last executing test programs: 31.396743235s ago: executing program 3 (id=3366): syz_usb_disconnect(0xffffffffffffffff) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd020000000000010902240001000000000904000001030000000921050000012205000905810300"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 28.144669797s ago: executing program 3 (id=3376): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2}}, 0x20) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, 0x0, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, &(0x7f0000000240)=@n={0x2, 0xf, @SEQ_NOTEON=@note=0x75, 0x5b}) bind$alg(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r2}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0xa, 0x3, 0x3, @local}, r2}}, 0x48) r4 = request_key(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000300)='\x00', 0x0) keyctl$instantiate(0xc, r4, &(0x7f0000000340)=@encrypted_update={'update ', 'default', 0x20, 'user:', '/dev/infiniband/rdma_cm\x00'}, 0x2d, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f00000000c0)={0x12, 0x10, 0xfa00, {0x0, r2, r1}}, 0x18) close_range(r0, 0xffffffffffffffff, 0x400000000000000) r5 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000105804165000000000000109022400010000c040090400c173f916c7e499150900000122a000090581034000000000"], 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io(r5, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r5, 0x0, 0x0) r6 = io_uring_setup(0x74f8, &(0x7f00000005c0)) newfstatat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r8 = getgid() write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x80000000, 0x5, 0x0, {0x3, 0x5, 0x3, 0x0, 0x1, 0xfff, 0x2, 0x3, 0x528f, 0xa000, 0xa, r7, r8, 0x200, 0x3ff}}}, 0x78) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) close_range(r6, r3, 0x0) shmget$private(0x0, 0x3000, 0x54000001, &(0x7f000017e000/0x3000)=nil) r9 = shmget$private(0x0, 0x1000, 0x1000, &(0x7f0000298000/0x1000)=nil) r10 = shmat(r9, &(0x7f0000ffe000/0x1000)=nil, 0x0) mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='user.syz\x00', &(0x7f0000000080)='\x00', 0x1, 0x0) shmdt(r10) 26.801885931s ago: executing program 2 (id=3379): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="41f9ae6ea15881b70000000000000000020000000000000900000000060015000400000014001680100008800c0002800600010000030000"], 0x38}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) add_key$user(0x0, &(0x7f0000000140), 0x0, 0x0, 0xfffffffffffffffd) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x2c9ab000) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000001200)={0x329, 0x7d, 0x2, {{0x500, 0x1e8, 0x7, 0xfffffffa, {0x0, 0x0, 0x400}, 0x8b00000, 0x3, 0x0, 0x0, 0x30, '\x04~o\xc8&\xc9}`\x99\x05\xed\x00\x00\x00\x8b\xa3\xd3\x00\x00\x00\x00\x000O\xb6\xd1\x80\xf0\xb3G\xfd\x11\xe4\xc2\xd5d6(\xcd^Z\x84b\xee\rR&m', 0x55, 'p\x03\x00\x00\x00\x00\x00\x00\x00\x1f[\xde\x05@\x00\x00\x00\x00\x18;\x82\x00\t\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15zh\xb7\x85D\x10\xa8\x04\xa4\x81A\x1d\xa1\x7fq\xb1\xdc\x19s\xa5[\b\xf7\xaei\x81\x06L\x94\xfaXmg\x041\xabzz\x9e\xef\x86\xf1\xb4', 0x17, '\xcf\xc2\x00\x10\xbf3\x00\x00\x00\x00\x00\x00\x00\x00\x0fX\x05\x02\xb6n\x00\xf3\x13', 0x119, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xcf\xbd\x9aY\xad\x1d\x1aB\x94N\xeb$]]\x8f\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe\x04\x1d\xa0\x8d\vY\b\xc3b]\xb2.\b\x90\xe11\x9b\xd2\xa5\xdf\xa1C\x80\xa5\xa7\x9c\x0e\x8e\xeb\xdc\xd0\x15\xa5\v\x9c\x0e\xb2\x87\xe6\xf3\xd0\x1d\x81\x9btdRw\x1c@\xe7sUcrs\xf4=$\xb5\n\xba\xc3h\xb9\x13Jt\xcd\x04\xa5\xa1\xaf\x05\x02Ts{\x9c\xfdS\xe3N\xf1`\x12\xa9\x01\x04\x00\x00\x00\x00\x00\x00Z\x7f\xe8\x10\x81\xbd\xd7\x9c\xc9XCB\xb4q\x9a\xd4u\xd4~\xa6\xce\xa0\xd0\x866T\xf7\x90\x13\x86\xfe^\xfc\xdc\xc4F\xab\xdb\t1\xb6\n\xad\x98\x9dL\x8e\xfe\xe7\xabY#\xd7,t\xac\x90\xe2\x1d\x81~:2J\xb24>D\xf3\x10\x7f\xb3\xfc\xaa\xc5f\xc8\xae\xce\xde\x96\xb8\xc4\x01\x19\x98#\xf5\xe9\x83\xa5\xea\'Sy\x9e\x81\xf7O\x87\xd0'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x05\x00\x00\x00\x00\x00\x00\x00\xc2g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, r4, r5}}, 0x329) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x208000) msgget$private(0x0, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_LOG_STATUS(r6, 0x5646, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') preadv(r7, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0) fsopen(0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ftruncate(r8, 0x2007ff3) copy_file_range(r8, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffa003e459, 0x700000000000000) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x16, 0x0, 0x0, 0x4}]}, 0x10) 25.971926647s ago: executing program 3 (id=3384): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r1, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x34}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x36, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0xfe, 0x0}, @local}, {{0xc00, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"4adcda08f6e83e2aa00e133f88a8"}}}}, 0x44) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000180)={0x20, 0x15, 0x4, "b03f99ea"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 25.670473939s ago: executing program 2 (id=3386): socket$alg(0x26, 0x5, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f00000002c0)={0x34, &(0x7f0000000100)={0x20, 0x14, 0x1, 'l'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000021337475cb5cd1fd36ab5cb09d43cdfdf82d5229b326b6a6f23a42625f9aa29d6c8e4261e7f681ee2a899a57d3419bed35fc324a951569a6f9b35f1d48abd6ef2ef77d8d7472bb50e1ae694e28f36a3ed4998e2f14490d9db8a93c5ccad0079cb5f9af317c6d38789e4440b1680cf0c565dad4ba90d9d6c7627294b974c0cda5ba9fb209e18107a119a27718deaac7a26fdfd26a96a1ba4c482035d14c49a336c8c1824147154ff44a679015ea407cdeb6b34bfdd1e817adc59370af556b2c0042529a867f0572971bc320645ed2b842169bb25aef7bdfad00038fc6c453ac58e6"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000014c0)={r3}, 0x4) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000004a008d2a00000000000000000a"], 0x1c}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xe0800, 0x0) r5 = creat(&(0x7f0000000240)='./file0\x00', 0x1) write$cgroup_int(r5, &(0x7f0000000540), 0xfffffdd8) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r6 = semget$private(0x0, 0x4000000009, 0x42a) semop(r6, &(0x7f00000002c0)=[{0x0, 0x9b6a}, {0x4, 0x202}], 0x2) semctl$IPC_SET(r6, 0x0, 0x1, &(0x7f0000002240)={{0x2, 0x0, 0x0, 0x0, 0x0, 0x10a, 0x3}, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x3}) 24.582466779s ago: executing program 4 (id=3390): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x0, 0xfffffffd, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) getegid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000001180)) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x40, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xa, 0x1}) r5 = socket$inet_udp(0x2, 0x2, 0x0) unshare(0x22020600) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x1a3c82) clock_gettime(0x0, &(0x7f0000000f80)={0x0, 0x0}) recvmmsg(r5, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000b00)}, 0x3ff}], 0x1, 0x120, &(0x7f0000000fc0)={r6, r7+60000000}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r8, &(0x7f0000000040), 0x2) close(r8) r9 = syz_open_dev$radio(&(0x7f0000000200), 0x1, 0x2) ioctl$VIDIOC_G_MODULATOR(r9, 0xc0445636, &(0x7f0000000100)={0x0, "a3a1b56a4c84226a928a751f1cb50b3e6421ca43d00c7441b04e9026e3dbaf07"}) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) r11 = socket$rds(0x15, 0x5, 0x0) bind$rds(r11, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r11, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r10, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, r12, 0x0, 0xfffffffffffffff7, 0x6}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r10, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r12, 0x0, 0x0, 0x0, 0x0, 0x1}) 23.553030489s ago: executing program 0 (id=3393): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x0, 0xfffffffd, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) getegid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000001180)) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x40, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xa, 0x1}) r5 = socket$inet_udp(0x2, 0x2, 0x0) unshare(0x22020600) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x1a3c82) clock_gettime(0x0, &(0x7f0000000f80)={0x0, 0x0}) recvmmsg(r5, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000b00)}, 0x3ff}, {{&(0x7f0000000c80)=@in6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000e80)}, 0xf3f1}], 0x2, 0x120, &(0x7f0000000fc0)={r6, r7+60000000}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r8, &(0x7f0000000040), 0x2) close(r8) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = socket$rds(0x15, 0x5, 0x0) bind$rds(r10, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r10, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{0x0}], 0x1}}], 0x48}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, r11, 0x0, 0xfffffffffffffff7, 0x6}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, r11, 0x0, 0x80000004, 0x2f15b896}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r11, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000001340)={0x28, 0x1, r11, 0x0, &(0x7f0000201000/0x1000)=nil, 0x1000, 0x5}) 23.370379362s ago: executing program 1 (id=3394): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x0, 0xfffffffd, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) getegid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000001180)) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x40, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xa, 0x1}) r5 = socket$inet_udp(0x2, 0x2, 0x0) unshare(0x22020600) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x1a3c82) clock_gettime(0x0, &(0x7f0000000f80)={0x0, 0x0}) recvmmsg(r5, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000b00)}, 0x3ff}, {{&(0x7f0000000c80)=@in6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000e80)}, 0xf3f1}], 0x2, 0x120, &(0x7f0000000fc0)={r6, r7+60000000}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r8, &(0x7f0000000040), 0x2) close(r8) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = socket$rds(0x15, 0x5, 0x0) bind$rds(r10, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r10, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{0x0}], 0x1}}], 0x48}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, r11, 0x0, 0xfffffffffffffff7, 0x6}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, r11, 0x0, 0x80000004, 0x2f15b896}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r11, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000001340)={0x28, 0x1, r11, 0x0, &(0x7f0000201000/0x1000)=nil, 0x1000, 0x5}) 23.354264818s ago: executing program 4 (id=3395): r0 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x200000, 0xca, 0x2}, 0x18) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4) truncate(&(0x7f00000000c0)='./file0/file0\x00', 0x5) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0/file0\x00'}) write$binfmt_register(r1, &(0x7f0000000140)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x0, 0x3a, '', 0x3a, '-\xa6\'-(,#\x00', 0x3a, './file0/file1', 0x3a, [0x59]}, 0x36) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x28, &(0x7f0000000180)={@private=0xa010100, @broadcast, @local}, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$xdp(0x2c, 0x3, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SNDCTL_TMR_SOURCE(r0, 0xc0045406) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x10010, r1, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x1010, r0, 0x10000000) r6 = syz_open_procfs$pagemap(0x0, &(0x7f00000001c0)) r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000280)=@IORING_OP_FILES_UPDATE={0x14, 0x18, 0x0, 0x0, 0x6, &(0x7f0000000240)=[r2, r6, r7], 0x3, 0x0, 0x0, {0x0, r8}}) flistxattr(r1, &(0x7f00000002c0)=""/177, 0xb1) socket$l2tp(0x2, 0x2, 0x73) write$UHID_INPUT(r1, &(0x7f0000000380)={0x8, {"502d596cbf32cc5235a2713718e456c317304c0de0cbe3493fa0f87b971c2c23489a044a68701c985a280bc6acda0904affd27bf78d5b27080117b2907838c0fce6da5a5745222d7c5e784a3f80d83439b23e08bc9c07244bb2d06311c85502f0ff585e113c82ca0507843d51145a8a7e2f301a16b2f4975b4fa73f2d630fe244274d8d27ebfae61f4ae0e15850adbeb0bd160d2b663609264a5edd84fda235bd6d03295cac42ab8ff0c75981f7e72d86d70d4b2e4141469c3ab0ff1f7266b3f40b7d5d01697aa8759ce5773ad1d07126bc050452b835ffa67b42d3b67d23b25777bee8563fbc8ef65293ffcc44dffb4c557a9f68be7592c45475d0a5428374187087801af98a5267729579ca3078d87b2603812926faba7065f77f09765b08e4816e64e9c88258b8c8d807ff2897ee2437e8a01c7e2117cc31979f64b98d456c870094cd7aa8d6b18027ddd3a77bff0b4d139be2e6d1147661c62064ff6f650e9e464054e89295d9051cb7124ed317dbb6830be7d5e4b022679043b2fe884f30b57a00295220c0dadcb97d102e83fd205aaa9baad40d8630635f290a4c138b42ccad7a91c458164a6b8c89dc9b2c70ee7a45de98cb5791a9929c2e0f5fca7344d4aa636ca90a1e89bbc7427756cfdc13a6d9f62112db50cfd30f3e9c79ac6f64b39515d8f38ae882ce9fde52e90fcf4e757bb9af3eb5d42ddc30013372ade45bf304e775894d35a408611c8d407202c00b2f3e71b3b689e64cff6625d2f7d4e1c867af842ab75f7b04318b5aed32fe0435ac018c4a213691a9d82c3effe2c115531b1394ae0dd0b2eaff82d4a9377f458466b9044f9c6052eb81ff4288786101d0d3ef9f0fac046e9d8537aeba6b90d8136f144d131d368fd89cc628e51107917c0b2992f9af6a62a3140b11539ec33f0331619d748938c1e29f59f548ef70d3faa4f1d0dcf179e4a8bd9ea9e2704d4d80d55a1698f8a3c92aceae4221ae1d6046d8571b2b856c993ddfed3259da389274fec1165140556e20eaf4a5774904035133f1e21c08ea9ba0b4578f3a286d2c8ab0c08c1f0cb132d19c14dc052ebd2c419ed855e1ea45c4e535c1f92a9034cb593e3328c6dfd96064f7708ef404660e3d683097fc5c2c26cbb42a47f6442e80f6dcba67ca2a5dcabde7f7f88e9f8a75b31e024148d9179935a994610eeb2f168fe273d20a30d23538cb94d5581d4fefdd1471a29e91f3d2f8554c3fbb50e39705620d1689ba2c7a661c8ebe09b35022367848ecdf6bc5ff57e09bfec0d3453f8a2c17a7b4016bac0a3288b4ae990b5a4fa7feec465b3ac8e9b062f16147eabdf79697d8b1f167ebaac9128e19478eeb83c12a32a92ec1a8e5e1e0fd254989c3f342c03cffdba7c4397182ebcaa91afe0c85181347221b2227adfb133964795eadfceec5ef92395dfad9bea3a2c56b29c9f54284e425571ccf5b78bff8761d3772103793bd7393e851133521c39dd51975bc9aec22e5699537b76ed74ec0181cd8239943635d1bff25fa4093e455b8d2261ca5ade2b2ad2c6a8c4ad1084dedfff17ccd40f72cf6f3c936dd171ef337122b77680d1f3fe4da964558d5475aed5b1f0b863569188840c25e8b1f279042bbfeb4f627cdd92530abe1676be107c785de4804830e160d6fc7741f8bd181e8985aadc0b5b594b4469b8d1721ec1dee9fb0f8ac4e78a6be264ae8f2eb69d249bb91d7259784b6500560e277ccf9aa2f924aa81e3d4fdfbe9a35bc1ad60e3cdb05cf2cd5b9dc6a3e5ae83492d68a8de82e2f7e229c9c7fe3fdb171a34402aa3864039fcdbbc76976e20b9973a113e002ebff140beb8d87fe71eb6dadaa5e15e6541fd93b53291a1cc1b84e559efc0c205a1836d2fc2c88538a803c5ce61042c37950da05a55c5df8cca38d898abc51823392e6a8b4baa3e57ec88f68400fc57a3f9ec9d2af2b4ce1ec299b3007a743ce80506e903eecf8a049d216c44cd9bd691ac34fa37281854f4404ec96716346213988a91cb0422ba3e31893e9e60b7b7d8aa3d0895d6c25af33196be52e6700a8788ade7fcae697d9fd0220526f3f3c0dbba432ab3ae07c89a68b8718be4c5d794f2daeedbf51a120c611ff90718049dc661a8384fd9915df168ac1aadba9537c5521e6c499cb4806389d60e9317f85d827c62e5a68e7c738cdbe2473148bed68300a9b788fad3f4521ab1e178ce8a2db96bd2956a51a4f30d453dc6ac2e3d7e9d9a6d0062b3ec0ee46433b2a103816fa3cef204a1a1e37ba7b388b5f964a89a161663faff54785abf39662212c40277b4c38d57b8cda01b0b4ca313f60c61cfcfc5fc65d8022bf2542ff6ebcf3958c5d344cfb4ac314469de7f140ee030ce1ca414e5c9306df9d84654e55808ad71c2847562e570f72ff581e7f5374e233e97b6ef76111807a53197869f672f4119e22d3eff2eb9f0acb6260325b05a9ca1c971cb73a68045368cd5c050696404e9f0967f413c6bb9886d1dca7795b818957dfaaae2f169303a685a69a9a5d8c6d91fbc6f2e29c8a3e8f8ea1c5a482d55f5e259910726cd31fa5fd83a6a11fdce6c5a8fa073032fd460d44b61422eb11371835164ecb569684c8d976806ea2790fbeddb9068c99e2957d1bd68ae601a4ae103529ab01ccd69a02357bfcdbcf523082fda50133fb675ece67a78d1a03451c53137a6044c0f914d8839c1277db9d76bc711cc58b2986aa3f80dd8154fdb8ffc5e6656b2fe7675b77d11e145e26fe55d06b1b1b53f1ef64c86a37f2c7d03cdc595fbb3dfee311a3586e10add7a384a7ae190a38ca104ccd6c3f431399fe2a37d02e73328021c897bb154486f6a7ef5723375a5c5abce999a2bcc248ab77f9867fc8921110d418e73c69fa70916f56fd06d2737b377c72c8b2d99f027fc8b48d060a76a572bd8312087c90d22803c2015d09c9cbbbbd4d5f995c790abf6f5c3a6014c698f4ef84ae66c356a5b4a47b5b137e5fa9d3b8ffac53df64483b4a5bcc7c140f9fcb16652a9bb5a9377417713a86480b58057aa4add2cfe3906fe04b3f98b2f84089b3a8a693e012c594a6fbe7f7f9c0a3b6e9db4845bcd7688d4abf65608617fccbb668479885c418bb6535cff9f2d595a53a05af05e3199973e46187f741c15abb59496500bbf09a13f4206457958890b97bcd13541d3841ed387991a4aa78d0965a32fbe2af3ea1c09d83b695047b6e7d53461f259306856509b4d1116485b6ef618c871e07fb17c9265f15bec71eb0781047083f5ad95de57393406865c9e49cb7f6d5e22b33858563da52afd9fa798101b85e8468aefbd7c1ddde9869c0f433b010b61cf5517fa0ffbdfb43c808da6fa0781b80437adff1362dc32abe2c7eb076cc9631fa79fe95b7a7edb84306f23c4544f4a94d8b4dca4976df501f587db4e88a4a9b567684a03cd700d892ca387386f9a5eb4a0435a0b5ee041d0e389bfa4d7ea421bc3d461af64a7e43198c9486ae4bd5636f00aa2a6013560513add7528bd407d471dfe558c624e475ac52f54622a807dcb8391aad69108377d1f5cd61b2809596f03fa02d7abf2602b16ff40a1d04728cc03083af798d59ad0a7f9b55e4aebde033b764bc635f853c3c8fd9b8cec644e1560ac2e7f602b87579f50da389c3af764ff8a0f17a2b4169729e93f4d9855315254edd83bfabba81131c7aab49996363c8ffa593c718f115f2b62bb11d59b362df3dfcf7aa862db3d5e929ae8887b4757ab40c3f58332495ae3953eb333f7f7fc10ce9b75a34adf83ee889afbf574d614a1fa3518c4ad3e929eb143b02382397145135f40c773715af3bbf280835607941ffc8da2c00f1826cb81c54f9f9c27385f4788066c2b68242b957aafbd8e78b1ca674c1ab9a999e007bb3520739a6d7b8023fd5a405cda77dfcdcb8eed94bf7ef7dddb1a941087d4875bcb73cfac6427e58bceadce01fac2aae3baa62549cf840e8fbf8e549875c72a024d55b93a4a0f9cd2b591dfb56d6fd973b32f233d6f0e1e02ec7186a6a4e0e1abe8960ad17bcae91d5e96b0bcfebd25324ee37d5780243d70f6b177640cf0c8189cde168bf067a5e64af48983a659ba9958d3da467bb5de6f72356b044e4d2966149f580b71f5ed8a97fd298ab9a6f82c61be20911aab356825d91ace487e2b8698b681debb61035f7752f6ae33daa2e1ec44bb85518f8940235a1f7bb0f2e799b6fa013b5b3e421e10ef7ef3bafaeeb788311902bccfd749a2038447b099944e5acffe08225066a60ce487afab8e68e209bdc51d50d4e4cb27cacb4ee5061a66063a294c495fc252e839fad6e16b5d47ffa35d11c828fc463a3355b232938bf34e9e637c80c08fb035c1c3b5eaafa5a02b0b963681670ef25f17e02610329f2dd6ddafa008f29fc9d87d79bd24c43db7c6109f64417ec5ebf5098811e815bd65d31e2aa524832d78688f861135b3ea7d77e7caf58f2bdef0ac80eddc476e5755264537295cdc620defd360f35cee9e039fb0d950707080fca13ab14021e28f3779fa1352e46e980da42094c3e07946d53b324db71a4a5b5d9be9e2080d5f3d5df3c2dff2b2456f58baccbdfbb90f8582813f754993067e06149322c74d9d8f2d6abb2910ffcc9d73be464d64cb9e212e4a5044d51cc44b9bbfd091c5414940ab932d40ff8e96e7430bee3e3ca8d8c20ce7899130e0685b4ff4a94812fdaced23979f3f8549286f854da65fbdd75e2906a20b2cdc2d4a28dccaef6b5c96f16adac19ea603b1028b0b4c9f73bb9eef006abcc3726e1f00cf7be36c8e0191ab1f082a96bd038b26099499c30a83d393f8770cf968f92a3213ed06bd27fbd960b537d3302114052cfe93828c365a4c20e20a854983a6387ade4e7f757a05d33d998699aa82551b598ede9352f7b0fd4715de1bf751947622df8ebe1b85a1b3a892e3b451be3d1fc030a652256d8961c8f99630cd085ba791b4e28e26d00b48e2769922da4be73e809116033d1ddb6e46c9f1eb8b4d43bb3435c34dd91496e2f725bae5cb2eff362023c3eeb67fc4a0e42b2cef4fb2918e17d60a9e2a6aef2f90727807e9c4ec6e22876b3f739c020deb637555b0a1fc5421711188d1ee0f576bac83d5a1134f2c94f134c0529e16ebfed4749886bbf6d796cdb2d617ed58c1b85606a5e50fbbcee153b7b4de43706deff31fac88a8852c876d44c7ee753d175f8746166f76e8babae248aec97211aa7e00e0436967a37c131f5eaa63b2468deb4eb8e834ea8c99d744b6ccf8339eca10f56097390ec3d3e04483e81c64e0c5bbace9fd459c7517a49b481d452dba549d2509ca7e464d69fdb1dd263f01b4f8b91e1fdb68f765370a9fa4b5ee192cfae7e51549fb2abb57bf7d3351b57e3fbefd7e43ebffdd32b25442d9e3e29cf40f29cc60ec3283494a927dbfacd0be8d24dd411eefcf4165d6fe7090d65b2623feb412f4b77d3258f3ed289bff613aeaa09d19ce317ec1a1c8f2952f58d636baae7999f7d31a762f13782fb0055117e0602baa67a1d8864a8dbfdad8a11554963184c53e8f3615ef232a314761fcf1411c5a128abeec0df1ae9b0cbaea27ac4c9b40652a52434ca332e296ad37192609021559c17fe96c18a5071f6bfd1e1e51368e550a7c5aa3098c685327235afac549ea1920f6543d99eadd75de46f2a03873be33b8e3653fc7a82a92a2054540061b0ad5f83aec934c7a679134695c9a4ed5dac4a3695f0f2fdf15581e192ff3ec6a946e7fbfcb514515e59d118548667b86d4dc993b3d93545591e200f568834f9ca20c", 0x1000}}, 0x1006) r9 = dup(r3) r10 = syz_open_dev$vcsu(&(0x7f00000013c0), 0x4, 0x50000) ioctl$TUNSETNOCSUM(r10, 0x400454c8, 0x0) syz_open_dev$loop(&(0x7f0000001400), 0x6, 0xa0000) ioctl$VIDIOC_DBG_G_CHIP_INFO(r10, 0xc0c85666, &(0x7f0000001440)={{0x3, @name="6263c978030c048426a4fccc2754238412ab9570bafdfffe2c80d0683b60e862"}, "958cd93604b848c43bcb65927938231656ffd6301207d68af1483be044af72ba", 0x3}) ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000001540)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0xf}) openat$cgroup_int(r9, &(0x7f0000001580)='cgroup.clone_children\x00', 0x2, 0x0) sendmsg$AUDIT_TTY_SET(r10, &(0x7f0000001680)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x18, 0x3f9, 0x400, 0x70bd2b, 0x25dfdbfd, {}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x4024) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000002700)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/4096, 0x1000, 0x1, &(0x7f00000026c0)=""/57, 0x39}, &(0x7f0000002740)=0x40) setsockopt$inet_int(r10, 0x0, 0x31, &(0x7f0000002780)=0xff, 0x4) 23.052674485s ago: executing program 4 (id=3396): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000002000010000bd7000400000000a508080000000081600000014000200fc02000000000000000000000000000114000100200100"], 0x44}}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x300, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000001000390400000000001b2347ea000000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc02"], 0x5c}}, 0x0) 22.933989404s ago: executing program 4 (id=3397): r0 = socket(0x1e, 0x805, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000640)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000100)=0x3) r4 = syz_io_uring_setup(0x2402, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x58, 0x0, r7, 0x43, 0x0}) io_uring_enter(r4, 0x2d3e, 0x100, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000080)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0xffffffff, @empty, 0x2}, {0xa, 0x4e23, 0x8, @mcast2, 0x1}, r2, 0x1}}, 0x48) r8 = userfaultfd(0x800) ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000c40)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x3}) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000002c0)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @ib={0x1b, 0x9, 0x5, {"beabb9a2b39e3b6bc10efa362b23a36d"}, 0x24dc, 0x1, 0x7}}}, 0x90) connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@id={0x1e, 0x3, 0x1, {0x4e20}}, 0x10) connect$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1, {0x4e22, 0x1}}, 0x10) recvmmsg$unix(r0, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)=""/30, 0x1e}, {&(0x7f0000000240)=""/169, 0xa9}], 0x2}}, {{&(0x7f0000000380)=@abs, 0x6e, 0xfffffffffffffffd, 0x0, &(0x7f0000000400)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000440)=""/15, 0xf}, {&(0x7f0000000480)=""/220, 0xdc}, {&(0x7f0000000580)=""/43, 0x2b}, {&(0x7f00000005c0)=""/225, 0xe1}, {&(0x7f00000006c0)=""/175, 0xaf}, {&(0x7f0000000780)=""/119, 0x77}, {&(0x7f0000000800)=""/225, 0xe1}, {&(0x7f00000009c0)=""/227, 0xe3}], 0x8, &(0x7f0000000ac0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}], 0x3, 0x2162, &(0x7f0000000bc0)) r10 = syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00') r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r11, 0x29, 0x38, 0x0, &(0x7f0000000000)=0xffffffffffffff85) pread64(r10, 0x0, 0xfffffffffffffd62, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(r9, &(0x7f0000000c00)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0xfffffd00, &(0x7f0000000000)='}\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, &(0x7f00000000c0)='/dev/uinput\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) 22.580911683s ago: executing program 0 (id=3398): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r0, 0x1000, 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0x100, 0x80001) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_HYPERV_EVENTFD(r2, 0x400caed0, &(0x7f0000000180)={0x2, r3, 0xffffffff}) 22.456857212s ago: executing program 0 (id=3399): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x240080e0) 22.309433773s ago: executing program 2 (id=3400): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x521200, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000100)={0x6, 0x7, 0x3, 0x8, 0x10, "722a609d5b8e6760"}) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000000)=0x8001) r1 = memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) umount2(0x0, 0xf) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) r4 = accept$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18) read$alg(r4, &(0x7f0000004c00)=""/4096, 0x1000) sendmmsg$alg(r4, &(0x7f0000001cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) fallocate(r1, 0x12, 0x0, 0xfffffffc) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x488000, 0x0) 22.161626694s ago: executing program 0 (id=3401): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="3c00028038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400f9fffbff08000100", @ANYRES32=0x0, @ANYBLOB="00040000"], 0x64}, 0x1, 0x1000000, 0x0, 0x4004810}, 0x24040840) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000005700000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = io_uring_setup(0x115c, &(0x7f0000000780)={0x0, 0x80d7, 0x40, 0x3, 0x118}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="30000000000000c1966f8a0ecd5bfbc1b385f161905e01f789629756e689552154693f32f80f2cd48a1e710d6ed98c", @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004000000"], 0x30}}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000004c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r4 = syz_io_uring_setup(0x6dd7, &(0x7f0000000140)={0x0, 0xfad9, 0x0, 0x2, 0x26f}, &(0x7f0000000240)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x241}}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r7, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sysinfo(&(0x7f0000000900)=""/240) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) writev(r9, &(0x7f0000000540)=[{&(0x7f00000000c0)="cda6fa879d35a4c340d49f1a7bd8f564650ae43e50517d52276273811c56d92490fc95cceefdda03d8f154a6cffaa8b6a0334572f5266ecac82ceb7e056db99a2d9445925797cd02f2053da999b79868b8f44165a1fb9f0834dcf30e103a237b37717fa2fded76bc9a071426d7f6635b44db05fc36a24d852f641b9c07529e88a5521da2c9eccbbceff6de670624aa", 0x8f}, {&(0x7f0000000240)="5b7b5384c9584683291c623f0e65dfc02487b4903653d612681b71243287a2282d34580f728f5aff32e6666a4bdfb22518e7370a5a15a5827d9500a2e2001e8a477699b51aa9b97cb3ccba90d26ed61c9ebf853706bafd04564f7dec10564b3cc1cb9da0e45e98628b6e8cce25ff96edbdac336850572238817373eb7e7240706f96338bcb65dca5efe4f8c4bee17f09efa24b7b6e07176d66627cf016", 0x9d}, {&(0x7f0000000300)="e2a7bfb03b28bed5b40778ab11c2b70d09", 0x11}, {&(0x7f0000000340)="d08973299043f940c77a19b205a7a41ae5bfcdd290b462abefb5f62a5876d3ef90cc38c203559ac78e1b872e2387005e2f2dc615d24d05b881b8e5abff4653cca65e234f558d0718585d1cfd066929876f91183def9e89ebb14af1926d313582ea951a58c8528dc1c4ddfe5895e34532172d2c7e", 0x74}, {&(0x7f00000003c0)="760b441f5a5722cc226f15218f9a321f07", 0x11}], 0x5) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="df9628e6", @ANYRES16=r10, @ANYBLOB="01002cbd7000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000400), 0x80000, 0x0) 22.128197114s ago: executing program 2 (id=3402): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000c80)={0x2, 0x4e20, @loopback}, 0x10) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r4, 0x80047453, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, 0x0, 0x0) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) sendto$inet(r3, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e21, 0x1f0268bc, @empty, 0x6}}, 0x0, 0x0, 0x3fc, 0x1, 0x32, 0xb}, 0x9c) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff8}]}) capget(&(0x7f00000000c0)={0x19980330}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000180)=0x4, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 22.124639335s ago: executing program 1 (id=3403): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000300)={0xaa, 0x681}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r5, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x48ba, &(0x7f0000000000)={0x0, 0xfffffffc, 0x1000, 0x0, 0x333}, &(0x7f0000000080), &(0x7f0000ff4000)) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x81) 22.051102696s ago: executing program 4 (id=3404): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x17b2, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) socket$inet(0x2, 0x0, 0x9) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_ACCEPT={0xd, 0x54, 0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80800}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'gre0\x00', 0x0}) r6 = socket$packet(0x11, 0x2, 0x300) socket$tipc(0x1e, 0x5, 0x0) sendto$packet(r6, &(0x7f00000000c0)='z', 0x5c8, 0x0, &(0x7f0000000100)={0x11, 0x88a8, r5, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x180) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0x0, 0x200000000000, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10) bind$can_raw(r1, &(0x7f00000000c0), 0x10) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000100)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) 21.593304903s ago: executing program 4 (id=3405): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, 0x0, 0x0) listen(r1, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01000b00000000000000070000000c0001800500020001000000"], 0x20}}, 0x0) 21.266657497s ago: executing program 3 (id=3406): openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/reserved_size', 0x141a82, 0x22) syz_emit_ethernet(0x42, &(0x7f0000000340)=ANY=[@ANYBLOB="ffff"], 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000000)=0x205, 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="680000001300", @ANYBLOB="00000000000000001400030067"], 0x68}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 21.003890855s ago: executing program 3 (id=3407): readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)=""/231, 0xe7) 20.885938959s ago: executing program 1 (id=3408): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x0, 0xfffffffd, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) getegid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000001180)) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x40, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xa, 0x1}) r5 = socket$inet_udp(0x2, 0x2, 0x0) unshare(0x22020600) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x1a3c82) clock_gettime(0x0, &(0x7f0000000f80)={0x0, 0x0}) recvmmsg(r5, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000b00)}, 0x3ff}, {{&(0x7f0000000c80)=@in6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000e80)}, 0xf3f1}], 0x2, 0x120, &(0x7f0000000fc0)={r6, r7+60000000}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r8, &(0x7f0000000040), 0x2) close(r8) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = socket$rds(0x15, 0x5, 0x0) bind$rds(r10, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r10, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, 0x0, 0x0, 0xfffffffffffffff7, 0x6}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, 0x0, 0x0, 0x80000004, 0x2f15b896}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000001340)={0x28, 0x1, 0x0, 0x0, &(0x7f0000201000/0x1000)=nil, 0x1000, 0x5}) 20.682177633s ago: executing program 3 (id=3409): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fffffffffffffff, 0x2) (async) r1 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) renameat2(r3, &(0x7f0000000100)='./file0\x00', r3, &(0x7f0000000180)='./file0\x00', 0x6) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x801, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, 0xb}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8}]}}]}]}, 0x3c}}, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x31, 0x2, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 20.626690153s ago: executing program 2 (id=3410): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) setxattr$system_posix_acl(0x0, &(0x7f00000001c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4814}, 0x4000000) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x128) syz_clone3(&(0x7f0000000080)={0xa690b000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pidfd_send_signal(r3, 0x0, 0x0, 0x4) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) read$FUSE(r1, &(0x7f0000000480)={0x2020}, 0x2020) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7b}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYBLOB='sK\t'], 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={r2, 0x7, 0xaf1, 0x10}) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r8) 20.418038413s ago: executing program 0 (id=3411): r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) readlinkat(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)=""/231, 0xe7) 20.153970128s ago: executing program 0 (id=3412): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c20000000180c2000000080045a4001c0068000038029078ac1414aa7f000001150390787f000001a8b61daf1ab91cc8d6bf4ff52e0ceead94fe0b64a42bff9bf00c44da7992d884146af77cca04ebe6a0640accc5"], 0x0) r0 = socket$inet(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000019c0)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x4, @remote, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000280)="e9", 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x8}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000080)="54c2", 0x2}], 0x1}}], 0x2, 0x931766f6319eed44) shutdown(0xffffffffffffffff, 0x1) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000002100)=""/4127, &(0x7f0000000000)=0x101f) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x94}}, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) r2 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xffffffffffffffff, 0x0, 0x6, 0x200000000000000, 0x5}, {0x0, 0x0, 0x4, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d4, 0x33}, 0xa, @in=@local, 0x10000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 19.401681384s ago: executing program 1 (id=3413): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x200) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000100)={0x0, 0x0}) syz_open_dev$usbfs(&(0x7f0000000180), 0x10, 0x801f5) 18.757782661s ago: executing program 2 (id=3414): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, 0x0, 0x0) listen(r1, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01000b00000000000000070000000c0001800500020001000000"], 0x20}}, 0x0) 18.425969428s ago: executing program 1 (id=3415): bind$l2tp6(0xffffffffffffffff, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x65be1000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) syz_usb_connect$cdc_ncm(0x2, 0xa0, &(0x7f0000000400)=ANY=[@ANYBLOB="12010102020000100005a1a440000102030109028e00052406000105240000040d240f01080000004e0063060806241ae79ca9274f25e27e2b1e90f335ff410300041524120600a317a88b045e6708000000ffcb7e392a0c241b0300030081030100070c24052401020809058103ff03dc010f0904010000020d00000904010102020d00000905820220002003060905030200000002100000000000000000000000000000e33e7b1b5cb2ab28138d515cd65d86d144f12f9993c4ec9bb67e3915625cb93bed07e4c48391b4a8ad30275ffcf85b400920a0150b8c99d9eb621b298a73c2"], 0x0) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.events\x00', 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000680)={'#! ', './file1/../file0', [{0x20, 'cgroup.stat\x00'}, {0x20, '\x00\xd2D\xb2K\x94\xad\x14\xdf\\\t\x9d#\xefEY\x86\x97\x01\xa3\xa6\b\x008/\xea\xf9W\x11\xbd\x0e\xe6\xb8\x8d\x03\xca\xf0\x881\x7f\x04\xc5*`b3\xe8%5\xeexZ\bii\v\xea\t\xfd\xbc\xc2\xbf?g\x8d\xe05\xcd\x0e_\xf3\x03\x84`W\x85\x00\x10\xab\xd1W\xf0\x92\x86\x86\x05\x00\x00\x00\xaa\xb1.n\xbf\xc8\xd1\xa5\r\xc7\x04O\xde\xd3w\xe1\xdd\x11g3\x15}\xe0\xc5V\xc3\x97J\x10\x17\xd9\x1c\xf9\xfc:>\x0ea\x81*\x15\x14\xfe\xec\x1d@~\x0f9\xce\xb0\xa5\xe3\x12\x04\xef\x12\xd2J$)7/R8\x0eS\xa7\x14\xfdz\x80g\xd5\x9d\x8e{\xeb\xc9\x19\xf4\xf3k\v\xd0\xeaP\xd8p\xf4\n\xe0\x81\x9c\x9a\xd4o\xc2\xb3\xbc\xd2\x8d3\x87\f\xe1C\xb6\x8ct\x97\xeb\xe9\\\x9c\xb8bs#\xf7*\x1c\xb4g\x9d\xaa,\x97\x9fy\x81\xe7\x90\x9c\x06\xbe[\xdbt\xb3\x84\x98\x87$\xbc\xf8?R\xdae\xa0\x10E\"U\x99\x9f\x92\r\x94&i\x13'}, {0x20, '[\'+!\x11\\'}, {0x20, '\xb9,\xec\x89]\xab\xc9\xf3\xe5\xda\xb7El O\xeb,\xc9\xae\xcc[N\xd0o\xe7\x03\x1f\x84\xc4\xb6T\x18\xac\f\x10\x18c\xb8g\xb1\x97\xa9{\xd4A]\x1d\xeb\xeb\xdaO}\xd6\xbd$\xac\xfa\xae\xb3\x8f\xe0\xf7\xac\xb7\x12\xce\f\x83\x02G\xc7\xe9\xe1\xea\xfd\xcf\xaf\\\xea\xdd\x91\xc6\r\x00\x00\xd8\xa9\xaa\xd66R\x94\x05\x8e\xc9\xe7;\xeb\x87\xeb^~\xf9dY\x8cl\x01\xcd\xc9\xfd\x0e\xfeI\xe9\x16\xc5_<\xff ]}Y\x85\f\xcb4'}, {0x20, '#! '}, {0x20, '{@Y\xf4\xe4lC\n\x00\xc7t\xe9\xf2\xa1?77g\xa3\xb2t\x1c\x02`\x98\x12\xc3\xce\x1e\x0f\xcd\xb928|\x82\xb2W'}, {0x20, 'cg\x00\x04\v\xbf\xc4[\xc7\x81\xc0+Js\xe5M\xc2=\'\xee\xda2E;\x12\'\xc3\xfe:\x8e]\x90Q\x8co\x86P\xf2-kV\xf2x\xe0n}$\xcfxt\x12\x91\xfaj\xd0%W\xc6|\b\xbb\xbf\xbe\x8aO\xe7\xfcN\x94\x1b\xf8\"x\x83){\x95\xefOd\xb2\xde: 1\xb1\x8eF\xb8\xcbm\x06\x05\x00'/103}], 0xa, "b5a4be350e761cb133a663b4ab379afe4b31e6783348b29e914224da9719fd4deb5fbb43fad65313eeb978e11e4cced1df374bf069d71a453a69ab70a9cbc057c76a2900074910"}, 0x280) 15.330115783s ago: executing program 1 (id=3416): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) 6.507608748s ago: executing program 32 (id=3405): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, 0x0, 0x0) listen(r1, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01000b00000000000000070000000c0001800500020001000000"], 0x20}}, 0x0) 5.487533074s ago: executing program 33 (id=3409): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fffffffffffffff, 0x2) (async) r1 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) renameat2(r3, &(0x7f0000000100)='./file0\x00', r3, &(0x7f0000000180)='./file0\x00', 0x6) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x801, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, 0xb}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8}]}}]}]}, 0x3c}}, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x31, 0x2, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 5.002319539s ago: executing program 34 (id=3412): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c20000000180c2000000080045a4001c0068000038029078ac1414aa7f000001150390787f000001a8b61daf1ab91cc8d6bf4ff52e0ceead94fe0b64a42bff9bf00c44da7992d884146af77cca04ebe6a0640accc5"], 0x0) r0 = socket$inet(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000019c0)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x4, @remote, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000280)="e9", 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x8}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000080)="54c2", 0x2}], 0x1}}], 0x2, 0x931766f6319eed44) shutdown(0xffffffffffffffff, 0x1) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000002100)=""/4127, &(0x7f0000000000)=0x101f) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x94}}, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) r2 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@local, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xffffffffffffffff, 0x0, 0x6, 0x200000000000000, 0x5}, {0x0, 0x0, 0x4, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d4, 0x33}, 0xa, @in=@local, 0x10000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 3.509481683s ago: executing program 35 (id=3414): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, 0x0, 0x0) listen(r1, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="01000b00000000000000070000000c0001800500020001000000"], 0x20}}, 0x0) 0s ago: executing program 36 (id=3416): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) kernel console output (not intermixed with test programs): [ 817.916175][T16587] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 817.916198][T16587] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 817.916224][T16587] bpf_prog_alloc+0x3c/0x1a0 [ 817.916246][T16587] bpf_prog_load+0x735/0x1930 [ 817.916280][T16587] ? __pfx_bpf_prog_load+0x10/0x10 [ 817.916320][T16587] ? bpf_lsm_bpf+0x9/0x20 [ 817.916334][T16587] ? security_bpf+0x7e/0x300 [ 817.916355][T16587] __sys_bpf+0x5f1/0x860 [ 817.916377][T16587] ? __pfx___sys_bpf+0x10/0x10 [ 817.916410][T16587] ? ksys_write+0x22a/0x250 [ 817.916429][T16587] ? __pfx_ksys_write+0x10/0x10 [ 817.916453][T16587] __x64_sys_bpf+0x7c/0x90 [ 817.916472][T16587] do_syscall_64+0xfa/0x3b0 [ 817.916488][T16587] ? lockdep_hardirqs_on+0x9c/0x150 [ 817.916508][T16587] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.916525][T16587] ? clear_bhb_loop+0x60/0xb0 [ 817.916545][T16587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.916561][T16587] RIP: 0033:0x7f4c0f18e929 [ 817.916577][T16587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.916591][T16587] RSP: 002b:00007f4c0ff63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 817.916610][T16587] RAX: ffffffffffffffda RBX: 00007f4c0f3b5fa0 RCX: 00007f4c0f18e929 [ 817.916622][T16587] RDX: 0000000000000094 RSI: 0000200000000600 RDI: 0000000000000005 [ 817.916632][T16587] RBP: 00007f4c0ff63090 R08: 0000000000000000 R09: 0000000000000000 [ 817.916641][T16587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 817.916651][T16587] R13: 0000000000000001 R14: 00007f4c0f3b5fa0 R15: 00007f4c0f4dfa28 [ 817.916679][T16587] [ 817.920234][ T5924] hid-steam 0003:28DE:1205.0047: Steam Controller 'XXXXXXXXXX' disconnected [ 817.976198][T16587] syz.1.3178: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 818.353619][T16592] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3179'. [ 818.365633][T16592] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3179'. [ 818.385879][T16587] CPU: 0 UID: 0 PID: 16587 Comm: syz.1.3178 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 818.385906][T16587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 818.385917][T16587] Call Trace: [ 818.385925][T16587] [ 818.385933][T16587] dump_stack_lvl+0x189/0x250 [ 818.385965][T16587] ? __pfx_dump_stack_lvl+0x10/0x10 [ 818.385988][T16587] ? __pfx__printk+0x10/0x10 [ 818.386002][T16587] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 818.386018][T16587] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 818.386036][T16587] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 818.386056][T16587] warn_alloc+0x214/0x310 [ 818.386081][T16587] ? __pfx_warn_alloc+0x10/0x10 [ 818.386102][T16587] ? __get_vm_area_node+0x13f/0x300 [ 818.386124][T16587] ? __get_vm_area_node+0x2b5/0x300 [ 818.386148][T16587] __vmalloc_node_range_noprof+0x326/0x12f0 [ 818.386169][T16587] ? is_bpf_text_address+0x26/0x2b0 [ 818.386216][T16587] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 818.386233][T16587] ? __might_fault+0xb0/0x130 [ 818.386259][T16587] ? _parse_integer_limit+0x1ae/0x1f0 [ 818.386286][T16587] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 818.386306][T16587] __vmalloc_noprof+0xb1/0xf0 [ 818.386324][T16587] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 818.386347][T16587] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 818.386373][T16587] bpf_prog_alloc+0x3c/0x1a0 [ 818.386397][T16587] bpf_prog_load+0x735/0x1930 [ 818.386431][T16587] ? __pfx_bpf_prog_load+0x10/0x10 [ 818.386469][T16587] ? bpf_lsm_bpf+0x9/0x20 [ 818.386481][T16587] ? security_bpf+0x7e/0x300 [ 818.386496][T16587] __sys_bpf+0x5f1/0x860 [ 818.386509][T16587] ? __pfx___sys_bpf+0x10/0x10 [ 818.386528][T16587] ? ksys_write+0x22a/0x250 [ 818.386539][T16587] ? __pfx_ksys_write+0x10/0x10 [ 818.386551][T16587] __x64_sys_bpf+0x7c/0x90 [ 818.386563][T16587] do_syscall_64+0xfa/0x3b0 [ 818.386573][T16587] ? lockdep_hardirqs_on+0x9c/0x150 [ 818.386587][T16587] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.386596][T16587] ? clear_bhb_loop+0x60/0xb0 [ 818.386608][T16587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.386617][T16587] RIP: 0033:0x7f4c0f18e929 [ 818.386627][T16587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.386636][T16587] RSP: 002b:00007f4c0ff63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 818.386647][T16587] RAX: ffffffffffffffda RBX: 00007f4c0f3b5fa0 RCX: 00007f4c0f18e929 [ 818.386654][T16587] RDX: 0000000000000094 RSI: 0000200000000600 RDI: 0000000000000005 [ 818.386661][T16587] RBP: 00007f4c0ff63090 R08: 0000000000000000 R09: 0000000000000000 [ 818.386666][T16587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 818.386672][T16587] R13: 0000000000000001 R14: 00007f4c0f3b5fa0 R15: 00007f4c0f4dfa28 [ 818.386686][T16587] [ 818.386703][T16587] Mem-Info: [ 818.505945][T16592] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3179'. [ 818.753290][T16587] active_anon:8730 inactive_anon:0 isolated_anon:0 [ 818.753290][T16587] active_file:16240 inactive_file:40231 isolated_file:0 [ 818.753290][T16587] unevictable:768 dirty:400 writeback:0 [ 818.753290][T16587] slab_reclaimable:6387 slab_unreclaimable:127619 [ 818.753290][T16587] mapped:32206 shmem:1363 pagetables:1470 [ 818.753290][T16587] sec_pagetables:3 bounce:0 [ 818.753290][T16587] kernel_misc_reclaimable:0 [ 818.753290][T16587] free:1273472 free_pcp:21577 free_cma:0 [ 818.820209][T16597] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 818.899331][T16592] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 818.900152][T16587] Node 0 active_anon:35244kB inactive_anon:0kB active_file:64960kB inactive_file:160720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132924kB dirty:1600kB writeback:0kB shmem:3916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12176kB pagetables:5644kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB [ 818.900232][T16587] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 818.900259][T16587] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 818.900288][T16587] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 818.900321][T16587] Node 0 DMA32 free:1193664kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35196kB inactive_anon:0kB active_file:64960kB inactive_file:158880kB unevictable:1536kB writepending:1600kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:53856kB local_pcp:32992kB free_cma:0kB [ 818.900352][T16587] lowmem_reserve[]: 0 0 1 1 1 [ 818.900392][T16587] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 818.900424][T16587] lowmem_reserve[]: 0 0 0 0 0 [ 818.900450][T16587] Node 1 Normal free:3884860kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:32356kB local_pcp:19780kB free_cma:0kB [ 818.900493][T16587] lowmem_reserve[]: 0 0 0 0 0 [ 818.900514][T16587] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 818.900590][T16587] Node 0 DMA32: 386*4kB (UME) 665*8kB (ME) 413*16kB (UME) 499*32kB (UME) 255*64kB (UME) 84*128kB (UME) 48*256kB (UME) 69*512kB (UME) 30*1024kB (UME) 5*2048kB (UM) 256*4096kB (UM) = 1193664kB [ 818.900681][T16587] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 818.900739][T16587] Node 1 Normal: 243*4kB (UE) 62*8kB (UME) 38*16kB (UME) 93*32kB (UME) 38*64kB (UME) 8*128kB (UME) 4*256kB (UME) 3*512kB (ME) 1*1024kB (M) 1*2048kB (E) 945*4096kB (M) = 3884860kB [ 818.900843][T16587] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 818.900852][T16587] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 818.900860][T16587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 818.900869][T16587] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 818.900877][T16587] 57830 total pagecache pages [ 818.900885][T16587] 0 pages in swap cache [ 818.900889][T16587] Free swap = 124996kB [ 818.900894][T16587] Total swap = 124996kB [ 818.900899][T16587] 2097051 pages RAM [ 818.900903][T16587] 0 pages HighMem/MovableOnly [ 818.900908][T16587] 424690 pages reserved [ 818.900912][T16587] 0 pages cma reserved [ 819.119175][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.133591][T16602] bridge0: Device is already in use. [ 819.152719][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.575647][ T5924] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 819.767423][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 819.778514][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 819.788854][ T5924] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 819.801694][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 819.814101][ T5924] usb 4-1: config 0 descriptor?? [ 820.492517][ T5924] usbhid 4-1:0.0: can't add hid device: -71 [ 820.501887][ T5924] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 820.557760][ T5924] usb 4-1: USB disconnect, device number 64 [ 820.596044][T16626] FAULT_INJECTION: forcing a failure. [ 820.596044][T16626] name failslab, interval 1, probability 0, space 0, times 0 [ 820.620375][T16626] CPU: 0 UID: 0 PID: 16626 Comm: syz.1.3189 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 820.620404][T16626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.620414][T16626] Call Trace: [ 820.620423][T16626] [ 820.620431][T16626] dump_stack_lvl+0x189/0x250 [ 820.620459][T16626] ? __pfx____ratelimit+0x10/0x10 [ 820.620483][T16626] ? __pfx_dump_stack_lvl+0x10/0x10 [ 820.620507][T16626] ? __pfx__printk+0x10/0x10 [ 820.620531][T16626] ? __pfx___might_resched+0x10/0x10 [ 820.620560][T16626] should_fail_ex+0x414/0x560 [ 820.620586][T16626] should_failslab+0xa8/0x100 [ 820.620607][T16626] __kmalloc_noprof+0xcb/0x4f0 [ 820.620624][T16626] ? io_cache_alloc_new+0x40/0x100 [ 820.620652][T16626] io_cache_alloc_new+0x40/0x100 [ 820.620676][T16626] io_msg_alloc_async+0x1b2/0x2d0 [ 820.620712][T16626] io_recvmsg_prep+0x60c/0xdb0 [ 820.620744][T16626] ? __pfx_io_recvmsg_prep+0x10/0x10 [ 820.620766][T16626] ? __pfx___io_alloc_req_refill+0x10/0x10 [ 820.620801][T16626] ? io_task_refs_refill+0xbb/0x180 [ 820.620822][T16626] io_submit_sqes+0x90c/0x1c50 [ 820.620872][T16626] __se_sys_io_uring_enter+0x2df/0x2b20 [ 820.620912][T16626] ? ksys_write+0x1cb/0x250 [ 820.620931][T16626] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 820.620949][T16626] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 820.620966][T16626] ? __pfx_vfs_write+0x10/0x10 [ 820.620991][T16626] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 820.621011][T16626] ? __fget_files+0x3a0/0x420 [ 820.621035][T16626] ? fput+0xa0/0xd0 [ 820.621056][T16626] ? ksys_write+0x22a/0x250 [ 820.621073][T16626] ? __pfx_ksys_write+0x10/0x10 [ 820.621086][T16626] ? rcu_is_watching+0x15/0xb0 [ 820.621114][T16626] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 820.621137][T16626] do_syscall_64+0xfa/0x3b0 [ 820.621151][T16626] ? lockdep_hardirqs_on+0x9c/0x150 [ 820.621174][T16626] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.621190][T16626] ? clear_bhb_loop+0x60/0xb0 [ 820.621210][T16626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.621231][T16626] RIP: 0033:0x7f4c0f18e929 [ 820.621247][T16626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 820.621260][T16626] RSP: 002b:00007f4c0ff63038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 820.621279][T16626] RAX: ffffffffffffffda RBX: 00007f4c0f3b5fa0 RCX: 00007f4c0f18e929 [ 820.621292][T16626] RDX: 0000000000000000 RSI: 00000000000027e2 RDI: 0000000000000005 [ 820.621303][T16626] RBP: 00007f4c0ff63090 R08: 0000000000000000 R09: 0000000000000000 [ 820.621314][T16626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 820.621324][T16626] R13: 0000000000000000 R14: 00007f4c0f3b5fa0 R15: 00007f4c0f4dfa28 [ 820.621353][T16626] [ 820.894899][ C0] vkms_vblank_simulate: vblank timer overrun [ 820.919076][T16628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 820.928651][T16628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 821.011243][T16631] syz_tun: entered allmulticast mode [ 821.163853][ T5923] usb 3-1: new low-speed USB device number 36 using dummy_hcd [ 821.194786][T16640] input: syz0 as /devices/virtual/input/input59 [ 821.287310][T16640] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 821.294865][T16640] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 821.336945][ T5923] usb 3-1: Invalid ep0 maxpacket: 64 [ 821.485913][ T5923] usb 3-1: new low-speed USB device number 37 using dummy_hcd [ 821.548368][T16651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 821.582059][T16651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 821.647979][ T5923] usb 3-1: Invalid ep0 maxpacket: 64 [ 821.653738][ T5923] usb usb3-port1: attempt power cycle [ 821.755056][ T9] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 821.907470][ T9] usb 2-1: config 150 has an invalid interface number: 204 but max is 1 [ 821.916115][ T9] usb 2-1: config 150 has no interface number 0 [ 821.922377][ T9] usb 2-1: config 150 interface 204 has no altsetting 0 [ 821.931063][ T9] usb 2-1: config 150 interface 1 has no altsetting 0 [ 821.990342][ T9] usb 2-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 821.995791][ T5923] usb 3-1: new low-speed USB device number 38 using dummy_hcd [ 822.000818][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 822.047355][ T9] usb 2-1: Product: syz [ 822.051630][ T9] usb 2-1: Manufacturer: syz [ 822.058408][ T9] usb 2-1: SerialNumber: syz [ 822.068807][ T5923] usb 3-1: Invalid ep0 maxpacket: 64 [ 822.195698][ T5923] usb 3-1: new low-speed USB device number 39 using dummy_hcd [ 822.230045][ T5923] usb 3-1: Invalid ep0 maxpacket: 64 [ 822.238706][ T5923] usb usb3-port1: unable to enumerate USB device [ 822.300000][ T9] xr_serial 2-1:150.204: xr_serial converter detected [ 822.403767][T16659] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.411499][T16659] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.484713][T16659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 822.501458][T16659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 822.574078][T16659] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 822.584190][T16659] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 822.593270][T16659] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 822.602454][T16659] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 822.635626][ T5933] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 822.795588][ T5933] usb 5-1: Using ep0 maxpacket: 16 [ 822.802437][ T5933] usb 5-1: config 252 has an invalid interface number: 15 but max is 0 [ 822.811343][ T5933] usb 5-1: config 252 has no interface number 0 [ 822.820080][ T5933] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29 [ 822.829668][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 822.838644][ T5933] usb 5-1: Product: syz [ 822.842832][ T5933] usb 5-1: Manufacturer: syz [ 822.847936][ T5933] usb 5-1: SerialNumber: syz [ 822.876335][ T5933] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 823.033192][T16669] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 823.081802][ T3567] usb 5-1: Failed to submit usb control message: -71 [ 823.082214][ T5933] usb 5-1: USB disconnect, device number 59 [ 823.125621][ T9] xr_serial ttyUSB0: Failed to set reg 0x0e: -71 [ 823.132043][ T9] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 823.152008][ T9] usb 2-1: USB disconnect, device number 27 [ 823.160937][ T3567] usb 5-1: unable to send the bmi data to the device: -71 [ 823.169938][ T3567] usb 5-1: unable to get target info from device [ 823.177415][ T9] xr_serial 2-1:150.204: device disconnected [ 823.187564][ T3567] usb 5-1: could not get target info (-71) [ 823.193440][ T3567] usb 5-1: could not probe fw (-71) [ 823.796262][T16677] syz_tun: entered allmulticast mode [ 823.993670][T16685] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 824.135643][T13675] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 824.410249][T13675] usb 2-1: Using ep0 maxpacket: 32 [ 824.485641][T16694] vivid-007: ================= START STATUS ================= [ 824.485699][T16694] vivid-007: Enable Output Cropping: true [ 824.485734][T16694] vivid-007: Enable Output Composing: true [ 824.485754][T16694] vivid-007: Enable Output Scaler: true [ 824.485837][T16694] vivid-007: Tx RGB Quantization Range: Automatic [ 824.485975][T16694] vivid-007: Transmit Mode: HDMI [ 824.486047][T16694] vivid-007: Hotplug Present: 0x00000000 [ 824.486143][T16694] vivid-007: RxSense Present: 0x00000000 [ 824.486213][T16694] vivid-007: EDID Present: 0x00000000 [ 824.486347][T16694] vivid-007: ================== END STATUS ================== [ 824.494417][T13675] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 824.494448][T13675] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 824.494468][T13675] usb 2-1: Product: syz [ 824.494482][T13675] usb 2-1: Manufacturer: syz [ 824.494496][T13675] usb 2-1: SerialNumber: syz [ 824.500466][T13675] usb 2-1: config 0 descriptor?? [ 824.784405][T13675] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 825.419289][T16707] tipc: Started in network mode [ 825.424367][T16707] tipc: Node identity 6, cluster identity 4711 [ 825.434479][T16707] tipc: Node number set to 6 [ 825.451643][T16707] tipc: Cannot configure node identity twice [ 825.480290][T16709] syzkaller1: entered promiscuous mode [ 825.485972][T16709] syzkaller1: entered allmulticast mode [ 825.865745][ T5924] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 826.028545][ T5924] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 826.047538][ T5924] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 826.058380][ T5924] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 826.071491][ T5924] usb 4-1: config 220 has no interface number 2 [ 826.080680][ T5924] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 826.098705][ T5924] usb 4-1: config 220 interface 0 has no altsetting 0 [ 826.109179][ T5924] usb 4-1: config 220 interface 76 has no altsetting 0 [ 826.118691][ T5924] usb 4-1: config 220 interface 1 has no altsetting 0 [ 826.133415][ T5924] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 826.151131][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 826.171345][ T5924] usb 4-1: Product: syz [ 826.185639][ T5924] usb 4-1: Manufacturer: syz [ 826.204894][ T5924] usb 4-1: SerialNumber: syz [ 826.253682][T16725] syz_tun: entered allmulticast mode [ 826.453149][T16714] fuse: Unknown parameter 'default_permissions¯µ [ 826.453149][T16714] SkôÌnCÚO'“a8' [ 827.025356][ T5924] usb 4-1: selecting invalid altsetting 0 [ 827.046087][ T5924] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 827.052491][ T5924] usb 4-1: No valid video chain found. [ 827.096220][ T10] usb 3-1: new full-speed USB device number 40 using dummy_hcd [ 827.128868][ T5924] usb 4-1: selecting invalid altsetting 0 [ 827.141223][ T5924] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 827.185648][ T5924] usb 4-1: USB disconnect, device number 65 [ 827.285834][ T10] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 827.308397][ T10] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 827.318583][ T55] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 827.328696][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 827.336279][ T10] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 827.346844][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.359609][ T10] usb 3-1: config 0 descriptor?? [ 827.515667][ T5924] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 827.515836][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 827.529987][ T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 827.541219][ T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 827.551278][ T55] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 827.564245][ T55] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 827.574377][T13675] gspca_stk1135: reg_w 0x351 err -71 [ 827.580128][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.590425][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.602688][T13675] gspca_stk1135: Sensor write failed [ 827.609367][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.617124][T13675] gspca_stk1135: Sensor write failed [ 827.623690][ T55] usb 5-1: config 0 descriptor?? [ 827.629105][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.635684][T13675] gspca_stk1135: Sensor read failed [ 827.641370][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.649282][T13675] gspca_stk1135: Sensor read failed [ 827.657620][T13675] gspca_stk1135: Detected sensor type unknown (0x0) [ 827.664449][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.667742][ T5924] usb 4-1: Using ep0 maxpacket: 32 [ 827.670905][T13675] gspca_stk1135: Sensor read failed [ 827.681601][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.688087][T13675] gspca_stk1135: Sensor read failed [ 827.689987][ T5924] usb 4-1: config 0 has no interfaces? [ 827.693453][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.705432][T13675] gspca_stk1135: Sensor write failed [ 827.711120][T13675] gspca_stk1135: serial bus timeout: status=0x00 [ 827.720432][ T5924] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a21, bcdDevice=e7.00 [ 827.725147][T13675] gspca_stk1135: Sensor write failed [ 827.732807][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.735180][T13675] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71 [ 827.743930][ T5924] usb 4-1: Product: syz [ 827.759631][ T5924] usb 4-1: Manufacturer: syz [ 827.764271][ T5924] usb 4-1: SerialNumber: syz [ 827.790269][ T5924] usb 4-1: config 0 descriptor?? [ 827.816164][T13675] usb 2-1: USB disconnect, device number 28 [ 827.903248][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 827.909415][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 827.920571][ T10] usb 3-1: USB disconnect, device number 40 [ 828.080744][ T55] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0049/input/input60 [ 828.178612][ T55] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0049/input/input61 [ 828.270870][ T55] kye 0003:0458:5011.0049: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 828.526087][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 828.526105][ T30] audit: type=1326 audit(1750431719.452:15827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.1.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 828.672548][ T30] audit: type=1326 audit(1750431719.472:15828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.1.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 828.914526][ T30] audit: type=1326 audit(1750431719.472:15829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.1.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 829.075668][ T30] audit: type=1326 audit(1750431719.612:15830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.1.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 829.145574][ T30] audit: type=1326 audit(1750431719.612:15831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.1.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 829.210605][ C0] kye 0003:0458:5011.0049: usb_submit_urb(ctrl) failed: -1 [ 829.319226][ T30] audit: type=1326 audit(1750431719.612:15832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.1.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 829.346508][ T10] usb 5-1: reset high-speed USB device number 60 using dummy_hcd [ 829.516641][ T30] audit: type=1326 audit(1750431720.512:15833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 829.540815][ T30] audit: type=1326 audit(1750431720.512:15834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 829.578920][ T30] audit: type=1326 audit(1750431720.512:15835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 829.603440][ T30] audit: type=1326 audit(1750431720.512:15836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 829.695765][ T10] usb 5-1: device descriptor read/64, error -32 [ 829.995757][ T10] usb 5-1: reset high-speed USB device number 60 using dummy_hcd [ 830.145862][ T10] usb 5-1: device descriptor read/64, error -32 [ 830.435787][ T10] usb 5-1: reset high-speed USB device number 60 using dummy_hcd [ 830.555910][ T10] usb 5-1: device descriptor read/8, error -32 [ 830.795789][ T10] usb 5-1: reset high-speed USB device number 60 using dummy_hcd [ 830.836114][ T10] usb 5-1: device descriptor read/8, error -32 [ 830.920486][T16727] raw-gadget.2 gadget.4: failed to queue suspend event [ 830.928527][T16727] raw-gadget.2 gadget.4: failed to queue disconnect event [ 830.967451][T13675] usb 5-1: USB disconnect, device number 60 [ 831.115664][ T5923] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 831.222412][ T5924] usb 4-1: USB disconnect, device number 66 [ 831.325944][ T10] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 831.339948][ T5923] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05 [ 831.355991][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.398292][ T5923] usb 2-1: Product: syz [ 831.405202][ T5923] usb 2-1: Manufacturer: syz [ 831.421559][ T5923] usb 2-1: SerialNumber: syz [ 831.437113][ T5923] usb 2-1: config 0 descriptor?? [ 831.452954][ T5923] go7007 2-1:0.0: probe with driver go7007 failed with error -12 [ 831.495711][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 831.508130][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 831.528161][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 831.539899][ T10] usb 3-1: New USB device found, idVendor=04d8, idProduct=02dd, bcdDevice= 0.00 [ 831.549904][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 831.563123][ T10] usb 3-1: config 0 descriptor?? [ 831.658447][ T5924] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 831.667245][T14877] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 831.676885][T14877] CPU: 1 UID: 0 PID: 14877 Comm: kworker/u9:0 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 831.676906][T14877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 831.676914][T14877] Workqueue: hci5 hci_rx_work [ 831.676934][T14877] Call Trace: [ 831.676944][T14877] [ 831.676953][T14877] dump_stack_lvl+0x189/0x250 [ 831.676982][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 831.677005][T14877] ? __pfx_dump_stack_lvl+0x10/0x10 [ 831.677028][T14877] ? __pfx__printk+0x10/0x10 [ 831.677040][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 831.677050][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 831.677062][T14877] ? kernfs_path_from_node+0x22c/0x260 [ 831.677072][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 831.677086][T14877] sysfs_create_dir_ns+0x259/0x280 [ 831.677109][T14877] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 831.677132][T14877] ? do_raw_spin_unlock+0x122/0x240 [ 831.677157][T14877] kobject_add_internal+0x59f/0xb40 [ 831.677180][T14877] kobject_add+0x155/0x220 [ 831.677193][T14877] ? __pfx_kobject_add+0x10/0x10 [ 831.677203][T14877] ? _raw_spin_unlock+0x28/0x50 [ 831.677217][T14877] ? get_device_parent+0x366/0x3a0 [ 831.677230][T14877] device_add+0x408/0xb50 [ 831.677252][T14877] hci_conn_add_sysfs+0xd5/0x1e0 [ 831.677281][T14877] le_conn_complete_evt+0xc3a/0x1220 [ 831.677315][T14877] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 831.677330][T14877] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 831.677338][T14877] ? __asan_memcpy+0x40/0x70 [ 831.677352][T14877] ? __pfx___mutex_lock+0x10/0x10 [ 831.677361][T14877] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 831.677369][T14877] ? skb_pull_data+0xfb/0x200 [ 831.677390][T14877] hci_le_conn_complete_evt+0x187/0x450 [ 831.677419][T14877] hci_event_packet+0x78c/0x1200 [ 831.677448][T14877] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 831.677471][T14877] ? __pfx_hci_event_packet+0x10/0x10 [ 831.677486][T14877] ? kcov_remote_start+0x4d3/0x7f0 [ 831.677499][T14877] ? lockdep_hardirqs_on+0x20/0x150 [ 831.677514][T14877] ? hci_send_to_monitor+0xe2/0x570 [ 831.677528][T14877] hci_rx_work+0x46a/0xe80 [ 831.677561][T14877] ? process_scheduled_works+0x9ef/0x17b0 [ 831.677589][T14877] process_scheduled_works+0xae1/0x17b0 [ 831.677631][T14877] ? __pfx_process_scheduled_works+0x10/0x10 [ 831.677660][T14877] worker_thread+0x8a0/0xda0 [ 831.677671][T14877] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 831.677699][T14877] ? __kthread_parkme+0x7b/0x200 [ 831.677728][T14877] kthread+0x70e/0x8a0 [ 831.677753][T14877] ? __pfx_worker_thread+0x10/0x10 [ 831.677773][T14877] ? __pfx_kthread+0x10/0x10 [ 831.677784][T14877] ? _raw_spin_unlock_irq+0x23/0x50 [ 831.677797][T14877] ? lockdep_hardirqs_on+0x9c/0x150 [ 831.677810][T14877] ? __pfx_kthread+0x10/0x10 [ 831.677821][T14877] ret_from_fork+0x3f9/0x770 [ 831.677844][T14877] ? __pfx_ret_from_fork+0x10/0x10 [ 831.677876][T14877] ? __switch_to_asm+0x39/0x70 [ 831.677900][T14877] ? __switch_to_asm+0x33/0x70 [ 831.677917][T14877] ? __pfx_kthread+0x10/0x10 [ 831.677930][T14877] ret_from_fork_asm+0x1a/0x30 [ 831.677949][T14877] [ 831.677970][T14877] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 831.992213][T14877] Bluetooth: hci5: failed to register connection device [ 832.135776][ T5923] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 832.139203][ T5924] usb 4-1: device descriptor read/64, error -71 [ 832.212138][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 832.212211][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 832.214741][ T10] usb 3-1: USB disconnect, device number 41 [ 832.291550][ T5923] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 832.291579][ T5923] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 832.291598][ T5923] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 832.291617][ T5923] usb 5-1: config 220 has no interface number 2 [ 832.291678][ T5923] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 832.291704][ T5923] usb 5-1: config 220 interface 0 has no altsetting 0 [ 832.291722][ T5923] usb 5-1: config 220 interface 76 has no altsetting 0 [ 832.291740][ T5923] usb 5-1: config 220 interface 1 has no altsetting 0 [ 832.294656][ T5923] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 832.294686][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 832.294706][ T5923] usb 5-1: Product: syz [ 832.294720][ T5923] usb 5-1: Manufacturer: syz [ 832.294734][ T5923] usb 5-1: SerialNumber: syz [ 832.375865][ T5924] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 832.514678][T16781] fuse: Unknown parameter 'default_permissions¯µ [ 832.514678][T16781] SkôÌnCÚO'“a8' [ 832.545752][ T5924] usb 4-1: device descriptor read/64, error -71 [ 832.656083][ T5924] usb usb4-port1: attempt power cycle [ 832.997327][ T5924] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 833.026504][ T5924] usb 4-1: device descriptor read/8, error -71 [ 833.046630][ T5923] usb 5-1: selecting invalid altsetting 0 [ 833.069640][ T5923] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 833.076934][ T5923] usb 5-1: No valid video chain found. [ 833.099565][ T5923] usb 5-1: selecting invalid altsetting 0 [ 833.111365][ T5923] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 833.140232][T16793] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 833.160753][ T5923] usb 5-1: USB disconnect, device number 61 [ 833.295689][ T5924] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 833.316418][ T5924] usb 4-1: device descriptor read/8, error -71 [ 833.426089][ T5924] usb usb4-port1: unable to enumerate USB device [ 833.831885][ T5923] usb 2-1: USB disconnect, device number 29 [ 834.096050][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 834.096070][ T30] audit: type=1326 audit(1750431725.132:15853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.191412][ T30] audit: type=1326 audit(1750431725.132:15854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.213951][ C0] vkms_vblank_simulate: vblank timer overrun [ 834.300817][ T30] audit: type=1326 audit(1750431725.132:15855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.344487][ T30] audit: type=1326 audit(1750431725.132:15856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.396291][ T30] audit: type=1326 audit(1750431725.132:15857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.438394][ T30] audit: type=1326 audit(1750431725.132:15858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.486167][ T30] audit: type=1326 audit(1750431725.132:15859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.522532][ T30] audit: type=1326 audit(1750431725.132:15860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.549329][ T30] audit: type=1326 audit(1750431725.132:15861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.572572][ T30] audit: type=1326 audit(1750431725.132:15862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.4.3238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7cf2d8e929 code=0x7ffc0000 [ 834.629566][T16818] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3242'. [ 834.666059][T16820] netlink: 'syz.2.3243': attribute type 1 has an invalid length. [ 834.745073][T16820] 8021q: adding VLAN 0 to HW filter on device bond1 [ 834.796862][T16822] 8021q: adding VLAN 0 to HW filter on device bond1 [ 834.816655][T16822] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 834.836010][ T10] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 834.861554][T16811] netlink: 'syz.1.3239': attribute type 13 has an invalid length. [ 834.953872][T16822] bond1: (slave vti0): Error -95 calling set_mac_address [ 835.138578][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 835.147479][ T10] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 835.160388][ T10] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 835.171712][ T10] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 835.194568][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 835.202430][ T10] usb 4-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 835.220117][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.313141][ T10] usb 4-1: config 0 descriptor?? [ 835.417740][T16811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.428642][T16811] 8021q: adding VLAN 0 to HW filter on device team0 [ 835.458150][T16811] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 835.482041][T16820] bond1: (slave gretap1): making interface the new active one [ 835.495808][T16820] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 835.509622][T16820] syz.2.3243 (16820) used greatest stack depth: 18840 bytes left [ 835.732918][T16830] FAULT_INJECTION: forcing a failure. [ 835.732918][T16830] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 835.751456][ T10] pantherlord 0003:0810:0001.004A: item fetching failed at offset 0/2 [ 835.767978][ T10] pantherlord 0003:0810:0001.004A: parse failed [ 835.774811][ T10] pantherlord 0003:0810:0001.004A: probe with driver pantherlord failed with error -22 [ 835.774847][T16830] CPU: 1 UID: 0 PID: 16830 Comm: syz.2.3245 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 835.774870][T16830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 835.774881][T16830] Call Trace: [ 835.774888][T16830] [ 835.774896][T16830] dump_stack_lvl+0x189/0x250 [ 835.774925][T16830] ? __pfx____ratelimit+0x10/0x10 [ 835.774949][T16830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 835.774972][T16830] ? __pfx__printk+0x10/0x10 [ 835.774992][T16830] ? fs_reclaim_acquire+0x7d/0x100 [ 835.775019][T16830] should_fail_ex+0x414/0x560 [ 835.775046][T16830] prepare_alloc_pages+0x213/0x610 [ 835.775073][T16830] __alloc_frozen_pages_noprof+0x123/0x370 [ 835.775096][T16830] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 835.775125][T16830] ? policy_nodemask+0x27c/0x720 [ 835.775140][T16830] ? __lock_acquire+0xab9/0xd20 [ 835.775168][T16830] alloc_pages_mpol+0x232/0x4a0 [ 835.775191][T16830] vma_alloc_folio_noprof+0xe4/0x200 [ 835.775211][T16830] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 835.775244][T16830] folio_prealloc+0x30/0x180 [ 835.775263][T16830] __handle_mm_fault+0x2c88/0x5620 [ 835.775306][T16830] ? __pfx___handle_mm_fault+0x10/0x10 [ 835.775346][T16830] ? find_vma+0xe7/0x160 [ 835.775363][T16830] ? __pfx_find_vma+0x10/0x10 [ 835.775382][T16830] handle_mm_fault+0x40a/0x8e0 [ 835.775416][T16830] do_user_addr_fault+0x764/0x1390 [ 835.775453][T16830] exc_page_fault+0x76/0xf0 [ 835.775477][T16830] asm_exc_page_fault+0x26/0x30 [ 835.775500][T16830] RIP: 0010:put_cmsg+0x201/0x640 [ 835.775524][T16830] Code: 89 f6 e8 52 00 76 f8 48 89 df 4c 89 ee e8 47 00 76 f8 4c 39 eb 0f 82 fd 02 00 00 4c 39 f3 0f 87 f4 02 00 00 0f 01 cb 0f ae e8 <4d> 89 65 00 8b 44 24 08 41 89 45 08 8b 44 24 0c 41 89 45 0c 49 83 [ 835.775538][T16830] RSP: 0018:ffffc9000c667400 EFLAGS: 00050283 [ 835.775554][T16830] RAX: ffffffff894a5e69 RBX: 0000200000001564 RCX: ffff888026119e00 [ 835.775567][T16830] RDX: 0000000000000000 RSI: 0000200000001540 RDI: 0000200000001564 [ 835.775580][T16830] RBP: 0000000000000014 R08: ffffc9000c667520 R09: 0000000000000000 [ 835.775592][T16830] R10: ffffc9000c667520 R11: fffff520018ccea6 R12: 0000000000000024 [ 835.775604][T16830] R13: 0000200000001540 R14: 00007ffffffff000 R15: ffffc9000c667520 [ 835.775624][T16830] ? put_cmsg+0x1e9/0x640 [ 835.775663][T16830] ipv6_recv_error+0xc14/0x1490 [ 835.775696][T16830] ? __pfx_ipv6_recv_error+0x10/0x10 [ 835.775720][T16830] ? up_write+0x1c4/0x420 [ 835.775735][T16830] ? aa_label_sk_perm+0x413/0x560 [ 835.775759][T16830] ? process_measurement+0x1640/0x1a40 [ 835.775781][T16830] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 835.775806][T16830] udpv6_recvmsg+0x221/0x1630 [ 835.775829][T16830] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 835.775853][T16830] ? __pfx___might_resched+0x10/0x10 [ 835.775882][T16830] ? __pfx_udpv6_recvmsg+0x10/0x10 [ 835.775900][T16830] ? __lock_acquire+0xab9/0xd20 [ 835.775926][T16830] ? aa_sk_perm+0x81e/0x950 [ 835.775947][T16830] ? __pfx_udpv6_recvmsg+0x10/0x10 [ 835.775963][T16830] inet6_recvmsg+0x1ee/0x6b0 [ 835.775981][T16830] ? __pfx_aa_sk_perm+0x10/0x10 [ 835.776003][T16830] ? __pfx_inet6_recvmsg+0x10/0x10 [ 835.776017][T16830] ? __lock_acquire+0xab9/0xd20 [ 835.776041][T16830] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 835.776061][T16830] ? security_socket_recvmsg+0x7e/0x2e0 [ 835.776087][T16830] sock_recvmsg+0x105/0x270 [ 835.776115][T16830] ____sys_recvmsg+0x1c9/0x460 [ 835.776145][T16830] ? __pfx_____sys_recvmsg+0x10/0x10 [ 835.776181][T16830] ? import_iovec+0x74/0xa0 [ 835.776202][T16830] ___sys_recvmsg+0x1b5/0x510 [ 835.776228][T16830] ? __pfx____sys_recvmsg+0x10/0x10 [ 835.776273][T16830] ? __fget_files+0x3a0/0x420 [ 835.776303][T16830] do_recvmmsg+0x307/0x770 [ 835.776332][T16830] ? __pfx_do_recvmmsg+0x10/0x10 [ 835.776365][T16830] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 835.776399][T16830] __x64_sys_recvmmsg+0x190/0x240 [ 835.776423][T16830] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 835.776442][T16830] ? rcu_is_watching+0x15/0xb0 [ 835.776470][T16830] ? do_syscall_64+0xbe/0x3b0 [ 835.776490][T16830] do_syscall_64+0xfa/0x3b0 [ 835.776510][T16830] ? lockdep_hardirqs_on+0x9c/0x150 [ 835.776532][T16830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.776548][T16830] ? clear_bhb_loop+0x60/0xb0 [ 835.776568][T16830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.776584][T16830] RIP: 0033:0x7f3e7f18e929 [ 835.776599][T16830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 835.776612][T16830] RSP: 002b:00007f3e7ffed038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 835.776629][T16830] RAX: ffffffffffffffda RBX: 00007f3e7f3b5fa0 RCX: 00007f3e7f18e929 [ 835.776640][T16830] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000003 [ 835.776651][T16830] RBP: 00007f3e7ffed090 R08: 0000000000000000 R09: 0000000000000000 [ 835.776662][T16830] R10: 0000000000012141 R11: 0000000000000246 R12: 0000000000000001 [ 835.776673][T16830] R13: 0000000000000000 R14: 00007f3e7f3b5fa0 R15: 00007f3e7f4dfa28 [ 835.776700][T16830] [ 836.450622][ T10] usb 4-1: USB disconnect, device number 71 [ 836.984713][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3250'. [ 837.295130][T16851] bridge0: entered promiscuous mode [ 837.305331][T16851] bond0: entered promiscuous mode [ 837.310580][T16851] bond_slave_0: entered promiscuous mode [ 837.317462][T16851] bond_slave_1: entered promiscuous mode [ 837.330785][T16851] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 837.339828][T16851] Cannot create hsr debugfs directory [ 837.346554][T16851] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network [ 837.423835][T16851] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 837.434850][T16851] hsr1: entered allmulticast mode [ 837.490607][T16851] bridge0: entered allmulticast mode [ 837.524875][T16851] bond0: entered allmulticast mode [ 837.544066][T16851] bond_slave_0: entered allmulticast mode [ 837.565888][T16851] bond_slave_1: entered allmulticast mode [ 837.678712][T16853] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3253'. [ 837.936406][T13675] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 838.110640][T13675] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 838.120216][T13675] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 838.204670][T13675] usb 3-1: config 0 descriptor?? [ 838.226970][T13675] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 838.615987][T13675] cpia1 3-1:0.0: unexpected state after lo power cmd: 00 [ 839.125667][T16876] netlink: 'syz.0.3262': attribute type 13 has an invalid length. [ 839.125693][T16876] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3262'. [ 839.153813][T16876] net veth1_virt_wifi virt_wifi0: refused to change device tx_queue_len [ 839.272741][T13675] gspca_cpia1: usb_control_msg 02, error -71 [ 839.291068][T13675] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 839.394192][T13675] usb 3-1: USB disconnect, device number 42 [ 839.565831][ T10] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 839.611200][T16883] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 839.716774][T16886] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3265'. [ 839.755894][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 839.764306][ T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 839.778894][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 839.928007][ T10] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 839.944644][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.962935][ T10] usb 5-1: Product: syz [ 839.969897][ T10] usb 5-1: Manufacturer: syz [ 839.975276][ T10] usb 5-1: SerialNumber: syz [ 839.992453][ T10] usb 5-1: config 0 descriptor?? [ 840.020513][ T10] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 840.043470][ T10] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 840.366268][ T55] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 840.847886][ T55] usb 3-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 840.860440][ T55] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.905366][ T10] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 840.921914][ T10] em28xx 5-1:0.0: Config register raw data: 0x6c [ 840.929414][ T10] em28xx 5-1:0.0: I2S Audio (1 sample rate(s)) [ 840.937322][ T10] em28xx 5-1:0.0: No AC97 audio processor [ 840.945280][ T55] usb 3-1: config 0 descriptor?? [ 841.170267][T16888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 841.176355][ T5923] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 841.188671][T16888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 841.200745][ T55] hackrf 3-1:0.0: usb_control_msg() failed -71 request 0e [ 841.209827][ T55] hackrf 3-1:0.0: Could not detect board [ 841.215715][ T55] hackrf 3-1:0.0: probe with driver hackrf failed with error -71 [ 841.226403][ T55] usb 3-1: USB disconnect, device number 43 [ 841.347796][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 841.360535][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 841.371741][ T5923] usb 2-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.00 [ 841.386699][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 841.400655][ T5923] usb 2-1: config 0 descriptor?? [ 841.535971][ T5833] Bluetooth: hci5: command 0x0406 tx timeout [ 841.622553][ T5923] usbhid 2-1:0.0: can't add hid device: -71 [ 841.632823][ T5923] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 841.661677][ T5923] usb 2-1: USB disconnect, device number 30 [ 842.035686][ T5924] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 842.150380][T16921] usb usb8: usbfs: process 16921 (syz.3.3275) did not claim interface 0 before use [ 842.255612][ T5924] usb 3-1: Using ep0 maxpacket: 16 [ 842.262685][ T5924] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 842.270574][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024 [ 842.295664][ T5924] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 842.319908][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 842.339431][ T5924] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 842.358248][ T5924] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 842.370798][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.379481][ T5924] usb 3-1: Product: syz [ 842.383781][ T5924] usb 3-1: Manufacturer: syz [ 842.388664][ T5924] usb 3-1: SerialNumber: syz [ 842.861035][ T10] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 843.010413][ T5924] usb 3-1: config 0 descriptor?? [ 843.023910][T16908] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 843.025128][T13675] usb 5-1: USB disconnect, device number 62 [ 843.063229][ T5924] mcba_usb 3-1:0.0 can0: couldn't setup read URBs [ 843.070491][ T5924] mcba_usb 3-1:0.0 can0: couldn't start device: -90 [ 843.116381][ T5924] mcba_usb 3-1:0.0: probe with driver mcba_usb failed with error -90 [ 843.146017][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 843.154006][ T10] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 843.168347][ T10] usb 2-1: config 1 interface 0 has no altsetting 0 [ 843.230890][ T10] usb 2-1: New USB device found, idVendor=09da, idProduct=001a, bcdDevice= 0.40 [ 843.240677][T16908] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3272'. [ 843.246978][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 843.272113][ T10] usb 2-1: Product: syz [ 843.282284][ T10] usb 2-1: Manufacturer: à  [ 843.294730][T16926] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3277'. [ 843.295355][ T5924] usb 3-1: USB disconnect, device number 44 [ 843.304041][ T10] usb 2-1: SerialNumber: syz [ 843.393149][T16928] kvm: user requested TSC rate below hardware speed [ 843.561278][ T10] usbhid 2-1:1.0: can't add hid device: -71 [ 843.576853][ T10] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 843.592845][ T10] usb 2-1: USB disconnect, device number 31 [ 843.656237][T13675] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 843.845572][T13675] usb 4-1: Using ep0 maxpacket: 32 [ 843.852544][T13675] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 843.862411][T13675] usb 4-1: config 0 has no interface number 0 [ 843.879976][T13675] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 843.892526][T13675] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 843.900737][T13675] usb 4-1: Product: syz [ 843.906031][T13675] usb 4-1: Manufacturer: syz [ 843.920902][T13675] usb 4-1: SerialNumber: syz [ 843.933096][T13675] usb 4-1: config 0 descriptor?? [ 843.959277][T13675] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 844.230590][T13675] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 844.261704][T13675] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 844.370945][T16928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 844.434786][T16928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 844.705902][T13675] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 844.715183][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 844.730989][ T55] usb 4-1: USB disconnect, device number 72 [ 844.780287][ T55] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 844.818716][ T55] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 845.009775][T16957] usb usb8: usbfs: process 16957 (syz.0.3285) did not claim interface 0 before use [ 845.029639][T13675] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 845.041131][T13675] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.062573][ T55] quatech2 4-1:0.51: device disconnected [ 845.126799][T13675] usb 2-1: config 0 descriptor?? [ 845.199143][T13675] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 845.554429][T16963] netlink: 'syz.3.3288': attribute type 13 has an invalid length. [ 845.568859][T16963] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3288'. [ 845.603067][T16963] net veth1_virt_wifi virt_wifi0: refused to change device tx_queue_len [ 845.810952][T16970] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3289'. [ 845.895897][ T55] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 846.057293][ T55] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 846.085774][ T55] usb 5-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 846.095148][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 846.113592][ T55] usb 5-1: config 0 descriptor?? [ 846.455751][T16266] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 846.569218][ T55] elecom 0003:056E:00FC.004B: unknown main item tag 0x0 [ 846.569278][ T55] elecom 0003:056E:00FC.004B: unknown main item tag 0x0 [ 846.569304][ T55] elecom 0003:056E:00FC.004B: unknown main item tag 0x0 [ 846.569327][ T55] elecom 0003:056E:00FC.004B: unknown main item tag 0x0 [ 846.569351][ T55] elecom 0003:056E:00FC.004B: unknown main item tag 0x0 [ 846.578452][ T55] elecom 0003:056E:00FC.004B: hidraw0: USB HID vff.fe Device [HID 056e:00fc] on usb-dummy_hcd.4-1/input0 [ 846.625643][T16266] usb 4-1: Using ep0 maxpacket: 16 [ 846.627435][T16266] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 846.627484][T16266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024 [ 846.627509][T16266] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 846.627532][T16266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 846.627553][T16266] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 846.630991][T16266] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 846.631021][T16266] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 846.631040][T16266] usb 4-1: Product: syz [ 846.631054][T16266] usb 4-1: Manufacturer: syz [ 846.631068][T16266] usb 4-1: SerialNumber: syz [ 846.634568][T16266] usb 4-1: config 0 descriptor?? [ 846.635329][T16978] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 846.709315][T16266] mcba_usb 4-1:0.0 can0: couldn't setup read URBs [ 846.709339][T16266] mcba_usb 4-1:0.0 can0: couldn't start device: -90 [ 846.772354][T16961] fuse: Bad value for 'fd' [ 846.773570][T16961] usb usb9: check_ctrlrecip: process 16961 (syz.4.3287) requesting ep 01 but needs 81 [ 846.773597][T16961] usb usb9: usbfs: process 16961 (syz.4.3287) did not claim interface 0 before use [ 846.778188][ T55] usb 5-1: USB disconnect, device number 63 [ 846.848270][T16266] mcba_usb 4-1:0.0: probe with driver mcba_usb failed with error -90 [ 846.868060][T16986] fido_id[16986]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 846.889758][T16978] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 846.917454][T16990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3292'. [ 847.318111][ T55] usb 4-1: USB disconnect, device number 73 [ 847.408467][T13675] gspca_stv06xx: I2C: Read error writing address: -71 [ 847.413934][T13675] usb 2-1: USB disconnect, device number 32 [ 847.985888][ T5923] usb 5-1: new full-speed USB device number 64 using dummy_hcd [ 848.169006][T17009] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3300'. [ 848.189045][ T5923] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 848.230881][ T5923] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 848.243713][ T5923] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 848.362091][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 848.385979][ T5923] hub 5-1:4.0: USB hub found [ 848.797272][T16998] loop6: detected capacity change from 0 to 7 [ 848.814051][T16998] Dev loop6: unable to read RDB block 7 [ 848.823377][T16998] loop6: AHDI p1 p2 p3 [ 848.828707][T16998] loop6: partition table partially beyond EOD, truncated [ 848.851673][T16998] loop6: p1 start 926365495 is beyond EOD, truncated [ 848.872714][T16998] loop6: p2 size 116 extends beyond EOD, truncated [ 848.940174][ T5923] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 848.990422][ T5923] usb 5-1: USB disconnect, device number 64 [ 849.042037][ T5939] udevd[5939]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 849.555623][ T5923] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 849.707231][T14877] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 849.717316][T14877] CPU: 0 UID: 0 PID: 14877 Comm: kworker/u9:0 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 849.717343][T14877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 849.717356][T14877] Workqueue: hci1 hci_rx_work [ 849.717385][T14877] Call Trace: [ 849.717393][T14877] [ 849.717402][T14877] dump_stack_lvl+0x189/0x250 [ 849.717430][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 849.717452][T14877] ? __pfx_dump_stack_lvl+0x10/0x10 [ 849.717478][T14877] ? __pfx__printk+0x10/0x10 [ 849.717499][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 849.717517][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 849.717539][T14877] ? kernfs_path_from_node+0x22c/0x260 [ 849.717559][T14877] ? kernfs_path_from_node+0x2c/0x260 [ 849.717583][T14877] sysfs_create_dir_ns+0x259/0x280 [ 849.717606][T14877] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 849.717629][T14877] ? do_raw_spin_unlock+0x122/0x240 [ 849.717654][T14877] kobject_add_internal+0x59f/0xb40 [ 849.717683][T14877] kobject_add+0x155/0x220 [ 849.717707][T14877] ? __pfx_kobject_add+0x10/0x10 [ 849.717726][T14877] ? _raw_spin_unlock+0x28/0x50 [ 849.717753][T14877] ? get_device_parent+0x366/0x3a0 [ 849.717777][T14877] device_add+0x408/0xb50 [ 849.717800][T14877] hci_conn_add_sysfs+0xd5/0x1e0 [ 849.717827][T14877] le_conn_complete_evt+0xc3a/0x1220 [ 849.717862][T14877] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 849.717883][T14877] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 849.717899][T14877] ? __asan_memcpy+0x40/0x70 [ 849.717923][T14877] ? __pfx___mutex_lock+0x10/0x10 [ 849.717941][T14877] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 849.717957][T14877] ? skb_pull_data+0xfb/0x200 [ 849.717987][T14877] hci_le_conn_complete_evt+0x187/0x450 [ 849.718015][T14877] hci_event_packet+0x78c/0x1200 [ 849.718044][T14877] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 849.718077][T14877] ? __pfx_hci_event_packet+0x10/0x10 [ 849.718105][T14877] ? kcov_remote_start+0x4d3/0x7f0 [ 849.718127][T14877] ? lockdep_hardirqs_on+0x20/0x150 [ 849.718155][T14877] ? hci_send_to_monitor+0xe2/0x570 [ 849.718179][T14877] hci_rx_work+0x46a/0xe80 [ 849.718210][T14877] ? process_scheduled_works+0x9ef/0x17b0 [ 849.718238][T14877] process_scheduled_works+0xae1/0x17b0 [ 849.718293][T14877] ? __pfx_process_scheduled_works+0x10/0x10 [ 849.718337][T14877] worker_thread+0x8a0/0xda0 [ 849.718357][T14877] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 849.718389][T14877] ? __kthread_parkme+0x7b/0x200 [ 849.718418][T14877] kthread+0x70e/0x8a0 [ 849.718441][T14877] ? __pfx_worker_thread+0x10/0x10 [ 849.718464][T14877] ? __pfx_kthread+0x10/0x10 [ 849.718487][T14877] ? _raw_spin_unlock_irq+0x23/0x50 [ 849.718508][T14877] ? lockdep_hardirqs_on+0x9c/0x150 [ 849.718530][T14877] ? __pfx_kthread+0x10/0x10 [ 849.718551][T14877] ret_from_fork+0x3f9/0x770 [ 849.718577][T14877] ? __pfx_ret_from_fork+0x10/0x10 [ 849.718606][T14877] ? __switch_to_asm+0x39/0x70 [ 849.718623][T14877] ? __switch_to_asm+0x33/0x70 [ 849.718640][T14877] ? __pfx_kthread+0x10/0x10 [ 849.718661][T14877] ret_from_fork_asm+0x1a/0x30 [ 849.718697][T14877] [ 849.718727][T14877] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 849.731254][ T5923] usb 2-1: Using ep0 maxpacket: 32 [ 849.771965][ T5923] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 849.773396][T14877] Bluetooth: hci1: failed to register connection device [ 849.779568][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 849.939919][T17020] netlink: 'syz.3.3304': attribute type 10 has an invalid length. [ 850.038703][ T5923] usb 2-1: Product: syz [ 850.038726][ T5923] usb 2-1: Manufacturer: syz [ 850.038742][ T5923] usb 2-1: SerialNumber: syz [ 850.054430][ T5923] usb 2-1: config 0 descriptor?? [ 850.097645][T17020] 8021q: adding VLAN 0 to HW filter on device team0 [ 850.148915][ T5923] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 850.197908][T17020] team0: entered promiscuous mode [ 850.215436][T17020] team_slave_0: entered promiscuous mode [ 850.224051][T17020] team_slave_1: entered promiscuous mode [ 850.248909][T17030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3307'. [ 850.268869][T17020] team0: entered allmulticast mode [ 850.274117][T17020] team_slave_0: entered allmulticast mode [ 850.309458][T17020] team_slave_1: entered allmulticast mode [ 850.330004][T17020] bond0: (slave team0): Enslaving as an active interface with an up link [ 850.666019][ T55] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 850.715734][T16266] usb 5-1: new full-speed USB device number 65 using dummy_hcd [ 850.805681][ T55] usb 3-1: device descriptor read/64, error -71 [ 850.868348][T16266] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 850.965792][T16266] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 850.988728][T16266] usb 5-1: config 0 has no interface number 0 [ 851.005554][T16266] usb 5-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 851.023761][T16266] usb 5-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 851.034579][T16266] usb 5-1: Product: syz [ 851.043595][T16266] usb 5-1: Manufacturer: syz [ 851.051159][T16266] usb 5-1: SerialNumber: syz [ 851.055838][ T55] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 851.075249][T16266] usb 5-1: config 0 descriptor?? [ 851.122201][T16266] usb 5-1: Found UVC 0.00 device syz (046c:14e8) [ 851.136477][T16266] uvcvideo 5-1:0.105: Entity type for entity Output 1 was not initialized! [ 851.154398][T16266] usb 5-1: Failed to create links for entity 1 [ 851.168429][T16266] usb 5-1: Failed to register entities (-22). [ 851.185721][ T55] usb 3-1: device descriptor read/64, error -71 [ 851.322052][ T5924] usb 5-1: USB disconnect, device number 65 [ 851.328694][ T55] usb usb3-port1: attempt power cycle [ 851.706012][ T55] usb 3-1: new full-speed USB device number 47 using dummy_hcd [ 851.747105][ T55] usb 3-1: device descriptor read/8, error -71 [ 851.762954][T17046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3311'. [ 851.988271][ T55] usb 3-1: new full-speed USB device number 48 using dummy_hcd [ 852.027798][ T55] usb 3-1: device descriptor read/8, error -71 [ 852.146312][ T55] usb usb3-port1: unable to enumerate USB device [ 852.158042][ T5924] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 852.318753][T15199] syz_tun (unregistering): left allmulticast mode [ 852.336078][ T5924] usb 5-1: Using ep0 maxpacket: 8 [ 852.350252][ T5924] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 852.360325][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 852.369206][ T5924] usb 5-1: Product: syz [ 852.373714][ T5924] usb 5-1: Manufacturer: syz [ 852.374110][T14877] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 852.384371][ T5924] usb 5-1: SerialNumber: syz [ 852.393472][T14877] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 852.404658][T14877] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 852.415291][ T5924] usb 5-1: config 0 descriptor?? [ 852.415587][T14877] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 852.431926][T14877] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 852.486638][ T5924] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 852.507199][ T5924] usb 5-1: setting power ON [ 852.511849][ T5924] dvb-usb: bulk message failed: -22 (2/0) [ 852.534987][ T5924] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 852.564640][ T5924] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 852.588870][ T5924] usb 5-1: media controller created [ 852.631399][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 852.673541][ T5924] usb 5-1: selecting invalid altsetting 6 [ 852.689086][ T5924] usb 5-1: digital interface selection failed (-22) [ 852.710818][ T5924] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 852.712174][T17053] dvb-usb: bulk message failed: -22 (3/0) [ 852.736776][ T5924] usb 5-1: setting power OFF [ 852.748476][T17053] dvb-usb: bulk message failed: -22 (3/0) [ 852.765257][ T5924] dvb-usb: bulk message failed: -22 (2/0) [ 852.781432][ T5924] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 852.791828][ T5924] (NULL device *): no alternate interface [ 852.851780][ T5924] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 852.878695][ T5924] usb 5-1: USB disconnect, device number 66 [ 852.977226][ T5923] gspca_stk1135: reg_w 0x351 err -71 [ 852.984400][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 852.996337][ T5923] gspca_stk1135: Sensor write failed [ 853.001807][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.012055][ T5923] gspca_stk1135: Sensor write failed [ 853.034661][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.055871][ T5923] gspca_stk1135: Sensor read failed [ 853.061134][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.068878][ T5923] gspca_stk1135: Sensor read failed [ 853.074306][ T5923] gspca_stk1135: Detected sensor type unknown (0x0) [ 853.083604][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.090446][ T5923] gspca_stk1135: Sensor read failed [ 853.097635][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.104045][ T5923] gspca_stk1135: Sensor read failed [ 853.109750][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.118068][ T5923] gspca_stk1135: Sensor write failed [ 853.118941][ T7337] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 853.123533][ T5923] gspca_stk1135: serial bus timeout: status=0x00 [ 853.140787][ T5923] gspca_stk1135: Sensor write failed [ 853.147204][ T5923] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71 [ 853.163465][ T5923] usb 2-1: USB disconnect, device number 33 [ 853.493700][T17063] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3316'. [ 853.585444][ T7337] bond0 (unregistering): Released all slaves [ 853.588043][T13675] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 853.604738][ T7337] bond1 (unregistering): Released all slaves [ 853.620345][T17056] chnl_net:caif_netlink_parms(): no params data found [ 853.693376][ T7337] : left promiscuous mode [ 853.766126][T13675] usb 5-1: config 0 interface 0 has no altsetting 0 [ 853.772803][T13675] usb 5-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 853.795659][ T5923] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 853.812222][T13675] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 853.838560][T13675] usb 5-1: config 0 descriptor?? [ 853.951033][ T7337] tipc: Disabling bearer [ 853.956883][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 853.965772][T17056] bridge0: port 1(bridge_slave_0) entered blocking state [ 853.975870][ T7337] tipc: Left network mode [ 853.998316][ T5923] usb 3-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 854.011267][T17056] bridge0: port 1(bridge_slave_0) entered disabled state [ 854.035678][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 854.043732][ T5923] usb 3-1: Product: syz [ 854.050363][T17078] FAULT_INJECTION: forcing a failure. [ 854.050363][T17078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 854.052138][T17056] bridge_slave_0: entered allmulticast mode [ 854.072066][ T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 854.075016][ T5923] usb 3-1: Manufacturer: syz [ 854.090898][ T5923] usb 3-1: SerialNumber: syz [ 854.095871][T17078] CPU: 1 UID: 0 PID: 17078 Comm: syz.3.3318 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 854.095893][T17078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 854.095903][T17078] Call Trace: [ 854.095911][T17078] [ 854.095918][T17078] dump_stack_lvl+0x189/0x250 [ 854.095946][T17078] ? __pfx____ratelimit+0x10/0x10 [ 854.095970][T17078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 854.095992][T17078] ? __pfx__printk+0x10/0x10 [ 854.096021][T17078] should_fail_ex+0x414/0x560 [ 854.096045][T17078] _copy_to_user+0x31/0xb0 [ 854.096063][T17078] simple_read_from_buffer+0xe1/0x170 [ 854.096085][T17078] proc_fail_nth_read+0x1df/0x250 [ 854.096108][T17078] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 854.096131][T17078] ? rw_verify_area+0x258/0x650 [ 854.096152][T17078] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 854.096172][T17078] vfs_read+0x1fd/0x980 [ 854.096198][T17078] ? __pfx___mutex_lock+0x10/0x10 [ 854.096215][T17078] ? __pfx_vfs_read+0x10/0x10 [ 854.096239][T17078] ? __fget_files+0x2a/0x420 [ 854.096262][T17078] ? __fget_files+0x3a0/0x420 [ 854.096277][T17078] ? __fget_files+0x2a/0x420 [ 854.096299][T17078] ksys_read+0x145/0x250 [ 854.096316][T17078] ? __pfx_ksys_read+0x10/0x10 [ 854.096335][T17078] ? fput+0xa0/0xd0 [ 854.096356][T17078] ? do_syscall_64+0xbe/0x3b0 [ 854.096376][T17078] do_syscall_64+0xfa/0x3b0 [ 854.096391][T17078] ? lockdep_hardirqs_on+0x9c/0x150 [ 854.096413][T17078] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.096429][T17078] ? clear_bhb_loop+0x60/0xb0 [ 854.096449][T17078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.096464][T17078] RIP: 0033:0x7feeb0d8d33c [ 854.096479][T17078] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 854.096494][T17078] RSP: 002b:00007feeb1cba030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 854.096512][T17078] RAX: ffffffffffffffda RBX: 00007feeb0fb5fa0 RCX: 00007feeb0d8d33c [ 854.096524][T17078] RDX: 000000000000000f RSI: 00007feeb1cba0a0 RDI: 0000000000000004 [ 854.096535][T17078] RBP: 00007feeb1cba090 R08: 0000000000000000 R09: 0000000000000000 [ 854.096545][T17078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 854.096555][T17078] R13: 0000000000000000 R14: 00007feeb0fb5fa0 R15: 00007feeb10dfa28 [ 854.096592][T17078] [ 854.117960][T17056] bridge_slave_0: entered promiscuous mode [ 854.216991][ T5923] usb 3-1: config 0 descriptor?? [ 854.225946][T17056] bridge0: port 2(bridge_slave_1) entered blocking state [ 854.281191][ T5923] ttusb_dec_send_command: command bulk message failed: error -22 [ 854.292334][T13675] uclogic 0003:28BD:0075.004C: interface is invalid, ignoring [ 854.348439][ T5923] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22 [ 854.351176][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 854.387529][T17056] bridge0: port 2(bridge_slave_1) entered disabled state [ 854.394794][T17056] bridge_slave_1: entered allmulticast mode [ 854.402686][T17056] bridge_slave_1: entered promiscuous mode [ 854.413679][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 854.430259][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 854.441735][ T9] usb 2-1: New USB device found, idVendor=04d8, idProduct=02dd, bcdDevice= 0.00 [ 854.453943][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 854.475588][ T9] usb 2-1: config 0 descriptor?? [ 854.490676][T17061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 854.501220][T14877] Bluetooth: hci2: command tx timeout [ 854.508800][T17061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 854.558286][T13675] usb 5-1: USB disconnect, device number 67 [ 854.563641][ T5923] usb 3-1: USB disconnect, device number 49 [ 854.792716][T17056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 854.814356][T17091] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 854.847348][T17056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 854.893394][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 854.900080][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 854.946632][ T9] usb 2-1: USB disconnect, device number 34 [ 855.103842][ T7337] hsr_slave_0: left promiscuous mode [ 855.150241][ T7337] hsr_slave_1: left promiscuous mode [ 855.197518][T13675] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 855.273777][T17102] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3322'. [ 855.417874][T13675] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 855.429489][T13675] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 855.439098][T13675] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 855.449831][T13675] usb 4-1: config 220 has no interface number 2 [ 855.462059][T13675] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 855.479893][T13675] usb 4-1: config 220 interface 0 has no altsetting 0 [ 855.514834][T13675] usb 4-1: config 220 interface 76 has no altsetting 0 [ 855.551054][T13675] usb 4-1: config 220 interface 1 has no altsetting 0 [ 855.577914][T13675] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 855.597660][T13675] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.609856][T13675] usb 4-1: Product: syz [ 855.617253][T13675] usb 4-1: Manufacturer: syz [ 855.625233][T13675] usb 4-1: SerialNumber: syz [ 855.887612][T17094] fuse: Unknown parameter 'default_permissions¯µ [ 855.887612][T17094] SkôÌnCÚO'“a8' [ 856.026865][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 856.026882][ T30] audit: type=1326 audit(1750431747.082:15866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.240360][ T30] audit: type=1326 audit(1750431747.112:15867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.276943][ T30] audit: type=1326 audit(1750431747.112:15868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.299490][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.309723][ T30] audit: type=1326 audit(1750431747.112:15869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.332183][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.444083][ T30] audit: type=1326 audit(1750431747.112:15870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.530148][ T30] audit: type=1326 audit(1750431747.112:15871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.555098][T13675] usb 4-1: selecting invalid altsetting 0 [ 856.573460][T13675] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 856.588272][T14877] Bluetooth: hci2: command tx timeout [ 856.607376][T13675] usb 4-1: No valid video chain found. [ 856.629451][ T30] audit: type=1326 audit(1750431747.112:15872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.664759][ T30] audit: type=1326 audit(1750431747.112:15873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.688577][T13675] usb 4-1: selecting invalid altsetting 0 [ 856.694358][T13675] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 856.722067][T13675] usb 4-1: USB disconnect, device number 74 [ 856.799567][ T30] audit: type=1326 audit(1750431747.122:15874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 856.955904][ T30] audit: type=1326 audit(1750431747.122:15875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 857.624736][T17056] team0: Port device team_slave_0 added [ 857.802697][T17056] team0: Port device team_slave_1 added [ 858.088106][T17056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 858.114132][T17056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 858.157491][T17135] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3332'. [ 858.208950][T17056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 858.235804][T17056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 858.243483][T17056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 858.269418][ C1] vkms_vblank_simulate: vblank timer overrun [ 858.325419][T17056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 858.340968][T17141] FAULT_INJECTION: forcing a failure. [ 858.340968][T17141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 858.365182][T17141] CPU: 1 UID: 0 PID: 17141 Comm: syz.2.3335 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 858.365209][T17141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 858.365220][T17141] Call Trace: [ 858.365227][T17141] [ 858.365243][T17141] dump_stack_lvl+0x189/0x250 [ 858.365272][T17141] ? __pfx____ratelimit+0x10/0x10 [ 858.365295][T17141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 858.365318][T17141] ? __pfx__printk+0x10/0x10 [ 858.365353][T17141] ? __might_fault+0xb0/0x130 [ 858.365380][T17141] should_fail_ex+0x414/0x560 [ 858.365406][T17141] _copy_from_user+0x2d/0xb0 [ 858.365424][T17141] tipc_setsockopt+0x284/0x970 [ 858.365453][T17141] ? __pfx_tipc_setsockopt+0x10/0x10 [ 858.365478][T17141] ? aa_sock_opt_perm+0x74/0x110 [ 858.365500][T17141] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 858.365519][T17141] ? __pfx_tipc_setsockopt+0x10/0x10 [ 858.365541][T17141] do_sock_setsockopt+0x257/0x3e0 [ 858.365563][T17141] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 858.365587][T17141] ? __fget_files+0x2a/0x420 [ 858.365614][T17141] __x64_sys_setsockopt+0x18b/0x220 [ 858.365640][T17141] do_syscall_64+0xfa/0x3b0 [ 858.365655][T17141] ? lockdep_hardirqs_on+0x9c/0x150 [ 858.365677][T17141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.365693][T17141] ? clear_bhb_loop+0x60/0xb0 [ 858.365712][T17141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.365728][T17141] RIP: 0033:0x7f3e7f18e929 [ 858.365744][T17141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 858.365759][T17141] RSP: 002b:00007f3e7ffed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 858.365777][T17141] RAX: ffffffffffffffda RBX: 00007f3e7f3b5fa0 RCX: 00007f3e7f18e929 [ 858.365790][T17141] RDX: 0000000000000082 RSI: 000000000000010f RDI: 0000000000000003 [ 858.365801][T17141] RBP: 00007f3e7ffed090 R08: 0000000000000004 R09: 0000000000000000 [ 858.365811][T17141] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 858.365821][T17141] R13: 0000000000000000 R14: 00007f3e7f3b5fa0 R15: 00007f3e7f4dfa28 [ 858.365848][T17141] [ 858.575110][ C1] vkms_vblank_simulate: vblank timer overrun [ 858.660323][T17056] hsr_slave_0: entered promiscuous mode [ 858.669340][T17056] hsr_slave_1: entered promiscuous mode [ 858.676407][T17056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 858.683991][T17056] Cannot create hsr debugfs directory [ 858.704279][T14877] Bluetooth: hci2: command tx timeout [ 858.797831][ T7337] IPVS: stop unused estimator thread 0... [ 860.135580][T13675] usb 4-1: new low-speed USB device number 75 using dummy_hcd [ 860.288195][T17056] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 860.312098][T13675] usb 4-1: config 0 has an invalid interface number: 168 but max is 0 [ 860.334734][T17056] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 860.345108][T13675] usb 4-1: config 0 has no interface number 0 [ 860.360478][T13675] usb 4-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=dd.b8 [ 860.369725][ T55] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 860.384305][T17056] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 860.391530][T13675] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.424765][T17056] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 860.432989][T13675] usb 4-1: config 0 descriptor?? [ 860.460833][T13675] lan78xx 4-1:0.168 (unnamed net_device) (uninitialized): USB bus speed not supported [ 860.520387][T13675] lan78xx 4-1:0.168: probe with driver lan78xx failed with error -5 [ 860.556973][ T55] usb 3-1: config 1 descriptor has 1 excess byte, ignoring [ 860.572032][ T55] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 56, changing to 9 [ 860.606116][ T55] usb 3-1: config 1 interface 1 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 860.666915][ T55] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 860.702956][ T55] usb 3-1: New USB device found, idVendor=7d25, idProduct=3f11, bcdDevice= 0.6e [ 860.723830][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 860.738516][ T5835] Bluetooth: hci2: command tx timeout [ 860.745575][ T55] usb 3-1: Product: syz [ 860.753501][T17056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 860.761571][ T55] usb 3-1: Manufacturer: syz [ 860.766450][ T55] usb 3-1: SerialNumber: syz [ 860.789546][ T55] cdc_ncm 3-1:1.0: skipping garbage [ 860.818526][ T55] cdc_ncm 3-1:1.0: NCM or ECM functional descriptors missing [ 860.834541][T17056] 8021q: adding VLAN 0 to HW filter on device team0 [ 860.848021][ T55] cdc_ncm 3-1:1.0: bind() failure [ 860.880149][ T55] cdc_ncm 3-1:1.1: skipping garbage [ 860.895353][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 860.902520][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 860.910845][ T55] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 860.921100][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 860.928315][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 860.946916][ T55] cdc_ncm 3-1:1.1: bind() failure [ 860.994325][ T55] usb 3-1: USB disconnect, device number 50 [ 861.228096][T17056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 861.422155][T17056] veth0_vlan: entered promiscuous mode [ 861.458964][T17056] veth1_vlan: entered promiscuous mode [ 861.643947][T17056] veth0_macvtap: entered promiscuous mode [ 861.800814][T17056] veth1_macvtap: entered promiscuous mode [ 861.872787][T17056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 861.983344][T17056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 862.029535][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 862.050545][T17219] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 862.129663][T17056] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.138629][T17056] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.139213][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 862.139228][ T30] audit: type=1326 audit(1750431753.132:15879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.181429][T17223] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3349'. [ 862.241024][T17056] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.278745][ T30] audit: type=1326 audit(1750431753.132:15880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.301460][ T30] audit: type=1326 audit(1750431753.132:15881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.324287][ T30] audit: type=1326 audit(1750431753.132:15882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.395527][ T30] audit: type=1326 audit(1750431753.132:15883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.396742][T17056] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.432197][T17223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3349'. [ 862.624512][ T30] audit: type=1326 audit(1750431753.132:15884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.764519][ T30] audit: type=1326 audit(1750431753.132:15885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.811393][T13675] IPVS: starting estimator thread 0... [ 862.890283][ T30] audit: type=1326 audit(1750431753.132:15886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 862.917452][T17231] IPVS: using max 52 ests per chain, 124800 per kthread [ 863.014895][ T30] audit: type=1326 audit(1750431753.132:15887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 863.187180][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 863.236632][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 863.356632][ T5921] usb 4-1: USB disconnect, device number 75 [ 863.369727][ T30] audit: type=1326 audit(1750431753.142:15888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17210 comm="syz.2.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 863.485306][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 863.518821][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 864.075598][ T5924] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 864.205576][ T5924] usb 4-1: device descriptor read/64, error -71 [ 864.255930][ T5923] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 864.420433][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 864.468064][ T5924] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 864.484908][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 864.513468][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 864.556394][ T5923] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 864.584957][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.623169][ T5923] usb 3-1: config 0 descriptor?? [ 864.628634][ T5924] usb 4-1: device descriptor read/64, error -71 [ 864.739104][ T5924] usb usb4-port1: attempt power cycle [ 865.072646][T17285] bridge0: entered promiscuous mode [ 865.084108][T17285] bond0: entered promiscuous mode [ 865.089840][T17285] bond_slave_0: entered promiscuous mode [ 865.098996][T17285] bond_slave_1: entered promiscuous mode [ 865.114761][T17285] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 865.123318][T17285] Cannot create hsr debugfs directory [ 865.129782][T17285] hsr1: entered allmulticast mode [ 865.135300][T17285] bridge0: entered allmulticast mode [ 865.140962][T17285] bond0: entered allmulticast mode [ 865.146547][T17285] bond_slave_0: entered allmulticast mode [ 865.152512][T17285] bond_slave_1: entered allmulticast mode [ 865.158976][ T5924] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 865.176075][T17254] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 865.199375][ T5923] usbhid 3-1:0.0: can't add hid device: -71 [ 865.207271][ T5923] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 865.216353][ T5924] usb 4-1: device descriptor read/8, error -71 [ 865.231917][ T5923] usb 3-1: USB disconnect, device number 51 [ 865.477481][ T5924] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 865.506595][ T5924] usb 4-1: device descriptor read/8, error -71 [ 865.639467][ T5924] usb usb4-port1: unable to enumerate USB device [ 865.664617][T17293] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3362'. [ 865.925754][ T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 866.105536][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 866.119860][ T9] usb 2-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 866.132142][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 866.140746][ T9] usb 2-1: Product: syz [ 866.145265][ T9] usb 2-1: Manufacturer: syz [ 866.151033][ T9] usb 2-1: SerialNumber: syz [ 866.158720][ T9] usb 2-1: config 0 descriptor?? [ 866.172091][ T9] ttusb_dec_send_command: command bulk message failed: error -22 [ 866.184818][ T9] ttusb-dec 2-1:0.0: probe with driver ttusb-dec failed with error -22 [ 866.374845][ T9] usb 2-1: USB disconnect, device number 35 [ 867.586590][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 867.586610][ T30] audit: type=1326 audit(1750431758.582:15890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 867.628320][T17324] tipc: Enabling of bearer rejected, already enabled [ 867.685978][ T30] audit: type=1326 audit(1750431758.582:15891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 867.713891][ T30] audit: type=1326 audit(1750431758.582:15892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 867.740244][ T30] audit: type=1326 audit(1750431758.582:15893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 867.813519][T13675] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 867.843964][ T30] audit: type=1326 audit(1750431758.582:15894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 868.015951][T13675] usb 4-1: Using ep0 maxpacket: 16 [ 868.024283][ T5833] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 868.039712][T13675] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 868.065652][ T30] audit: type=1326 audit(1750431758.582:15895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 868.088489][T13675] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 868.100697][T13675] usb 4-1: New USB device found, idVendor=04d8, idProduct=02dd, bcdDevice= 0.00 [ 868.109895][T13675] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 868.119206][ T30] audit: type=1326 audit(1750431758.582:15896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 868.143582][ T30] audit: type=1326 audit(1750431758.582:15897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 868.166789][T13675] usb 4-1: config 0 descriptor?? [ 868.277759][ T30] audit: type=1326 audit(1750431758.582:15898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 868.879333][T17341] usb usb8: usbfs: process 17341 (syz.4.3372) did not claim interface 0 before use [ 868.995890][T13675] usbhid 4-1:0.0: can't add hid device: -71 [ 869.019545][ T30] audit: type=1326 audit(1750431758.582:15899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17313 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f4c0f18e929 code=0x7ffc0000 [ 869.020731][T13675] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 869.072238][T13675] usb 4-1: USB disconnect, device number 80 [ 870.138012][T17350] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3375'. [ 870.197609][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.203955][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.614860][ T5923] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 870.749903][ T5933] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 871.105825][ T5923] usb 2-1: Using ep0 maxpacket: 32 [ 871.172471][ T5923] usb 2-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 871.181704][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 871.189796][ T5923] usb 2-1: Product: syz [ 871.195597][ T5923] usb 2-1: Manufacturer: syz [ 871.201873][ T5923] usb 2-1: SerialNumber: syz [ 871.219054][ T5923] usb 2-1: config 0 descriptor?? [ 871.237206][ T5933] usb 4-1: Using ep0 maxpacket: 16 [ 871.257755][ T5923] ttusb_dec_send_command: command bulk message failed: error -22 [ 871.265564][T13675] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 871.268490][ T5923] ttusb-dec 2-1:0.0: probe with driver ttusb-dec failed with error -22 [ 871.268615][ T5933] usb 4-1: config 0 has an invalid descriptor of length 153, skipping remainder of the config [ 871.331585][ T5933] usb 4-1: too many endpoints for config 0 interface 0 altsetting 193: 115, using maximum allowed: 30 [ 871.342785][ T5933] usb 4-1: config 0 interface 0 altsetting 193 has 0 endpoint descriptors, different from the interface descriptor's value: 115 [ 871.375373][ T5933] usb 4-1: config 0 interface 0 has no altsetting 0 [ 871.385350][ T5933] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 871.402402][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 871.423228][ T5933] usb 4-1: config 0 descriptor?? [ 871.425561][T13675] usb 5-1: Using ep0 maxpacket: 8 [ 871.450491][ T5923] usb 2-1: USB disconnect, device number 36 [ 871.483523][T13675] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3 [ 871.511439][T13675] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 871.553757][T13675] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 871.565806][T13675] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 871.574264][T13675] usb 5-1: Product: syz [ 871.578574][T13675] usb 5-1: Manufacturer: syz [ 871.583374][T13675] usb 5-1: SerialNumber: syz [ 871.616814][T13675] usb 5-1: config 0 descriptor?? [ 871.664576][T13675] streamzap 5-1:0.0: streamzap_probe: endpoint doesn't match input device 0203 [ 871.837087][ T5933] usb 4-1: string descriptor 0 read error: -71 [ 871.867135][ T5933] usb 4-1: USB disconnect, device number 81 [ 871.921724][T17367] vivid-007: ================= START STATUS ================= [ 871.928464][ T5923] usb 5-1: USB disconnect, device number 68 [ 871.949299][T17367] vivid-007: Enable Output Cropping: true [ 871.960438][T17367] vivid-007: Enable Output Composing: true [ 871.998556][T17367] vivid-007: Enable Output Scaler: true [ 872.004426][T17367] vivid-007: Tx RGB Quantization Range: Automatic [ 872.016101][T17371] bridge0: port 2(bridge_slave_1) entered disabled state [ 872.023897][T17371] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.033593][T17367] vivid-007: Transmit Mode: HDMI [ 872.039303][T17367] vivid-007: Hotplug Present: 0x00000000 [ 872.045093][T17367] vivid-007: RxSense Present: 0x00000000 [ 872.054284][T17367] vivid-007: EDID Present: 0x00000000 [ 872.062221][T17367] vivid-007: ================== END STATUS ================== [ 872.259014][T17371] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 872.273759][T17371] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 872.399525][T17371] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.475155][T17371] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.516267][T17371] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.525193][T17371] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.645970][ T9] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 872.665608][ T5923] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 872.815667][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 872.831073][ T5923] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 872.849193][ T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 872.850789][ T5923] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 872.869351][ T9] usb 4-1: config 0 has no interface number 0 [ 872.890447][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 872.890469][ T5923] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 872.915656][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 872.936062][ T9] usb 4-1: Product: syz [ 872.938253][ T5923] usb 2-1: config 220 has no interface number 2 [ 872.940251][ T9] usb 4-1: Manufacturer: syz [ 872.953508][ T9] usb 4-1: SerialNumber: syz [ 872.966676][ T5923] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 872.971324][ T9] usb 4-1: config 0 descriptor?? [ 872.983206][ T5923] usb 2-1: config 220 interface 0 has no altsetting 0 [ 872.992441][ T5923] usb 2-1: config 220 interface 76 has no altsetting 0 [ 872.994523][ T9] smsc95xx v2.0.0 [ 873.003691][ T5923] usb 2-1: config 220 interface 1 has no altsetting 0 [ 873.011080][ T5924] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 873.102335][ T5923] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 873.115209][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 873.124450][ T5923] usb 2-1: Product: syz [ 873.132489][ T5923] usb 2-1: Manufacturer: syz [ 873.141156][ T5923] usb 2-1: SerialNumber: syz [ 873.225594][ T5924] usb 3-1: Using ep0 maxpacket: 16 [ 873.237450][ T5924] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 873.260467][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 873.281856][ T5924] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 873.291092][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 873.299723][ T5924] usb 3-1: Product: syz [ 873.304023][ T5924] usb 3-1: Manufacturer: syz [ 873.309033][ T5924] usb 3-1: SerialNumber: syz [ 873.321634][ T5924] usb 3-1: config 0 descriptor?? [ 873.330839][ T5924] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 873.343110][ T5924] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 873.405873][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 873.417986][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 873.861792][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 873.861810][ T30] audit: type=1326 audit(1750431764.902:15903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17402 comm="syz.0.3391" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f110af8e929 code=0x0 [ 873.900407][ T5923] usb 2-1: selecting invalid altsetting 0 [ 873.933467][ T5923] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 873.945171][ T5923] usb 2-1: No valid video chain found. [ 873.952233][ T5924] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 873.985589][ T5924] em28xx 3-1:0.0: Config register raw data: 0x6c [ 873.995247][ T5924] em28xx 3-1:0.0: I2S Audio (1 sample rate(s)) [ 874.016911][ T5924] em28xx 3-1:0.0: No AC97 audio processor [ 874.024019][ T5923] usb 2-1: selecting invalid altsetting 0 [ 874.048892][ T5923] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 874.089323][ T5923] usb 2-1: USB disconnect, device number 37 [ 874.132945][ T5939] udevd[5939]: setting owner of /dev/bus/usb/002/037 to uid=0, gid=0 failed: No such file or directory [ 874.431076][T17408] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 875.002036][T17416] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 875.252953][T17422] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 875.734855][T17382] syzkaller1: entered promiscuous mode [ 875.748527][T17382] syzkaller1: entered allmulticast mode [ 875.957131][T17432] syz_tun: entered allmulticast mode [ 875.974199][T17431] syz_tun: left allmulticast mode [ 876.006009][ T10] usb 3-1: USB disconnect, device number 52 [ 876.283671][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 876.319700][ T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 876.383123][ T9] usb 4-1: USB disconnect, device number 82 [ 876.506614][ T30] audit: type=1326 audit(1750431767.562:15904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 876.541030][ T30] audit: type=1326 audit(1750431767.582:15905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 876.568729][ T30] audit: type=1326 audit(1750431767.582:15906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 876.591985][ T30] audit: type=1326 audit(1750431767.582:15907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 876.615375][ T30] audit: type=1326 audit(1750431767.582:15908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 876.977112][ T30] audit: type=1326 audit(1750431767.582:15909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 877.205427][ T30] audit: type=1326 audit(1750431767.582:15910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 877.228157][ T30] audit: type=1326 audit(1750431767.582:15911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 877.254122][ T30] audit: type=1326 audit(1750431767.582:15912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17438 comm="syz.2.3402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7f18e929 code=0x7ffc0000 [ 877.405086][T17460] bridge0: port 2(bridge_slave_1) entered disabled state [ 877.412618][T17460] bridge0: port 1(bridge_slave_0) entered disabled state [ 877.875298][T17467] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 878.005947][ T10] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 878.076094][ T9] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 878.245739][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 878.264832][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3 [ 878.289987][ T5833] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 878.302030][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:2 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 878.302048][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 878.302056][ T5833] Workqueue: hci2 hci_rx_work [ 878.302075][ T5833] Call Trace: [ 878.302081][ T5833] [ 878.302087][ T5833] dump_stack_lvl+0x189/0x250 [ 878.302104][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 878.302120][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 878.302147][ T5833] sysfs_create_dir_ns+0x259/0x280 [ 878.302162][ T5833] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 878.302176][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 878.302191][ T5833] kobject_add_internal+0x59f/0xb40 [ 878.302205][ T5833] kobject_add+0x155/0x220 [ 878.302218][ T5833] ? __pfx_kobject_add+0x10/0x10 [ 878.302228][ T5833] ? _raw_spin_unlock+0x28/0x50 [ 878.302244][ T5833] ? get_device_parent+0x366/0x3a0 [ 878.302267][ T5833] device_add+0x408/0xb50 [ 878.302280][ T5833] hci_conn_add_sysfs+0xd5/0x1e0 [ 878.302297][ T5833] le_conn_complete_evt+0xc3a/0x1220 [ 878.302317][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 878.302329][ T5833] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 878.302337][ T5833] ? __asan_memcpy+0x40/0x70 [ 878.302352][ T5833] ? __pfx___mutex_lock+0x10/0x10 [ 878.302362][ T5833] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 878.302370][ T5833] ? skb_pull_data+0xfb/0x200 [ 878.302386][ T5833] hci_le_conn_complete_evt+0x187/0x450 [ 878.302400][ T5833] hci_event_packet+0x78c/0x1200 [ 878.302416][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 878.302429][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 878.302443][ T5833] ? kcov_remote_start+0x4d3/0x7f0 [ 878.302456][ T5833] ? lockdep_hardirqs_on+0x20/0x150 [ 878.302471][ T5833] ? hci_send_to_monitor+0xe2/0x570 [ 878.302484][ T5833] hci_rx_work+0x46a/0xe80 [ 878.302503][ T5833] ? process_scheduled_works+0x9ef/0x17b0 [ 878.302518][ T5833] process_scheduled_works+0xae1/0x17b0 [ 878.302547][ T5833] ? __pfx_process_scheduled_works+0x10/0x10 [ 878.302570][ T5833] worker_thread+0x8a0/0xda0 [ 878.302593][ T5833] kthread+0x70e/0x8a0 [ 878.302606][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 878.302619][ T5833] ? __pfx_kthread+0x10/0x10 [ 878.302631][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 878.302643][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 878.302655][ T5833] ? __pfx_kthread+0x10/0x10 [ 878.302666][ T5833] ret_from_fork+0x3f9/0x770 [ 878.302682][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 878.302698][ T5833] ? __switch_to_asm+0x39/0x70 [ 878.302706][ T5833] ? __switch_to_asm+0x33/0x70 [ 878.302715][ T5833] ? __pfx_kthread+0x10/0x10 [ 878.302726][ T5833] ret_from_fork_asm+0x1a/0x30 [ 878.302745][ T5833] [ 878.302789][ T5833] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 878.589570][ T5833] Bluetooth: hci2: failed to register connection device [ 878.599108][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 878.613017][ T9] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 878.622240][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 878.630366][ T9] usb 3-1: Product: syz [ 878.634634][ T9] usb 3-1: Manufacturer: syz [ 878.639308][ T9] usb 3-1: SerialNumber: syz [ 878.646519][ T9] usb 3-1: config 0 descriptor?? [ 878.662239][ T9] streamzap 3-1:0.0: streamzap_probe: endpoint doesn't match input device 0203 [ 879.540933][ T9] usb 3-1: USB disconnect, device number 53 [ 880.235667][ T5923] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 882.918432][ T5923] usb 2-1: unable to get BOS descriptor or descriptor too short [ 882.938951][ T5923] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 882.960538][ T5923] usb 2-1: can't read configurations, error -71 [ 883.195576][ T10] usb 4-1: device descriptor read/64, error -110 [ 883.445650][ T10] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 883.595697][ T10] usb 4-1: device descriptor read/64, error -32 [ 883.705765][ T10] usb usb4-port1: attempt power cycle [ 883.985787][ T10] raw-gadget.0 gadget.3: failed to queue resume event [ 884.065686][ T10] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 884.095911][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 884.104240][ T10] usb 4-1: device descriptor read/8, error -32 [ 884.215753][ T10] raw-gadget.0 gadget.3: failed to queue suspend event [ 884.223190][ T10] raw-gadget.0 gadget.3: failed to queue reset event [ 884.305739][ T10] raw-gadget.0 gadget.3: failed to queue resume event [ 884.365655][ T10] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 884.387829][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 884.394999][ T10] usb 4-1: device descriptor read/8, error -32 [ 884.505766][ T10] raw-gadget.0 gadget.3: failed to queue suspend event [ 884.512933][ T10] usb usb4-port1: unable to enumerate USB device [ 892.032453][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 892.041817][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 892.050623][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 892.068005][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 892.077080][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 893.042289][ T5835] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 893.051152][ T5835] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 893.060462][ T5835] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 893.074303][ T5835] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 893.082208][ T5835] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 893.512828][ T5835] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 893.523820][ T5835] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 893.534901][ T5835] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 893.549904][ T5835] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 893.560231][ T5835] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 894.107861][ T5835] Bluetooth: hci4: command tx timeout [ 895.043885][ T5833] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 895.058027][ T5833] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 895.068881][ T5833] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 895.080001][ T5833] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 895.091862][ T5833] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 895.136563][ T5835] Bluetooth: hci6: command tx timeout [ 895.615716][ T5835] Bluetooth: hci7: command tx timeout [ 896.175595][ T5835] Bluetooth: hci4: command tx timeout [ 897.135689][ T5835] Bluetooth: hci8: command tx timeout [ 897.215725][ T5835] Bluetooth: hci6: command tx timeout [ 897.705641][ T5835] Bluetooth: hci7: command tx timeout [ 898.265659][ T5835] Bluetooth: hci4: command tx timeout [ 898.534089][ T5833] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 898.545379][ T5833] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 898.554699][ T5833] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 898.568339][ T5833] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 898.578896][ T5833] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 899.215640][ T5835] Bluetooth: hci8: command tx timeout [ 899.295641][ T5835] Bluetooth: hci6: command tx timeout [ 899.775598][ T5835] Bluetooth: hci7: command tx timeout [ 900.335927][ T5835] Bluetooth: hci4: command tx timeout [ 900.655978][ T5835] Bluetooth: hci9: command tx timeout [ 901.295688][ T5835] Bluetooth: hci8: command tx timeout [ 901.385675][ T5835] Bluetooth: hci6: command tx timeout [ 901.855758][ T5835] Bluetooth: hci7: command tx timeout [ 902.735709][ T5835] Bluetooth: hci9: command tx timeout [ 903.375594][ T5835] Bluetooth: hci8: command tx timeout [ 904.815681][ T5835] Bluetooth: hci9: command tx timeout [ 906.895712][ T5835] Bluetooth: hci9: command tx timeout [ 913.216669][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 931.619362][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.625843][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 952.088764][ T5833] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 952.104452][ T5833] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 952.113468][ T5833] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 952.121796][ T5833] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 952.132773][ T5833] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 953.093318][ T5833] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 953.104287][ T5833] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 953.114261][ T5833] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 953.123664][ T5833] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 953.134347][ T5833] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 953.589300][ T5833] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 953.600762][ T5833] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 953.610337][ T5833] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 953.620528][ T5833] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 953.628732][ T5833] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 954.175638][ T5835] Bluetooth: hci10: command tx timeout [ 955.091276][ T5833] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 955.100301][ T5833] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 955.111915][ T5833] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 955.120173][ T5833] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 955.129706][ T5833] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 955.215648][ T5835] Bluetooth: hci11: command tx timeout [ 955.695720][ T5835] Bluetooth: hci12: command tx timeout [ 956.255582][ T5835] Bluetooth: hci10: command tx timeout [ 957.215762][ T5835] Bluetooth: hci13: command tx timeout [ 957.295615][ T5835] Bluetooth: hci11: command tx timeout [ 957.775581][ T5835] Bluetooth: hci12: command tx timeout [ 958.335570][ T5835] Bluetooth: hci10: command tx timeout [ 958.618152][ T5833] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 958.628314][ T5833] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 958.637684][ T5833] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 958.646706][ T5833] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 958.657187][ T5833] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 959.295541][ T5835] Bluetooth: hci13: command tx timeout [ 959.375573][ T5835] Bluetooth: hci11: command tx timeout [ 959.855695][ T5835] Bluetooth: hci12: command tx timeout [ 960.415676][ T5835] Bluetooth: hci10: command tx timeout [ 960.735779][ T5835] Bluetooth: hci14: command tx timeout [ 961.385652][ T5835] Bluetooth: hci13: command tx timeout [ 961.455643][ T5835] Bluetooth: hci11: command tx timeout [ 961.935627][ T5835] Bluetooth: hci12: command tx timeout [ 962.815747][ T5835] Bluetooth: hci14: command tx timeout [ 963.455618][ T5835] Bluetooth: hci13: command tx timeout [ 964.900416][ T5835] Bluetooth: hci14: command tx timeout [ 966.975875][ T5835] Bluetooth: hci14: command tx timeout [ 974.666339][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 993.069050][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.075809][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1012.149442][ T5833] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 1012.165790][ T5833] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 1012.177531][ T5833] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 1012.187682][ T5833] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 1012.196745][ T5833] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 1013.156228][ T5833] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 1013.166615][ T5833] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 1013.175849][ T5833] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 1013.188658][ T5833] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 1013.198713][ T5833] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 1013.655520][T14877] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 1013.664392][T14877] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 1013.677226][T14877] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 1013.688307][T14877] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 1013.697654][T14877] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 1014.255640][T14877] Bluetooth: hci15: command tx timeout [ 1015.295613][T14877] Bluetooth: hci16: command tx timeout [ 1015.626418][ T5835] Bluetooth: hci4: command 0x0406 tx timeout [ 1015.629252][T14877] Bluetooth: hci6: command 0x0406 tx timeout [ 1015.686593][ T5833] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 1015.698811][ T5833] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 1015.708082][ T5833] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 1015.718292][ T5833] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 1015.729468][ T5833] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 1015.785916][T14877] Bluetooth: hci17: command tx timeout [ 1016.345669][T14877] Bluetooth: hci15: command tx timeout [ 1017.385535][T14877] Bluetooth: hci16: command tx timeout [ 1017.775649][T14877] Bluetooth: hci18: command tx timeout [ 1017.855774][T14877] Bluetooth: hci17: command tx timeout [ 1018.417114][T14877] Bluetooth: hci15: command tx timeout [ 1018.677367][T17563] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 1018.689192][T17563] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 1018.700629][T17563] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 1018.712664][T17563] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 1018.723902][T17563] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 1019.455520][T17570] Bluetooth: hci16: command tx timeout [ 1019.855562][T17570] Bluetooth: hci18: command tx timeout [ 1019.945557][T17570] Bluetooth: hci17: command tx timeout [ 1020.495645][T17570] Bluetooth: hci15: command tx timeout [ 1020.740373][T17570] Bluetooth: hci7: command 0x0406 tx timeout [ 1020.742776][T17563] Bluetooth: hci8: command 0x0406 tx timeout [ 1020.748230][T17570] Bluetooth: hci9: command 0x0406 tx timeout [ 1020.815636][ T5833] Bluetooth: hci19: command tx timeout [ 1021.535578][ T5833] Bluetooth: hci16: command tx timeout [ 1021.935613][ T5833] Bluetooth: hci18: command tx timeout [ 1022.015655][ T5833] Bluetooth: hci17: command tx timeout [ 1022.895578][ T5833] Bluetooth: hci19: command tx timeout [ 1024.015547][ T5833] Bluetooth: hci18: command tx timeout [ 1024.975621][ T5833] Bluetooth: hci19: command tx timeout [ 1027.055529][ T5833] Bluetooth: hci19: command tx timeout [ 1028.895958][ T31] INFO: task kworker/1:5:5924 blocked for more than 143 seconds. [ 1028.903722][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1028.913923][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1028.922724][ T31] task:kworker/1:5 state:D stack:15496 pid:5924 tgid:5924 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1028.934924][ T31] Workqueue: events switchdev_deferred_process_work [ 1028.941794][ T31] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1028.945088][ T31] [ 1028.948355][ T31] __schedule+0x16f5/0x4d00 [ 1028.952912][ T31] ? schedule+0x165/0x360 [ 1028.957637][ T31] ? __pfx___schedule+0x10/0x10 [ 1028.963515][ T31] ? schedule+0x91/0x360 [ 1028.967912][ T31] schedule+0x165/0x360 [ 1028.972103][ T31] schedule_preempt_disabled+0x13/0x30 [ 1028.978332][ T31] __mutex_lock+0x724/0xe80 [ 1028.982869][ T31] ? __mutex_lock+0x51b/0xe80 [ 1028.989716][ T31] ? switchdev_deferred_process_work+0xe/0x20 [ 1028.997057][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1029.002139][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1029.009635][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1029.016442][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1029.022215][ T31] switchdev_deferred_process_work+0xe/0x20 [ 1029.030302][ T31] process_scheduled_works+0xae1/0x17b0 [ 1029.036721][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1029.042764][ T31] worker_thread+0x8a0/0xda0 [ 1029.068864][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1029.075284][ T31] ? __kthread_parkme+0x7b/0x200 [ 1029.092347][ T31] kthread+0x70e/0x8a0 [ 1029.096723][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1029.108571][ T31] ? __pfx_kthread+0x10/0x10 [ 1029.113233][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1029.129003][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1029.134264][ T31] ? __pfx_kthread+0x10/0x10 [ 1029.144912][ T31] ret_from_fork+0x3f9/0x770 [ 1029.149791][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1029.154986][ T31] ? __switch_to_asm+0x39/0x70 [ 1029.159873][ T31] ? __switch_to_asm+0x33/0x70 [ 1029.164760][ T31] ? __pfx_kthread+0x10/0x10 [ 1029.170209][ T31] ret_from_fork_asm+0x1a/0x30 [ 1029.176425][ T31] [ 1029.180004][ T31] INFO: task kworker/u8:12:7324 blocked for more than 143 seconds. [ 1029.188248][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1029.196265][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1029.206136][ T31] task:kworker/u8:12 state:D stack:19928 pid:7324 tgid:7324 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1029.218503][ T31] Workqueue: events_unbound linkwatch_event [ 1029.224705][ T31] Call Trace: [ 1029.228186][ T31] [ 1029.231157][ T31] __schedule+0x16f5/0x4d00 [ 1029.236114][ T31] ? schedule+0x165/0x360 [ 1029.240499][ T31] ? __pfx___schedule+0x10/0x10 [ 1029.245919][ T31] ? schedule+0x91/0x360 [ 1029.250237][ T31] schedule+0x165/0x360 [ 1029.254445][ T31] schedule_preempt_disabled+0x13/0x30 [ 1029.260157][ T31] __mutex_lock+0x724/0xe80 [ 1029.264706][ T31] ? __mutex_lock+0x51b/0xe80 [ 1029.270894][ T31] ? linkwatch_event+0xe/0x60 [ 1029.275809][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1029.281132][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1029.286814][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1029.292842][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1029.298902][ T31] linkwatch_event+0xe/0x60 [ 1029.303448][ T31] process_scheduled_works+0xae1/0x17b0 [ 1029.309156][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1029.315185][ T31] worker_thread+0x8a0/0xda0 [ 1029.319995][ T31] kthread+0x70e/0x8a0 [ 1029.324107][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1029.329290][ T31] ? __pfx_kthread+0x10/0x10 [ 1029.333913][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1029.339206][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1029.344425][ T31] ? __pfx_kthread+0x10/0x10 [ 1029.349364][ T31] ret_from_fork+0x3f9/0x770 [ 1029.354008][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1029.359236][ T31] ? __switch_to_asm+0x39/0x70 [ 1029.364023][ T31] ? __switch_to_asm+0x33/0x70 [ 1029.368902][ T31] ? __pfx_kthread+0x10/0x10 [ 1029.374023][ T31] ret_from_fork_asm+0x1a/0x30 [ 1029.378960][ T31] [ 1029.382076][ T31] INFO: task syz.3.3409:17469 blocked for more than 143 seconds. [ 1029.391116][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1029.398813][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1029.407560][ T31] task:syz.3.3409 state:D stack:26392 pid:17469 tgid:17468 ppid:15263 task_flags:0x400140 flags:0x00004004 [ 1029.420197][ T31] Call Trace: [ 1029.423544][ T31] [ 1029.426698][ T31] __schedule+0x16f5/0x4d00 [ 1029.431591][ T31] ? __schedule+0x1713/0x4d00 [ 1029.436669][ T31] ? __lock_acquire+0xa91/0xd20 [ 1029.441556][ T31] ? schedule+0x165/0x360 [ 1029.446175][ T31] ? __pfx___schedule+0x10/0x10 [ 1029.451086][ T31] ? schedule+0x91/0x360 [ 1029.455368][ T31] schedule+0x165/0x360 [ 1029.461461][ T31] schedule_preempt_disabled+0x13/0x30 [ 1029.467057][ T31] __mutex_lock+0x724/0xe80 [ 1029.471697][ T31] ? __mutex_lock+0x51b/0xe80 [ 1029.477108][ T31] ? rtnl_newlink+0x8db/0x1c70 [ 1029.481914][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1029.487071][ T31] ? ns_capable+0x8a/0xf0 [ 1029.491583][ T31] ? rtnl_link_get_net_capable+0x16a/0x350 [ 1029.497504][ T31] rtnl_newlink+0x8db/0x1c70 [ 1029.502158][ T31] ? __pfx_rtnl_newlink+0x10/0x10 [ 1029.507272][ T31] ? __switch_to+0xd74/0x1600 [ 1029.511995][ T31] ? __lock_acquire+0xab9/0xd20 [ 1029.516965][ T31] ? __lock_acquire+0xab9/0xd20 [ 1029.521875][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 1029.527236][ T31] ? is_bpf_text_address+0x292/0x2b0 [ 1029.532567][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 1029.539424][ T31] ? kernel_text_address+0xa5/0xe0 [ 1029.544585][ T31] ? __lock_acquire+0xab9/0xd20 [ 1029.550755][ T31] ? __pfx_rtnl_newlink+0x10/0x10 [ 1029.557028][ T31] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1029.562019][ T31] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1029.568796][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1029.574426][ T31] netlink_rcv_skb+0x205/0x470 [ 1029.580960][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1029.587688][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1029.593036][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 1029.599526][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 1029.604806][ T31] netlink_unicast+0x758/0x8d0 [ 1029.610914][ T31] netlink_sendmsg+0x805/0xb30 [ 1029.616166][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1029.621586][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 1029.626711][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1029.632029][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1029.637427][ T31] __sock_sendmsg+0x219/0x270 [ 1029.642129][ T31] ____sys_sendmsg+0x505/0x830 [ 1029.646985][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1029.652290][ T31] ? import_iovec+0x74/0xa0 [ 1029.656886][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 1029.661663][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1029.667038][ T31] ? __fget_files+0x2a/0x420 [ 1029.671670][ T31] ? __fget_files+0x3a0/0x420 [ 1029.676671][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 1029.682169][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1029.687881][ T31] ? rcu_is_watching+0x15/0xb0 [ 1029.692695][ T31] ? do_syscall_64+0xbe/0x3b0 [ 1029.697711][ T31] do_syscall_64+0xfa/0x3b0 [ 1029.702764][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1029.708058][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.714152][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1029.718938][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.725471][ T31] RIP: 0033:0x7feeb0d8e929 [ 1029.729907][ T31] RSP: 002b:00007feeb1cba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1029.738419][ T31] RAX: ffffffffffffffda RBX: 00007feeb0fb5fa0 RCX: 00007feeb0d8e929 [ 1029.746492][ T31] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004 [ 1029.754487][ T31] RBP: 00007feeb0e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1029.762663][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1029.770888][ T31] R13: 0000000000000000 R14: 00007feeb0fb5fa0 R15: 00007feeb10dfa28 [ 1029.779233][ T31] [ 1029.782880][ T31] INFO: task syz.0.3412:17480 blocked for more than 144 seconds. [ 1029.794691][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1029.802493][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1029.811286][ T31] task:syz.0.3412 state:D stack:28392 pid:17480 tgid:17479 ppid:17056 task_flags:0x400140 flags:0x00004004 [ 1029.823797][ T31] Call Trace: [ 1029.827958][ T31] [ 1029.830958][ T31] __schedule+0x16f5/0x4d00 [ 1029.835608][ T31] ? __lock_acquire+0xa90/0xd20 [ 1029.840664][ T31] ? schedule+0x165/0x360 [ 1029.845023][ T31] ? __pfx___schedule+0x10/0x10 [ 1029.850059][ T31] ? schedule+0x91/0x360 [ 1029.854325][ T31] schedule+0x165/0x360 [ 1029.858852][ T31] schedule_preempt_disabled+0x13/0x30 [ 1029.864336][ T31] __mutex_lock+0x724/0xe80 [ 1029.868960][ T31] ? __mutex_lock+0x51b/0xe80 [ 1029.873917][ T31] ? do_ip_setsockopt+0xeee/0x2d00 [ 1029.879148][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1029.884745][ T31] do_ip_setsockopt+0xeee/0x2d00 [ 1029.889797][ T31] ? __pfx_futex_wait+0x10/0x10 [ 1029.894687][ T31] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 1029.900338][ T31] ? aa_sk_perm+0x81e/0x950 [ 1029.904874][ T31] ? __pfx_aa_sk_perm+0x10/0x10 [ 1029.909833][ T31] ? __lock_acquire+0xab9/0xd20 [ 1029.914737][ T31] ip_setsockopt+0x66/0x110 [ 1029.919344][ T31] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1029.925270][ T31] do_sock_setsockopt+0x257/0x3e0 [ 1029.930497][ T31] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1029.936228][ T31] ? __fget_files+0x2a/0x420 [ 1029.940846][ T31] __x64_sys_setsockopt+0x18b/0x220 [ 1029.946155][ T31] do_syscall_64+0xfa/0x3b0 [ 1029.950674][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1029.955943][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.962034][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1029.967055][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.972993][ T31] RIP: 0033:0x7f110af8e929 [ 1029.977700][ T31] RSP: 002b:00007f110bd83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1029.986417][ T31] RAX: ffffffffffffffda RBX: 00007f110b1b5fa0 RCX: 00007f110af8e929 [ 1029.995049][ T31] RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000003 [ 1030.003125][ T31] RBP: 00007f110b010b39 R08: 000000000000000c R09: 0000000000000000 [ 1030.011353][ T31] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000000 [ 1030.019549][ T31] R13: 0000000000000000 R14: 00007f110b1b5fa0 R15: 00007f110b2dfa28 [ 1030.027614][ T31] [ 1030.030648][ T31] INFO: task syz.2.3414:17489 blocked for more than 144 seconds. [ 1030.038497][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1030.046231][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1030.054928][ T31] task:syz.2.3414 state:D stack:26824 pid:17489 tgid:17487 ppid:9572 task_flags:0x400140 flags:0x00004004 [ 1030.066950][ T31] Call Trace: [ 1030.070244][ T31] [ 1030.073174][ T31] __schedule+0x16f5/0x4d00 [ 1030.077785][ T31] ? __lock_acquire+0xab9/0xd20 [ 1030.082681][ T31] ? schedule+0x165/0x360 [ 1030.087147][ T31] ? __pfx___schedule+0x10/0x10 [ 1030.092620][ T31] ? schedule+0x91/0x360 [ 1030.097034][ T31] schedule+0x165/0x360 [ 1030.101224][ T31] schedule_preempt_disabled+0x13/0x30 [ 1030.106786][ T31] __mutex_lock+0x724/0xe80 [ 1030.111335][ T31] ? __mutex_lock+0x51b/0xe80 [ 1030.116339][ T31] ? rtnl_newlink+0x8db/0x1c70 [ 1030.121186][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1030.126388][ T31] ? ns_capable+0x8a/0xf0 [ 1030.130768][ T31] ? rtnl_link_get_net_capable+0x16a/0x350 [ 1030.136667][ T31] rtnl_newlink+0x8db/0x1c70 [ 1030.141289][ T31] ? __pfx_rtnl_newlink+0x10/0x10 [ 1030.146428][ T31] ? __lock_acquire+0xab9/0xd20 [ 1030.151324][ T31] ? __lock_acquire+0xab9/0xd20 [ 1030.156306][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 1030.161633][ T31] ? is_bpf_text_address+0x292/0x2b0 [ 1030.167044][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 1030.172270][ T31] ? kernel_text_address+0xa5/0xe0 [ 1030.177519][ T31] ? __lock_acquire+0xab9/0xd20 [ 1030.182415][ T31] ? __pfx_rtnl_newlink+0x10/0x10 [ 1030.187607][ T31] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1030.193097][ T31] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1030.198289][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1030.203780][ T31] netlink_rcv_skb+0x205/0x470 [ 1030.208716][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1030.214216][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1030.219931][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 1030.225184][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 1030.230669][ T31] netlink_unicast+0x758/0x8d0 [ 1030.235599][ T31] netlink_sendmsg+0x805/0xb30 [ 1030.240399][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.245835][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 1030.250803][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1030.256382][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.261696][ T31] __sock_sendmsg+0x219/0x270 [ 1030.266502][ T31] ____sys_sendmsg+0x505/0x830 [ 1030.271313][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1030.277028][ T31] ? import_iovec+0x74/0xa0 [ 1030.281563][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 1030.286339][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1030.291676][ T31] ? __fget_files+0x2a/0x420 [ 1030.296998][ T31] ? __fget_files+0x3a0/0x420 [ 1030.301781][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 1030.306838][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1030.312336][ T31] ? rcu_is_watching+0x15/0xb0 [ 1030.317305][ T31] ? do_syscall_64+0xbe/0x3b0 [ 1030.322013][ T31] do_syscall_64+0xfa/0x3b0 [ 1030.326652][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1030.331879][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.338390][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1030.343198][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.349229][ T31] RIP: 0033:0x7f3e7f18e929 [ 1030.353696][ T31] RSP: 002b:00007f3e7ffcc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1030.362226][ T31] RAX: ffffffffffffffda RBX: 00007f3e7f3b6080 RCX: 00007f3e7f18e929 [ 1030.370326][ T31] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000009 [ 1030.378501][ T31] RBP: 00007f3e7f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1030.386649][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1030.394647][ T31] R13: 0000000000000000 R14: 00007f3e7f3b6080 R15: 00007f3e7f4dfa28 [ 1030.403417][ T31] [ 1030.406577][ T31] INFO: task syz.1.3416:17500 blocked for more than 144 seconds. [ 1030.414316][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1030.422368][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1030.431156][ T31] task:syz.1.3416 state:D stack:27192 pid:17500 tgid:17499 ppid:14882 task_flags:0x400140 flags:0x00004004 [ 1030.443180][ T31] Call Trace: [ 1030.446671][ T31] [ 1030.449631][ T31] __schedule+0x16f5/0x4d00 [ 1030.454162][ T31] ? __lock_acquire+0xa91/0xd20 [ 1030.459104][ T31] ? schedule+0x165/0x360 [ 1030.463459][ T31] ? __pfx___schedule+0x10/0x10 [ 1030.468443][ T31] ? schedule+0x91/0x360 [ 1030.472717][ T31] schedule+0x165/0x360 [ 1030.477205][ T31] schedule_preempt_disabled+0x13/0x30 [ 1030.482700][ T31] __mutex_lock+0x724/0xe80 [ 1030.487693][ T31] ? __mutex_lock+0x51b/0xe80 [ 1030.492391][ T31] ? nl80211_pre_doit+0x5f/0x930 [ 1030.497669][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1030.503255][ T31] ? __nla_parse+0x40/0x60 [ 1030.508109][ T31] nl80211_pre_doit+0x5f/0x930 [ 1030.512928][ T31] ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0 [ 1030.519339][ T31] genl_family_rcv_msg_doit+0x1be/0x300 [ 1030.525084][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1030.531283][ T31] ? bpf_lsm_capable+0x9/0x20 [ 1030.536221][ T31] ? security_capable+0x7e/0x2e0 [ 1030.541210][ T31] genl_rcv_msg+0x60e/0x790 [ 1030.545846][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1030.550907][ T31] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1030.556559][ T31] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 1030.562335][ T31] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1030.567934][ T31] netlink_rcv_skb+0x205/0x470 [ 1030.572741][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1030.578123][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1030.583469][ T31] ? down_read+0x1ad/0x2e0 [ 1030.588000][ T31] genl_rcv+0x28/0x40 [ 1030.592039][ T31] netlink_unicast+0x758/0x8d0 [ 1030.596891][ T31] netlink_sendmsg+0x805/0xb30 [ 1030.602223][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.607766][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 1030.612930][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1030.618560][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.623926][ T31] __sock_sendmsg+0x219/0x270 [ 1030.628972][ T31] ____sys_sendmsg+0x505/0x830 [ 1030.633785][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1030.639404][ T31] ? import_iovec+0x74/0xa0 [ 1030.643941][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 1030.648745][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1030.654010][ T31] ? __fget_files+0x2a/0x420 [ 1030.659283][ T31] ? __fget_files+0x3a0/0x420 [ 1030.663999][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 1030.669241][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1030.674772][ T31] ? do_syscall_64+0xbe/0x3b0 [ 1030.679558][ T31] do_syscall_64+0xfa/0x3b0 [ 1030.684088][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1030.689393][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.696048][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1030.700762][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.707429][ T31] RIP: 0033:0x7f4c0f18e929 [ 1030.711882][ T31] RSP: 002b:00007f4c0ff63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1030.720397][ T31] RAX: ffffffffffffffda RBX: 00007f4c0f3b5fa0 RCX: 00007f4c0f18e929 [ 1030.728481][ T31] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 1030.736772][ T31] RBP: 00007f4c0f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1030.744787][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1030.758562][ T31] R13: 0000000000000000 R14: 00007f4c0f3b5fa0 R15: 00007f4c0f4dfa28 [ 1030.767200][ T31] [ 1030.770300][ T31] INFO: task syz.1.3416:17501 blocked for more than 145 seconds. [ 1030.778620][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 [ 1030.786639][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1030.795329][ T31] task:syz.1.3416 state:D stack:27192 pid:17501 tgid:17499 ppid:14882 task_flags:0x400140 flags:0x00004004 [ 1030.808043][ T31] Call Trace: [ 1030.811353][ T31] [ 1030.814281][ T31] __schedule+0x16f5/0x4d00 [ 1030.819000][ T31] ? __lock_acquire+0xab9/0xd20 [ 1030.824002][ T31] ? schedule+0x165/0x360 [ 1030.828428][ T31] ? __pfx___schedule+0x10/0x10 [ 1030.833329][ T31] ? schedule+0x91/0x360 [ 1030.837844][ T31] schedule+0x165/0x360 [ 1030.842093][ T31] schedule_preempt_disabled+0x13/0x30 [ 1030.847889][ T31] __mutex_lock+0x724/0xe80 [ 1030.852537][ T31] ? __mutex_lock+0x51b/0xe80 [ 1030.857752][ T31] ? nl80211_pre_doit+0x5f/0x930 [ 1030.862743][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1030.867931][ T31] ? __nla_parse+0x40/0x60 [ 1030.872393][ T31] nl80211_pre_doit+0x5f/0x930 [ 1030.877301][ T31] ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0 [ 1030.883663][ T31] genl_family_rcv_msg_doit+0x1be/0x300 [ 1030.889481][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1030.895784][ T31] ? bpf_lsm_capable+0x9/0x20 [ 1030.900499][ T31] ? security_capable+0x7e/0x2e0 [ 1030.905550][ T31] genl_rcv_msg+0x60e/0x790 [ 1030.910729][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1030.915902][ T31] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1030.921330][ T31] ? __pfx_nl80211_remain_on_channel+0x10/0x10 [ 1030.927694][ T31] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1030.933303][ T31] netlink_rcv_skb+0x205/0x470 [ 1030.938232][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1030.943294][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1030.948695][ T31] ? down_read+0x1ad/0x2e0 [ 1030.953153][ T31] genl_rcv+0x28/0x40 [ 1030.957236][ T31] netlink_unicast+0x758/0x8d0 [ 1030.962025][ T31] netlink_sendmsg+0x805/0xb30 [ 1030.966906][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.972222][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 1030.977359][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1030.982672][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.988057][ T31] __sock_sendmsg+0x219/0x270 [ 1030.992763][ T31] ____sys_sendmsg+0x505/0x830 [ 1030.997815][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1031.003220][ T31] ? import_iovec+0x74/0xa0 [ 1031.007892][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 1031.013283][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1031.020293][ T31] ? __fget_files+0x2a/0x420 [ 1031.025212][ T31] ? __fget_files+0x3a0/0x420 [ 1031.030943][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 1031.037841][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1031.043758][ T31] ? do_syscall_64+0xbe/0x3b0 [ 1031.049645][ T31] do_syscall_64+0xfa/0x3b0 [ 1031.054214][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1031.061178][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1031.068434][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1031.073163][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1031.079273][ T31] RIP: 0033:0x7f4c0f18e929 [ 1031.083732][ T31] RSP: 002b:00007f4c0ff42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1031.092415][ T31] RAX: ffffffffffffffda RBX: 00007f4c0f3b6080 RCX: 00007f4c0f18e929 [ 1031.100495][ T31] RDX: 0000000000000080 RSI: 0000200000000080 RDI: 0000000000000005 [ 1031.108730][ T31] RBP: 00007f4c0f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1031.117314][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1031.125465][ T31] R13: 0000000000000000 R14: 00007f4c0f3b6080 R15: 00007f4c0f4dfa28 [ 1031.133572][ T31] [ 1031.136804][ T31] [ 1031.136804][ T31] Showing all locks held in the system: [ 1031.144540][ T31] 3 locks held by kworker/0:0/9: [ 1031.149715][ T31] #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1031.162295][ T31] #1: ffffc900000e7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1031.173743][ T31] #2: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf00 [ 1031.183759][ T31] 1 lock held by khungtaskd/31: [ 1031.188852][ T31] #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1031.198963][ T31] 2 locks held by getty/5596: [ 1031.203734][ T31] #0: ffff8880302f60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1031.213745][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 1031.224940][ T31] 3 locks held by kworker/1:5/5924: [ 1031.230232][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1031.241349][ T31] #1: ffffc900044cfbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1031.252514][ T31] #2: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 1031.262989][ T31] 3 locks held by kworker/u8:12/7324: [ 1031.268452][ T31] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1031.280222][ T31] #1: ffffc900033b7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1031.291349][ T31] #2: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1031.300910][ T31] 3 locks held by kworker/u8:16/7337: [ 1031.306408][ T31] #0: ffff888030241148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1031.318728][ T31] #1: ffffc90003867bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1031.332782][ T31] #2: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 1031.343522][ T31] 2 locks held by syz.4.3405/17460: [ 1031.348858][ T31] #0: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 1031.358099][ T31] #1: ffff888024336d30 (&dev_instance_lock_key#14){+.+.}-{4:4}, at: napi_disable+0x4e/0x80 [ 1031.368484][ T31] 1 lock held by syz.3.3409/17469: [ 1031.374051][ T31] #0: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 1031.383480][ T31] 1 lock held by syz.0.3412/17480: [ 1031.388759][ T31] #0: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0xeee/0x2d00 [ 1031.398383][ T31] 1 lock held by syz.2.3414/17489: [ 1031.403524][ T31] #0: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 1031.412699][ T31] 2 locks held by syz.1.3416/17500: [ 1031.417986][ T31] #0: ffffffff8f5764f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1031.427947][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930 [ 1031.437518][ T31] 2 locks held by syz.1.3416/17501: [ 1031.443175][ T31] #0: ffffffff8f5764f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1031.452549][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930 [ 1031.462265][ T31] 2 locks held by syz-executor/17506: [ 1031.467880][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.477522][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.488103][ T31] 2 locks held by syz-executor/17509: [ 1031.493470][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.502971][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.513500][ T31] 2 locks held by syz-executor/17513: [ 1031.518941][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.528950][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.539651][ T31] 2 locks held by syz-executor/17516: [ 1031.545046][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.554714][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.565480][ T31] 2 locks held by syz-executor/17520: [ 1031.570964][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.580502][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.591550][ T31] 2 locks held by syz-executor/17531: [ 1031.596992][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.606833][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.617865][ T31] 2 locks held by syz-executor/17534: [ 1031.623365][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.633557][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.644176][ T31] 2 locks held by syz-executor/17537: [ 1031.649612][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.659099][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.669738][ T31] 2 locks held by syz-executor/17540: [ 1031.675266][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.684997][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.695931][ T31] 2 locks held by syz-executor/17545: [ 1031.701327][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.710822][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.721442][ T31] 2 locks held by syz-executor/17556: [ 1031.726920][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.737135][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.748048][ T31] 2 locks held by syz-executor/17559: [ 1031.753445][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.763003][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.773741][ T31] 2 locks held by syz-executor/17564: [ 1031.779487][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.789190][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.799955][ T31] 2 locks held by syz-executor/17568: [ 1031.805345][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.814834][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.825798][ T31] 2 locks held by syz-executor/17572: [ 1031.831739][ T31] #0: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 1031.841270][ T31] #1: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1031.851832][ T31] [ 1031.854174][ T31] ============================================= [ 1031.854174][ T31] [ 1031.862761][ T31] NMI backtrace for cpu 1 [ 1031.862777][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1031.862796][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1031.862807][ T31] Call Trace: [ 1031.862814][ T31] [ 1031.862820][ T31] dump_stack_lvl+0x189/0x250 [ 1031.862846][ T31] ? __wake_up_klogd+0xd9/0x110 [ 1031.862867][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1031.862889][ T31] ? __pfx__printk+0x10/0x10 [ 1031.862918][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 1031.862942][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1031.862960][ T31] ? _printk+0xcf/0x120 [ 1031.862981][ T31] ? __pfx__printk+0x10/0x10 [ 1031.863001][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1031.863024][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1031.863047][ T31] watchdog+0xfee/0x1030 [ 1031.863069][ T31] ? watchdog+0x1de/0x1030 [ 1031.863097][ T31] kthread+0x70e/0x8a0 [ 1031.863119][ T31] ? __pfx_watchdog+0x10/0x10 [ 1031.863138][ T31] ? __pfx_kthread+0x10/0x10 [ 1031.863156][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1031.863178][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1031.863198][ T31] ? __pfx_kthread+0x10/0x10 [ 1031.863218][ T31] ret_from_fork+0x3f9/0x770 [ 1031.863243][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1031.863271][ T31] ? __switch_to_asm+0x39/0x70 [ 1031.863288][ T31] ? __switch_to_asm+0x33/0x70 [ 1031.863304][ T31] ? __pfx_kthread+0x10/0x10 [ 1031.863321][ T31] ret_from_fork_asm+0x1a/0x30 [ 1031.863351][ T31] [ 1031.863358][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1032.021781][ C0] NMI backtrace for cpu 0 [ 1032.021798][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1032.021817][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1032.021826][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 1032.021852][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 c6 21 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 1032.021865][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 1032.021885][ C0] RAX: 0e750cc4985d6c00 RBX: ffffffff81975d58 RCX: 0e750cc4985d6c00 [ 1032.021897][ C0] RDX: 0000000000000001 RSI: ffffffff8d982587 RDI: ffffffff8be28b80 [ 1032.021911][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 1032.021923][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa110f0 [ 1032.021934][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 1032.021944][ C0] FS: 0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000 [ 1032.021958][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1032.021977][ C0] CR2: 000055ca8b9f2fb0 CR3: 000000006c7d6000 CR4: 00000000003526f0 [ 1032.021991][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1032.022001][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1032.022011][ C0] Call Trace: [ 1032.022020][ C0] [ 1032.022027][ C0] default_idle+0x13/0x20 [ 1032.022044][ C0] default_idle_call+0x74/0xb0 [ 1032.022061][ C0] do_idle+0x1e8/0x510 [ 1032.022078][ C0] ? __pfx_do_idle+0x10/0x10 [ 1032.022099][ C0] cpu_startup_entry+0x44/0x60 [ 1032.022113][ C0] rest_init+0x2de/0x300 [ 1032.022128][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 1032.022148][ C0] start_kernel+0x47d/0x500 [ 1032.022166][ C0] x86_64_start_reservations+0x24/0x30 [ 1032.022185][ C0] x86_64_start_kernel+0x143/0x1c0 [ 1032.022204][ C0] common_startup_64+0x13e/0x147 [ 1032.022227][ C0] [ 1032.022905][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1032.229194][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1032.241000][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1032.251050][ T31] Call Trace: [ 1032.254323][ T31] [ 1032.257246][ T31] dump_stack_lvl+0x99/0x250 [ 1032.261843][ T31] ? __asan_memcpy+0x40/0x70 [ 1032.266430][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1032.271645][ T31] ? __pfx__printk+0x10/0x10 [ 1032.276233][ T31] panic+0x2db/0x790 [ 1032.280131][ T31] ? __pfx_panic+0x10/0x10 [ 1032.284543][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 1032.290400][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1032.295778][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 1032.301962][ T31] watchdog+0x102d/0x1030 [ 1032.306305][ T31] ? watchdog+0x1de/0x1030 [ 1032.310724][ T31] kthread+0x70e/0x8a0 [ 1032.314786][ T31] ? __pfx_watchdog+0x10/0x10 [ 1032.319455][ T31] ? __pfx_kthread+0x10/0x10 [ 1032.324038][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1032.329253][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1032.334478][ T31] ? __pfx_kthread+0x10/0x10 [ 1032.339080][ T31] ret_from_fork+0x3f9/0x770 [ 1032.343671][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1032.348784][ T31] ? __switch_to_asm+0x39/0x70 [ 1032.353542][ T31] ? __switch_to_asm+0x33/0x70 [ 1032.358295][ T31] ? __pfx_kthread+0x10/0x10 [ 1032.362882][ T31] ret_from_fork_asm+0x1a/0x30 [ 1032.367647][ T31] [ 1032.370957][ T31] Kernel Offset: disabled [ 1032.375362][ T31] Rebooting in 86400 seconds..