822] bridge0: port 1(bridge_slave_0) entered blocking state [ 1122.978032][T12822] bridge0: port 1(bridge_slave_0) entered disabled state [ 1122.978259][T12822] bridge_slave_0: entered allmulticast mode [ 1122.983164][T12822] bridge_slave_0: entered promiscuous mode [ 1123.083652][T12822] bridge0: port 2(bridge_slave_1) entered blocking state [ 1123.083768][T12822] bridge0: port 2(bridge_slave_1) entered disabled state [ 1123.083951][T12822] bridge_slave_1: entered allmulticast mode [ 1123.086890][T12822] bridge_slave_1: entered promiscuous mode [ 1123.122488][T11089] Bluetooth: hci1: command tx timeout [ 1123.342869][T12836] bridge0: port 1(bridge_slave_0) entered blocking state [ 1123.343700][T12836] bridge0: port 1(bridge_slave_0) entered disabled state [ 1123.343883][T12836] bridge_slave_0: entered allmulticast mode [ 1123.345612][T12836] bridge_slave_0: entered promiscuous mode [ 1123.384366][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state [ 1123.384508][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1123.456708][T12836] bridge0: port 2(bridge_slave_1) entered blocking state [ 1123.456824][T12836] bridge0: port 2(bridge_slave_1) entered disabled state [ 1123.457050][T12836] bridge_slave_1: entered allmulticast mode [ 1123.458771][T12836] bridge_slave_1: entered promiscuous mode [ 1123.863695][T12822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1123.980925][T12822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1124.003608][T12836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1124.655843][T12948] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1221'. [ 1127.725496][T12960] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1223'. [ 1127.737353][T12836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1128.205654][T12822] team0: Port device team_slave_0 added [ 1128.209319][T12976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1226'. [ 1128.209344][T12976] openvswitch: netlink: Flow key attr not present in new flow. [ 1128.311698][T12822] team0: Port device team_slave_1 added [ 1128.576910][T12836] team0: Port device team_slave_0 added [ 1129.578583][T12836] team0: Port device team_slave_1 added [ 1129.586333][T12822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1129.586350][T12822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1129.586376][T12822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1129.724435][T12822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1129.724453][T12822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1129.724479][T12822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1132.265038][T12836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1132.265057][T12836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1132.265083][T12836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1132.379103][T12836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1132.379121][T12836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1132.379146][T12836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1132.707826][T12822] hsr_slave_0: entered promiscuous mode [ 1132.709469][T12822] hsr_slave_1: entered promiscuous mode [ 1132.710578][T12822] debugfs: 'hsr0' already exists in 'hsr' [ 1132.710599][T12822] Cannot create hsr debugfs directory [ 1133.013686][T12836] hsr_slave_0: entered promiscuous mode [ 1133.017288][T12836] hsr_slave_1: entered promiscuous mode [ 1133.018284][T12836] debugfs: 'hsr0' already exists in 'hsr' [ 1133.018307][T12836] Cannot create hsr debugfs directory [ 1133.018682][ T69] bridge_slave_1: left allmulticast mode [ 1133.018702][ T69] bridge_slave_1: left promiscuous mode [ 1133.018943][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1133.107113][ T69] bridge_slave_0: left allmulticast mode [ 1133.107140][ T69] bridge_slave_0: left promiscuous mode [ 1133.107421][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1133.223131][ T69] bridge_slave_1: left allmulticast mode [ 1133.223152][ T69] bridge_slave_1: left promiscuous mode [ 1133.228104][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1133.303942][ T69] bridge_slave_0: left allmulticast mode [ 1133.303969][ T69] bridge_slave_0: left promiscuous mode [ 1133.304244][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1133.502589][ T56] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1133.666101][ T56] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1133.666128][ T56] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1133.673493][ T56] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1133.673521][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1133.673540][ T56] usb 6-1: SerialNumber: syz [ 1133.936914][ T56] usb 6-1: 0:2 : does not exist [ 1134.102178][ T56] usb 6-1: USB disconnect, device number 3 [ 1134.246597][T12997] udevd[12997]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1136.003575][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1136.090203][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1136.126564][ T69] bond0 (unregistering): Released all slaves [ 1136.417147][ T9195] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1136.420957][ T9195] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1136.440062][ T9195] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1136.453233][ T9195] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1136.483310][ T9195] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1138.393252][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1138.483546][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1138.535705][ T69] bond0 (unregistering): Released all slaves [ 1138.566478][T11089] Bluetooth: hci4: command tx timeout [ 1139.267211][T13026] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1245'. [ 1139.652668][ T5911] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1139.822457][ T5911] usb 6-1: Using ep0 maxpacket: 32 [ 1139.830828][ T5911] usb 6-1: config 0 has an invalid descriptor of length 40, skipping remainder of the config [ 1139.830882][ T5911] usb 6-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1139.830908][ T5911] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1139.830940][ T5911] usb 6-1: New USB device found, idVendor=5543, idProduct=006e, bcdDevice= 0.00 [ 1139.830961][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1139.901608][ T5911] usb 6-1: config 0 descriptor?? [ 1140.133544][ T5911] usb 6-1: string descriptor 0 read error: -71 [ 1140.137049][ T5911] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 1140.141040][ T5911] usb 6-1: USB disconnect, device number 4 [ 1140.476812][ T69] hsr_slave_0: left promiscuous mode [ 1140.512534][ T69] hsr_slave_1: left promiscuous mode [ 1140.513526][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1140.536878][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1140.642647][T11089] Bluetooth: hci4: command tx timeout [ 1140.742529][ T69] hsr_slave_0: left promiscuous mode [ 1140.782558][ T69] hsr_slave_1: left promiscuous mode [ 1140.783514][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1140.833462][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1142.129083][T13034] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1248'. [ 1142.722483][T11089] Bluetooth: hci4: command tx timeout [ 1144.802462][T11089] Bluetooth: hci4: command tx timeout [ 1146.941453][T13050] loop5: detected capacity change from 0 to 7 [ 1146.981890][T13050] Dev loop5: unable to read RDB block 7 [ 1146.981939][T13050] loop5: unable to read partition table [ 1146.982163][T13050] loop5: partition table beyond EOD, truncated [ 1146.982213][T13050] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1147.472483][ T56] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1147.491063][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1147.622680][ T56] usb 6-1: Using ep0 maxpacket: 32 [ 1147.625642][ T56] usb 6-1: config 0 has an invalid interface number: 6 but max is 0 [ 1147.625668][ T56] usb 6-1: config 0 has no interface number 0 [ 1147.625701][ T56] usb 6-1: config 0 interface 6 has no altsetting 0 [ 1147.628724][ T56] usb 6-1: New USB device found, idVendor=b633, idProduct=571a, bcdDevice=7f.a6 [ 1147.628753][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1147.628772][ T56] usb 6-1: Product: syz [ 1147.628786][ T56] usb 6-1: Manufacturer: syz [ 1147.628799][ T56] usb 6-1: SerialNumber: syz [ 1147.634217][ T56] usb 6-1: config 0 descriptor?? [ 1147.655919][ T56] usb-storage 6-1:0.6: USB Mass Storage device detected [ 1148.072512][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1149.254829][ T9195] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1149.273884][ T9195] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1149.283185][ T9195] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1149.284504][ T9195] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1149.285325][ T9195] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1150.663004][ T56] usb 6-1: USB disconnect, device number 5 [ 1151.392547][ T9195] Bluetooth: hci5: command tx timeout [ 1153.273075][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1153.442892][ T9195] Bluetooth: hci5: command tx timeout [ 1153.556107][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1155.522721][ T9195] Bluetooth: hci5: command tx timeout [ 1156.326772][T13081] FAULT_INJECTION: forcing a failure. [ 1156.326772][T13081] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.326809][T13081] CPU: 0 UID: 0 PID: 13081 Comm: syz.5.1264 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1156.326836][T13081] Tainted: [L]=SOFTLOCKUP [ 1156.326843][T13081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1156.326855][T13081] Call Trace: [ 1156.326861][T13081] [ 1156.326870][T13081] dump_stack_lvl+0xe8/0x150 [ 1156.326901][T13081] should_fail_ex+0x46c/0x600 [ 1156.326931][T13081] ? ovs_flow_alloc+0x24/0x200 [ 1156.327029][T13081] should_failslab+0xa8/0x100 [ 1156.327049][T13081] ? ovs_flow_alloc+0x24/0x200 [ 1156.327068][T13081] kmem_cache_alloc_noprof+0x84/0x6c0 [ 1156.327102][T13081] ovs_flow_alloc+0x24/0x200 [ 1156.327127][T13081] ovs_flow_cmd_new+0x1ee/0xd80 [ 1156.327180][T13081] ? stack_depot_save_flags+0x33/0x810 [ 1156.327214][T13081] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 1156.327289][T13081] ? rcu_is_watching+0x15/0xb0 [ 1156.327320][T13081] ? __nla_parse+0x40/0x60 [ 1156.327351][T13081] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1156.327380][T13081] genl_family_rcv_msg_doit+0x215/0x300 [ 1156.327407][T13081] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1156.327425][T13081] ? rcu_is_watching+0x15/0xb0 [ 1156.327454][T13081] ? bpf_lsm_capable+0x9/0x20 [ 1156.327471][T13081] ? security_capable+0x7e/0x2e0 [ 1156.327495][T13081] genl_rcv_msg+0x60e/0x790 [ 1156.327520][T13081] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1156.327538][T13081] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 1156.327566][T13081] ? __asan_memcpy+0x40/0x70 [ 1156.327588][T13081] ? __pfx_ref_tracker_free+0x10/0x10 [ 1156.327611][T13081] ? __skb_clone+0x63/0x7a0 [ 1156.327641][T13081] netlink_rcv_skb+0x208/0x470 [ 1156.327667][T13081] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1156.327687][T13081] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1156.327726][T13081] ? netlink_deliver_tap+0x2e/0x1b0 [ 1156.327750][T13081] ? netlink_deliver_tap+0x2e/0x1b0 [ 1156.327777][T13081] genl_rcv+0x28/0x40 [ 1156.327794][T13081] netlink_unicast+0x846/0xa10 [ 1156.327825][T13081] ? __pfx_netlink_unicast+0x10/0x10 [ 1156.327846][T13081] ? __alloc_skb+0x198/0x3a0 [ 1156.327867][T13081] ? netlink_sendmsg+0x642/0xb30 [ 1156.327889][T13081] ? skb_put+0x11b/0x210 [ 1156.327914][T13081] netlink_sendmsg+0x805/0xb30 [ 1156.327948][T13081] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1156.327982][T13081] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1156.328006][T13081] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1156.328032][T13081] __sock_sendmsg+0x21c/0x270 [ 1156.328062][T13081] ____sys_sendmsg+0x508/0x810 [ 1156.328092][T13081] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1156.328124][T13081] ? import_iovec+0x74/0xa0 [ 1156.328145][T13081] ___sys_sendmsg+0x21f/0x2a0 [ 1156.328172][T13081] ? __pfx____sys_sendmsg+0x10/0x10 [ 1156.328230][T13081] ? __fget_files+0x2a/0x420 [ 1156.328250][T13081] ? __fget_files+0x3a6/0x420 [ 1156.328279][T13081] __x64_sys_sendmsg+0x1a1/0x260 [ 1156.328305][T13081] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1156.328345][T13081] ? __pfx_ksys_write+0x10/0x10 [ 1156.328384][T13081] do_syscall_64+0xec/0xf80 [ 1156.328403][T13081] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1156.328422][T13081] ? trace_irq_disable+0x37/0x100 [ 1156.328442][T13081] ? clear_bhb_loop+0x60/0xb0 [ 1156.328465][T13081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1156.328484][T13081] RIP: 0033:0x7f9004b4f749 [ 1156.328501][T13081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1156.328518][T13081] RSP: 002b:00007f9002db6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1156.328539][T13081] RAX: ffffffffffffffda RBX: 00007f9004da5fa0 RCX: 00007f9004b4f749 [ 1156.328553][T13081] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1156.328565][T13081] RBP: 00007f9002db6090 R08: 0000000000000000 R09: 0000000000000000 [ 1156.328577][T13081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1156.328585][T13081] R13: 00007f9004da6038 R14: 00007f9004da5fa0 R15: 00007ffffc1211b8 [ 1156.328617][T13081] [ 1156.579536][T13086] syz.5.1266 uses obsolete (PF_INET,SOCK_PACKET) [ 1158.215033][ T9195] Bluetooth: hci5: command tx timeout [ 1159.820413][T13021] chnl_net:caif_netlink_parms(): no params data found [ 1160.285921][T13063] chnl_net:caif_netlink_parms(): no params data found [ 1162.143526][T13021] bridge0: port 1(bridge_slave_0) entered blocking state [ 1162.143703][T13021] bridge0: port 1(bridge_slave_0) entered disabled state [ 1162.143838][T13021] bridge_slave_0: entered allmulticast mode [ 1162.145292][T13021] bridge_slave_0: entered promiscuous mode [ 1162.253514][T13021] bridge0: port 2(bridge_slave_1) entered blocking state [ 1162.253643][T13021] bridge0: port 2(bridge_slave_1) entered disabled state [ 1162.253842][T13021] bridge_slave_1: entered allmulticast mode [ 1162.255629][T13021] bridge_slave_1: entered promiscuous mode [ 1162.403182][T13063] bridge0: port 1(bridge_slave_0) entered blocking state [ 1162.403309][T13063] bridge0: port 1(bridge_slave_0) entered disabled state [ 1162.403573][T13063] bridge_slave_0: entered allmulticast mode [ 1162.407195][T13063] bridge_slave_0: entered promiscuous mode [ 1163.431432][T13063] bridge0: port 2(bridge_slave_1) entered blocking state [ 1163.431556][T13063] bridge0: port 2(bridge_slave_1) entered disabled state [ 1163.431810][T13063] bridge_slave_1: entered allmulticast mode [ 1163.456432][T13063] bridge_slave_1: entered promiscuous mode [ 1164.120331][T11089] Bluetooth: hci3: command 0x0406 tx timeout [ 1165.596378][T13021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1165.724744][T13021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1165.974672][T13063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1166.076837][T13183] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1280'. [ 1166.099611][T13063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1166.102130][T13021] team0: Port device team_slave_0 added [ 1166.188788][T13021] team0: Port device team_slave_1 added [ 1166.372612][T13131] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1166.522635][T13131] usb 6-1: Using ep0 maxpacket: 32 [ 1166.530904][T13131] usb 6-1: config 1 has an invalid interface number: 117 but max is 2 [ 1166.530938][T13131] usb 6-1: config 1 has an invalid interface number: 116 but max is 2 [ 1166.530956][T13131] usb 6-1: config 1 has an invalid interface number: 34 but max is 2 [ 1166.530966][T13131] usb 6-1: config 1 has no interface number 0 [ 1166.530974][T13131] usb 6-1: config 1 has no interface number 1 [ 1166.530982][T13131] usb 6-1: config 1 has no interface number 2 [ 1166.531020][T13131] usb 6-1: config 1 interface 117 altsetting 211 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 1166.531034][T13131] usb 6-1: config 1 interface 117 altsetting 211 has a duplicate endpoint with address 0xA, skipping [ 1166.531047][T13131] usb 6-1: config 1 interface 117 altsetting 211 has a duplicate endpoint with address 0xA, skipping [ 1166.531058][T13131] usb 6-1: config 1 interface 117 altsetting 211 has a duplicate endpoint with address 0xA, skipping [ 1166.531069][T13131] usb 6-1: config 1 interface 117 altsetting 211 endpoint 0x9 has invalid maxpacket 112, setting to 64 [ 1166.531082][T13131] usb 6-1: config 1 interface 117 altsetting 211 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1166.531096][T13131] usb 6-1: config 1 interface 117 altsetting 211 has a duplicate endpoint with address 0xD, skipping [ 1166.531107][T13131] usb 6-1: config 1 interface 117 altsetting 211 has a duplicate endpoint with address 0x2, skipping [ 1166.531127][T13131] usb 6-1: config 1 interface 116 altsetting 7 has a duplicate endpoint with address 0x3, skipping [ 1166.531138][T13131] usb 6-1: config 1 interface 116 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 1166.531148][T13131] usb 6-1: config 1 interface 116 altsetting 7 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 1166.531160][T13131] usb 6-1: config 1 interface 116 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 1166.531170][T13131] usb 6-1: config 1 interface 116 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 1166.531188][T13131] usb 6-1: config 1 interface 34 altsetting 225 has a duplicate endpoint with address 0xF, skipping [ 1166.531198][T13131] usb 6-1: config 1 interface 117 has no altsetting 0 [ 1166.531206][T13131] usb 6-1: config 1 interface 116 has no altsetting 0 [ 1166.531215][T13131] usb 6-1: config 1 interface 34 has no altsetting 0 [ 1166.557695][T13131] usb 6-1: New USB device found, idVendor=126f, idProduct=a006, bcdDevice=f0.b3 [ 1166.557736][T13131] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1166.557755][T13131] usb 6-1: Manufacturer: ࣪쟞冂冇㧂堂撞棠덖싔 [ 1166.557777][T13131] usb 6-1: SerialNumber: 灰 [ 1166.834948][T13131] usb 6-1: USB disconnect, device number 6 [ 1166.880029][T13063] team0: Port device team_slave_0 added [ 1167.191374][T13063] team0: Port device team_slave_1 added [ 1167.204554][T13021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1167.204566][T13021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1167.204581][T13021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1167.295938][T13021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1167.295950][T13021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1167.295965][T13021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1167.484944][T13189] loop5: detected capacity change from 0 to 7 [ 1167.486968][T13189] Dev loop5: unable to read RDB block 7 [ 1167.487008][T13189] loop5: unable to read partition table [ 1167.487189][T13189] loop5: partition table beyond EOD, truncated [ 1167.488223][T13189] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1167.584885][ T69] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1167.735847][T13063] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1167.735859][T13063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1167.735875][T13063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1167.922893][T13131] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 1167.945084][ T69] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1167.983518][T13063] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1167.983530][T13063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1167.983545][T13063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1168.076220][T13131] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1168.076254][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1168.076269][T13131] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1168.076281][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1168.076294][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1168.077918][T13131] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1168.077949][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1168.077964][T13131] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1168.077977][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1168.077990][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1168.079453][T13131] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1168.079486][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1168.079500][T13131] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1168.079513][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1168.079526][T13131] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1168.244844][T13131] usb 6-1: string descriptor 0 read error: -22 [ 1168.244928][T13131] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1168.244940][T13131] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1168.286459][T13131] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1168.575741][ T69] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1168.622220][T13021] hsr_slave_0: entered promiscuous mode [ 1168.629772][T13021] hsr_slave_1: entered promiscuous mode [ 1168.630540][T13021] debugfs: 'hsr0' already exists in 'hsr' [ 1168.630557][T13021] Cannot create hsr debugfs directory [ 1168.678114][T13103] usb 6-1: USB disconnect, device number 7 [ 1169.025278][ T69] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.053854][T13063] hsr_slave_0: entered promiscuous mode [ 1169.054795][T13063] hsr_slave_1: entered promiscuous mode [ 1169.055362][T13063] debugfs: 'hsr0' already exists in 'hsr' [ 1169.055379][T13063] Cannot create hsr debugfs directory [ 1169.180936][T12822] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1169.392599][T12822] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1169.577467][T12822] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1169.782641][T12822] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1170.708917][T13214] FAULT_INJECTION: forcing a failure. [ 1170.708917][T13214] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1170.708954][T13214] CPU: 1 UID: 0 PID: 13214 Comm: syz.5.1289 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1170.708979][T13214] Tainted: [L]=SOFTLOCKUP [ 1170.708986][T13214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1170.708996][T13214] Call Trace: [ 1170.709003][T13214] [ 1170.709012][T13214] dump_stack_lvl+0xe8/0x150 [ 1170.709042][T13214] should_fail_ex+0x46c/0x600 [ 1170.709071][T13214] prepare_alloc_pages+0x22b/0x6c0 [ 1170.709099][T13214] __alloc_frozen_pages_noprof+0x123/0x370 [ 1170.709123][T13214] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1170.709149][T13214] ? policy_nodemask+0x27c/0x720 [ 1170.709166][T13214] ? lockdep_hardirqs_on+0x7b/0x110 [ 1170.709189][T13214] alloc_pages_mpol+0xd1/0x380 [ 1170.709212][T13214] vma_alloc_folio_noprof+0xe4/0x280 [ 1170.709231][T13214] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1170.709268][T13214] folio_prealloc+0x30/0x180 [ 1170.709298][T13214] do_pte_missing+0x86a/0x27a0 [ 1170.709323][T13214] ? mt_find+0x46f/0x5e0 [ 1170.709416][T13214] ? handle_mm_fault+0xd1/0x1330 [ 1170.709438][T13214] handle_mm_fault+0xcc1/0x1330 [ 1170.709471][T13214] ? handle_mm_fault+0xd1/0x1330 [ 1170.709496][T13214] ? __pfx_handle_mm_fault+0x10/0x10 [ 1170.709535][T13214] ? __lock_acquire+0x6b6/0x2cf0 [ 1170.709565][T13214] ? lock_mm_and_find_vma+0x9c/0x300 [ 1170.709586][T13214] do_user_addr_fault+0x764/0x1380 [ 1170.709620][T13214] exc_page_fault+0x71/0xd0 [ 1170.709640][T13214] asm_exc_page_fault+0x26/0x30 [ 1170.709658][T13214] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1170.709715][T13214] Code: 1f 05 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1170.709731][T13214] RSP: 0018:ffffc90004a3f758 EFLAGS: 00050246 [ 1170.709748][T13214] RAX: ffffffff847b1301 RBX: ffffc90004a3f980 RCX: 0000000000000040 [ 1170.709763][T13214] RDX: 0000000000000000 RSI: ffffc90004a3f980 RDI: 0000200000ff008c [ 1170.709775][T13214] RBP: ffffc90004a3f8d0 R08: ffffc90004a3f9bf R09: 1ffff92000947f37 [ 1170.709789][T13214] R10: dffffc0000000000 R11: fffff52000947f38 R12: 1ffff92000947f6d [ 1170.709803][T13214] R13: 0000200000ff008c R14: ffffc90004a3fb78 R15: 0000000000000040 [ 1170.709825][T13214] ? _copy_to_iter+0x1c1/0x1790 [ 1170.709859][T13214] _copy_to_iter+0x24f/0x1790 [ 1170.709899][T13214] ? __pfx__copy_to_iter+0x10/0x10 [ 1170.709928][T13214] ? chacha_block_generic+0x53/0xc80 [ 1170.709957][T13214] get_random_bytes_user+0x1a0/0x380 [ 1170.709981][T13214] ? __pfx_get_random_bytes_user+0x10/0x10 [ 1170.710024][T13214] aio_read+0x317/0x480 [ 1170.710055][T13214] ? __pfx_aio_read+0x10/0x10 [ 1170.710091][T13214] ? __might_fault+0xb0/0x130 [ 1170.710135][T13214] io_submit_one+0x755/0x1440 [ 1170.710165][T13214] ? irqentry_exit+0x5dd/0x660 [ 1170.710187][T13214] ? __pfx_io_submit_one+0x10/0x10 [ 1170.710211][T13214] ? __might_fault+0xb0/0x130 [ 1170.710246][T13214] ? __might_fault+0xb0/0x130 [ 1170.710284][T13214] __se_sys_io_submit+0x185/0x320 [ 1170.710310][T13214] ? __pfx___se_sys_io_submit+0x10/0x10 [ 1170.710329][T13214] ? ksys_write+0x230/0x260 [ 1170.710367][T13214] do_syscall_64+0xec/0xf80 [ 1170.710385][T13214] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.710403][T13214] ? trace_irq_disable+0x37/0x100 [ 1170.710423][T13214] ? clear_bhb_loop+0x60/0xb0 [ 1170.710445][T13214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.710463][T13214] RIP: 0033:0x7f9004b4f749 [ 1170.710479][T13214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1170.710496][T13214] RSP: 002b:00007f9002db6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 1170.710515][T13214] RAX: ffffffffffffffda RBX: 00007f9004da5fa0 RCX: 00007f9004b4f749 [ 1170.710529][T13214] RDX: 0000200000001580 RSI: 0000000000000001 RDI: 00007f9004d7f000 [ 1170.710542][T13214] RBP: 00007f9002db6090 R08: 0000000000000000 R09: 0000000000000000 [ 1170.710554][T13214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1170.710565][T13214] R13: 00007f9004da6038 R14: 00007f9004da5fa0 R15: 00007ffffc1211b8 [ 1170.710596][T13214] [ 1171.430918][T12836] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1171.469543][T12836] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1171.514250][T12836] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1171.759158][T12836] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1172.305294][T13234] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1294'. [ 1172.682556][T13131] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1172.706497][T12822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1172.782215][T12822] 8021q: adding VLAN 0 to HW filter on device team0 [ 1172.798464][T12836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1172.818378][ T8037] bridge0: port 1(bridge_slave_0) entered blocking state [ 1172.818501][ T8037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1172.844666][T13131] usb 6-1: config 0 has an invalid interface number: 40 but max is 0 [ 1172.844695][T13131] usb 6-1: config 0 has no interface number 0 [ 1172.844741][T13131] usb 6-1: config 0 interface 40 altsetting 3 bulk endpoint 0xA has invalid maxpacket 8 [ 1172.844764][T13131] usb 6-1: config 0 interface 40 altsetting 3 bulk endpoint 0x87 has invalid maxpacket 1024 [ 1172.844787][T13131] usb 6-1: config 0 interface 40 has no altsetting 0 [ 1172.845114][T10633] bridge0: port 2(bridge_slave_1) entered blocking state [ 1172.845318][T10633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1172.847410][T13131] usb 6-1: New USB device found, idVendor=0402, idProduct=5632, bcdDevice=43.16 [ 1172.847436][T13131] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1172.847447][T13131] usb 6-1: Product: syz [ 1172.847454][T13131] usb 6-1: Manufacturer: syz [ 1172.847461][T13131] usb 6-1: SerialNumber: syz [ 1172.860607][T13131] usb 6-1: config 0 descriptor?? [ 1172.947796][T13237] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1172.947918][T13237] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1173.021729][T12836] 8021q: adding VLAN 0 to HW filter on device team0 [ 1173.127120][ T8037] bridge0: port 1(bridge_slave_0) entered blocking state [ 1173.127331][ T8037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1173.161923][T13131] cdc_subset 6-1:0.40: probe with driver cdc_subset failed with error -71 [ 1173.230759][T13131] usb 6-1: USB disconnect, device number 8 [ 1173.328410][ T6756] bridge0: port 2(bridge_slave_1) entered blocking state [ 1173.328613][ T6756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1173.540553][ T69] bridge_slave_1: left allmulticast mode [ 1173.540581][ T69] bridge_slave_1: left promiscuous mode [ 1173.540806][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1173.645212][ T69] bridge_slave_0: left allmulticast mode [ 1173.645243][ T69] bridge_slave_0: left promiscuous mode [ 1173.645504][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1173.762264][ T69] bridge_slave_1: left allmulticast mode [ 1173.768582][ T69] bridge_slave_1: left promiscuous mode [ 1173.768842][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 1173.823345][ T69] bridge_slave_0: left allmulticast mode [ 1173.823366][ T69] bridge_slave_0: left promiscuous mode [ 1173.823559][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 1175.149950][T11089] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1175.163917][T11089] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1175.166830][T11089] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1175.167996][T11089] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1175.168809][T11089] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1176.255734][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1176.313945][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1176.357619][ T69] bond0 (unregistering): Released all slaves [ 1176.486315][T13257] FAULT_INJECTION: forcing a failure. [ 1176.486315][T13257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1176.486341][T13257] CPU: 1 UID: 0 PID: 13257 Comm: syz.5.1296 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1176.486367][T13257] Tainted: [L]=SOFTLOCKUP [ 1176.486373][T13257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1176.486385][T13257] Call Trace: [ 1176.486392][T13257] [ 1176.486400][T13257] dump_stack_lvl+0xe8/0x150 [ 1176.486434][T13257] should_fail_ex+0x46c/0x600 [ 1176.486469][T13257] _copy_from_iter+0x1cd/0x1630 [ 1176.486500][T13257] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1176.486542][T13257] ? __pfx__copy_from_iter+0x10/0x10 [ 1176.486578][T13257] ? dev_get_by_index+0x22/0x2e0 [ 1176.486610][T13257] ? dev_get_by_index+0x22/0x2e0 [ 1176.486649][T13257] packet_sendmsg+0x3072/0x5080 [ 1176.486734][T13257] ? do_sys_openat2+0x15a/0x200 [ 1176.486747][T13257] ? kernel_text_address+0xa5/0xe0 [ 1176.486764][T13257] ? __kernel_text_address+0xd/0x40 [ 1176.486781][T13257] ? __lock_acquire+0x6b6/0x2cf0 [ 1176.486803][T13257] ? smack_socket_sendmsg+0x1fa/0x520 [ 1176.486818][T13257] ? kstrtouint+0x6e/0xe0 [ 1176.486831][T13257] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 1176.486845][T13257] ? get_pid_task+0x20/0x1f0 [ 1176.486860][T13257] ? __pfx_packet_sendmsg+0x10/0x10 [ 1176.486878][T13257] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 1176.486893][T13257] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1176.486906][T13257] ? __pfx_packet_sendmsg+0x10/0x10 [ 1176.486928][T13257] __sock_sendmsg+0x21c/0x270 [ 1176.486947][T13257] __sys_sendto+0x3c7/0x520 [ 1176.486959][T13257] ? __pfx___sys_sendto+0x10/0x10 [ 1176.486982][T13257] ? ksys_write+0x230/0x260 [ 1176.486997][T13257] ? __pfx_ksys_write+0x10/0x10 [ 1176.487013][T13257] __x64_sys_sendto+0xde/0x100 [ 1176.487026][T13257] do_syscall_64+0xec/0xf80 [ 1176.487037][T13257] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.487047][T13257] ? trace_irq_disable+0x37/0x100 [ 1176.487059][T13257] ? clear_bhb_loop+0x60/0xb0 [ 1176.487071][T13257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.487081][T13257] RIP: 0033:0x7f9004b4f749 [ 1176.487091][T13257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1176.487099][T13257] RSP: 002b:00007f9002db6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1176.487112][T13257] RAX: ffffffffffffffda RBX: 00007f9004da5fa0 RCX: 00007f9004b4f749 [ 1176.487119][T13257] RDX: 000000000000fce0 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1176.487126][T13257] RBP: 00007f9002db6090 R08: 0000200000000140 R09: 0000000000000014 [ 1176.487133][T13257] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 1176.487139][T13257] R13: 00007f9004da6038 R14: 00007f9004da5fa0 R15: 00007ffffc1211b8 [ 1176.487154][T13257] [ 1176.550932][ T9195] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1176.574623][ T9195] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1176.576166][ T9195] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1176.585728][ T9195] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1176.586488][ T9195] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1177.211293][ T9195] Bluetooth: hci0: command tx timeout [ 1177.368999][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.369066][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.754045][ T69] bond1 (unregistering): (slave vlan2): Releasing active interface [ 1177.793753][ T69] bond1 (unregistering): Released all slaves [ 1177.882876][ T56] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 1178.110204][ T56] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1178.110237][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1178.110252][ T56] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1178.110264][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1178.110277][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1178.111284][ T56] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1178.111313][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1178.111327][ T56] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1178.111339][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1178.111352][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1178.220315][ T56] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 1178.220355][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1178.220369][ T56] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1178.220382][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1178.220395][ T56] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1178.280765][ T56] usb 6-1: string descriptor 0 read error: -22 [ 1178.280893][ T56] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1178.280916][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1178.327273][ T56] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1178.678063][ T56] usb 6-1: USB disconnect, device number 9 [ 1178.902748][ T9195] Bluetooth: hci2: command tx timeout [ 1179.033556][ T69] bond2 (unregistering): (slave veth3): Releasing active interface [ 1179.094506][ T69] bond2 (unregistering): Released all slaves [ 1179.282737][ T9195] Bluetooth: hci0: command tx timeout [ 1179.340907][T13273] binder: 13272:13273 ioctl 4018620d 0 returned -22 [ 1180.127958][ T69] bond3 (unregistering): (slave veth5): Releasing active interface [ 1180.184664][ T69] bond3 (unregistering): Released all slaves [ 1180.962535][ T9195] Bluetooth: hci2: command tx timeout [ 1181.372655][ T9195] Bluetooth: hci0: command tx timeout [ 1182.003405][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1182.063229][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1182.085234][ T69] bond0 (unregistering): Released all slaves [ 1182.592406][T13275] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1302'. [ 1182.857748][ T69] IPVS: stopping backup sync thread 6407 ... [ 1183.068754][ T9195] Bluetooth: hci2: command tx timeout [ 1183.442709][ T9195] Bluetooth: hci0: command tx timeout [ 1185.904501][ T9195] Bluetooth: hci2: command tx timeout [ 1186.653540][T13313] warning: `syz.5.1314' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1188.222486][ T69] hsr_slave_0: left promiscuous mode [ 1188.243043][ T69] hsr_slave_1: left promiscuous mode [ 1188.243943][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1188.243968][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1188.294192][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1188.294221][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1188.452454][ T69] hsr_slave_0: left promiscuous mode [ 1188.492626][ T69] hsr_slave_1: left promiscuous mode [ 1188.494883][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1188.513869][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1188.681648][ T69] veth1_macvtap: left promiscuous mode [ 1188.681753][ T69] veth0_macvtap: left promiscuous mode [ 1188.682026][ T69] veth1_vlan: left promiscuous mode [ 1188.682191][ T69] veth0_vlan: left promiscuous mode [ 1189.542121][T13332] 9p: Bad value for 'rfdno' [ 1190.116413][ T6032] smc: removing ib device syz2 [ 1192.092984][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1192.354065][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1195.946001][ T69] team0 (unregistering): Port device team_slave_1 removed [ 1196.215780][ T69] team0 (unregistering): Port device team_slave_0 removed [ 1198.238931][T11089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1198.256080][T11089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1198.259538][T11089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1198.260970][T11089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1198.262118][T11089] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1198.862663][ T5886] ================================================================== [ 1198.862680][ T5886] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.862805][ T5886] Read of size 8 at addr ffff88804c00c2e8 by task kworker/1:6/5886 [ 1198.862820][ T5886] [ 1198.862834][ T5886] CPU: 1 UID: 0 PID: 5886 Comm: kworker/1:6 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1198.862858][ T5886] Tainted: [L]=SOFTLOCKUP [ 1198.862864][ T5886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1198.862876][ T5886] Workqueue: events smc_ib_port_event_work [ 1198.862936][ T5886] Call Trace: [ 1198.862943][ T5886] [ 1198.862951][ T5886] dump_stack_lvl+0xe8/0x150 [ 1198.862976][ T5886] print_report+0xca/0x240 [ 1198.862996][ T5886] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.863020][ T5886] kasan_report+0x118/0x150 [ 1198.863046][ T5886] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.863072][ T5886] __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.863097][ T5886] ib_get_eth_speed+0x15e/0x7b0 [ 1198.863118][ T5886] ? lock_acquire+0x107/0x340 [ 1198.863139][ T5886] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 1198.863163][ T5886] ? lockdep_hardirqs_on+0x7b/0x110 [ 1198.863178][ T5886] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1198.863195][ T5886] ? rxe_query_port+0x7e/0x3d0 [ 1198.863214][ T5886] rxe_query_port+0x93/0x3d0 [ 1198.863237][ T5886] ib_query_port+0x170/0x830 [ 1198.863262][ T5886] smc_ib_port_event_work+0x16f/0x940 [ 1198.863282][ T5886] ? process_scheduled_works+0x9ef/0x1770 [ 1198.863302][ T5886] ? process_scheduled_works+0x9ef/0x1770 [ 1198.863319][ T5886] process_scheduled_works+0xad1/0x1770 [ 1198.863346][ T5886] ? __pfx_process_scheduled_works+0x10/0x10 [ 1198.863362][ T5886] ? do_raw_spin_lock+0x121/0x290 [ 1198.863384][ T5886] worker_thread+0x8a0/0xda0 [ 1198.863410][ T5886] kthread+0x711/0x8a0 [ 1198.863431][ T5886] ? __pfx_worker_thread+0x10/0x10 [ 1198.863452][ T5886] ? __pfx_kthread+0x10/0x10 [ 1198.863471][ T5886] ? rt_spin_unlock+0x150/0x200 [ 1198.863493][ T5886] ? rt_spin_unlock+0x161/0x200 [ 1198.863511][ T5886] ? __pfx_kthread+0x10/0x10 [ 1198.863532][ T5886] ret_from_fork+0x510/0xa50 [ 1198.863549][ T5886] ? __pfx_ret_from_fork+0x10/0x10 [ 1198.863565][ T5886] ? __switch_to+0xc9e/0x1480 [ 1198.863588][ T5886] ? __pfx_kthread+0x10/0x10 [ 1198.863608][ T5886] ret_from_fork_asm+0x1a/0x30 [ 1198.863635][ T5886] [ 1198.863641][ T5886] [ 1198.863645][ T5886] Allocated by task 5795: [ 1198.863652][ T5886] kasan_save_track+0x3e/0x80 [ 1198.863672][ T5886] __kasan_kmalloc+0x93/0xb0 [ 1198.863691][ T5886] __kvmalloc_node_noprof+0x408/0x940 [ 1198.863712][ T5886] alloc_netdev_mqs+0xa6/0x11b0 [ 1198.863732][ T5886] rtnl_create_link+0x31f/0xcf0 [ 1198.863758][ T5886] rtnl_newlink_create+0x25c/0xb00 [ 1198.863775][ T5886] rtnl_newlink+0x16e7/0x1c90 [ 1198.863789][ T5886] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1198.863803][ T5886] netlink_rcv_skb+0x208/0x470 [ 1198.863821][ T5886] netlink_unicast+0x846/0xa10 [ 1198.863836][ T5886] netlink_sendmsg+0x805/0xb30 [ 1198.863853][ T5886] __sock_sendmsg+0x21c/0x270 [ 1198.863873][ T5886] __sys_sendto+0x3c7/0x520 [ 1198.863887][ T5886] __x64_sys_sendto+0xde/0x100 [ 1198.863902][ T5886] do_syscall_64+0xec/0xf80 [ 1198.863915][ T5886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.863929][ T5886] [ 1198.863933][ T5886] Freed by task 69: [ 1198.863940][ T5886] kasan_save_track+0x3e/0x80 [ 1198.863957][ T5886] kasan_save_free_info+0x46/0x50 [ 1198.863973][ T5886] __kasan_slab_free+0x5c/0x80 [ 1198.863992][ T5886] kfree+0x1bd/0x900 [ 1198.864008][ T5886] device_release+0x9e/0x1d0 [ 1198.864025][ T5886] kobject_put+0x228/0x570 [ 1198.864072][ T5886] netdev_run_todo+0xd2c/0xea0 [ 1198.864090][ T5886] default_device_exit_batch+0x969/0x9e0 [ 1198.864105][ T5886] ops_undo_list+0x525/0x990 [ 1198.864120][ T5886] cleanup_net+0x4de/0x7b0 [ 1198.864135][ T5886] process_scheduled_works+0xad1/0x1770 [ 1198.864149][ T5886] worker_thread+0x8a0/0xda0 [ 1198.864164][ T5886] kthread+0x711/0x8a0 [ 1198.864182][ T5886] ret_from_fork+0x510/0xa50 [ 1198.864194][ T5886] ret_from_fork_asm+0x1a/0x30 [ 1198.864214][ T5886] [ 1198.864218][ T5886] The buggy address belongs to the object at ffff88804c00c000 [ 1198.864218][ T5886] which belongs to the cache kmalloc-cg-4k of size 4096 [ 1198.864232][ T5886] The buggy address is located 744 bytes inside of [ 1198.864232][ T5886] freed 4096-byte region [ffff88804c00c000, ffff88804c00d000) [ 1198.864248][ T5886] [ 1198.864252][ T5886] The buggy address belongs to the physical page: [ 1198.864266][ T5886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c008 [ 1198.864281][ T5886] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1198.864294][ T5886] memcg:ffff8880289b5901 [ 1198.864301][ T5886] anon flags: 0x80000000000040(head|node=0|zone=1) [ 1198.864319][ T5886] page_type: f5(slab) [ 1198.864337][ T5886] raw: 0080000000000040 ffff88813ff30500 0000000000000000 dead000000000001 [ 1198.864351][ T5886] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff8880289b5901 [ 1198.864365][ T5886] head: 0080000000000040 ffff88813ff30500 0000000000000000 dead000000000001 [ 1198.864379][ T5886] head: 0000000000000000 0000000000040004 00000000f5000000 ffff8880289b5901 [ 1198.864393][ T5886] head: 0080000000000003 ffffea0001300201 00000000ffffffff 00000000ffffffff [ 1198.864407][ T5886] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 1198.864415][ T5886] page dumped because: kasan: bad access detected [ 1198.864423][ T5886] page_owner tracks the page as allocated [ 1198.864428][ T5886] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5799, tgid 5799 (syz-executor), ts 82875583269, free_ts 0 [ 1198.864455][ T5886] post_alloc_hook+0x234/0x290 [ 1198.864475][ T5886] get_page_from_freelist+0x28c0/0x2960 [ 1198.864489][ T5886] __alloc_frozen_pages_noprof+0x181/0x370 [ 1198.864502][ T5886] alloc_pages_mpol+0xd1/0x380 [ 1198.864515][ T5886] allocate_slab+0x86/0x3b0 [ 1198.864531][ T5886] ___slab_alloc+0xb10/0x13e0 [ 1198.864544][ T5886] __slab_alloc+0xc6/0x1f0 [ 1198.864557][ T5886] __kmalloc_node_track_caller_noprof+0x2bf/0x810 [ 1198.864577][ T5886] kmemdup_noprof+0x2b/0x70 [ 1198.864593][ T5886] __addrconf_sysctl_register+0x9e/0x4c0 [ 1198.864656][ T5886] addrconf_sysctl_register+0x168/0x1c0 [ 1198.864677][ T5886] ipv6_add_dev+0xd64/0x1400 [ 1198.864693][ T5886] addrconf_notify+0x771/0x1050 [ 1198.864713][ T5886] notifier_call_chain+0x19d/0x3a0 [ 1198.864731][ T5886] register_netdevice+0x15d2/0x1a80 [ 1198.864749][ T5886] virt_wifi_newlink+0x428/0x860 [ 1198.864769][ T5886] page_owner free stack trace missing [ 1198.864774][ T5886] [ 1198.864778][ T5886] Memory state around the buggy address: [ 1198.864786][ T5886] ffff88804c00c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1198.864796][ T5886] ffff88804c00c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1198.864807][ T5886] >ffff88804c00c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1198.864815][ T5886] ^ [ 1198.864824][ T5886] ffff88804c00c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1198.864835][ T5886] ffff88804c00c380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1198.864843][ T5886] ================================================================== [ 1198.864864][ T5886] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1198.864881][ T5886] CPU: 1 UID: 0 PID: 5886 Comm: kworker/1:6 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1198.864904][ T5886] Tainted: [L]=SOFTLOCKUP [ 1198.864911][ T5886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1198.864922][ T5886] Workqueue: events smc_ib_port_event_work [ 1198.864949][ T5886] Call Trace: [ 1198.864955][ T5886] [ 1198.864962][ T5886] vpanic+0x1e0/0x670 [ 1198.864987][ T5886] panic+0xb9/0xc0 [ 1198.865010][ T5886] ? __pfx_panic+0x10/0x10 [ 1198.865034][ T5886] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.865065][ T5886] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.865091][ T5886] check_panic_on_warn+0x89/0xb0 [ 1198.865118][ T5886] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.865149][ T5886] end_report+0x6f/0x140 [ 1198.865175][ T5886] kasan_report+0x129/0x150 [ 1198.865202][ T5886] ? __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.865230][ T5886] __ethtool_get_link_ksettings+0x5e/0x170 [ 1198.865257][ T5886] ib_get_eth_speed+0x15e/0x7b0 [ 1198.865279][ T5886] ? lock_acquire+0x107/0x340 [ 1198.865303][ T5886] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 1198.865330][ T5886] ? lockdep_hardirqs_on+0x7b/0x110 [ 1198.865346][ T5886] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1198.865363][ T5886] ? rxe_query_port+0x7e/0x3d0 [ 1198.865383][ T5886] rxe_query_port+0x93/0x3d0 [ 1198.865404][ T5886] ib_query_port+0x170/0x830 [ 1198.865431][ T5886] smc_ib_port_event_work+0x16f/0x940 [ 1198.865455][ T5886] ? process_scheduled_works+0x9ef/0x1770 [ 1198.865479][ T5886] ? process_scheduled_works+0x9ef/0x1770 [ 1198.865499][ T5886] process_scheduled_works+0xad1/0x1770 [ 1198.865530][ T5886] ? __pfx_process_scheduled_works+0x10/0x10 [ 1198.865549][ T5886] ? do_raw_spin_lock+0x121/0x290 [ 1198.865576][ T5886] worker_thread+0x8a0/0xda0 [ 1198.865602][ T5886] kthread+0x711/0x8a0 [ 1198.865627][ T5886] ? __pfx_worker_thread+0x10/0x10 [ 1198.865646][ T5886] ? __pfx_kthread+0x10/0x10 [ 1198.865668][ T5886] ? rt_spin_unlock+0x150/0x200 [ 1198.865695][ T5886] ? rt_spin_unlock+0x161/0x200 [ 1198.865717][ T5886] ? __pfx_kthread+0x10/0x10 [ 1198.865741][ T5886] ret_from_fork+0x510/0xa50 [ 1198.865770][ T5886] ? __pfx_ret_from_fork+0x10/0x10 [ 1198.865789][ T5886] ? __switch_to+0xc9e/0x1480 [ 1198.865817][ T5886] ? __pfx_kthread+0x10/0x10 [ 1198.865841][ T5886] ret_from_fork_asm+0x1a/0x30 [ 1198.865876][ T5886] [ 1198.866221][ T5886] Kernel Offset: disabled