last executing test programs: 9.318996538s ago: executing program 0 (id=731): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000002c0)={0x8, 0x205, 0x3ff, 0x6, r3}, 0x10) 8.23063544s ago: executing program 0 (id=736): socket$inet_tcp(0x2, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/cgroup\x00') r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000300)={0x11, 0xfffffffffffffd9e, &(0x7f0000000200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00'}) socket(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, 0x2000000000000}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x5f8, 0x2, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 8.071501463s ago: executing program 1 (id=738): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xa) 7.950836303s ago: executing program 2 (id=740): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f00000001c0)) 7.799241157s ago: executing program 3 (id=741): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="02000000040000000600000005000000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e00fb00020013000200000000004c00ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040fb020000000005000500000000000a"], 0x80}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) fsetxattr(r6, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000500)='\xff\x8c\x1d\xdfD\xccz\x14=\xf0\x993\xc6\n0\x97\x1eOM\x16c\x05W\xf0/\xcd\x86\x92s`-FH\x81\xfeJM\xd2\xeb\x05\xaa\xc5\x8d\xca\xe3\xca\x9frM`y\x8d\x8as8_g\xdd\xd2ZP\x9b\x84\xe3ZF\xb3IW\x01\xaex\x1d(Z\x1bX<\xeb\xe6\x1d\x01T\x18\xbf\x1c\x11\xd6sT\xab\x00\xc5\xbc\xb7\x11o7\xd9r\r\xb8\x19\x15I\xa0]\"\xe8\x94\x03\xd28\xf9S2\x98\xf8\xdf\xe2\xdd\a~\xfa\xf4p\x904v\xc5\xb79\x91\xb7\x0e\xffS\xde\x9d\xf1\x97\x95N(\x82\xea^r\x82\x00s\xa5R%\xb4\xcb\x0e\x9eT8.\\\x04\xe7\x92P\x8a>v\xf2\x96\xf1\xff-\xebw\xdd;\xff\xc7I\xdb', 0xb6, 0x0) 7.671340984s ago: executing program 1 (id=742): sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) connect$can_j1939(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000000)=0x81, 0x4) getsockopt$inet6_tcp_int(r0, 0x6, 0x5, 0x0, &(0x7f00000000c0)) 7.670960192s ago: executing program 2 (id=743): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={r5, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0) pwrite64(r7, &(0x7f0000000000)='c', 0x1, 0x709c) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000005c0)=@nat={'nat\x00', 0x1b, 0x5, 0x9a8, 0x0, 0x688, 0xffffffff, 0x688, 0x688, 0x8d8, 0x8d8, 0xffffffff, 0x8d8, 0x8d8, 0x5, &(0x7f0000000340), {[{{@uncond, 0x0, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x18, [{0x97, 0x9, 0x1, 0x3ff}, {0x1, 0x6, 0x8, 0x40}, {0x6, 0xff, 0xf8, 0x10001}, {0x4, 0x7, 0x9, 0x7f}, {0x758b, 0x7, 0x6, 0x5}, {0x80, 0x30, 0x4, 0x14}, {0x0, 0xff, 0x58, 0xf19}, {0x0, 0x0, 0x0, 0x6}, {0x1, 0xa7, 0x9, 0x5}, {0x0, 0x2, 0xb, 0x5}, {0x1, 0x9, 0x7, 0xd}, {0x6, 0x0, 0x4, 0x10000000}, {0x9, 0x4, 0x40, 0x5}, {0x1, 0x7, 0x3a, 0x9}, {0xffff, 0x5, 0xe, 0xfffffffe}, {0x40, 0x9, 0x3, 0x6}, {0x52, 0x7, 0x1, 0x7}, {0xb28, 0x5, 0x6, 0x9}, {0xaaba, 0x7, 0x3, 0xfffffff7}, {0xd973, 0x9, 0x9, 0xd}, {0x7, 0x8, 0x0, 0x7}, {0x4, 0x4, 0x3, 0xd}, {0x2, 0x40, 0x72, 0x7}, {0xa5, 0x3, 0x11, 0x25}, {0xdb, 0x5, 0x80, 0x7fff}, {0x10, 0x1, 0xb4, 0x9}, {0x6, 0x3, 0x1, 0x76000000}, {0x8, 0x6, 0x4, 0xfff}, {0x400, 0x7, 0x6, 0xfffffffe}, {0xffff, 0x13, 0xc0, 0x54c0486c}, {0x2, 0x2, 0x16, 0x4}, {0xcd, 0xf4, 0x5, 0xbbdb}, {0xb, 0x3, 0x3, 0x4}, {0x0, 0x80, 0x69, 0xfff}, {0x7, 0xce, 0x9, 0x4}, {0x1, 0xfc, 0x0, 0x8}, {0x8, 0x6, 0x9, 0x3}, {0x7ff, 0xf0, 0x4, 0x3}, {0x8, 0xfe, 0x80, 0x3ff}, {0x2, 0x1, 0x2, 0x5}, {0x6, 0x34, 0xe}, {0xc96, 0x6, 0x69, 0x5e}, {0x9, 0x0, 0x9, 0xd}, {0x8001, 0x2, 0x4, 0x10000}, {0xffff, 0xb, 0xfb, 0x5}, {0x1ff, 0x0, 0x8, 0x3}, {0x6, 0x2c, 0x8, 0x7}, {0x400, 0xe, 0x7d, 0x84b1}, {0xffff, 0x4, 0x92, 0x6}, {0x7fff, 0x7, 0x1, 0xfffff800}, {0x9, 0x5, 0xf, 0x5}, {0x12c9, 0xe5, 0x3, 0xd}, {0x1, 0xf, 0x6c, 0x9}, {0x2, 0x4, 0x9, 0x5}, {0xbf, 0x9, 0x8, 0x2}, {0x9, 0x4, 0x3, 0xe94}, {0xffff, 0x0, 0xd, 0x24d5}, {0x5, 0x2, 0x3, 0x8000}, {0x4, 0xc7, 0x1, 0x24}, {0x5, 0x0, 0xfe}, {0x3, 0x0, 0x6, 0x3}, {0x0, 0x5, 0x7, 0x6}, {0xfffb, 0x7, 0x2}, {0x8, 0x8, 0x34, 0xa3}], {0xffffffff00000001}}}, @common=@mh={{0x28}, {"b038", 0x1}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x8, @ipv4=@dev={0xac, 0x14, 0x14, 0x3e}, @ipv6=@private1, @gre_key, @gre_key=0x9}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x13, @ipv6=@loopback, @ipv6=@private1, @port=0x4e22, @port=0x4e22}}}, {{@uncond, 0x0, 0x208, 0x250, 0x0, {}, [@common=@icmp6={{0x28}, {0x8, "acef", 0x1}}, @common=@rt={{0x138}, {0xa, [0x7fff, 0x4], 0x8, 0x8, 0x7, [@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00', @mcast2, @private1, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, @remote, @mcast1, @remote, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}], 0x1}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x1a, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4=@rand_addr=0x64010101, @gre_key=0xfff, @icmp_id=0x64}}}, {{@uncond, 0x0, 0x208, 0x250, 0x0, {}, [@common=@mh={{0x28}, {'\nU', 0x1}}, @common=@rt={{0x138}, {0x4, [0x4, 0x6], 0x0, 0x1, 0x2, [@mcast2, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @multicast2}, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, @private1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @empty, @empty], 0xc}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@mcast1, @ipv4=@multicast1, @icmp_id=0x67, @icmp_id=0x66}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xa08) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000280)={0xffff, 0xa, 0x0, 'queue0\x00', 0x80080000}) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) ptrace(0x10, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001000)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x54080}, 0x10) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020f08001000000000000000fddbdf250300050000000000020000200000000000000000000000000800120000000200000000000000000006003200002000"/77], 0x80}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r6, 0xc08c5335, &(0x7f0000000040)={0x0, 0x80, 0x1, 'queue0\x00', 0x82}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x6e21, @private=0xa010102}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='highspeed\x00', 0xa) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 5.794428758s ago: executing program 1 (id=746): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702000000feffffb703000008000000b704000000000000850000000300000018000000000000000000000000000000950000002304f866"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xe1, &(0x7f0000000240)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe66, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) 5.6123097s ago: executing program 3 (id=747): r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="d5"], 0x24}}, 0x0) recvmmsg$unix(r0, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f00000002c0)=""/182, 0xb6}, {&(0x7f0000000380)=""/252, 0xfc}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000000080)=""/79, 0x4f}, {&(0x7f0000000140)=""/52, 0x34}, {&(0x7f0000001480)=""/232, 0xe8}, {&(0x7f0000001580)=""/158, 0x9e}, {&(0x7f00000001c0)=""/78, 0x4e}, {&(0x7f0000001640)=""/157, 0x9d}, {&(0x7f0000001700)=""/194, 0xc2}], 0xa}}], 0x1, 0x0, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, 0x0) 5.520671952s ago: executing program 1 (id=749): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 5.408549236s ago: executing program 3 (id=750): socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x25dfdbff, {}, [@IFLA_MASTER={0x8, 0xa, r4}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) r5 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 5.275099358s ago: executing program 2 (id=752): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b0000000e000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000003540), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x4, &(0x7f0000001800)={{r0}, &(0x7f0000001780)=0x4, &(0x7f00000017c0)='%-010d \x00'}, 0x20) 5.171147802s ago: executing program 0 (id=754): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) landlock_restrict_self(0xffffffffffffffff, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x30, r5, 0x1, 0xffffffff, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x9}}}}, 0x30}}, 0x0) 4.995570501s ago: executing program 2 (id=755): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) 4.95306001s ago: executing program 4 (id=756): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_netfilter(0x10, 0x3, 0xc) getdents64(0xffffffffffffffff, 0x0, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x109}], {0x14}}, 0x3c}}, 0x0) 4.895510219s ago: executing program 3 (id=757): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000001580)=ANY=[@ANYBLOB="b702000000000c00bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b70500000100001b6a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3efd9af115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b0600000016cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d394d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d2889ac04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc30000000000000000c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20ba82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818709e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec527c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f128ddfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac45f0cfc31"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x26, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket(0x10, 0x80002, 0x4) sendmsg$nl_route_sched(r5, 0x0, 0x4004000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x4, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000140)=0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) 3.714505391s ago: executing program 0 (id=758): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000000c0)=0x7, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) 3.655583309s ago: executing program 4 (id=759): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x80) write$dsp(r0, &(0x7f00000001c0)='\\', 0x1) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 3.607018414s ago: executing program 1 (id=760): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 3.341333252s ago: executing program 2 (id=761): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000480), 0x4) 2.850141516s ago: executing program 0 (id=762): r0 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(r0, &(0x7f00000010c0)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}, 0xff}, 0x18) 1.983033022s ago: executing program 3 (id=763): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="7387000000000000000001000000080001"], 0x30}}, 0x0) 1.933080901s ago: executing program 4 (id=764): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) ioctl$sock_proto_private(r0, 0x8b15, &(0x7f0000000080)) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000000)={0x1, 0x1, 0x4}, 0xc) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000140)={0x2, 0x1, 0x10, 0x0, 0x230d}, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000000c0), 0x6db6e559) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x2, 0x0, 0x0) 1.647755565s ago: executing program 0 (id=765): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev\x00') pread64(r2, &(0x7f0000019040)=""/102400, 0x19000, 0x400000000003) 1.347508468s ago: executing program 3 (id=766): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY_LEVEL(r3, 0x0, 0x2, 0x0, &(0x7f00000002c0)) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@fwd={0x1}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) 1.341849747s ago: executing program 4 (id=767): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) dup(r1) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 983.663658ms ago: executing program 1 (id=768): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x1, 0x0, 0xfffff034}, {0x6, 0x0, 0x0, 0x4}]}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 983.518161ms ago: executing program 2 (id=769): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(0x0, 0x0, 0x0, 0x8b101a, 0x0) setxattr$security_ima(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000001c0), &(0x7f00000002c0)=@ng, 0x2, 0x3) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) 824.061588ms ago: executing program 4 (id=770): socket$xdp(0x2c, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r0) 0s ago: executing program 4 (id=771): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000640)=[0x0, 0x0], 0x42af}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts. [ 85.086049][ T5808] cgroup: Unknown subsys name 'net' [ 85.262983][ T5808] cgroup: Unknown subsys name 'cpuset' [ 85.273164][ T5808] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.171190][ T5808] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.794988][ T5819] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.803675][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.811958][ T5819] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.820806][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.828866][ T5819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.969813][ T5141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.981805][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.989653][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.008417][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.019371][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.029045][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.037946][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.045921][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.070623][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.078296][ T5141] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.086680][ T5827] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.105806][ T5141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.109736][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.113734][ T5141] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.122675][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.128661][ T5141] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.135117][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.142450][ T5141] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.159811][ T5819] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.182589][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.455746][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 90.673395][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.680747][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.688163][ T5818] bridge_slave_0: entered allmulticast mode [ 90.696594][ T5818] bridge_slave_0: entered promiscuous mode [ 90.708606][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.716346][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.723723][ T5818] bridge_slave_1: entered allmulticast mode [ 90.731207][ T5818] bridge_slave_1: entered promiscuous mode [ 90.852383][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.865951][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.968288][ T5818] team0: Port device team_slave_0 added [ 91.004122][ T5818] team0: Port device team_slave_1 added [ 91.012597][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 91.128646][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.135739][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.162056][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.194522][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 91.207032][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.214429][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.241026][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.297702][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 91.539783][ T5818] hsr_slave_0: entered promiscuous mode [ 91.546498][ T5818] hsr_slave_1: entered promiscuous mode [ 91.553723][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 91.566196][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.573554][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.581532][ T5823] bridge_slave_0: entered allmulticast mode [ 91.588894][ T5823] bridge_slave_0: entered promiscuous mode [ 91.625759][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.633067][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.640656][ T5823] bridge_slave_1: entered allmulticast mode [ 91.647870][ T5823] bridge_slave_1: entered promiscuous mode [ 91.734969][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.744896][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.752293][ T5825] bridge_slave_0: entered allmulticast mode [ 91.760317][ T5825] bridge_slave_0: entered promiscuous mode [ 91.789117][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.796271][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.803739][ T5828] bridge_slave_0: entered allmulticast mode [ 91.811861][ T5828] bridge_slave_0: entered promiscuous mode [ 91.820760][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.827909][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.835276][ T5828] bridge_slave_1: entered allmulticast mode [ 91.842876][ T5828] bridge_slave_1: entered promiscuous mode [ 91.859480][ T5819] Bluetooth: hci0: command tx timeout [ 91.869409][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.879034][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.886224][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.893777][ T5825] bridge_slave_1: entered allmulticast mode [ 91.901285][ T5825] bridge_slave_1: entered promiscuous mode [ 91.947325][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.035230][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.087136][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.106781][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.134927][ T5823] team0: Port device team_slave_0 added [ 92.145823][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.179501][ T5819] Bluetooth: hci3: command tx timeout [ 92.179584][ T5827] Bluetooth: hci2: command tx timeout [ 92.198905][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.206108][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.214061][ T5832] bridge_slave_0: entered allmulticast mode [ 92.221567][ T5832] bridge_slave_0: entered promiscuous mode [ 92.231402][ T5823] team0: Port device team_slave_1 added [ 92.259844][ T5819] Bluetooth: hci4: command tx timeout [ 92.265595][ T5827] Bluetooth: hci1: command tx timeout [ 92.303160][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.313051][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.320439][ T5832] bridge_slave_1: entered allmulticast mode [ 92.327746][ T5832] bridge_slave_1: entered promiscuous mode [ 92.388532][ T5825] team0: Port device team_slave_0 added [ 92.397738][ T5825] team0: Port device team_slave_1 added [ 92.406793][ T5828] team0: Port device team_slave_0 added [ 92.427995][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.435093][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.461623][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.506191][ T5828] team0: Port device team_slave_1 added [ 92.527732][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.541930][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.551897][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.560732][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.587300][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.622619][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.629734][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.655741][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.717906][ T5832] team0: Port device team_slave_0 added [ 92.732026][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.739620][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.766092][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.777953][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.785096][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.811579][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.824561][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.831692][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.857845][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.871203][ T5832] team0: Port device team_slave_1 added [ 92.970369][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.977374][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.004725][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.035007][ T5823] hsr_slave_0: entered promiscuous mode [ 93.041893][ T5823] hsr_slave_1: entered promiscuous mode [ 93.048084][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.056081][ T5823] Cannot create hsr debugfs directory [ 93.081233][ T5828] hsr_slave_0: entered promiscuous mode [ 93.087682][ T5828] hsr_slave_1: entered promiscuous mode [ 93.094451][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.102165][ T5828] Cannot create hsr debugfs directory [ 93.111164][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.118147][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.144520][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.244826][ T5825] hsr_slave_0: entered promiscuous mode [ 93.252234][ T5825] hsr_slave_1: entered promiscuous mode [ 93.258433][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.266232][ T5825] Cannot create hsr debugfs directory [ 93.395570][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.427302][ T5832] hsr_slave_0: entered promiscuous mode [ 93.436570][ T5832] hsr_slave_1: entered promiscuous mode [ 93.443118][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.454754][ T5832] Cannot create hsr debugfs directory [ 93.477893][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.525335][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.582199][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.941066][ T5827] Bluetooth: hci0: command tx timeout [ 93.954168][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.973920][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.985807][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.021608][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.093177][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.104637][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.116410][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.128145][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.252942][ T5828] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.259934][ T5827] Bluetooth: hci3: command tx timeout [ 94.260018][ T5827] Bluetooth: hci2: command tx timeout [ 94.284937][ T5828] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.296940][ T5828] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.333795][ T5828] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.340526][ T5827] Bluetooth: hci4: command tx timeout [ 94.341970][ T5819] Bluetooth: hci1: command tx timeout [ 94.374627][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.473514][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.486740][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.510363][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.533313][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.545402][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.552706][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.566109][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.585084][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.618303][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.625497][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.701799][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.766300][ T5818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.777264][ T5818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.798096][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.805291][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.817405][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.824576][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.884320][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.933940][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.038366][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.084264][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.091473][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.128924][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.152921][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.160210][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.171844][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.179040][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.214232][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.221407][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.261269][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.316498][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.407597][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.456721][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.484168][ T3433] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.491448][ T3433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.538311][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.545565][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.661829][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.697063][ T5818] veth0_vlan: entered promiscuous mode [ 95.837341][ T5818] veth1_vlan: entered promiscuous mode [ 95.868296][ T5825] veth0_vlan: entered promiscuous mode [ 95.927355][ T5825] veth1_vlan: entered promiscuous mode [ 96.006095][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.028432][ T5819] Bluetooth: hci0: command tx timeout [ 96.036966][ T5818] veth0_macvtap: entered promiscuous mode [ 96.085605][ T5825] veth0_macvtap: entered promiscuous mode [ 96.097208][ T5818] veth1_macvtap: entered promiscuous mode [ 96.123653][ T5825] veth1_macvtap: entered promiscuous mode [ 96.176637][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.215901][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.285280][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.325145][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.341415][ T5819] Bluetooth: hci2: command tx timeout [ 96.346928][ T5819] Bluetooth: hci3: command tx timeout [ 96.347360][ T5825] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.367453][ T5825] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.376637][ T5825] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.394107][ T5825] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.419650][ T5827] Bluetooth: hci1: command tx timeout [ 96.420445][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.425109][ T5827] Bluetooth: hci4: command tx timeout [ 96.478075][ T5818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.494168][ T5818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.507962][ T5818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.521816][ T5818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.654808][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.722509][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.735025][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.765078][ T5823] veth0_vlan: entered promiscuous mode [ 96.806359][ T5823] veth1_vlan: entered promiscuous mode [ 96.861243][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.862497][ T5828] veth0_vlan: entered promiscuous mode [ 96.874408][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.886115][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.902778][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.937201][ T5832] veth0_vlan: entered promiscuous mode [ 96.976369][ T5828] veth1_vlan: entered promiscuous mode [ 97.003046][ T5832] veth1_vlan: entered promiscuous mode [ 97.016165][ T3433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.024832][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.025227][ T3433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.069347][ T3078] cfg80211: failed to load regulatory.db [ 97.148588][ T5823] veth0_macvtap: entered promiscuous mode [ 97.212882][ T5823] veth1_macvtap: entered promiscuous mode [ 97.233392][ T5832] veth0_macvtap: entered promiscuous mode [ 97.270985][ T5828] veth0_macvtap: entered promiscuous mode [ 97.306369][ T5828] veth1_macvtap: entered promiscuous mode [ 97.318723][ T5832] veth1_macvtap: entered promiscuous mode [ 97.354446][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.373810][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.397233][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.407964][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.423016][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.434295][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.515575][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.567514][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.595005][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.615921][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.815956][ T5910] hub 8-0:1.0: USB hub found [ 97.823388][ T5910] hub 8-0:1.0: 1 port detected [ 98.109652][ T5827] Bluetooth: hci0: command tx timeout [ 98.264429][ T5823] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.299223][ T5823] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.339231][ T5823] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.348042][ T5823] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.418952][ T5827] Bluetooth: hci3: command tx timeout [ 98.419162][ T5819] Bluetooth: hci2: command tx timeout [ 98.499212][ T5819] Bluetooth: hci1: command tx timeout [ 98.508974][ T5819] Bluetooth: hci4: command tx timeout [ 98.637412][ T5828] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.651230][ T5828] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.661836][ T5828] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.671467][ T5828] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.077681][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.282387][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.367500][ T3058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.391413][ T3058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.526307][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.559873][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.604052][ T30] audit: type=1326 audit(1748578939.501:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5927 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7ffc0000 [ 99.641607][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.677273][ T30] audit: type=1326 audit(1748578939.501:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5927 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7ffc0000 [ 99.717696][ T3433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.733650][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.907158][ T3433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.966644][ T5931] warning: `syz.1.11' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 100.009379][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.018057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.027018][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.035839][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.044755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.054067][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.063153][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.072003][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.304419][ T30] audit: type=1326 audit(1748578939.501:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5927 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7fadcf78e969 code=0x7ffc0000 [ 100.623484][ T30] audit: type=1326 audit(1748578939.501:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5927 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7ffc0000 [ 100.813892][ T3490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.830211][ T3490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.453669][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.514226][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.799268][ T5945] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 102.129958][ T5833] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 102.164500][ T5952] FAULT_INJECTION: forcing a failure. [ 102.164500][ T5952] name failslab, interval 1, probability 0, space 0, times 1 [ 102.219635][ T5952] CPU: 0 UID: 0 PID: 5952 Comm: syz.2.3 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 102.219663][ T5952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.219679][ T5952] Call Trace: [ 102.219690][ T5952] [ 102.219699][ T5952] dump_stack_lvl+0x189/0x250 [ 102.219740][ T5952] ? __pfx____ratelimit+0x10/0x10 [ 102.219760][ T5952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.219786][ T5952] ? __pfx__printk+0x10/0x10 [ 102.219810][ T5952] ? __pfx___might_resched+0x10/0x10 [ 102.219831][ T5952] ? fs_reclaim_acquire+0x7d/0x100 [ 102.219856][ T5952] should_fail_ex+0x414/0x560 [ 102.219880][ T5952] should_failslab+0xa8/0x100 [ 102.219910][ T5952] __kmalloc_noprof+0xcb/0x4f0 [ 102.219936][ T5952] ? kernfs_fop_write_iter+0x158/0x4f0 [ 102.219966][ T5952] kernfs_fop_write_iter+0x158/0x4f0 [ 102.219998][ T5952] vfs_write+0x548/0xa90 [ 102.220027][ T5952] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 102.220053][ T5952] ? __pfx_vfs_write+0x10/0x10 [ 102.220089][ T5952] ? __fget_files+0x2a/0x420 [ 102.220115][ T5952] ksys_write+0x145/0x250 [ 102.220153][ T5952] ? __pfx_ksys_write+0x10/0x10 [ 102.220174][ T5952] ? rcu_is_watching+0x15/0xb0 [ 102.220201][ T5952] ? do_syscall_64+0xbe/0x3b0 [ 102.220225][ T5952] do_syscall_64+0xfa/0x3b0 [ 102.220243][ T5952] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.220261][ T5952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.220279][ T5952] ? clear_bhb_loop+0x60/0xb0 [ 102.220302][ T5952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.220320][ T5952] RIP: 0033:0x7fe08518e969 [ 102.220340][ T5952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.220356][ T5952] RSP: 002b:00007fe0860e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 102.220375][ T5952] RAX: ffffffffffffffda RBX: 00007fe0853b5fa0 RCX: 00007fe08518e969 [ 102.220391][ T5952] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000003 [ 102.220405][ T5952] RBP: 00007fe0860e4090 R08: 0000000000000000 R09: 0000000000000000 [ 102.220418][ T5952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.220430][ T5952] R13: 0000000000000000 R14: 00007fe0853b5fa0 R15: 00007ffe58107d08 [ 102.220465][ T5952] [ 102.568402][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.793341][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.908080][ T5827] Bluetooth: hci5: command 0x1003 tx timeout [ 102.922133][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 103.898856][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 103.932568][ T5833] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 103.961688][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.013588][ T5833] usb 5-1: config 0 descriptor?? [ 104.211181][ T5966] FAULT_INJECTION: forcing a failure. [ 104.211181][ T5966] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 104.293239][ T5966] CPU: 0 UID: 0 PID: 5966 Comm: syz.2.18 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 104.293273][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.293286][ T5966] Call Trace: [ 104.293294][ T5966] [ 104.293303][ T5966] dump_stack_lvl+0x189/0x250 [ 104.293340][ T5966] ? __pfx____ratelimit+0x10/0x10 [ 104.293363][ T5966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.293395][ T5966] ? __pfx__printk+0x10/0x10 [ 104.293417][ T5966] ? __might_fault+0xb0/0x130 [ 104.293461][ T5966] should_fail_ex+0x414/0x560 [ 104.293489][ T5966] _copy_from_iter+0x1db/0x16f0 [ 104.293521][ T5966] ? rcu_is_watching+0x15/0xb0 [ 104.293549][ T5966] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 104.293582][ T5966] ? __pfx__copy_from_iter+0x10/0x10 [ 104.293611][ T5966] ? __build_skb_around+0x257/0x3e0 [ 104.293643][ T5966] ? netlink_sendmsg+0x642/0xb30 [ 104.293671][ T5966] ? skb_put+0x11b/0x210 [ 104.293704][ T5966] netlink_sendmsg+0x6b2/0xb30 [ 104.293743][ T5966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.293781][ T5966] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 104.293801][ T5966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.293832][ T5966] __sock_sendmsg+0x21c/0x270 [ 104.293858][ T5966] ____sys_sendmsg+0x505/0x830 [ 104.293892][ T5966] ? __pfx_____sys_sendmsg+0x10/0x10 [ 104.293940][ T5966] ? import_iovec+0x74/0xa0 [ 104.293974][ T5966] ___sys_sendmsg+0x21f/0x2a0 [ 104.294007][ T5966] ? __pfx____sys_sendmsg+0x10/0x10 [ 104.294075][ T5966] ? __fget_files+0x2a/0x420 [ 104.294094][ T5966] ? __fget_files+0x3a0/0x420 [ 104.294125][ T5966] __x64_sys_sendmsg+0x19b/0x260 [ 104.294159][ T5966] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 104.294200][ T5966] ? __pfx_ksys_write+0x10/0x10 [ 104.294227][ T5966] ? rcu_is_watching+0x15/0xb0 [ 104.294258][ T5966] ? do_syscall_64+0xbe/0x3b0 [ 104.294286][ T5966] do_syscall_64+0xfa/0x3b0 [ 104.294307][ T5966] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.294327][ T5966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.294348][ T5966] ? clear_bhb_loop+0x60/0xb0 [ 104.294374][ T5966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.294395][ T5966] RIP: 0033:0x7fe08518e969 [ 104.294414][ T5966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.294433][ T5966] RSP: 002b:00007fe0860e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.294455][ T5966] RAX: ffffffffffffffda RBX: 00007fe0853b5fa0 RCX: 00007fe08518e969 [ 104.294471][ T5966] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000003 [ 104.294485][ T5966] RBP: 00007fe0860e4090 R08: 0000000000000000 R09: 0000000000000000 [ 104.294498][ T5966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.294511][ T5966] R13: 0000000000000000 R14: 00007fe0853b5fa0 R15: 00007ffe58107d08 [ 104.294544][ T5966] [ 104.838341][ T5833] usbhid 5-1:0.0: can't add hid device: -71 [ 104.879025][ T5833] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 104.991503][ T5833] usb 5-1: USB disconnect, device number 2 [ 105.814372][ T5959] Bluetooth: hci5: Frame reassembly failed (-84) [ 105.847111][ T5827] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 106.366242][ T30] audit: type=1326 audit(1748578946.261:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 106.436423][ T30] audit: type=1326 audit(1748578946.291:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 106.473531][ T6005] binder: BINDER_SET_CONTEXT_MGR already set [ 106.480925][ T6005] binder: 6004:6005 ioctl 4018620d 200000000040 returned -16 [ 106.495505][ T6005] FAULT_INJECTION: forcing a failure. [ 106.495505][ T6005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.510165][ T30] audit: type=1326 audit(1748578946.291:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 106.531946][ T6005] CPU: 1 UID: 0 PID: 6005 Comm: syz.2.29 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 106.531981][ T6005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.531994][ T6005] Call Trace: [ 106.532003][ T6005] [ 106.532013][ T6005] dump_stack_lvl+0x189/0x250 [ 106.532050][ T6005] ? __pfx____ratelimit+0x10/0x10 [ 106.532073][ T6005] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.532104][ T6005] ? __pfx__printk+0x10/0x10 [ 106.532128][ T6005] ? __pfx_binder_debug+0x10/0x10 [ 106.532168][ T6005] should_fail_ex+0x414/0x560 [ 106.532196][ T6005] _copy_to_user+0x31/0xb0 [ 106.532229][ T6005] binder_ioctl_write_read+0x9571/0xa090 [ 106.532290][ T6005] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 106.532319][ T6005] ? arch_stack_walk+0xfc/0x150 [ 106.532360][ T6005] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 106.532389][ T6005] ? stack_trace_save+0x9c/0xe0 [ 106.532420][ T6005] ? stack_depot_save_flags+0x40/0x900 [ 106.532453][ T6005] ? kasan_save_track+0x4f/0x80 [ 106.532480][ T6005] ? kasan_save_track+0x3e/0x80 [ 106.532505][ T6005] ? kasan_save_free_info+0x46/0x50 [ 106.532527][ T6005] ? __kasan_slab_free+0x62/0x70 [ 106.532554][ T6005] ? kfree+0x18e/0x440 [ 106.532580][ T6005] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 106.532600][ T6005] ? security_file_ioctl+0xcb/0x2d0 [ 106.532621][ T6005] ? __se_sys_ioctl+0x47/0x170 [ 106.532645][ T6005] ? do_syscall_64+0xfa/0x3b0 [ 106.532666][ T6005] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.532699][ T6005] ? __lock_acquire+0xab9/0xd20 [ 106.532719][ T6005] ? binder_debug+0x13f/0x1b0 [ 106.532756][ T6005] ? __pfx_binder_debug+0x10/0x10 [ 106.532784][ T6005] ? do_raw_spin_lock+0x121/0x290 [ 106.532836][ T6005] ? _raw_spin_unlock+0x28/0x50 [ 106.532867][ T6005] ? binder_get_thread+0x178/0x6d0 [ 106.532903][ T6005] binder_ioctl+0x3e0/0x19c0 [ 106.532933][ T6005] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 106.532957][ T6005] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 106.532985][ T6005] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 106.533005][ T6005] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 106.533029][ T6005] ? __pfx_binder_ioctl+0x10/0x10 [ 106.533056][ T6005] ? smack_log+0xef/0x3f0 [ 106.533088][ T6005] ? __pfx_smack_log+0x10/0x10 [ 106.533118][ T6005] ? smk_access+0x14c/0x4e0 [ 106.533154][ T6005] ? smk_tskacc+0x2fc/0x370 [ 106.533189][ T6005] ? smack_file_ioctl+0x2a9/0x340 [ 106.533225][ T6005] ? __pfx_smack_file_ioctl+0x10/0x10 [ 106.533270][ T6005] ? __fget_files+0x2a/0x420 [ 106.533288][ T6005] ? __fget_files+0x3a0/0x420 [ 106.533306][ T6005] ? __fget_files+0x2a/0x420 [ 106.533329][ T6005] ? bpf_lsm_file_ioctl+0x9/0x20 [ 106.533351][ T6005] ? __pfx_binder_ioctl+0x10/0x10 [ 106.533382][ T6005] __se_sys_ioctl+0xfc/0x170 [ 106.533411][ T6005] do_syscall_64+0xfa/0x3b0 [ 106.533433][ T6005] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.533454][ T6005] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.533475][ T6005] ? clear_bhb_loop+0x60/0xb0 [ 106.533501][ T6005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.533522][ T6005] RIP: 0033:0x7fe08518e969 [ 106.533541][ T6005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.533559][ T6005] RSP: 002b:00007fe0860e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 106.533581][ T6005] RAX: ffffffffffffffda RBX: 00007fe0853b5fa0 RCX: 00007fe08518e969 [ 106.533597][ T6005] RDX: 0000200000000700 RSI: 00000000c0306201 RDI: 0000000000000004 [ 106.533611][ T6005] RBP: 00007fe0860e4090 R08: 0000000000000000 R09: 0000000000000000 [ 106.533624][ T6005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.533636][ T6005] R13: 0000000000000000 R14: 00007fe0853b5fa0 R15: 00007ffe58107d08 [ 106.533670][ T6005] [ 106.533987][ T6005] binder: 6004:6005 ioctl c0306201 200000000700 returned -14 [ 106.632539][ T30] audit: type=1326 audit(1748578946.291:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.002773][ T30] audit: type=1326 audit(1748578946.291:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.055312][ T30] audit: type=1326 audit(1748578946.291:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.124980][ T30] audit: type=1326 audit(1748578946.291:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.147280][ T30] audit: type=1326 audit(1748578946.291:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.354916][ T6014] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 107.361679][ T6014] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 107.370522][ T6014] vhci_hcd vhci_hcd.0: Device attached [ 107.435645][ T30] audit: type=1326 audit(1748578946.291:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.435714][ T30] audit: type=1326 audit(1748578946.291:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5970 comm="syz.0.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadcf78e969 code=0x7fc00000 [ 107.779149][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 107.969040][ T5874] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 108.224111][ T6017] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 108.468689][ T12] vhci_hcd: stop threads [ 108.502487][ T12] vhci_hcd: release socket [ 108.547441][ T12] vhci_hcd: disconnect device [ 108.675682][ T6020] netlink: 'syz.2.34': attribute type 10 has an invalid length. [ 109.655969][ T6032] hub 8-0:1.0: USB hub found [ 109.664059][ T6032] hub 8-0:1.0: 1 port detected [ 110.337728][ T6035] netlink: 27 bytes leftover after parsing attributes in process `syz.4.36'. [ 110.398182][ T6020] team0: Port device wlan1 added [ 110.445405][ T6030] Zero length message leads to an empty skb [ 111.156135][ T6046] hub 8-0:1.0: USB hub found [ 111.164948][ T6046] hub 8-0:1.0: 1 port detected [ 113.129097][ T5874] vhci_hcd: vhci_device speed not set [ 114.974140][ T6082] process 'syz.4.52' launched './file0' with NULL argv: empty string added [ 115.967944][ T6084] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 116.746332][ T6098] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 116.752932][ T6098] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 116.761791][ T6098] vhci_hcd vhci_hcd.0: Device attached [ 117.030745][ T6101] netlink: 'syz.1.54': attribute type 10 has an invalid length. [ 117.189792][ T5833] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 117.852622][ T6099] vhci_hcd: connection reset by peer [ 118.039543][ T6086] vhci_hcd: stop threads [ 118.098675][ T6086] vhci_hcd: release socket [ 118.146476][ T6103] netlink: 140 bytes leftover after parsing attributes in process `syz.1.54'. [ 118.220544][ T6086] vhci_hcd: disconnect device [ 119.063805][ T6115] netlink: 'syz.2.59': attribute type 2 has an invalid length. [ 119.072668][ T6115] netlink: 'syz.2.59': attribute type 1 has an invalid length. [ 119.300429][ T6101] team0: Port device wlan1 added [ 119.467149][ T6113] lo speed is unknown, defaulting to 1000 [ 119.474629][ T6113] lo speed is unknown, defaulting to 1000 [ 119.492103][ T6113] lo speed is unknown, defaulting to 1000 [ 119.532474][ T6113] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 119.608939][ T6113] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 119.769484][ T6113] lo speed is unknown, defaulting to 1000 [ 119.790449][ T6113] lo speed is unknown, defaulting to 1000 [ 119.811587][ T6113] lo speed is unknown, defaulting to 1000 [ 119.831165][ T6113] lo speed is unknown, defaulting to 1000 [ 119.851911][ T6113] lo speed is unknown, defaulting to 1000 [ 121.827279][ T6130] binfmt_misc: register: failed to install interpreter file ./file0 [ 122.411269][ T5833] vhci_hcd: vhci_device speed not set [ 122.805213][ T5896] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 122.809346][ T5874] IPVS: starting estimator thread 0... [ 122.870192][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.909116][ T6149] IPVS: using max 26 ests per chain, 62400 per kthread [ 122.917933][ T6150] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 123.049295][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 123.078923][ T5896] usb 1-1: Using ep0 maxpacket: 16 [ 123.087696][ T5896] usb 1-1: config index 0 descriptor too short (expected 65316, got 36) [ 123.112577][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 123.123006][ T5896] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 123.150970][ T5896] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 123.189155][ T5896] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.209041][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 123.291766][ T10] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 123.378848][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.425618][ T10] usb 4-1: Product: syz [ 123.439009][ T10] usb 4-1: Manufacturer: syz [ 123.442277][ T5896] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.455890][ T5896] usb 1-1: config 0 interface 0 has no altsetting 0 [ 123.462706][ T5896] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 123.471936][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.489583][ T5896] usb 1-1: config 0 descriptor?? [ 123.494692][ T10] usb 4-1: SerialNumber: syz [ 123.591759][ T6154] siw: device registration error -23 [ 124.103524][ T10] usb 4-1: config 0 descriptor?? [ 124.270017][ T10] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 124.309277][ T5896] usbhid 1-1:0.0: can't add hid device: -71 [ 124.349161][ T5896] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 124.425379][ T5896] usb 1-1: USB disconnect, device number 2 [ 124.442997][ T6137] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 124.492272][ T6159] geneve2: entered promiscuous mode [ 124.518149][ T6159] geneve2: entered allmulticast mode [ 124.554244][ T10] snd_usb_toneport 4-1:0.0: cannot get proper max packet size [ 124.595653][ T10] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 124.623521][ T10] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 125.772708][ T5896] usb 4-1: USB disconnect, device number 2 [ 128.190304][ T6199] hub 8-0:1.0: USB hub found [ 128.199340][ T6199] hub 8-0:1.0: 1 port detected [ 128.699231][ T5819] Bluetooth: hci5: command 0x1003 tx timeout [ 128.706212][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 129.424362][ T6202] binder: BINDER_SET_CONTEXT_MGR already set [ 129.430976][ T6202] binder: 6201:6202 ioctl 4018620d 2000000001c0 returned -16 [ 129.512334][ T6205] binder: 6201:6205 ioctl 40047451 0 returned -22 [ 129.842917][ T6219] siw: device registration error -23 [ 133.098967][ T5833] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 133.361635][ T5833] usb 1-1: Using ep0 maxpacket: 16 [ 133.555491][ T5833] usb 1-1: unable to get BOS descriptor or descriptor too short [ 133.666783][ T5833] usb 1-1: config 4 has an invalid interface number: 138 but max is 2 [ 133.777675][ T5833] usb 1-1: config 4 contains an unexpected descriptor of type 0x1, skipping [ 133.796066][ T5833] usb 1-1: config 4 has an invalid descriptor of length 115, skipping remainder of the config [ 133.806544][ T5833] usb 1-1: config 4 has 1 interface, different from the descriptor's value: 3 [ 133.887113][ T5833] usb 1-1: config 4 has no interface number 0 [ 134.626522][ T5833] usb 1-1: config 4 interface 138 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 134.667082][ T5833] usb 1-1: config 4 interface 138 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 32 [ 134.709296][ T5833] usb 1-1: config 4 interface 138 altsetting 4 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 134.779162][ T5833] usb 1-1: config 4 interface 138 altsetting 4 has a duplicate endpoint with address 0xA, skipping [ 134.798823][ T5833] usb 1-1: config 4 interface 138 altsetting 4 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 134.828877][ T5833] usb 1-1: config 4 interface 138 altsetting 4 has 6 endpoint descriptors, different from the interface descriptor's value: 8 [ 134.854941][ T5833] usb 1-1: config 4 interface 138 has no altsetting 0 [ 135.065712][ T5833] usb 1-1: string descriptor 0 read error: -71 [ 135.090865][ T5833] usb 1-1: New USB device found, idVendor=15a9, idProduct=0002, bcdDevice=7b.6b [ 135.110004][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.183955][ T6271] siw: device registration error -23 [ 135.889291][ T6272] netlink: 16 bytes leftover after parsing attributes in process `syz.3.98'. [ 135.910991][ T5833] usb 1-1: can't set config #4, error -71 [ 135.918751][ T5833] usb 1-1: USB disconnect, device number 3 [ 135.978220][ T5821] udevd[5821]: setting owner of /dev/bus/usb/001/003 to uid=0, gid=0 failed: No such file or directory [ 137.316325][ T6283] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 137.322912][ T6283] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 137.330990][ T6283] vhci_hcd vhci_hcd.0: Device attached [ 137.600831][ T6281] program syz.4.101 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 137.909354][ T5833] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 138.057691][ T6286] vhci_hcd: connection reset by peer [ 138.076983][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.094463][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.218744][ T1146] vhci_hcd: stop threads [ 138.223195][ T1146] vhci_hcd: release socket [ 138.379506][ T1146] vhci_hcd: disconnect device [ 143.488952][ T5833] vhci_hcd: vhci_device speed not set [ 145.853941][ T6337] lo speed is unknown, defaulting to 1000 [ 146.081411][ T6351] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 146.087986][ T6351] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 146.095880][ T6351] vhci_hcd vhci_hcd.0: Device attached [ 147.004101][ T6352] vhci_hcd: connection closed [ 147.064358][ T1146] vhci_hcd: stop threads [ 147.174598][ T1146] vhci_hcd: release socket [ 147.313324][ T1146] vhci_hcd: disconnect device [ 147.808901][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 148.003855][ T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 148.056055][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.152549][ T10] usb 1-1: config 0 descriptor?? [ 148.350173][ T6370] input: syz1 as /devices/virtual/input/input5 [ 149.279047][ T5884] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 149.479245][ T5884] usb 2-1: device descriptor read/64, error -71 [ 149.798904][ T5884] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 149.959133][ T5884] usb 2-1: device descriptor read/64, error -71 [ 150.133404][ T5884] usb usb2-port1: attempt power cycle [ 150.202890][ T10] ath6kl: Failed to read usb control message: -71 [ 150.239761][ T10] ath6kl: Unable to read the bmi data from the device: -71 [ 150.239804][ T10] ath6kl: Unable to recv target info: -71 [ 150.255032][ T10] ath6kl: Failed to init ath6kl core: -71 [ 150.263571][ T10] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 150.639176][ T5884] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 150.766688][ T5884] usb 2-1: device descriptor read/8, error -71 [ 150.776225][ T10] usb 1-1: USB disconnect, device number 4 [ 150.798205][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 150.798224][ T30] audit: type=1326 audit(1748578990.691:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6393 comm="syz.4.129" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc83758e969 code=0x0 [ 150.798455][ T6392] netlink: 4 bytes leftover after parsing attributes in process `syz.3.128'. [ 151.019444][ T5884] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 151.049873][ T5884] usb 2-1: device descriptor read/8, error -71 [ 151.166412][ T5884] usb usb2-port1: unable to enumerate USB device [ 151.307369][ T3078] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 151.489267][ T3078] usb 3-1: Using ep0 maxpacket: 8 [ 151.704886][ T3078] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 151.736740][ T3078] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 151.773255][ T3078] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.815422][ T3078] usb 3-1: config 0 descriptor?? [ 152.240026][ T3078] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 152.634134][ T49] Bluetooth: hci5: Frame reassembly failed (-84) [ 153.058465][ T3433] Bluetooth: hci6: Frame reassembly failed (-84) [ 154.362566][ T10] usb 3-1: USB disconnect, device number 2 [ 154.572606][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.141'. [ 154.669094][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 154.676450][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 154.887660][ T6435] netlink: 'syz.3.139': attribute type 3 has an invalid length. [ 154.947581][ T6441] netlink: 'syz.2.140': attribute type 1 has an invalid length. [ 154.957993][ T6435] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.139'. [ 154.974328][ T6441] netlink: 'syz.2.140': attribute type 1 has an invalid length. [ 155.089142][ T5819] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 155.096901][ T5836] Bluetooth: hci6: command 0x1003 tx timeout [ 155.372414][ T30] audit: type=1326 audit(1748578995.271:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6455 comm="syz.1.143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0fa718e969 code=0x0 [ 155.408294][ T6457] netlink: 'syz.2.142': attribute type 10 has an invalid length. [ 155.466534][ T6457] netlink: 140 bytes leftover after parsing attributes in process `syz.2.142'. [ 155.729195][ T6464] fuse: Bad value for 'fd' [ 156.379981][ T6466] fuse: Bad value for 'fd' [ 156.969505][ T6481] hub 8-0:1.0: USB hub found [ 156.975516][ T6481] hub 8-0:1.0: 1 port detected [ 159.016558][ T6492] netlink: 52 bytes leftover after parsing attributes in process `syz.0.150'. [ 159.025751][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.150'. [ 159.034668][ T6492] netlink: 52 bytes leftover after parsing attributes in process `syz.0.150'. [ 159.043626][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.150'. [ 159.052473][ T6492] netlink: 52 bytes leftover after parsing attributes in process `syz.0.150'. [ 160.758092][ T6509] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 160.764683][ T6509] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 160.773235][ T6509] vhci_hcd vhci_hcd.0: Device attached [ 161.139251][ T10] usb 41-1: new low-speed USB device number 3 using vhci_hcd [ 161.515826][ T6510] vhci_hcd: connection reset by peer [ 161.631157][ T1146] vhci_hcd: stop threads [ 161.679207][ T1146] vhci_hcd: release socket [ 161.728582][ T1146] vhci_hcd: disconnect device [ 162.316104][ T30] audit: type=1326 audit(1748579002.211:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6515 comm="syz.2.157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe08518e969 code=0x0 [ 162.498089][ T6523] fuse: Bad value for 'fd' [ 162.502819][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 162.509654][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 162.548617][ T6524] netlink: 'syz.0.159': attribute type 10 has an invalid length. [ 162.596077][ T6524] team0: Port device wlan1 added [ 162.638078][ T6524] netlink: 140 bytes leftover after parsing attributes in process `syz.0.159'. [ 163.170973][ T6534] siw: device registration error -23 [ 164.042330][ T1216] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 164.299472][ T1216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 164.986460][ T1216] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 164.998938][ T1216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 165.208375][ T1216] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 165.217550][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.248822][ T1216] usb 4-1: Product: syz [ 165.253049][ T1216] usb 4-1: Manufacturer: syz [ 165.257665][ T1216] usb 4-1: SerialNumber: syz [ 165.265848][ T1216] usb 4-1: config 0 descriptor?? [ 165.289665][ T6530] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 165.297268][ T6530] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 165.306256][ T1216] usb 4-1: ucan: probing device on interface #0 [ 165.470798][ T6556] netlink: 'syz.2.168': attribute type 10 has an invalid length. [ 165.576573][ T6557] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 165.583155][ T6557] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 165.593226][ T6557] vhci_hcd vhci_hcd.0: Device attached [ 166.290336][ T6558] vhci_hcd: connection closed [ 166.317994][ T6559] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 166.381614][ T1216] usb 4-1: ucan: could not read protocol version, ret=-110 [ 166.820361][ T1216] usb 4-1: ucan: probe failed; try to update the device firmware [ 166.838843][ T5959] vhci_hcd: stop threads [ 166.847084][ T5959] vhci_hcd: release socket [ 166.865643][ T5959] vhci_hcd: disconnect device [ 166.879132][ T1216] usb 4-1: USB disconnect, device number 3 [ 166.950105][ T10] vhci_hcd: vhci_device speed not set [ 167.181957][ T6568] fuse: Bad value for 'fd' [ 167.429326][ T30] audit: type=1326 audit(1748579007.311:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6572 comm="syz.4.174" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc83758e969 code=0x0 [ 167.616094][ T6582] netlink: 'syz.1.176': attribute type 10 has an invalid length. [ 167.822603][ T6582] netlink: 140 bytes leftover after parsing attributes in process `syz.1.176'. [ 167.910601][ T6585] siw: device registration error -23 [ 169.325148][ T6595] hub 8-0:1.0: USB hub found [ 169.332378][ T6595] hub 8-0:1.0: 1 port detected [ 170.219545][ T6604] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 170.226140][ T6604] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 170.234348][ T6604] vhci_hcd vhci_hcd.0: Device attached [ 170.559062][ T5884] usb 41-1: new low-speed USB device number 4 using vhci_hcd [ 171.031252][ T6605] vhci_hcd: connection reset by peer [ 171.125216][ T5959] vhci_hcd: stop threads [ 171.226704][ T5959] vhci_hcd: release socket [ 171.302154][ T5959] vhci_hcd: disconnect device [ 171.957941][ T30] audit: type=1326 audit(1748579011.851:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6625 comm="syz.2.190" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe08518e969 code=0x0 [ 172.116229][ T6633] siw: device registration error -23 [ 173.080457][ T6644] xt_connbytes: Forcing CT accounting to be enabled [ 173.088604][ T6644] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 173.667242][ T6647] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 173.673822][ T6647] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 173.681726][ T6647] vhci_hcd vhci_hcd.0: Device attached [ 173.964169][ T43] IPVS: starting estimator thread 0... [ 174.169787][ T6649] IPVS: using max 23 ests per chain, 55200 per kthread [ 174.320130][ T43] usb 35-1: new low-speed USB device number 3 using vhci_hcd [ 174.398100][ T6650] vhci_hcd: connection closed [ 174.447627][ T6086] vhci_hcd: stop threads [ 174.875119][ T6086] vhci_hcd: release socket [ 174.880058][ T6086] vhci_hcd: disconnect device [ 174.989604][ T6655] xt_connbytes: Forcing CT accounting to be enabled [ 175.607767][ T6659] xt_connbytes: Forcing CT accounting to be enabled [ 175.848981][ T5884] vhci_hcd: vhci_device speed not set [ 179.344563][ T6675] netlink: 'syz.4.204': attribute type 1 has an invalid length. [ 179.388857][ T6675] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.204'. [ 179.529008][ T43] vhci_hcd: vhci_device speed not set [ 179.642263][ T6698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.210'. [ 179.741804][ T6701] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 182.262948][ T5833] IPVS: starting estimator thread 0... [ 182.389010][ T6731] IPVS: using max 21 ests per chain, 50400 per kthread [ 186.473821][ T43] IPVS: starting estimator thread 0... [ 186.566963][ T6776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.232'. [ 186.581100][ T6774] IPVS: using max 36 ests per chain, 86400 per kthread [ 189.322555][ T6795] openvswitch: netlink: IP tunnel TTL not specified. [ 190.019982][ T6808] xt_connbytes: Forcing CT accounting to be enabled [ 190.915518][ T6817] hub 8-0:1.0: USB hub found [ 190.923509][ T6817] hub 8-0:1.0: 1 port detected [ 195.192105][ T6874] openvswitch: netlink: IP tunnel TTL not specified. [ 197.664164][ T6907] FAULT_INJECTION: forcing a failure. [ 197.664164][ T6907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.015096][ T6907] CPU: 0 UID: 0 PID: 6907 Comm: syz.2.266 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 198.015145][ T6907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.015159][ T6907] Call Trace: [ 198.015168][ T6907] [ 198.015178][ T6907] dump_stack_lvl+0x189/0x250 [ 198.015228][ T6907] ? __pfx____ratelimit+0x10/0x10 [ 198.015252][ T6907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.015284][ T6907] ? __pfx__printk+0x10/0x10 [ 198.015306][ T6907] ? __might_fault+0xb0/0x130 [ 198.015352][ T6907] should_fail_ex+0x414/0x560 [ 198.015382][ T6907] _copy_from_user+0x2d/0xb0 [ 198.015414][ T6907] ip6_tnl_siocdevprivate+0x1b6/0xad0 [ 198.015455][ T6907] ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10 [ 198.015481][ T6907] ? rcu_is_watching+0x15/0xb0 [ 198.015529][ T6907] ? full_name_hash+0x92/0xe0 [ 198.015557][ T6907] ? netdev_name_node_lookup+0xdf/0x120 [ 198.015591][ T6907] dev_ifsioc+0xb54/0xf00 [ 198.015628][ T6907] dev_ioctl+0x84c/0x1150 [ 198.015659][ T6907] sock_ioctl+0x719/0x790 [ 198.015684][ T6907] ? __pfx_sock_ioctl+0x10/0x10 [ 198.015708][ T6907] ? __fget_files+0x3a0/0x420 [ 198.015726][ T6907] ? __fget_files+0x2a/0x420 [ 198.015750][ T6907] ? bpf_lsm_file_ioctl+0x9/0x20 [ 198.015774][ T6907] ? __pfx_sock_ioctl+0x10/0x10 [ 198.015795][ T6907] __se_sys_ioctl+0xfc/0x170 [ 198.015827][ T6907] do_syscall_64+0xfa/0x3b0 [ 198.015849][ T6907] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.015871][ T6907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.015893][ T6907] ? clear_bhb_loop+0x60/0xb0 [ 198.015920][ T6907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.015941][ T6907] RIP: 0033:0x7fe08518e969 [ 198.015965][ T6907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.015984][ T6907] RSP: 002b:00007fe0860e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 198.016011][ T6907] RAX: ffffffffffffffda RBX: 00007fe0853b5fa0 RCX: 00007fe08518e969 [ 198.016028][ T6907] RDX: 00002000000000c0 RSI: 00000000000089f1 RDI: 0000000000000003 [ 198.016041][ T6907] RBP: 00007fe0860e4090 R08: 0000000000000000 R09: 0000000000000000 [ 198.016055][ T6907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.016068][ T6907] R13: 0000000000000000 R14: 00007fe0853b5fa0 R15: 00007ffe58107d08 [ 198.016103][ T6907] [ 198.247061][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.462153][ T6915] input: syz1 as /devices/virtual/input/input6 [ 199.058882][ T3078] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 199.218976][ T3078] usb 1-1: Invalid ep0 maxpacket: 16 [ 199.358895][ T3078] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 199.468356][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.474948][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.532938][ T3078] usb 1-1: Invalid ep0 maxpacket: 16 [ 199.539315][ T3078] usb usb1-port1: attempt power cycle [ 199.988876][ T3078] usb 1-1: new low-speed USB device number 7 using dummy_hcd [ 200.033548][ T3078] usb 1-1: Invalid ep0 maxpacket: 16 [ 200.329317][ T3078] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 200.404988][ T3078] usb 1-1: Invalid ep0 maxpacket: 16 [ 200.481786][ T3078] usb usb1-port1: unable to enumerate USB device [ 201.074642][ T6945] netlink: 'syz.1.277': attribute type 10 has an invalid length. [ 201.590859][ T6945] netlink: 140 bytes leftover after parsing attributes in process `syz.1.277'. [ 203.530114][ T6968] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 206.188919][ T3078] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 206.271731][ T6997] netlink: 'syz.1.292': attribute type 10 has an invalid length. [ 206.282025][ T6997] netlink: 140 bytes leftover after parsing attributes in process `syz.1.292'. [ 206.368880][ T3078] usb 5-1: Using ep0 maxpacket: 8 [ 206.387783][ T3078] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 206.416414][ T3078] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 206.460855][ T3078] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 206.489328][ T3078] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 206.533490][ T3078] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 206.581623][ T3078] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.092108][ T3078] usbtmc 5-1:16.0: bulk endpoints not found [ 208.065163][ T7008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.297'. [ 208.075554][ T7008] IPVS: Error joining to the multicast group [ 209.662827][ T3078] usb 5-1: USB disconnect, device number 3 [ 209.774238][ T7021] Illegal XDP return value 4294967294 on prog (id 72) dev N/A, expect packet loss! [ 212.307359][ T7040] netlink: 'syz.2.305': attribute type 10 has an invalid length. [ 212.572936][ T7040] netlink: 140 bytes leftover after parsing attributes in process `syz.2.305'. [ 212.776469][ T7043] hub 8-0:1.0: USB hub found [ 212.785436][ T7043] hub 8-0:1.0: 1 port detected [ 214.989618][ T7059] FAULT_INJECTION: forcing a failure. [ 214.989618][ T7059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.062914][ T7059] CPU: 0 UID: 0 PID: 7059 Comm: syz.0.311 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 215.062947][ T7059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.062960][ T7059] Call Trace: [ 215.062969][ T7059] [ 215.062979][ T7059] dump_stack_lvl+0x189/0x250 [ 215.063018][ T7059] ? __pfx____ratelimit+0x10/0x10 [ 215.063041][ T7059] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.063074][ T7059] ? __pfx__printk+0x10/0x10 [ 215.063095][ T7059] ? __might_fault+0xb0/0x130 [ 215.063141][ T7059] should_fail_ex+0x414/0x560 [ 215.063170][ T7059] _copy_from_iter+0x1db/0x16f0 [ 215.063202][ T7059] ? rcu_is_watching+0x15/0xb0 [ 215.063230][ T7059] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 215.063266][ T7059] ? __pfx__copy_from_iter+0x10/0x10 [ 215.063295][ T7059] ? __build_skb_around+0x257/0x3e0 [ 215.063328][ T7059] ? netlink_sendmsg+0x642/0xb30 [ 215.063356][ T7059] ? skb_put+0x11b/0x210 [ 215.063390][ T7059] netlink_sendmsg+0x6b2/0xb30 [ 215.063430][ T7059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.063469][ T7059] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 215.063489][ T7059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.063520][ T7059] __sock_sendmsg+0x21c/0x270 [ 215.063548][ T7059] ____sys_sendmsg+0x505/0x830 [ 215.063586][ T7059] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.063627][ T7059] ? import_iovec+0x74/0xa0 [ 215.063661][ T7059] ___sys_sendmsg+0x21f/0x2a0 [ 215.063695][ T7059] ? __pfx____sys_sendmsg+0x10/0x10 [ 215.063775][ T7059] ? __fget_files+0x2a/0x420 [ 215.063794][ T7059] ? __fget_files+0x3a0/0x420 [ 215.063825][ T7059] __x64_sys_sendmsg+0x19b/0x260 [ 215.063860][ T7059] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 215.063903][ T7059] ? __pfx_ksys_write+0x10/0x10 [ 215.063930][ T7059] ? rcu_is_watching+0x15/0xb0 [ 215.063960][ T7059] ? do_syscall_64+0xbe/0x3b0 [ 215.063988][ T7059] do_syscall_64+0xfa/0x3b0 [ 215.064010][ T7059] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.064031][ T7059] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.064052][ T7059] ? clear_bhb_loop+0x60/0xb0 [ 215.064079][ T7059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.064101][ T7059] RIP: 0033:0x7fadcf78e969 [ 215.064120][ T7059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.064138][ T7059] RSP: 002b:00007fadd05f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.064161][ T7059] RAX: ffffffffffffffda RBX: 00007fadcf9b5fa0 RCX: 00007fadcf78e969 [ 215.064177][ T7059] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 215.064191][ T7059] RBP: 00007fadd05f0090 R08: 0000000000000000 R09: 0000000000000000 [ 215.064204][ T7059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.064217][ T7059] R13: 0000000000000000 R14: 00007fadcf9b5fa0 R15: 00007ffc2b8dd978 [ 215.064251][ T7059] [ 215.358122][ T7062] netlink: 'syz.2.310': attribute type 2 has an invalid length. [ 215.376685][ T7062] : entered promiscuous mode [ 215.478926][ T3078] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 215.618936][ T3078] usb 5-1: device descriptor read/64, error -71 [ 216.008985][ T3078] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 216.188923][ T3078] usb 5-1: device descriptor read/64, error -71 [ 216.338307][ T3078] usb usb5-port1: attempt power cycle [ 216.902611][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 216.909097][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 216.915187][ T5835] Bluetooth: hci1: command 0x0406 tx timeout [ 216.921770][ T5835] Bluetooth: hci4: command 0x0406 tx timeout [ 217.344933][ T3078] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 217.429929][ T3078] usb 5-1: device descriptor read/8, error -71 [ 217.686066][ T7092] netlink: 'syz.2.318': attribute type 10 has an invalid length. [ 217.708844][ T3078] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 217.719903][ T7092] netlink: 140 bytes leftover after parsing attributes in process `syz.2.318'. [ 217.858304][ T7093] netlink: 'syz.3.319': attribute type 2 has an invalid length. [ 217.969576][ T7093] netlink: 'syz.3.319': attribute type 1 has an invalid length. [ 218.010502][ T3078] usb 5-1: device descriptor read/8, error -71 [ 218.159384][ T3078] usb usb5-port1: unable to enumerate USB device [ 223.630198][ T7144] netlink: 'syz.0.333': attribute type 2 has an invalid length. [ 223.637910][ T7144] netlink: 'syz.0.333': attribute type 1 has an invalid length. [ 224.483355][ T1216] IPVS: starting estimator thread 0... [ 224.512302][ T7160] netlink: 'syz.4.335': attribute type 10 has an invalid length. [ 224.850341][ T7165] netlink: 140 bytes leftover after parsing attributes in process `syz.4.335'. [ 224.869415][ T7161] IPVS: using max 23 ests per chain, 55200 per kthread [ 225.356996][ T7160] team0: Port device wlan1 added [ 226.544864][ T7173] block device autoloading is deprecated and will be removed. [ 226.653964][ T7173] syz.4.339: attempt to access beyond end of device [ 226.653964][ T7173] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 227.398064][ T7194] netlink: 'syz.1.347': attribute type 2 has an invalid length. [ 227.405908][ T7194] netlink: 'syz.1.347': attribute type 1 has an invalid length. [ 228.786494][ T7201] netlink: 'syz.3.350': attribute type 10 has an invalid length. [ 228.848463][ T7201] team0: Port device wlan1 added [ 228.867067][ T7202] netlink: 140 bytes leftover after parsing attributes in process `syz.3.350'. [ 231.605426][ T7231] netlink: 'syz.2.359': attribute type 2 has an invalid length. [ 231.613405][ T7231] netlink: 'syz.2.359': attribute type 1 has an invalid length. [ 233.233987][ T7245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'. [ 233.564315][ T7255] netlink: 'syz.4.364': attribute type 10 has an invalid length. [ 234.062374][ T7255] netlink: 140 bytes leftover after parsing attributes in process `syz.4.364'. [ 235.316425][ T7276] hub 8-0:1.0: USB hub found [ 235.325835][ T7276] hub 8-0:1.0: 1 port detected [ 235.696800][ T5884] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 236.542690][ T5884] usb 1-1: Using ep0 maxpacket: 16 [ 236.987626][ T5884] usb 1-1: config 4 has an invalid interface number: 51 but max is 0 [ 237.040814][ T5884] usb 1-1: config 4 has no interface number 0 [ 237.047007][ T5884] usb 1-1: config 4 interface 51 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 16 [ 237.123190][ T5884] usb 1-1: config 4 interface 51 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 237.137268][ T7290] netlink: 'syz.1.373': attribute type 3 has an invalid length. [ 237.179158][ T5884] usb 1-1: config 4 interface 51 has no altsetting 0 [ 237.482187][ T5884] usb 1-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76 [ 237.521807][ T7291] xt_connbytes: Forcing CT accounting to be enabled [ 237.571833][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.593893][ T5884] usb 1-1: Product: syz [ 237.622234][ T5884] usb 1-1: Manufacturer: syz [ 237.649054][ T5884] usb 1-1: SerialNumber: syz [ 237.757953][ T7265] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 237.769995][ T7265] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 237.966846][ T5884] cdc_eem 1-1:4.51: probe with driver cdc_eem failed with error -71 [ 238.050826][ T5884] usb 1-1: USB disconnect, device number 9 [ 238.197316][ T7299] FAULT_INJECTION: forcing a failure. [ 238.197316][ T7299] name failslab, interval 1, probability 0, space 0, times 0 [ 238.210307][ T7299] CPU: 1 UID: 0 PID: 7299 Comm: syz.0.377 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 238.210327][ T7299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.210337][ T7299] Call Trace: [ 238.210344][ T7299] [ 238.210351][ T7299] dump_stack_lvl+0x189/0x250 [ 238.210379][ T7299] ? __pfx____ratelimit+0x10/0x10 [ 238.210395][ T7299] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.210418][ T7299] ? __pfx__printk+0x10/0x10 [ 238.210437][ T7299] ? __lock_acquire+0xab9/0xd20 [ 238.210458][ T7299] should_fail_ex+0x414/0x560 [ 238.210478][ T7299] should_failslab+0xa8/0x100 [ 238.210504][ T7299] kmem_cache_alloc_noprof+0x73/0x3c0 [ 238.210526][ T7299] ? skb_clone+0x212/0x3a0 [ 238.210548][ T7299] ? run_filter+0x23/0x270 [ 238.210574][ T7299] skb_clone+0x212/0x3a0 [ 238.210602][ T7299] ? packet_rcv+0x567/0x1590 [ 238.210626][ T7299] packet_rcv+0x6d6/0x1590 [ 238.210652][ T7299] ? __pfx_packet_rcv_fanout+0x10/0x10 [ 238.210669][ T7299] __netif_receive_skb_core+0x3135/0x4180 [ 238.210695][ T7299] ? __kernel_text_address+0xd/0x40 [ 238.210708][ T7299] ? unwind_get_return_address+0x4d/0x90 [ 238.210727][ T7299] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 238.210757][ T7299] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 238.210775][ T7299] ? stack_trace_save+0x9c/0xe0 [ 238.210809][ T7299] ? netif_receive_skb+0x115/0x790 [ 238.210826][ T7299] ? netif_receive_skb+0x115/0x790 [ 238.210846][ T7299] __netif_receive_skb+0x72/0x380 [ 238.210868][ T7299] ? netif_receive_skb+0x115/0x790 [ 238.210883][ T7299] netif_receive_skb+0x1cb/0x790 [ 238.210899][ T7299] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 238.210918][ T7299] ? __pfx_netif_receive_skb+0x10/0x10 [ 238.210939][ T7299] ? tun_rx_batched+0x160/0x730 [ 238.210960][ T7299] tun_rx_batched+0x1b9/0x730 [ 238.210980][ T7299] ? __lock_acquire+0xab9/0xd20 [ 238.210998][ T7299] ? __pfx_tun_rx_batched+0x10/0x10 [ 238.211021][ T7299] ? tun_get_user+0x2549/0x3ce0 [ 238.211051][ T7299] tun_get_user+0x298e/0x3ce0 [ 238.211072][ T7299] ? tun_get_user+0x693/0x3ce0 [ 238.211090][ T7299] ? tun_get_user+0x2549/0x3ce0 [ 238.211121][ T7299] ? __pfx_tun_get_user+0x10/0x10 [ 238.211147][ T7299] ? __lock_acquire+0xab9/0xd20 [ 238.211166][ T7299] ? ref_tracker_alloc+0x318/0x460 [ 238.211182][ T7299] ? __lock_acquire+0xab9/0xd20 [ 238.211198][ T7299] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 238.211219][ T7299] ? tun_get+0x1c/0x2f0 [ 238.211243][ T7299] ? tun_get+0x1c/0x2f0 [ 238.211261][ T7299] ? tun_get+0x1c/0x2f0 [ 238.211284][ T7299] tun_chr_write_iter+0x113/0x200 [ 238.211306][ T7299] vfs_write+0x548/0xa90 [ 238.211331][ T7299] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 238.211351][ T7299] ? __pfx_vfs_write+0x10/0x10 [ 238.211379][ T7299] ? __fget_files+0x2a/0x420 [ 238.211416][ T7299] ksys_write+0x145/0x250 [ 238.211440][ T7299] ? __pfx_ksys_write+0x10/0x10 [ 238.211459][ T7299] ? rcu_is_watching+0x15/0xb0 [ 238.211481][ T7299] ? do_syscall_64+0xbe/0x3b0 [ 238.211501][ T7299] do_syscall_64+0xfa/0x3b0 [ 238.211516][ T7299] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.211531][ T7299] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.211546][ T7299] ? clear_bhb_loop+0x60/0xb0 [ 238.211564][ T7299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.211579][ T7299] RIP: 0033:0x7fadcf78d41f [ 238.211598][ T7299] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 238.211611][ T7299] RSP: 002b:00007fadd05f0000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 238.211627][ T7299] RAX: ffffffffffffffda RBX: 00007fadcf9b5fa0 RCX: 00007fadcf78d41f [ 238.211638][ T7299] RDX: 000000000000004e RSI: 0000200000000300 RDI: 00000000000000c8 [ 238.211648][ T7299] RBP: 00007fadd05f0090 R08: 0000000000000000 R09: 0000000000000000 [ 238.211657][ T7299] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 238.211666][ T7299] R13: 0000000000000000 R14: 00007fadcf9b5fa0 R15: 00007ffc2b8dd978 [ 238.211689][ T7299] [ 239.043812][ T7303] netlink: 'syz.4.378': attribute type 2 has an invalid length. [ 239.051624][ T7303] netlink: 'syz.4.378': attribute type 1 has an invalid length. [ 239.357896][ T7296] FAULT_INJECTION: forcing a failure. [ 239.357896][ T7296] name fail_futex, interval 1, probability 0, space 0, times 1 [ 239.373244][ T7296] CPU: 1 UID: 0 PID: 7296 Comm: syz.2.376 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 239.373274][ T7296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.373287][ T7296] Call Trace: [ 239.373295][ T7296] [ 239.373304][ T7296] dump_stack_lvl+0x189/0x250 [ 239.373339][ T7296] ? __pfx____ratelimit+0x10/0x10 [ 239.373361][ T7296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.373389][ T7296] ? __pfx__printk+0x10/0x10 [ 239.373414][ T7296] ? up_write+0x1c4/0x420 [ 239.373460][ T7296] should_fail_ex+0x414/0x560 [ 239.373486][ T7296] get_futex_key+0x1a6/0x16c0 [ 239.373517][ T7296] ? look_up_lock_class+0x74/0x170 [ 239.373551][ T7296] ? __pfx_get_futex_key+0x10/0x10 [ 239.373581][ T7296] ? __lock_acquire+0xab9/0xd20 [ 239.373611][ T7296] futex_wake+0xf8/0x560 [ 239.373637][ T7296] ? __pfx_futex_wake+0x10/0x10 [ 239.373660][ T7296] ? __lock_acquire+0xab9/0xd20 [ 239.373691][ T7296] do_futex+0x395/0x420 [ 239.373727][ T7296] ? __pfx_do_futex+0x10/0x10 [ 239.373759][ T7296] ? __might_fault+0xb0/0x130 [ 239.373793][ T7296] mm_release+0x188/0x390 [ 239.373819][ T7296] ? __pfx_mm_release+0x10/0x10 [ 239.373844][ T7296] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.373878][ T7296] exit_mm+0xa8/0x2c0 [ 239.373911][ T7296] ? __pfx_exit_mm+0x10/0x10 [ 239.373945][ T7296] ? rcu_is_watching+0x15/0xb0 [ 239.373975][ T7296] do_exit+0x864/0x2550 [ 239.374004][ T7296] ? __lock_acquire+0xab9/0xd20 [ 239.374033][ T7296] ? do_raw_spin_lock+0x121/0x290 [ 239.374063][ T7296] ? __pfx_do_exit+0x10/0x10 [ 239.374094][ T7296] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 239.374142][ T7296] do_group_exit+0x21c/0x2d0 [ 239.374174][ T7296] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.374197][ T7296] get_signal+0x125e/0x1310 [ 239.374257][ T7296] arch_do_signal_or_restart+0x9a/0x750 [ 239.374294][ T7296] ? do_sock_getsockopt+0x388/0x650 [ 239.374328][ T7296] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 239.374380][ T7296] ? exit_to_user_mode_loop+0x40/0x110 [ 239.374406][ T7296] exit_to_user_mode_loop+0x75/0x110 [ 239.374429][ T7296] do_syscall_64+0x2bd/0x3b0 [ 239.374459][ T7296] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.374479][ T7296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.374500][ T7296] ? clear_bhb_loop+0x60/0xb0 [ 239.374525][ T7296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.374546][ T7296] RIP: 0033:0x7fe08518e969 [ 239.374565][ T7296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.374583][ T7296] RSP: 002b:00007fe0860c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 239.374606][ T7296] RAX: 0000000000000000 RBX: 00007fe0853b6080 RCX: 00007fe08518e969 [ 239.374621][ T7296] RDX: 0000000000000082 RSI: 0000000000000084 RDI: 0000000000000003 [ 239.374634][ T7296] RBP: 00007fe0860c3090 R08: 0000200000000180 R09: 0000000000000000 [ 239.374648][ T7296] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 239.374662][ T7296] R13: 0000000000000001 R14: 00007fe0853b6080 R15: 00007ffe58107d08 [ 239.374695][ T7296] [ 241.789855][ T7335] FAULT_INJECTION: forcing a failure. [ 241.789855][ T7335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.813432][ T7335] CPU: 0 UID: 0 PID: 7335 Comm: syz.1.388 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 241.813464][ T7335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.813477][ T7335] Call Trace: [ 241.813486][ T7335] [ 241.813495][ T7335] dump_stack_lvl+0x189/0x250 [ 241.813533][ T7335] ? __pfx____ratelimit+0x10/0x10 [ 241.813557][ T7335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.813588][ T7335] ? __pfx__printk+0x10/0x10 [ 241.813610][ T7335] ? __might_fault+0xb0/0x130 [ 241.813655][ T7335] should_fail_ex+0x414/0x560 [ 241.813685][ T7335] _copy_from_user+0x2d/0xb0 [ 241.813717][ T7335] vmemdup_user+0x59/0xd0 [ 241.813745][ T7335] path_setxattrat+0x244/0x3a0 [ 241.813781][ T7335] ? __pfx_path_setxattrat+0x10/0x10 [ 241.813805][ T7335] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 241.813858][ T7335] ? ksys_write+0x22a/0x250 [ 241.813890][ T7335] ? __pfx_ksys_write+0x10/0x10 [ 241.813917][ T7335] ? rcu_is_watching+0x15/0xb0 [ 241.813948][ T7335] __x64_sys_fsetxattr+0xbc/0xe0 [ 241.813974][ T7335] do_syscall_64+0xfa/0x3b0 [ 241.813996][ T7335] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.814017][ T7335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.814039][ T7335] ? clear_bhb_loop+0x60/0xb0 [ 241.814065][ T7335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.814086][ T7335] RIP: 0033:0x7f0fa718e969 [ 241.814106][ T7335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.814124][ T7335] RSP: 002b:00007f0fa7f7f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 241.814147][ T7335] RAX: ffffffffffffffda RBX: 00007f0fa73b5fa0 RCX: 00007f0fa718e969 [ 241.814163][ T7335] RDX: 00002000000000c0 RSI: 0000200000000000 RDI: 0000000000000003 [ 241.814177][ T7335] RBP: 00007f0fa7f7f090 R08: 0000000000000000 R09: 0000000000000000 [ 241.814191][ T7335] R10: 000000000000fe44 R11: 0000000000000246 R12: 0000000000000001 [ 241.814204][ T7335] R13: 0000000000000000 R14: 00007f0fa73b5fa0 R15: 00007ffc8398a5c8 [ 241.814237][ T7335] [ 242.020692][ C0] vkms_vblank_simulate: vblank timer overrun [ 242.356631][ T7338] netlink: 'syz.1.390': attribute type 2 has an invalid length. [ 242.364530][ T7338] netlink: 'syz.1.390': attribute type 1 has an invalid length. [ 242.493235][ T7342] hub 8-0:1.0: USB hub found [ 242.499721][ T7342] hub 8-0:1.0: 1 port detected [ 243.798894][ T7355] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 243.934975][ T7355] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 244.697881][ T7361] FAULT_INJECTION: forcing a failure. [ 244.697881][ T7361] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.722651][ T7361] CPU: 0 UID: 0 PID: 7361 Comm: syz.2.396 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 244.722682][ T7361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.722705][ T7361] Call Trace: [ 244.722714][ T7361] [ 244.722723][ T7361] dump_stack_lvl+0x189/0x250 [ 244.722761][ T7361] ? __pfx____ratelimit+0x10/0x10 [ 244.722784][ T7361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.722816][ T7361] ? __pfx__printk+0x10/0x10 [ 244.722851][ T7361] should_fail_ex+0x414/0x560 [ 244.722880][ T7361] _copy_to_user+0x31/0xb0 [ 244.722914][ T7361] simple_read_from_buffer+0xe1/0x170 [ 244.722952][ T7361] proc_fail_nth_read+0x1df/0x250 [ 244.722979][ T7361] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 244.723014][ T7361] ? rw_verify_area+0x258/0x650 [ 244.723042][ T7361] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 244.723067][ T7361] vfs_read+0x1fd/0x980 [ 244.723102][ T7361] ? __pfx___mutex_lock+0x10/0x10 [ 244.723127][ T7361] ? __pfx_vfs_read+0x10/0x10 [ 244.723158][ T7361] ? __fget_files+0x2a/0x420 [ 244.723183][ T7361] ? __fget_files+0x3a0/0x420 [ 244.723201][ T7361] ? __fget_files+0x2a/0x420 [ 244.723231][ T7361] ksys_read+0x145/0x250 [ 244.723258][ T7361] ? __fget_files+0x3a0/0x420 [ 244.723279][ T7361] ? __pfx_ksys_read+0x10/0x10 [ 244.723314][ T7361] ? do_syscall_64+0xbe/0x3b0 [ 244.723343][ T7361] do_syscall_64+0xfa/0x3b0 [ 244.723364][ T7361] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.723386][ T7361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.723407][ T7361] ? clear_bhb_loop+0x60/0xb0 [ 244.723434][ T7361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.723455][ T7361] RIP: 0033:0x7fe08518d37c [ 244.723475][ T7361] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 244.723492][ T7361] RSP: 002b:00007fe0860e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 244.723515][ T7361] RAX: ffffffffffffffda RBX: 00007fe0853b5fa0 RCX: 00007fe08518d37c [ 244.723531][ T7361] RDX: 000000000000000f RSI: 00007fe0860e40a0 RDI: 0000000000000004 [ 244.723544][ T7361] RBP: 00007fe0860e4090 R08: 0000000000000000 R09: 0000000000000000 [ 244.723558][ T7361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.723570][ T7361] R13: 0000000000000000 R14: 00007fe0853b5fa0 R15: 00007ffe58107d08 [ 244.723604][ T7361] [ 246.355811][ T7387] ======================================================= [ 246.355811][ T7387] WARNING: The mand mount option has been deprecated and [ 246.355811][ T7387] and is ignored by this kernel. Remove the mand [ 246.355811][ T7387] option from the mount to silence this warning. [ 246.355811][ T7387] ======================================================= [ 246.390904][ C0] vkms_vblank_simulate: vblank timer overrun [ 246.434417][ T7388] mmap: syz.0.402 (7388) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 246.689620][ T7387] ISOFS: Unable to identify CD-ROM format. [ 246.972636][ T7395] netlink: 'syz.4.404': attribute type 2 has an invalid length. [ 246.980450][ T7395] netlink: 'syz.4.404': attribute type 1 has an invalid length. [ 247.538862][ T5141] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 248.599476][ T7416] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 249.368005][ T7423] netlink: 'syz.2.410': attribute type 2 has an invalid length. [ 249.375968][ T7423] netlink: 'syz.2.410': attribute type 1 has an invalid length. [ 250.572086][ T7436] netlink: 'syz.2.415': attribute type 10 has an invalid length. [ 250.605888][ T7436] netlink: 140 bytes leftover after parsing attributes in process `syz.2.415'. [ 251.392790][ T7449] netlink: 'syz.2.417': attribute type 2 has an invalid length. [ 251.400764][ T7449] netlink: 'syz.2.417': attribute type 1 has an invalid length. [ 253.086026][ T7472] siw: device registration error -23 [ 254.235642][ T7481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.426'. [ 254.744593][ T7490] netlink: 'syz.4.427': attribute type 10 has an invalid length. [ 254.759850][ T7490] netlink: 140 bytes leftover after parsing attributes in process `syz.4.427'. [ 256.269585][ T7499] netlink: 'syz.4.430': attribute type 2 has an invalid length. [ 256.277259][ T7499] netlink: 'syz.4.430': attribute type 1 has an invalid length. [ 258.404489][ T5833] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 258.764997][ T5833] usb 5-1: device descriptor read/64, error -71 [ 258.964929][ T7520] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 258.971541][ T7520] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 258.980040][ T7520] vhci_hcd vhci_hcd.0: Device attached [ 259.059078][ T5833] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 260.209581][ T7525] vhci_hcd: connection closed [ 260.239928][ T1146] vhci_hcd: stop threads [ 260.326091][ T1146] vhci_hcd: release socket [ 260.331243][ T1146] vhci_hcd: disconnect device [ 260.474172][ T7532] netlink: 'syz.2.440': attribute type 10 has an invalid length. [ 260.482188][ T7528] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 260.488751][ T7528] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 260.496498][ T7528] vhci_hcd vhci_hcd.0: Device attached [ 260.518865][ T5833] usb 5-1: device descriptor read/64, error -71 [ 260.749439][ T10] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 260.941151][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.948201][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.213538][ T5833] usb usb5-port1: attempt power cycle [ 261.369622][ T7532] netlink: 140 bytes leftover after parsing attributes in process `syz.2.440'. [ 261.452685][ T7544] netlink: 'syz.0.443': attribute type 2 has an invalid length. [ 261.462948][ T7544] netlink: 'syz.0.443': attribute type 1 has an invalid length. [ 261.489656][ T7537] vhci_hcd: connection reset by peer [ 261.500284][ T59] vhci_hcd: stop threads [ 261.504616][ T59] vhci_hcd: release socket [ 261.542540][ T59] vhci_hcd: disconnect device [ 262.094780][ T7549] fuse: Unknown parameter 'grou00000000000000000000' [ 264.745618][ T5827] Bluetooth: hci5: command 0x1003 tx timeout [ 264.754549][ T5141] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 265.728596][ T7592] netlink: 'syz.0.457': attribute type 2 has an invalid length. [ 265.736362][ T7592] netlink: 'syz.0.457': attribute type 1 has an invalid length. [ 265.871626][ T10] vhci_hcd: vhci_device speed not set [ 266.429022][ T7602] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 266.436535][ T7602] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 266.437319][ T7602] vhci_hcd vhci_hcd.0: Device attached [ 267.002189][ T7617] fuse: Unknown parameter 'grou00000000000000000000' [ 267.009074][ T7605] vhci_hcd: connection closed [ 267.037043][ T5959] vhci_hcd: stop threads [ 267.060152][ T5959] vhci_hcd: release socket [ 267.092374][ T5959] vhci_hcd: disconnect device [ 267.160581][ T10] vhci_hcd: vhci_device speed not set [ 268.251191][ T7634] input: syz1 as /devices/virtual/input/input7 [ 268.869414][ T5874] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 269.031531][ T5874] usb 1-1: Using ep0 maxpacket: 16 [ 269.053771][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 269.730678][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 269.831516][ T5874] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 269.856141][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.905196][ T5874] usb 1-1: Product: syz [ 269.928812][ T5874] usb 1-1: Manufacturer: syz [ 269.933462][ T5874] usb 1-1: SerialNumber: syz [ 269.991323][ T5874] usb 1-1: config 0 descriptor?? [ 270.030424][ T5874] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 270.073613][ T5874] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 271.328899][ T5874] em28xx 1-1:0.0: chip ID is em2874 [ 272.089183][ T7674] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 272.095768][ T7674] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 272.103627][ T7674] vhci_hcd vhci_hcd.0: Device attached [ 273.429042][ T7675] vhci_hcd: connection closed [ 273.469608][ T3474] vhci_hcd: stop threads [ 273.490365][ T5833] usb 1-1: USB disconnect, device number 10 [ 273.497803][ T5833] em28xx 1-1:0.0: Disconnecting em28xx [ 273.509091][ T3474] vhci_hcd: release socket [ 273.513624][ T3474] vhci_hcd: disconnect device [ 273.577703][ T5833] em28xx 1-1:0.0: Freeing device [ 273.582300][ T7680] FAULT_INJECTION: forcing a failure. [ 273.582300][ T7680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.643795][ T7680] CPU: 0 UID: 0 PID: 7680 Comm: syz.1.477 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 273.643828][ T7680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.643842][ T7680] Call Trace: [ 273.643851][ T7680] [ 273.643861][ T7680] dump_stack_lvl+0x189/0x250 [ 273.643899][ T7680] ? __pfx____ratelimit+0x10/0x10 [ 273.643922][ T7680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.643954][ T7680] ? __pfx__printk+0x10/0x10 [ 273.643990][ T7680] should_fail_ex+0x414/0x560 [ 273.644019][ T7680] _copy_to_user+0x31/0xb0 [ 273.644054][ T7680] simple_read_from_buffer+0xe1/0x170 [ 273.644092][ T7680] proc_fail_nth_read+0x1df/0x250 [ 273.644119][ T7680] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 273.644146][ T7680] ? rw_verify_area+0x258/0x650 [ 273.644174][ T7680] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 273.644199][ T7680] vfs_read+0x1fd/0x980 [ 273.644234][ T7680] ? __pfx___mutex_lock+0x10/0x10 [ 273.644259][ T7680] ? __pfx_vfs_read+0x10/0x10 [ 273.644289][ T7680] ? __fget_files+0x2a/0x420 [ 273.644313][ T7680] ? __fget_files+0x3a0/0x420 [ 273.644331][ T7680] ? __fget_files+0x2a/0x420 [ 273.644361][ T7680] ksys_read+0x145/0x250 [ 273.644393][ T7680] ? __pfx_ksys_read+0x10/0x10 [ 273.644428][ T7680] ? do_syscall_64+0xbe/0x3b0 [ 273.644456][ T7680] do_syscall_64+0xfa/0x3b0 [ 273.644478][ T7680] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.644500][ T7680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.644529][ T7680] ? clear_bhb_loop+0x60/0xb0 [ 273.644556][ T7680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.644577][ T7680] RIP: 0033:0x7f0fa718d37c [ 273.644596][ T7680] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 273.644614][ T7680] RSP: 002b:00007f0fa7f7f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 273.644639][ T7680] RAX: ffffffffffffffda RBX: 00007f0fa73b5fa0 RCX: 00007f0fa718d37c [ 273.644654][ T7680] RDX: 000000000000000f RSI: 00007f0fa7f7f0a0 RDI: 0000000000000003 [ 273.644667][ T7680] RBP: 00007f0fa7f7f090 R08: 0000000000000000 R09: 0000000000000002 [ 273.644680][ T7680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.644693][ T7680] R13: 0000000000000001 R14: 00007f0fa73b5fa0 R15: 00007ffc8398a5c8 [ 273.644726][ T7680] [ 273.875012][ C0] vkms_vblank_simulate: vblank timer overrun [ 275.579752][ T7684] can: request_module (can-proto-0) failed. [ 281.123575][ T7740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.494'. [ 282.282485][ T7748] sctp: failed to load transform for md5: -2 [ 284.278335][ T7773] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 287.257547][ T7801] netlink: 'syz.4.509': attribute type 10 has an invalid length. [ 289.160167][ T7810] hub 8-0:1.0: USB hub found [ 289.165170][ T7810] hub 8-0:1.0: 1 port detected [ 289.980629][ T7822] netlink: 'syz.4.515': attribute type 2 has an invalid length. [ 289.989762][ T7822] netlink: 'syz.4.515': attribute type 1 has an invalid length. [ 295.258581][ T7854] hub 8-0:1.0: USB hub found [ 295.265349][ T7854] hub 8-0:1.0: 1 port detected [ 295.780951][ T7855] netlink: 'syz.3.525': attribute type 10 has an invalid length. [ 296.109973][ T7862] netlink: 8 bytes leftover after parsing attributes in process `syz.1.527'. [ 296.147222][ T7862] syz.1.527: attempt to access beyond end of device [ 296.147222][ T7862] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 296.215679][ T7866] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 299.321673][ T7897] input: syz1 as /devices/virtual/input/input8 [ 302.027130][ T7911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.542'. [ 302.060147][ T7911] syz.3.542: attempt to access beyond end of device [ 302.060147][ T7911] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 302.115551][ T7916] netlink: 'syz.4.541': attribute type 10 has an invalid length. [ 303.020886][ T7923] input: syz1 as /devices/virtual/input/input9 [ 305.999382][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.554'. [ 306.270231][ T7949] syz.4.554: attempt to access beyond end of device [ 306.270231][ T7949] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 306.324494][ T7954] netlink: 'syz.2.556': attribute type 10 has an invalid length. [ 309.174044][ T7984] lo speed is unknown, defaulting to 1000 [ 309.939775][ T5827] Bluetooth: hci5: command 0x1003 tx timeout [ 309.946260][ T5141] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 310.358088][ T8006] netlink: 'syz.4.568': attribute type 10 has an invalid length. [ 310.510707][ T8010] netlink: 'syz.2.567': attribute type 4 has an invalid length. [ 312.073045][ T8031] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 313.240429][ T8035] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 313.775739][ T8046] capability: warning: `syz.0.575' uses deprecated v2 capabilities in a way that may be insecure [ 314.048892][ T1216] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 314.439076][ T1216] usb 1-1: Using ep0 maxpacket: 32 [ 314.466678][ T1216] usb 1-1: too many configurations: 195, using maximum allowed: 8 [ 314.516375][ T1216] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 314.530768][ T8055] input: syz1 as /devices/virtual/input/input10 [ 314.585415][ T1216] usb 1-1: can't read configurations, error -61 [ 315.018071][ T1216] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 315.102203][ T5141] Bluetooth: hci5: sending frame failed (-49) [ 315.111139][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 315.169778][ T5821] udevd[5821]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 315.311700][ T1216] usb 1-1: Using ep0 maxpacket: 32 [ 315.327231][ T1216] usb 1-1: too many configurations: 195, using maximum allowed: 8 [ 315.429385][ T1216] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 316.342084][ T1216] usb 1-1: can't read configurations, error -61 [ 316.360282][ T1216] usb usb1-port1: attempt power cycle [ 316.705436][ T8079] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 317.205588][ T8092] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 319.287119][ T8120] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 320.370138][ T8128] syz.3.593: attempt to access beyond end of device [ 320.370138][ T8128] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 320.791054][ T8136] input: syz1 as /devices/virtual/input/input11 [ 321.961663][ T8153] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 321.968219][ T8153] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 321.976216][ T8153] vhci_hcd vhci_hcd.0: Device attached [ 322.344625][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.351172][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.360316][ T5896] usb 41-1: new low-speed USB device number 5 using vhci_hcd [ 322.941265][ T5141] Bluetooth: hci5: command 0x1003 tx timeout [ 322.959039][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 323.195240][ T8154] vhci_hcd: connection reset by peer [ 323.258994][ T59] vhci_hcd: stop threads [ 323.331319][ T59] vhci_hcd: release socket [ 323.410855][ T59] vhci_hcd: disconnect device [ 324.880109][ T8174] syz.1.605: attempt to access beyond end of device [ 324.880109][ T8174] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 325.673940][ T8191] syz.2.610 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 326.387945][ T8196] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 327.530520][ T5896] vhci_hcd: vhci_device speed not set [ 329.050184][ T8227] trusted_key: syz.2.617 sent an empty control message without MSG_MORE. [ 329.179641][ T8231] syz.3.619: attempt to access beyond end of device [ 329.179641][ T8231] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 330.922264][ T8246] netlink: 'syz.2.622': attribute type 4 has an invalid length. [ 333.864440][ T8274] netlink: 'syz.4.627': attribute type 2 has an invalid length. [ 333.872334][ T8274] netlink: 'syz.4.627': attribute type 1 has an invalid length. [ 335.054724][ T8286] ipvlan2: entered promiscuous mode [ 335.096478][ T8286] ipvlan2: entered allmulticast mode [ 335.106498][ T8293] syz.4.631: attempt to access beyond end of device [ 335.106498][ T8293] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 335.154778][ T8286] macvlan1: entered allmulticast mode [ 335.160485][ T8286] veth1_vlan: entered allmulticast mode [ 338.917611][ T8335] netlink: 4 bytes leftover after parsing attributes in process `syz.2.642'. [ 340.170910][ T5874] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 340.959923][ T5874] usb 1-1: config 0 has an invalid interface number: 76 but max is 0 [ 341.068804][ T5874] usb 1-1: config 0 has no interface number 0 [ 341.078763][ T5874] usb 1-1: too many endpoints for config 0 interface 76 altsetting 133: 31, using maximum allowed: 30 [ 341.125411][ T5874] usb 1-1: config 0 interface 76 altsetting 133 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 341.453741][ T5874] usb 1-1: config 0 interface 76 altsetting 133 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 341.649348][ T5874] usb 1-1: config 0 interface 76 altsetting 133 has 1 endpoint descriptor, different from the interface descriptor's value: 31 [ 341.808328][ T5874] usb 1-1: config 0 interface 76 has no altsetting 0 [ 341.856216][ T5874] usb 1-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00 [ 342.035682][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=244, SerialNumber=0 [ 342.398661][ T5874] usb 1-1: Product: syz [ 342.448632][ T5874] usb 1-1: config 0 descriptor?? [ 342.463887][ T8373] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 342.504769][ T5874] usb 1-1: can't set config #0, error -71 [ 342.685013][ T8382] netlink: 'syz.1.656': attribute type 4 has an invalid length. [ 343.048232][ T5874] usb 1-1: USB disconnect, device number 14 [ 344.339270][ T8400] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 344.346189][ T8400] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 344.354024][ T8400] vhci_hcd vhci_hcd.0: Device attached [ 345.923785][ T8401] vhci_hcd: connection closed [ 346.082957][ T5959] vhci_hcd: stop threads [ 346.104988][ T5833] usb 41-1: new low-speed USB device number 6 using vhci_hcd [ 346.259156][ T5959] vhci_hcd: release socket [ 346.289727][ T5959] vhci_hcd: disconnect device [ 346.337598][ T8409] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 346.703870][ T8422] netlink: 24 bytes leftover after parsing attributes in process `syz.4.666'. [ 347.399288][ T8437] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 348.813032][ T8448] netlink: 'syz.1.673': attribute type 4 has an invalid length. [ 349.838112][ T8456] openvswitch: netlink: IP tunnel TTL not specified. [ 349.980409][ T8458] FAULT_INJECTION: forcing a failure. [ 349.980409][ T8458] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 350.004796][ T8458] CPU: 0 UID: 0 PID: 8458 Comm: syz.4.677 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 350.004829][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.004842][ T8458] Call Trace: [ 350.004851][ T8458] [ 350.004861][ T8458] dump_stack_lvl+0x189/0x250 [ 350.004899][ T8458] ? __pfx____ratelimit+0x10/0x10 [ 350.004922][ T8458] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.004954][ T8458] ? __pfx__printk+0x10/0x10 [ 350.004975][ T8458] ? __might_fault+0xb0/0x130 [ 350.005021][ T8458] should_fail_ex+0x414/0x560 [ 350.005065][ T8458] _copy_from_user+0x2d/0xb0 [ 350.005097][ T8458] video_usercopy+0x354/0x14f0 [ 350.005132][ T8458] ? smk_tskacc+0x2fc/0x370 [ 350.005165][ T8458] ? __pfx___video_do_ioctl+0x10/0x10 [ 350.005194][ T8458] ? __pfx_video_usercopy+0x10/0x10 [ 350.005220][ T8458] ? smack_file_ioctl+0x2a9/0x340 [ 350.005275][ T8458] ? __fget_files+0x2a/0x420 [ 350.005293][ T8458] ? __fget_files+0x3a0/0x420 [ 350.005317][ T8458] v4l2_ioctl+0x18a/0x1e0 [ 350.005345][ T8458] ? __pfx_v4l2_ioctl+0x10/0x10 [ 350.005372][ T8458] __se_sys_ioctl+0xfc/0x170 [ 350.005402][ T8458] do_syscall_64+0xfa/0x3b0 [ 350.005424][ T8458] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.005445][ T8458] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.005466][ T8458] ? clear_bhb_loop+0x60/0xb0 [ 350.005502][ T8458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.005524][ T8458] RIP: 0033:0x7fc83758e969 [ 350.005543][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.005562][ T8458] RSP: 002b:00007fc8384d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 350.005585][ T8458] RAX: ffffffffffffffda RBX: 00007fc8377b5fa0 RCX: 00007fc83758e969 [ 350.005601][ T8458] RDX: 0000200000000200 RSI: 00000000c058565d RDI: 0000000000000003 [ 350.005614][ T8458] RBP: 00007fc8384d9090 R08: 0000000000000000 R09: 0000000000000000 [ 350.005628][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.005640][ T8458] R13: 0000000000000000 R14: 00007fc8377b5fa0 R15: 00007ffd117dd988 [ 350.005674][ T8458] [ 350.219322][ C0] vkms_vblank_simulate: vblank timer overrun [ 351.868954][ T5833] vhci_hcd: vhci_device speed not set [ 351.887274][ T8478] x_tables: duplicate underflow at hook 3 [ 352.727310][ T8491] netlink: 'syz.0.687': attribute type 2 has an invalid length. [ 352.735205][ T8491] netlink: 'syz.0.687': attribute type 1 has an invalid length. [ 354.597360][ T8504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.692'. [ 354.926326][ T8512] netlink: 'syz.3.695': attribute type 2 has an invalid length. [ 354.934566][ T8512] netlink: 'syz.3.695': attribute type 1 has an invalid length. [ 355.132787][ T8504] syz.2.692 (8504) used greatest stack depth: 17992 bytes left [ 356.088255][ T6086] Bluetooth: hci5: Frame reassembly failed (-84) [ 356.235248][ T8533] netlink: 60 bytes leftover after parsing attributes in process `syz.3.704'. [ 356.515122][ T8541] Bluetooth: MGMT ver 1.23 [ 358.303406][ T5141] Bluetooth: hci5: command 0x1003 tx timeout [ 358.309871][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 364.930729][ T8644] netlink: 1347 bytes leftover after parsing attributes in process `syz.1.733'. [ 367.982199][ T8696] batman_adv: batadv0: Adding interface: dummy0 [ 367.988510][ T8696] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.060153][ T8696] batman_adv: batadv0: Interface activated: dummy0 [ 368.108135][ T8696] batadv0: mtu less than device minimum [ 368.134497][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.146791][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.158876][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.170923][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.182967][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.194960][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.206993][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.219049][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 368.231098][ T8696] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.011444][ T8721] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.019410][ T8721] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.030621][ T8721] bridge0: entered allmulticast mode [ 371.297304][ T8724] netlink: 'syz.1.760': attribute type 1 has an invalid length. [ 371.515218][ T8735] netlink: 20 bytes leftover after parsing attributes in process `syz.3.763'. [ 371.539132][ T8724] 8021q: adding VLAN 0 to HW filter on device bond1 [ 371.567852][ T8732] bond1: (slave veth0_to_bond): making interface the new active one [ 371.578307][ T8732] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 372.455763][ T8746] netlink: 44 bytes leftover after parsing attributes in process `syz.1.768'. [ 372.493177][ T8746] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.500999][ T8746] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.270958][ T8752] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] SMP KASAN PTI [ 373.278767][ T30] audit: type=1800 audit(1748579213.171:24): pid=8750 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.2.769" name="/newroot/155/file0" dev="tmpfs" ino=805 res=0 errno=0 [ 373.282926][ T8752] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 373.312589][ T8752] CPU: 0 UID: 0 PID: 8752 Comm: syz.2.769 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 373.324168][ T8752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 373.334441][ T8752] RIP: 0010:do_move_mount+0x27d/0xb10 [ 373.339874][ T8752] Code: e8 e8 f2 83 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 74 ea e4 ff 48 8b 1b 31 ff 48 89 [ 373.359520][ T8752] RSP: 0018:ffffc9001a5afd30 EFLAGS: 00010206 [ 373.365621][ T8752] RAX: 0000000000000009 RBX: 0000000000000048 RCX: 0000000000080000 [ 373.373620][ T8752] RDX: ffffc9000d2bd000 RSI: 00000000000001b2 RDI: 00000000000001b3 [ 373.381616][ T8752] RBP: 0000000000000000 R08: ffffffff8de1683b R09: 1ffffffff1bc2d07 [ 373.389621][ T8752] R10: dffffc0000000000 R11: fffffbfff1bc2d08 R12: ffff888065fd1358 [ 373.397622][ T8752] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff888032299480 [ 373.405625][ T8752] FS: 00007fe0860c36c0(0000) GS:ffff888125c98000(0000) knlGS:0000000000000000 [ 373.414584][ T8752] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 373.421195][ T8752] CR2: 00007fc83777ed38 CR3: 00000000311ce000 CR4: 00000000003526f0 [ 373.429196][ T8752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 373.437224][ T8752] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 373.445219][ T8752] Call Trace: [ 373.448502][ T8752] [ 373.451449][ T8752] __se_sys_move_mount+0x49f/0x590 [ 373.456573][ T8752] ? __pfx___se_sys_move_mount+0x10/0x10 [ 373.462209][ T8752] ? rcu_is_watching+0x15/0xb0 [ 373.466990][ T8752] ? do_syscall_64+0xbe/0x3b0 [ 373.471676][ T8752] ? __x64_sys_move_mount+0x20/0xc0 [ 373.476881][ T8752] do_syscall_64+0xfa/0x3b0 [ 373.481393][ T8752] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.486597][ T8752] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.492672][ T8752] ? clear_bhb_loop+0x60/0xb0 [ 373.497361][ T8752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.503262][ T8752] RIP: 0033:0x7fe08518e969 [ 373.507686][ T8752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.527310][ T8752] RSP: 002b:00007fe0860c3038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad [ 373.535747][ T8752] RAX: ffffffffffffffda RBX: 00007fe0853b6080 RCX: 00007fe08518e969 [ 373.543735][ T8752] RDX: ffffffffffffff9c RSI: 0000200000000140 RDI: 0000000000000003 [ 373.551738][ T8752] RBP: 00007fe085210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 373.559724][ T8752] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 373.567707][ T8752] R13: 0000000000000000 R14: 00007fe0853b6080 R15: 00007ffe58107d08 [ 373.575700][ T8752] [ 373.578739][ T8752] Modules linked in: [ 373.586107][ T8752] ---[ end trace 0000000000000000 ]--- [ 373.634884][ T8752] RIP: 0010:do_move_mount+0x27d/0xb10 [ 373.641573][ T8752] Code: e8 e8 f2 83 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 74 ea e4 ff 48 8b 1b 31 ff 48 89 [ 373.663892][ T8752] RSP: 0018:ffffc9001a5afd30 EFLAGS: 00010206 [ 373.671238][ T8752] RAX: 0000000000000009 RBX: 0000000000000048 RCX: 0000000000080000 [ 373.682114][ T8752] RDX: ffffc9000d2bd000 RSI: 00000000000001b2 RDI: 00000000000001b3 [ 373.975194][ T8752] RBP: 0000000000000000 R08: ffffffff8de1683b R09: 1ffffffff1bc2d07 [ 374.038285][ T8752] R10: dffffc0000000000 R11: fffffbfff1bc2d08 R12: ffff888065fd1358 [ 374.107206][ T8752] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff888032299480 [ 374.178057][ T8752] FS: 00007fe0860c36c0(0000) GS:ffff888125c98000(0000) knlGS:0000000000000000 [ 374.209864][ T8752] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 374.216512][ T8752] CR2: 000000110c2d75e8 CR3: 00000000311ce000 CR4: 00000000003526f0 [ 374.224582][ T8752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 374.232706][ T8752] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 374.240779][ T8752] Kernel panic - not syncing: Fatal exception [ 374.247182][ T8752] Kernel Offset: disabled [ 374.251519][ T8752] Rebooting in 86400 seconds..