last executing test programs: 1m58.286404766s ago: executing program 3 (id=923): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x50) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880) connect$pppoe(r3, &(0x7f00000016c0)={0x18, 0x0, {0x3, @empty, 'macvlan1\x00'}}, 0x1e) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xbb1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x23}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x6}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x6}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x80}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x2}, {0x7, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x7}, {0x18, 0x6, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m57.640379802s ago: executing program 3 (id=926): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0xfdcc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x8}, 0x18) prlimit64(0x0, 0x6, &(0x7f00000002c0)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_open_dev$video(&(0x7f0000000100), 0x9c, 0x40000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000300), &(0x7f0000000340)=0x4) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open(&(0x7f0000000000)='./bus\x00', 0x478840, 0x142) r4 = fsopen(&(0x7f0000001340)='pstore\x00', 0x0) fsmount(r4, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x4, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc85ba0d52d47bbeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m55.812933192s ago: executing program 4 (id=934): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r2) (async) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x9) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffb, 0x0, 0x4) (async) sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800}, 0x4000008) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @multicast2}}, 0x5, 0x0, 0xffffffff, 0x0, 0x20, 0x0, 0x2}, 0x9c) syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000001340)=0x0, &(0x7f0000000140)) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) (async) syz_io_uring_submit(r6, r5, &(0x7f0000000000)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x2, 0x0, 0x1, 0x20, 0x1}) (async) io_uring_enter(r3, 0x47fb, 0x0, 0x0, 0x0, 0x0) 1m53.048596283s ago: executing program 4 (id=940): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000340000158735bd2e8822ec04000000000500000d000000000a0000000500000006001a000000000009000000050000000607000001000000000000000100"], &(0x7f0000000100)=""/141, 0x4e, 0x8d, 0x1, 0x7}, 0x28) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xb, &(0x7f00000002c0)=0x80000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0x5, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x14) connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x10, 0x800, 0xbbbe, 0x0, 0x2, 0x4, {0x0, 0x0, 0x1}, {0x7, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x40a00, 0x0) r6 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x0) 1m50.961250856s ago: executing program 4 (id=945): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xd7aeb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$security_evm(0x0, &(0x7f00000003c0), &(0x7f0000000400)=@v2={0x3, 0x1, 0x8, 0x7}, 0x9, 0x1) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0xffff, 0x0, @mcast1, 0x9}, 0x1c) r4 = socket$igmp6(0xa, 0x3, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x50, 0x20}, {0x6}]}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x44004) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 1m49.687115181s ago: executing program 4 (id=949): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write$snapshot(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0}, &(0x7f0000000500)=0xc) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000a00)=ANY=[@ANYBLOB="90000000130701042cbd7000fbdbdf25020000050800fd00", @ANYRES32=r1, @ANYBLOB="0800f98004003c804600c880790881bcfa13f257b35322a5c10e711b58383eebcda0a5a0aa9038eec246329026e8067860efe08f54c1d1c135cbe871479ccce6b2967f924914f03e9db1dd62db9000001c004380060014005b00000008000200", @ANYRES32=r2, @ANYBLOB="08003300e00000020800bc800400e880"], 0x90}, 0x1, 0x0, 0x0, 0xc000}, 0x20000045) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000005580)=""/102392, 0x18ff8) sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@gettaction={0x158, 0x32, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x4}, @action_gd=@TCA_ACT_TAB={0x74, 0x1, [{0x14, 0xa36, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x14, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x81}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x6}, @action_gd=@TCA_ACT_TAB={0x4}, @action_gd=@TCA_ACT_TAB={0x50, 0x1, [{0x14, 0x206, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x64dd}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x14, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x44, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3ff}]}, 0x158}, 0x1, 0x2b1e, 0x0, 0x4040014}, 0xc040) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="830400000000fedbdf25010000001800018a14000200776c616e3100"/38], 0x2c}}, 0x4) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x400001, 0x40) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0) pselect6(0x0, 0x0, &(0x7f0000000180)={0x2, 0xff, 0x1, 0xc, 0x8, 0x1, 0x8, 0xf}, &(0x7f00000001c0)={0x0, 0x1, 0x2, 0x9, 0x7c3, 0x8, 0x1000000003, 0x8}, 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7, 0x7ffc0002}]}) sync() r7 = syz_open_dev$dri(0x0, 0xe7f, 0x23e701) add_key$user(&(0x7f0000000440), 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_WAIT_VBLANK(r7, 0xc018643a, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, 0x0) 1m47.157033503s ago: executing program 4 (id=953): syz_usb_connect(0x3, 0x34, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000092df5510ac05269289b201020301090222000100000000090400000103e900000907000000000000000705d77b5d"], 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f040000000000000000008500000005000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10) (async) r1 = timerfd_create(0x9, 0x0) timerfd_gettime(r1, &(0x7f0000000000)) (async) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r2, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x9, "c46e9fd1a84b7fefa0bf2cca6beb9363a680b652a86bcf56a1b9f4e6b54cc6beca5462202c484c10ca5386103a5ccbe47b7b9aa6d8d701a3ba6a6c0ce8b978", 0x1}, 0x60) (async) r3 = dup(r2) getsockopt$inet_buf(r3, 0x118, 0x26, 0x0, &(0x7f00000003c0)) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000e40)=[{0x0, 0xf5}, {&(0x7f0000000dc0)="8a", 0x1}], 0x2, 0x0, 0x0, 0x24040804}, 0x8800) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000280)=0x10) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x81) 1m44.298898227s ago: executing program 4 (id=963): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r7, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20) sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0x1080}], 0x1}, 0x4000010) 1m33.515435428s ago: executing program 3 (id=926): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0xfdcc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x8}, 0x18) prlimit64(0x0, 0x6, &(0x7f00000002c0)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_open_dev$video(&(0x7f0000000100), 0x9c, 0x40000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000300), &(0x7f0000000340)=0x4) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open(&(0x7f0000000000)='./bus\x00', 0x478840, 0x142) r4 = fsopen(&(0x7f0000001340)='pstore\x00', 0x0) fsmount(r4, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x4, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc85ba0d52d47bbeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m29.079451768s ago: executing program 32 (id=963): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r7, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20) sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0x1080}], 0x1}, 0x4000010) 1m2.352918433s ago: executing program 3 (id=926): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0xfdcc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x8}, 0x18) prlimit64(0x0, 0x6, &(0x7f00000002c0)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_open_dev$video(&(0x7f0000000100), 0x9c, 0x40000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000300), &(0x7f0000000340)=0x4) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open(&(0x7f0000000000)='./bus\x00', 0x478840, 0x142) r4 = fsopen(&(0x7f0000001340)='pstore\x00', 0x0) fsmount(r4, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x4, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc85ba0d52d47bbeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 58.09104195s ago: executing program 3 (id=926): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0xfdcc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x8}, 0x18) prlimit64(0x0, 0x6, &(0x7f00000002c0)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_open_dev$video(&(0x7f0000000100), 0x9c, 0x40000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000300), &(0x7f0000000340)=0x4) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open(&(0x7f0000000000)='./bus\x00', 0x478840, 0x142) r4 = fsopen(&(0x7f0000001340)='pstore\x00', 0x0) fsmount(r4, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x4, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc85ba0d52d47bbeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 32.500056444s ago: executing program 3 (id=926): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0xfdcc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x8}, 0x18) prlimit64(0x0, 0x6, &(0x7f00000002c0)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_open_dev$video(&(0x7f0000000100), 0x9c, 0x40000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) getsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000300), &(0x7f0000000340)=0x4) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open(&(0x7f0000000000)='./bus\x00', 0x478840, 0x142) r4 = fsopen(&(0x7f0000001340)='pstore\x00', 0x0) fsmount(r4, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x4, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc85ba0d52d47bbeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 14.708814634s ago: executing program 2 (id=1160): mremap(&(0x7f0000a9f000/0x4000)=nil, 0x4000, 0x800000, 0x2, &(0x7f00007fe000/0x800000)=nil) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20042, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x400000001, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x8, 0x4) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000700)={r2}, &(0x7f0000000080)=0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) write$binfmt_script(r4, &(0x7f0000000340)={'#! ', './cgroup'}, 0xc) write$FUSE_INIT(r4, &(0x7f00000000c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x9, 0xdc2655fd31373ef6, 0x8, 0xc, 0x400, 0xfffefffb, 0x0, 0x0, 0x10, 0x9}}, 0x50) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d800000018008105e00212ba0d8105040a020200020f100b067c55a1bc000900b80006990200000015000500fc038178a80015000338004002000c0901ac040000d67f6f947a7100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb7", 0x68}], 0x1}, 0x0) syz_open_dev$video(0x0, 0x7, 0x0) io_uring_setup(0x3eaf, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x22, &(0x7f0000000440)=[{&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000500)=""/124, 0x7c}, {0x0}], 0x3) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000004c0)={0xc}) 12.178871662s ago: executing program 0 (id=1165): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xd7aeb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$security_evm(0x0, &(0x7f00000003c0), &(0x7f0000000400)=@v2={0x3, 0x1, 0x8, 0x7}, 0x9, 0x1) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0xffff, 0x0, @mcast1, 0x9}, 0x1c) r3 = socket$igmp6(0xa, 0x3, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x50, 0x20}, {0x6}]}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x44004) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 11.65709793s ago: executing program 1 (id=1168): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) fgetxattr(r4, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000040)=""/111, 0xfffffffffffffd73) 10.785766513s ago: executing program 0 (id=1169): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000040)={0xfffffff9, 0x0, 0x200, 0x8, 0x1a, "fc12105588e633bbb1dfe72dace17a02d211ee"}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$packet(0x11, 0x2, 0x300) setpriority(0x1, 0x0, 0x100) 9.235825685s ago: executing program 1 (id=1170): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) syz_io_uring_setup(0x49f, 0x0, 0x0, &(0x7f0000000040)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x20440, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x801) getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, &(0x7f0000000280)) r3 = getpid() process_vm_readv(r3, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) read$msr(r0, 0x0, 0x0) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40018}, 0x800) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) r4 = openat$mixer(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000002000)={0x0, @aes128}) 9.154815339s ago: executing program 2 (id=1171): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0xa, 0x4, 0x5}, 0x48) syz_emit_ethernet(0x19a, &(0x7f00000018c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045f9018c006500000021907864010101ac141431440c1d71e0000001000000084424a1c16401010101000000e000000200f1ff0dac1414aa0000050c6401010200000007441ce783e000000100000002000000000000da200a0101000000000b41dadd181414aa830b5dac1414bb6401010086430000000306020602050cda9c9faf1341f6b19311050fd1de09efef1739a42bdf040965000f4f2eec53cfdccf30c088ec852c01035e070c03cf1c171e34f4836e07018d0998cf33e39ae6e94414e373e000000100000006ffffffff00000007004e214e2004819078a63af727de459657a95bcdd7661133f3212b221f45d5bfdcaa8dd9d1428889aea6db3c1a052270f4b648d80940f9b50331fdb17c80c2d1753fbaaecb1e25081c55063d228159d54b6c265365aa8ad63a0f3d24fd94a2971016bec473e233b8ffa6b08133a909061c08b85df3edd4f04e367dd7c162a405a6459b11776ab376e3d3b3781c22ce970a9fcb3ca4743408c1fedf9189c6330a6652c081722fc96c9c6aa16362b0eeb309d3cddb17b820946ea80edf041e65a5fc79581ae5006d70f45af0cd4f13258e427e02ca6193c1d192ed06806cdf5c5ad32e58b00bca6116a8b56092b4141c100a1fea94cc50ef00e2ae8c337b76346db2b694dde1676b968d7b90f85239c5995cd960f87da8b1a730e6551680a4c12e1d9893bfe8b9a14755fc8df9de01145de911b70a5b7942b5097bd35bfd8b632ec6e801a896647c5e2427a673312fb109cbdd4c341c807ab5ab36a748f83d9d4002d39813801937702d"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, 0x0) move_pages(0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000340), &(0x7f0000000380)=[0x0, 0x0], 0x2) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r3) r4 = openat$cgroup_freezer_state(r3, &(0x7f0000000080), 0x2, 0x0) sendfile(r4, r4, 0x0, 0x8000002) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0xa4001, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x14, 0x3e, 0x107, 0xdffffffe, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xca00, 0x41) read(r5, &(0x7f00000008c0)=""/4096, 0x1000) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x12, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000071120b000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2c, '\x00', 0x0, @cgroup_sock_addr=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000240)='cgroup.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c000000dcfeffff03000000010007000000c2f3d76e6502acba00691d4bfc60d54473"], 0x0, 0x27, 0x0, 0x1}, 0x28) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7fb6f3996a4a050be9440000000201010800000000000000000200000424000e8006000340000400000600034000030000060003400006000006000340000400000c0006"], 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4802) 9.080590543s ago: executing program 0 (id=1172): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockname$ax25(r0, 0x0, &(0x7f0000000300)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x1a8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x88200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setresuid(0xee01, 0xee01, 0x0) socket(0x2, 0x2, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x81f, 0x0, 0x0, &(0x7f0000000540)) connect$inet6(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x6a855000) mremap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000003000/0x2000)=nil) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) 8.214833256s ago: executing program 1 (id=1173): io_setup(0x42, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) recvfrom$inet(r1, &(0x7f0000000240)=""/180, 0xb4, 0x40000002, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2) ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f00000000c0)=@multiplanar_mmap={0x7, 0xa, 0x4, 0x100000, 0x3, {0x0, 0x2710}, {0x1, 0xc, 0x7, 0x7, 0x80, 0x5, "2852dfcf"}, 0x8, 0x1, {&(0x7f0000000040)=[{0x0, 0x80000001, {0xc54}, 0x1}, {0x7, 0x80, {0x1000}, 0x6}]}, 0x5}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x26, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$I2C(&(0x7f0000004800), 0x0, 0x2) ioctl$I2C_SLAVE(r3, 0x703, 0x3eb) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r7, 0x100000000000f7) read$watch_queue(r6, &(0x7f0000000000)=""/1, 0x1) keyctl$revoke(0x3, r5) splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa) syz_usb_connect$uac1(0x0, 0xc4, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000000000206b1d01014000010203010902b20003010000000904000000010100000a24010000000201020c2402"], 0x0) 7.665520092s ago: executing program 5 (id=1174): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) syz_io_uring_setup(0x49f, 0x0, 0x0, &(0x7f0000000040)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x20440, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x801) getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) read$msr(r0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000001fc0), 0xa0000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000002000)={0x0, @aes128}) 7.663173893s ago: executing program 2 (id=1175): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880) connect$pppoe(r3, &(0x7f00000016c0)={0x18, 0x0, {0x3, @empty, 'macvlan1\x00'}}, 0x1e) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xbb1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x23}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x6}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x6}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x80}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x2}, {0x7, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x7}, {0x18, 0x6, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.584848915s ago: executing program 5 (id=1176): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000040)={r2, 0x101, 0xf, 0x6, 0x7, 0x1}, &(0x7f0000001080)=0x14) 4.549713363s ago: executing program 2 (id=1177): r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)={{0x14}, [], {0x14}}, 0x28}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0xcd, &(0x7f0000000040), 0x5}, 0x0) (fail_nth: 4) 4.483566185s ago: executing program 0 (id=1178): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x2b, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="fc010000190001000000000010000000fe8000000000000000000000000000bbfc010000000000000000000000000000000000004e2100000a00200000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000008000000000000000ffffffffffffffff0000000000000000000000030000000044010500ac1414aa000000000000000000000000000000003c00000000000000ac1414aa0000000000000000000000000100000003000000000000000000000000000000ac1414bb000000000000000000000000000004d22b00000000000000000000000000000000000000000000000000000000000000000800000000000000000000fe8000000000000000000000000000bb00000000320000000000000000000000000000000000000000000000000080000300000000000000000000000000000000000000000000000000000000000000000000002b00"], 0x1fc}}, 0x44) 4.394021026s ago: executing program 5 (id=1179): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000280)) sendto$inet(r3, &(0x7f0000000380)="188a77cae7ce17e6ec403bddeb7b83c2839676fc5c3063f8893cbda8208bdbee8659bdb11cda19b4f885a62a036cb961c0eb8407bfc18aef7c4a880f82c7f3742ca024b8ac8c75edab86343656fb0f61e2d106cd34ae19ab69c3878a3cfe5fe517f373a7505d363aabc4501e9a956bb14c063ec96819b086d1ef8b10a07e6f63a706fb4fe1bed42a7943ebb044ea98a19ce8dced12b971049c7520a72928932f9b0dd1714d", 0xa5, 0x4000004, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1be4ffffff0000000000000000800000000400000881415e1069b9620677d264e27f62da08c4078a660264373205f6dc85f920bb7207b27d6fbcd9910ee72c6f4efc31ed27a8a0688bb0e67551f7ef45734a620ea284f7d39933f6b48a12d477148f0f89574e48f94378b345e88b308b631b79ba029d5f7d88ad23f7ebb57051c204a228", @ANYRES32, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="8d8294dbd11b398004485d793513e5388755bf75557390c15ff532e286fc7eca9d490a5492c314a17b6bbfb1bb9ade29e70955b38d1103c50057bc796cdef9afd4053b883ebacfc671b847252a8c72307f37d3ad", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) socket(0x10, 0x2, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x88800, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r6 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70) mknodat$loop(r6, &(0x7f0000001600)='./file1\x00', 0x400, 0x0) chdir(&(0x7f0000000140)='./bus\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0xa90d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc000000]}, 0x45c) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xc) setuid(r7) setpriority(0x2, 0xff, 0x0) 4.187638178s ago: executing program 0 (id=1180): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) fgetxattr(r4, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000040)=""/111, 0xfffffffffffffd73) 4.004051466s ago: executing program 2 (id=1181): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000)={0x0, 0xffffffff}, &(0x7f0000000080)=0x8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r5 = socket$inet6_sctp(0xa, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}}) write$P9_RSTATu(r4, &(0x7f0000000b40)={0x558, 0x7d, 0x4011, {{0x500, 0x204, 0xfffd, 0x40, {0x8, 0x0, 0x2}, 0x80080000, 0x201, 0xc, 0x0, 0x10f, '\x04nodZ=\xbfd`\xd2\xc2\x97D,\x027\xfcb%\xff\xff\xff\x80\x05\x00\x00\x00\x00\x00\x00\xff\x03\xff\x92\xe9\x16\x00\x05\x00\x00\x00,\x93\xcb=\xb6\xc21\xd1\x19\xaa\xa1ou\xc5\x8f\xa6\x88\x9f\xf3\xc8\xf7\xab\xc6\x1bY\xa1\xd2o\fJ\xf8\xe2\x93\xd3\xf8l\xcd\xc6o\xf5{\xe9\x00\x00\x00\x00\x00\x00\x00\x03\xd5\x89-\x8e\xfe\xbb\x9e\x05\xac\nk\xc5)`z\xc6\x8a8\x13\xaf\xe7\x9e\x85cj\xfdl]\x15\xb2\xae\xbb\xb7\xee;\x1e\xae\x8a\x7f\xbe.\x85\x88s\x14\xcb\xec\xf0\xa1\xa5\x124z\x8c\x15\xb3 \xd1\xe1\xc0\x10Uz\xaaw\x16^Q`208^|\'\x01\x00\xacB3\x00D\xa9\b=\xe5\xbe\xd8\xe0\xbd(h\"\x94\xf68\xc3\x8e%uj\xb0\xb0\x7fe\xdb\xd6$\xee\x95_}\xa7\x8e\xe1\x96I7?0\xe3\xf7\xb9d\xf0\xa2f\xc3\xac\x9ePwS\xa3\xc4\x03\xc8{\xf1Jv\x87%\x91h\xb4[\xbdz\x1f\xd8`\x0e\xa1.\x00\xdb\xfeL\x1a\xfe\xea\xaf\x9d{\xb4\xa7Z\x1c\x82\x18\x93\xf7\xf4|\xff\xeb\t]%}\x8f\xaf\xfc\x92\nAv@\x13\xb55\x1f\x00\x00\x00Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x00\x00\x00\x00', 0x35, '\xcf`7-a\xcc\xea\xb8\xc8\x86A\xeb\x93\xb4\xcc\xf6\x00*\xb8{\xfc\x01\'\x96\t?h0\\M\" \x83~\x01\b\xe2\xe7HP\x1cQHK\xa0/\x10\x9c\xaa\xf9\x15\t\xa2', 0x56, '\xf8\xf6i\xfbqk\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x15\xbe6\xf4\xfd\x1aL\xdb\x80\xe8\xd4\a\x00\x00\x007\x00C'}, 0x33f, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\fA\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaau\xf8$k\xccB\xea\xa8\xc61\xc0\xc5\x00\x95\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy\xa6\x91\xb6\xf8\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xcda\xb0\xd7#\x85\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x033\xa8\x82F}+1\xaa\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xc0\xfbNL\x90W\np\x04\x9f9\x9f\a\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xdd\x1aA\xdd=\xe3\x04\xbd|~\xd0\x81\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xc2\x00\x00\x000\xe4\xee+\xfc\x7f\x80P\x85\x11C\xe5\x16\x1a\xcdG\x15\n\xcb\xaft8\"\xdf\xe2\x03\xb1\b\xd3~\x91M\xc1\xe5>#LP\x9e\xcaA\a\xa1q,\xaa\x9d\xa5=\x05\x1c6\x88Ly\x18&a\xf3\xca6\xbc\xdb\xfb\xbd&q\t\xf81\x11\x03\x06U\xf5biO\x03\x00=\x19B\x1bJ\x19\xef\x8b\x8bL\xe9\xc9\x93\xc7\xd6\xcb0\fNezNP\xa3[\\\xc1k\x8c\x16\x1a\x8e=\xf9\x03k\xbc\xf2\x8a\xdc\xd1\x9alL)\x17\t\xae\xe5\xab>[\xc5\xae)\xf4u\xe4\xd2D\b\xb5\x16}\x0f\xaf_\xc1Vkp\\\x8b`\xaf\xa8\xac\xa4/~\x04i\x18\x8a\x0e\xf0b\xca\x18\xe3\x8f\x9e\xe1\n\xc7}+~\xb9\xd6\x0e\xa7\x9f\xdbUd\x11H[\x1b\x13\xdb\xb8\xa2\xa6b.\xbc\xf8Lio\xa4\xda!\xba\xd22\r\rh\xe9\xbfCF\xf0ha\x19\xa3\x9e@\x03\x95\xc8\xf2\x82^\xa0i\xae\x0e\x14;\xd1\xa4Ay\xedlTp,^\x9a\x19\xcc\x7f\xfaP\x0f\xa4\x1bl\x80I\xbd\xe4X\'\xd5N\xc9\x01\xd2z\xd1%\x05h\x89\xb33k?\x06\x83\x8c[fz\xe2.\xfe;\xc1[\x82_\x7f\xbc\xe4\x80\'(\x1c\xf9\xfe\x8f\xc2\x1f\xc7|$=\xe2g\x051\x0e\xb8\x1c\xf7M\xe0)1\x92\xa1?j\xd0W\xdea\xfd\x8a\xba\x8e\xf4C\x9b\xc0jE\xb2\xb01bQZ#C:\xfe\xb5*\xed\xb5\xabo3FS8\x05\x15\xf7y\xf3]\xc8\xa7\x8c7w$\x92\xa2(L!\xd2\x13V\xd4s\xf0\x0f\x85\x13|{\xf0cou}5\x1a\x86\x9b?\x00w5\xcf\xf8\\\x9d\x97\x8b\xf5]\xcc&\xd6-%\xe3\b\xf0\x88\'\xa9\x1f\xf4{\xec\x92\xf8\xe9\x1ey\bfT\x00\xaaN9\xb3Y\x86#\x9d\\{\x94\x92\b\xbb&\xbcU\xb5[I\xedpHnn}\xa3\x8c \x84P\xf9\xf7\x9e\x1bA\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\b\rxi\x19\xca\x8bg\x80\xe2\xbf\xb5\x03\xb4\xe6\xd8\xfaF\x8a\x90\xd3m6\xb8={\xe6\xa6\x8d\x80A\xc2\xef\x14\x87\xb2C\xe2\x85=g`\xaf\xef\xde\x9c\xe1\xb1W\v\x93[\n>\xa4\'\xfc\x81S\x99\x0eu\x98\xa4\xc8,)\x87\xf7\x9a\x17\x15c', 0xee00, 0xee01}}, 0x558) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) write$cgroup_int(r4, &(0x7f0000000280)=0x6, 0x12) ioctl$KVM_CAP_MAX_VCPU_ID(r3, 0x4068aea3, &(0x7f0000000100)={0x80, 0x0, 0x48}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000002c0)={0xffffffffffffffff}, 0x2, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10}, {0xa, 0x4e20, 0x6, @private2, 0x4}, r6, 0xe}}, 0x48) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x6, 0x4, [0x1, 0xb9, 0x40, 0xa01e]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x1000, 0x9, 0x9, 0x6383, r7}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14142b080004000500000030001a"], 0x78}}, 0x0) 3.479554257s ago: executing program 5 (id=1182): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) socket$kcm(0x10, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'vlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r3, 0x0, &(0x7f0000001700)=""/53}, 0x20) syz_emit_ethernet(0x52, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$admmidi(0x0, 0x2, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) capset(&(0x7f0000000080)={0x20071026}, 0x0) writev(r5, &(0x7f0000000080), 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYRESDEC=r2, @ANYRESDEC=r0, @ANYBLOB="8b040400000000001c00128009000100626f6e64000000000c00028008000400ff000000"], 0x3c}, 0x1, 0x0, 0x0, 0x95}, 0x40000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x90}, 0x1, 0x0, 0x0, 0x8000}, 0x44880) r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$IOCTL_STOP_ACCEL_DEV(r7, 0x40096101, &(0x7f0000000100)={{}, 0x7}) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000003c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000011}, 0x800) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="6987e7f576408b09126d3bdf6a9feb0100180000000000000000000000000000100800000000613030302e5f00"], 0x0, 0x20, 0x0, 0x1, 0x6}, 0x28) timer_create(0x3, 0x0, 0x0) 3.47872187s ago: executing program 1 (id=1183): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) syz_io_uring_setup(0x49f, 0x0, 0x0, &(0x7f0000000040)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x20440, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x801) getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, &(0x7f0000000280)) r3 = getpid() process_vm_readv(r3, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) read$msr(r0, 0x0, 0x0) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40018}, 0x800) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) r4 = openat$mixer(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000002000)={0x0, @aes128}) 2.552344819s ago: executing program 0 (id=1184): syz_usb_connect(0x0, 0x3b, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109022900010000000009046900000e010000082402010202"], 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000000)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c000000020601080000000000000000000000000d0003006c6973743a73657400000000050005000000000005000100"], 0x5c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4) syz_io_uring_setup(0x1dfd, &(0x7f0000002480)={0x0, 0xb764, 0x1ffd, 0x20, 0x3a1}, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x880, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) fsopen(&(0x7f0000000400)='hostfs\x00', 0x1) read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="010000000400f6407769d8f418584c330000060000000b00ebffffff0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000ff80850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r5}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x0, 0xfffffffe}, 0x10}, 0x94) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="c801000010000100"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000a8011a80a40102803c"], 0x1c8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="040100001a0001000000000000000000fc010000000000000000000000000000ac1e000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000e00000000000000000000000000000000003c0000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000a000400600000000000000014000e00fc0200"/188], 0x104}}, 0x0) 2.390388527s ago: executing program 1 (id=1185): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x13, 0x1, &(0x7f0000000140)=@raw=[@exit], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/clear_refs\x00', 0x1, 0x0) rseq(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840), 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r2}, 0x10) prctl$PR_SET_THP_DISABLE(0x29, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000125c0), 0x8000, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, &(0x7f0000012600)=@v={0x93, 0x0, 0xa0, 0xfe, @MIDI_NOTEON=@note=0x1f, 0x5, 0x4}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x10200, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, 0x0, 0xfffffffffffffdfa) r5 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r5, 0x0, 0xffffffffffffffff) listen(0xffffffffffffffff, 0xffffffff) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8e, 0x180000504) 1.847471324s ago: executing program 5 (id=1186): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) dup(0xffffffffffffffff) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xfffffeb7) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) fgetxattr(r3, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000040)=""/111, 0xfffffffffffffd73) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000300)=""/251) 1.78563125s ago: executing program 2 (id=1187): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) syz_io_uring_setup(0x49f, 0x0, 0x0, &(0x7f0000000040)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x20440, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x801) getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) read$msr(r0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000001fc0), 0xa0000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000002000)={0x0, @aes128}) 1.710801053s ago: executing program 1 (id=1188): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x50) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880) connect$pppoe(r3, &(0x7f00000016c0)={0x18, 0x0, {0x3, @empty, 'macvlan1\x00'}}, 0x1e) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xbb1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x23}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x6}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x6}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x80}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x2}, {0x7, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x7}, {0x18, 0x6, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 5 (id=1189): socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0x2b, 0x801, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40046f41, &(0x7f0000000440)=0x1f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r5 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) mount(&(0x7f00000000c0)=@nullb, 0x0, 0x0, 0x208000, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r6 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) kernel console output (not intermixed with test programs): 409.497853][ T5900] usb 4-1: SerialNumber: syz [ 409.708368][ T8973] ubi31: attaching mtd0 [ 409.714479][ T8973] ubi31: scanning is finished [ 409.783121][ T5900] usb 4-1: can't set config #8, error -71 [ 409.834358][ T5900] usb 4-1: USB disconnect, device number 15 [ 409.961117][ T8973] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 409.968843][ T8973] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 409.976228][ T8973] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 409.983668][ T8973] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 409.991459][ T8973] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 409.998363][ T8973] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 410.006461][ T8973] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4186474123 [ 410.016553][ T8973] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 410.058617][ T8978] ubi31: background thread "ubi_bgt31d" started, PID 8978 [ 414.357596][ T9000] comedi comedi0: rti802: I/O port conflict (0xee,4) [ 414.555346][ T9003] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 416.590484][ T9016] sp0: Synchronizing with TNC [ 417.302978][ T9012] sp0: Synchronizing with TNC [ 417.512170][ T43] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 417.711123][ T9028] usb usb9: usbfs: process 9028 (syz.3.824) did not claim interface 0 before use [ 417.822155][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 417.832693][ T43] usb 2-1: unable to get BOS descriptor or descriptor too short [ 418.291833][ T43] usb 2-1: config 8 has an invalid interface number: 119 but max is 0 [ 418.403199][ T43] usb 2-1: config 8 has no interface number 0 [ 418.420272][ T43] usb 2-1: config 8 interface 119 has no altsetting 0 [ 418.434959][ T43] usb 2-1: New USB device found, idVendor=1fb9, idProduct=0202, bcdDevice=4a.34 [ 418.449826][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.627235][ T43] usb 2-1: Product: syz [ 418.631591][ T43] usb 2-1: Manufacturer: syz [ 418.636263][ T43] usb 2-1: SerialNumber: syz [ 418.687340][ T9037] gfs2: Unexpected value for 'acl' [ 418.693529][ T9037] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 418.882273][ T9031] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 420.002963][ T43] cp210x 2-1:8.119: cp210x converter detected [ 420.011242][ T43] cp210x 2-1:8.119: failed to get vendor val 0x370b size 1: -71 [ 420.712219][ T43] cp210x 2-1:8.119: querying part number failed [ 420.722231][ T43] usb 2-1: cp210x converter now attached to ttyUSB0 [ 420.745559][ T43] usb 2-1: USB disconnect, device number 24 [ 420.756860][ T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 420.777334][ T43] cp210x 2-1:8.119: device disconnected [ 423.676774][ T9078] usb usb9: usbfs: process 9078 (syz.3.837) did not claim interface 0 before use [ 426.802190][ T5951] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 426.943579][ T5951] usb 4-1: device descriptor read/64, error -71 [ 427.182572][ T5900] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 427.308402][ T5951] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 427.345332][ T9103] FAULT_INJECTION: forcing a failure. [ 427.345332][ T9103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.358763][ T9103] CPU: 0 UID: 0 PID: 9103 Comm: syz.0.844 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 427.358787][ T9103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 427.358797][ T9103] Call Trace: [ 427.358804][ T9103] [ 427.358811][ T9103] dump_stack_lvl+0x189/0x250 [ 427.358836][ T9103] ? __pfx____ratelimit+0x10/0x10 [ 427.358862][ T9103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 427.358884][ T9103] ? __pfx__printk+0x10/0x10 [ 427.358907][ T9103] ? __might_fault+0xb0/0x130 [ 427.358943][ T9103] should_fail_ex+0x414/0x560 [ 427.358972][ T9103] _copy_from_iter+0x1db/0x16f0 [ 427.358993][ T9103] ? rcu_is_watching+0x15/0xb0 [ 427.359013][ T9103] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 427.359040][ T9103] ? __pfx__copy_from_iter+0x10/0x10 [ 427.359059][ T9103] ? __build_skb_around+0x257/0x3e0 [ 427.359082][ T9103] ? netlink_sendmsg+0x642/0xb30 [ 427.359102][ T9103] ? skb_put+0x11b/0x210 [ 427.359125][ T9103] netlink_sendmsg+0x6b2/0xb30 [ 427.359155][ T9103] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.359183][ T9103] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 427.359207][ T9103] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.359228][ T9103] __sock_sendmsg+0x219/0x270 [ 427.359258][ T9103] ____sys_sendmsg+0x505/0x830 [ 427.359284][ T9103] ? __pfx_____sys_sendmsg+0x10/0x10 [ 427.359315][ T9103] ? import_iovec+0x74/0xa0 [ 427.359338][ T9103] ___sys_sendmsg+0x21f/0x2a0 [ 427.359362][ T9103] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.359418][ T9103] ? __fget_files+0x2a/0x420 [ 427.359433][ T9103] ? __fget_files+0x3a0/0x420 [ 427.359459][ T9103] __x64_sys_sendmsg+0x19b/0x260 [ 427.359484][ T9103] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 427.359515][ T9103] ? __pfx_ksys_write+0x10/0x10 [ 427.359543][ T9103] ? rcu_is_watching+0x15/0xb0 [ 427.359566][ T9103] ? do_syscall_64+0xbe/0x3b0 [ 427.359587][ T9103] do_syscall_64+0xfa/0x3b0 [ 427.359601][ T9103] ? lockdep_hardirqs_on+0x9c/0x150 [ 427.359626][ T9103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.359643][ T9103] ? clear_bhb_loop+0x60/0xb0 [ 427.359663][ T9103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.359680][ T9103] RIP: 0033:0x7f9b0a18e929 [ 427.359695][ T9103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.359711][ T9103] RSP: 002b:00007f9b0af34038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 427.359729][ T9103] RAX: ffffffffffffffda RBX: 00007f9b0a3b5fa0 RCX: 00007f9b0a18e929 [ 427.359741][ T9103] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000011 [ 427.359752][ T9103] RBP: 00007f9b0af34090 R08: 0000000000000000 R09: 0000000000000000 [ 427.359762][ T9103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.359772][ T9103] R13: 0000000000000000 R14: 00007f9b0a3b5fa0 R15: 00007ffc30399708 [ 427.359798][ T9103] [ 427.361754][ T5900] usb 1-1: unable to get BOS descriptor or descriptor too short [ 427.446177][ T5958] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 427.466968][ T5900] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 427.869383][ T5951] usb 4-1: device descriptor read/64, error -71 [ 427.989377][ T5951] usb usb4-port1: attempt power cycle [ 428.062161][ T5958] usb 3-1: Using ep0 maxpacket: 8 [ 428.091603][ T5958] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.124920][ T9124] netlink: 'syz.1.852': attribute type 10 has an invalid length. [ 428.184608][ T5958] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.213552][ T5900] usb 1-1: can't read configurations, error -71 [ 428.224220][ T9125] tmpfs: Bad value for 'mpol' [ 428.229698][ T5958] usb 3-1: config 0 interface 0 has no altsetting 0 [ 428.399611][ T9124] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.449644][ T9124] batadv0: entered promiscuous mode [ 428.462325][ T9124] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 428.492845][ T5958] usb 3-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 428.613894][ T5958] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.756973][ T5958] usb 3-1: config 0 descriptor?? [ 429.871937][ T9138] ubi31: detaching mtd0 [ 430.056758][ T9138] ubi31: mtd0 is detached [ 430.363499][ T5958] usbhid 3-1:0.0: can't add hid device: -71 [ 430.369557][ T5958] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 430.397801][ T5958] usb 3-1: USB disconnect, device number 22 [ 430.716121][ T9148] usb usb9: usbfs: process 9148 (syz.0.858) did not claim interface 0 before use [ 430.872261][ T5951] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 431.234640][ T9144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.303290][ T9144] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.418905][ T9144] netlink: 12 bytes leftover after parsing attributes in process `syz.3.857'. [ 431.465359][ T9144] vlan2: entered promiscuous mode [ 431.475253][ T9158] FAULT_INJECTION: forcing a failure. [ 431.475253][ T9158] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 431.507657][ T9158] CPU: 1 UID: 0 PID: 9158 Comm: syz.0.863 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 431.507683][ T9158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 431.507693][ T9158] Call Trace: [ 431.507700][ T9158] [ 431.507710][ T9158] dump_stack_lvl+0x189/0x250 [ 431.507732][ T9158] ? __pfx____ratelimit+0x10/0x10 [ 431.507757][ T9158] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.507773][ T9158] ? __pfx__printk+0x10/0x10 [ 431.507792][ T9158] ? __might_fault+0xb0/0x130 [ 431.507822][ T9158] should_fail_ex+0x414/0x560 [ 431.507848][ T9158] _copy_from_iter+0x1db/0x16f0 [ 431.507867][ T9158] ? rcu_is_watching+0x15/0xb0 [ 431.507885][ T9158] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 431.507907][ T9158] ? __pfx__copy_from_iter+0x10/0x10 [ 431.507924][ T9158] ? __build_skb_around+0x257/0x3e0 [ 431.507944][ T9158] ? netlink_sendmsg+0x642/0xb30 [ 431.507960][ T9158] ? skb_put+0x11b/0x210 [ 431.507981][ T9158] netlink_sendmsg+0x6b2/0xb30 [ 431.507997][ T9158] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.508040][ T9158] ? __pfx_netlink_sendmsg+0x10/0x10 [ 431.508065][ T9158] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 431.508085][ T9158] ? __pfx_netlink_sendmsg+0x10/0x10 [ 431.508104][ T9158] __sock_sendmsg+0x219/0x270 [ 431.508129][ T9158] ____sys_sendmsg+0x505/0x830 [ 431.508152][ T9158] ? __pfx_____sys_sendmsg+0x10/0x10 [ 431.508178][ T9158] ? import_iovec+0x74/0xa0 [ 431.508199][ T9158] ___sys_sendmsg+0x21f/0x2a0 [ 431.508219][ T9158] ? __pfx____sys_sendmsg+0x10/0x10 [ 431.508267][ T9158] ? __fget_files+0x2a/0x420 [ 431.508283][ T9158] ? __fget_files+0x3a0/0x420 [ 431.508305][ T9158] __x64_sys_sendmsg+0x19b/0x260 [ 431.508326][ T9158] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 431.508353][ T9158] ? rcu_is_watching+0x15/0xb0 [ 431.508373][ T9158] ? do_syscall_64+0xbe/0x3b0 [ 431.508391][ T9158] do_syscall_64+0xfa/0x3b0 [ 431.508406][ T9158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.508420][ T9158] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 431.508435][ T9158] ? clear_bhb_loop+0x60/0xb0 [ 431.508453][ T9158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.508468][ T9158] RIP: 0033:0x7f9b0a18e929 [ 431.508482][ T9158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.508495][ T9158] RSP: 002b:00007f9b0af34038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 431.508513][ T9158] RAX: ffffffffffffffda RBX: 00007f9b0a3b5fa0 RCX: 00007f9b0a18e929 [ 431.508523][ T9158] RDX: 0000000000008004 RSI: 00002000000001c0 RDI: 0000000000000004 [ 431.508532][ T9158] RBP: 00007f9b0af34090 R08: 0000000000000000 R09: 0000000000000000 [ 431.508541][ T9158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.508549][ T9158] R13: 0000000000000000 R14: 00007f9b0a3b5fa0 R15: 00007ffc30399708 [ 431.508571][ T9158] [ 431.949675][ T5951] usb 4-1: unable to get BOS descriptor or descriptor too short [ 432.009819][ T5951] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 432.207752][ T5951] usb 4-1: can't read configurations, error -71 [ 433.951535][ T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 434.682364][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 434.688997][ T9] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 434.697373][ T9] usb 1-1: config 0 has no interface number 0 [ 434.709275][ T9] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 434.734617][ T9] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 434.762752][ T9] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 434.771958][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.785523][ T9] usb 1-1: Product: syz [ 434.792187][ T9] usb 1-1: Manufacturer: syz [ 434.807191][ T9] usb 1-1: SerialNumber: syz [ 434.815947][ T9] usb 1-1: config 0 descriptor?? [ 434.823189][ T9165] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 434.830547][ T9165] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 434.842758][ T5908] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 434.856065][ T9] plusb 1-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, ce:0b:1c:7b:32:4b [ 434.942427][ T9] usb 1-1: USB disconnect, device number 18 [ 434.997262][ T9] plusb 1-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 435.008412][ T5908] usb 3-1: Using ep0 maxpacket: 32 [ 435.021602][ T5908] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 435.252131][ T5900] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 435.408974][ T5908] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 435.487847][ T5900] usb 4-1: device descriptor read/64, error -71 [ 436.979382][ T5908] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 437.392512][ T5900] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 437.666119][ T5900] usb 4-1: device descriptor read/64, error -71 [ 437.846164][ T5900] usb usb4-port1: attempt power cycle [ 438.522204][ T5900] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 439.846548][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.857003][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.127805][ T9196] netlink: 'syz.1.871': attribute type 10 has an invalid length. [ 442.378815][ T9204] QAT: Device 7 not found [ 443.473370][ T5908] usb 3-1: string descriptor 0 read error: -32 [ 443.479716][ T5908] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 443.512097][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.618539][ T5908] usb 3-1: can't set config #1, error -32 [ 443.731519][ T9223] sp0: Synchronizing with TNC [ 443.770335][ T9223] sp0: Synchronizing with TNC [ 443.913266][ T9227] trusted_key: encrypted_key: master key parameter 'ds5Ϊœefault' is invalid [ 444.212316][ T5900] usb 4-1: device descriptor read/8, error -110 [ 444.452262][ T5900] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 444.642435][ T5900] usb 4-1: device descriptor read/8, error -32 [ 444.847071][ T5900] usb usb4-port1: unable to enumerate USB device [ 445.519416][ T5958] usb 3-1: USB disconnect, device number 23 [ 445.658616][ T5908] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 445.813196][ T9234] gfs2: Unexpected value for 'acl' [ 445.819822][ T9234] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 445.932673][ T5908] usb 1-1: Using ep0 maxpacket: 8 [ 446.060363][ T5908] usb 1-1: unable to get BOS descriptor or descriptor too short [ 446.100422][ T5908] usb 1-1: config 8 has an invalid interface number: 119 but max is 0 [ 446.112232][ T5908] usb 1-1: config 8 has no interface number 0 [ 446.159418][ T5908] usb 1-1: config 8 interface 119 has no altsetting 0 [ 446.190218][ T5908] usb 1-1: New USB device found, idVendor=1fb9, idProduct=0202, bcdDevice=4a.34 [ 446.206310][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.217779][ T5908] usb 1-1: Product: syz [ 446.224387][ T5908] usb 1-1: Manufacturer: syz [ 446.229568][ T5908] usb 1-1: SerialNumber: syz [ 446.399149][ T9232] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 446.894993][ T5908] usb 1-1: can't set config #8, error -71 [ 447.214977][ T9248] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.886'. [ 447.525722][ T9248] trusted_key: syz.2.886 sent an empty control message without MSG_MORE. [ 448.095738][ T9254] gfs2: Unexpected value for 'acl' [ 448.102972][ T9254] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 448.190982][ T5908] usb 1-1: USB disconnect, device number 19 [ 448.223211][ T5900] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 448.595963][ T9251] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 449.019704][ T9252] netlink: 12 bytes leftover after parsing attributes in process `syz.4.887'. [ 449.037967][ T9252] vlan2: entered promiscuous mode [ 449.043331][ T9252] team0: entered promiscuous mode [ 449.049606][ T9252] team_slave_0: entered promiscuous mode [ 449.057874][ T9252] team_slave_1: entered promiscuous mode [ 449.155734][ T5900] usb 5-1: unable to get BOS descriptor or descriptor too short [ 449.165345][ T5900] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 449.192605][ T5900] usb 5-1: can't read configurations, error -71 [ 449.224151][ T9262] binder: 9261:9262 unknown command 0 [ 449.231101][ T9262] binder: 9261:9262 ioctl c0306201 200000000080 returned -22 [ 449.359301][ T9267] netlink: 'syz.0.890': attribute type 10 has an invalid length. [ 449.381420][ T9267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 449.398415][ T9267] batadv0: entered promiscuous mode [ 449.408752][ T9267] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 450.203571][ T9270] trusted_key: encrypted_key: master key parameter 'ds5Ϊœefault' is invalid [ 450.762309][ T5954] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 451.022138][ T5954] usb 1-1: Using ep0 maxpacket: 8 [ 451.029681][ T5954] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 451.037277][ T5954] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 451.048569][ T5954] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 451.060260][ T5954] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 451.072610][ T9286] usb usb9: usbfs: process 9286 (syz.4.897) did not claim interface 0 before use [ 451.132077][ T5908] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 451.811170][ T9290] FAULT_INJECTION: forcing a failure. [ 451.811170][ T9290] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 452.042136][ T5954] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 452.050902][ T5954] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 452.067878][ T5908] usb 2-1: Using ep0 maxpacket: 32 [ 452.073221][ T5954] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 452.083352][ T9290] CPU: 0 UID: 0 PID: 9290 Comm: syz.2.899 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 452.083382][ T9290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 452.083395][ T9290] Call Trace: [ 452.083404][ T9290] [ 452.083412][ T9290] dump_stack_lvl+0x189/0x250 [ 452.083440][ T9290] ? __pfx____ratelimit+0x10/0x10 [ 452.083470][ T9290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 452.083493][ T9290] ? __pfx__printk+0x10/0x10 [ 452.083518][ T9290] ? __might_fault+0xb0/0x130 [ 452.083558][ T9290] should_fail_ex+0x414/0x560 [ 452.083590][ T9290] _copy_from_iter+0x1db/0x16f0 [ 452.083615][ T9290] ? rcu_is_watching+0x15/0xb0 [ 452.083638][ T9290] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 452.083668][ T9290] ? __pfx__copy_from_iter+0x10/0x10 [ 452.083690][ T9290] ? __build_skb_around+0x257/0x3e0 [ 452.083716][ T9290] ? netlink_sendmsg+0x642/0xb30 [ 452.083739][ T9290] ? skb_put+0x11b/0x210 [ 452.083764][ T9290] netlink_sendmsg+0x6b2/0xb30 [ 452.083797][ T9290] ? __pfx_netlink_sendmsg+0x10/0x10 [ 452.083828][ T9290] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 452.083857][ T9290] ? __pfx_netlink_sendmsg+0x10/0x10 [ 452.083880][ T9290] __sock_sendmsg+0x219/0x270 [ 452.083914][ T9290] ____sys_sendmsg+0x505/0x830 [ 452.083944][ T9290] ? __pfx_____sys_sendmsg+0x10/0x10 [ 452.083979][ T9290] ? import_iovec+0x74/0xa0 [ 452.084005][ T9290] ___sys_sendmsg+0x21f/0x2a0 [ 452.084031][ T9290] ? __pfx____sys_sendmsg+0x10/0x10 [ 452.084093][ T9290] ? __fget_files+0x2a/0x420 [ 452.084110][ T9290] ? __fget_files+0x3a0/0x420 [ 452.084139][ T9290] __x64_sys_sendmsg+0x19b/0x260 [ 452.084166][ T9290] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 452.084201][ T9290] ? __pfx_ksys_write+0x10/0x10 [ 452.084225][ T9290] ? rcu_is_watching+0x15/0xb0 [ 452.084256][ T9290] ? do_syscall_64+0xbe/0x3b0 [ 452.084279][ T9290] do_syscall_64+0xfa/0x3b0 [ 452.084295][ T9290] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.084329][ T9290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.084349][ T9290] ? clear_bhb_loop+0x60/0xb0 [ 452.084373][ T9290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.084391][ T9290] RIP: 0033:0x7fe1e618e929 [ 452.084408][ T9290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.084426][ T9290] RSP: 002b:00007fe1e6f44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 452.084447][ T9290] RAX: ffffffffffffffda RBX: 00007fe1e63b5fa0 RCX: 00007fe1e618e929 [ 452.084463][ T9290] RDX: 0000000000000000 RSI: 0000200000000740 RDI: 0000000000000003 [ 452.084475][ T9290] RBP: 00007fe1e6f44090 R08: 0000000000000000 R09: 0000000000000000 [ 452.084488][ T9290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 452.084499][ T9290] R13: 0000000000000000 R14: 00007fe1e63b5fa0 R15: 00007ffc1d6f7468 [ 452.084529][ T9290] [ 452.541121][ T9295] netlink: 36 bytes leftover after parsing attributes in process `syz.3.901'. [ 452.638803][ T9299] sctp: [Deprecated]: syz.3.901 (pid 9299) Use of struct sctp_assoc_value in delayed_ack socket option. [ 452.638803][ T9299] Use struct sctp_sack_info instead [ 452.659299][ T5954] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 452.670594][ T5908] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 452.679398][ T5908] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 452.755504][ T9301] siw: device registration error -23 [ 453.377275][ T5908] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 453.391116][ T5908] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 453.405696][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.414156][ T5908] usb 2-1: Product: syz [ 453.419436][ T5908] usb 2-1: Manufacturer: syz [ 453.419694][ T5954] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 453.432698][ T5954] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 453.444801][ T5908] usb 2-1: SerialNumber: syz [ 453.444858][ T5954] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 453.468454][ T5954] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 453.483179][ T5954] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 453.493548][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.501813][ T5954] usb 1-1: Product: syz [ 453.506049][ T5954] usb 1-1: Manufacturer: syz [ 453.510705][ T5954] usb 1-1: SerialNumber: syz [ 453.546392][ T5954] usb 1-1: can't set config #168, error -71 [ 453.573593][ T5954] usb 1-1: USB disconnect, device number 20 [ 453.883032][ T9314] netlink: 'syz.0.904': attribute type 10 has an invalid length. [ 454.142800][ T9315] QAT: Device 7 not found [ 454.524607][ T9316] binder: 9312:9316 unknown command 0 [ 454.551228][ T9316] binder: 9312:9316 ioctl c0306201 200000000080 returned -22 [ 455.392223][ T9320] netlink: 156 bytes leftover after parsing attributes in process `syz.0.907'. [ 455.766231][ T9322] netlink: 'syz.0.907': attribute type 10 has an invalid length. [ 455.791244][ T9322] team0: Device ipvlan1 failed to register rx_handler [ 458.687723][ T5908] usb 2-1: can't set config #1, error -110 [ 460.654681][ T9349] binder: 9348:9349 unknown command 0 [ 460.660151][ T9349] binder: 9348:9349 ioctl c0306201 200000000080 returned -22 [ 463.750531][ T43] usb 2-1: USB disconnect, device number 25 [ 464.084208][ T9364] 9pnet_fd: Insufficient options for proto=fd [ 464.206142][ T9367] sctp: [Deprecated]: syz.2.919 (pid 9367) Use of int in maxseg socket option. [ 464.206142][ T9367] Use struct sctp_assoc_value instead [ 464.857605][ T8051] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.999978][ T8051] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.121700][ T9377] binder: 9376:9377 unknown command 0 [ 465.140648][ T9377] binder: 9376:9377 ioctl c0306201 200000000080 returned -22 [ 465.167174][ T8051] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.436994][ T8051] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.673225][ T9390] gfs2: Unexpected value for 'acl' [ 465.679382][ T9390] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 465.906827][ T9393] FAULT_INJECTION: forcing a failure. [ 465.906827][ T9393] name failslab, interval 1, probability 0, space 0, times 0 [ 465.924344][ T8051] bridge_slave_1: left allmulticast mode [ 465.930710][ T9396] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 465.939763][ T8051] bridge_slave_1: left promiscuous mode [ 465.945756][ T9396] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 465.954448][ T8051] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.962936][ T9396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 465.971700][ T9393] CPU: 0 UID: 0 PID: 9393 Comm: syz.0.932 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 465.971721][ T9393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.971731][ T9393] Call Trace: [ 465.971738][ T9393] [ 465.971744][ T9393] dump_stack_lvl+0x189/0x250 [ 465.971768][ T9393] ? __pfx____ratelimit+0x10/0x10 [ 465.971793][ T9393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 465.971812][ T9393] ? __pfx__printk+0x10/0x10 [ 465.971842][ T9393] should_fail_ex+0x414/0x560 [ 465.971868][ T9393] should_failslab+0xa8/0x100 [ 465.971895][ T9393] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 465.971918][ T9393] ? __alloc_skb+0x112/0x2d0 [ 465.971939][ T9393] __alloc_skb+0x112/0x2d0 [ 465.971959][ T9393] tipc_msg_create+0x51/0x4d0 [ 465.971994][ T9393] tipc_group_proto_xmit+0xce/0x790 [ 465.972019][ T9393] tipc_group_cong+0x496/0x590 [ 465.972033][ T9393] ? __kasan_slab_free+0x62/0x70 [ 465.972052][ T9393] ? kfree+0x18e/0x440 [ 465.972070][ T9393] ? tipc_dest_pop+0x19c/0x230 [ 465.972091][ T9393] ? __pfx_tipc_group_cong+0x10/0x10 [ 465.972120][ T9393] ? tipc_dest_find+0x102/0x120 [ 465.972141][ T9393] tipc_send_group_unicast+0x2f3/0x500 [ 465.972180][ T9393] ? __pfx_tipc_send_group_unicast+0x10/0x10 [ 465.972206][ T9393] ? __pfx_woken_wake_function+0x10/0x10 [ 465.972230][ T9393] ? kfree+0x18e/0x440 [ 465.972254][ T9393] ? tipc_dest_pop+0x19c/0x230 [ 465.972275][ T9393] __tipc_sendmsg+0x13c8/0x2960 [ 465.972316][ T9393] ? __pfx___tipc_sendmsg+0x10/0x10 [ 465.972338][ T9393] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 465.972362][ T9393] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 465.972392][ T9393] ? __lock_acquire+0xab9/0xd20 [ 465.972412][ T9393] ? __lock_acquire+0xab9/0xd20 [ 465.972439][ T9393] ? __lock_acquire+0xab9/0xd20 [ 465.972464][ T9393] ? __local_bh_enable_ip+0x12d/0x1c0 [ 465.972481][ T9393] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.972509][ T9393] ? __local_bh_enable_ip+0x12d/0x1c0 [ 465.972524][ T9393] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 465.972556][ T9393] tipc_sendmsg+0x55/0x70 [ 465.972581][ T9393] ? __pfx_tipc_sendmsg+0x10/0x10 [ 465.972605][ T9393] __sock_sendmsg+0x219/0x270 [ 465.972635][ T9393] ____sys_sendmsg+0x505/0x830 [ 465.972663][ T9393] ? __pfx_____sys_sendmsg+0x10/0x10 [ 465.972694][ T9393] ? import_iovec+0x74/0xa0 [ 465.972724][ T9393] ___sys_sendmsg+0x21f/0x2a0 [ 465.972748][ T9393] ? __pfx____sys_sendmsg+0x10/0x10 [ 465.972805][ T9393] ? __fget_files+0x2a/0x420 [ 465.972821][ T9393] ? __fget_files+0x3a0/0x420 [ 465.972848][ T9393] __x64_sys_sendmsg+0x19b/0x260 [ 465.972872][ T9393] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 465.972904][ T9393] ? __pfx_ksys_write+0x10/0x10 [ 465.972926][ T9393] ? rcu_is_watching+0x15/0xb0 [ 465.972950][ T9393] ? do_syscall_64+0xbe/0x3b0 [ 465.972970][ T9393] do_syscall_64+0xfa/0x3b0 [ 465.972985][ T9393] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.973010][ T9393] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.973027][ T9393] ? clear_bhb_loop+0x60/0xb0 [ 465.973049][ T9393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.973064][ T9393] RIP: 0033:0x7f9b0a18e929 [ 465.973081][ T9393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.973096][ T9393] RSP: 002b:00007f9b0af13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 465.973115][ T9393] RAX: ffffffffffffffda RBX: 00007f9b0a3b6080 RCX: 00007f9b0a18e929 [ 465.973127][ T9393] RDX: 0000000000000010 RSI: 0000200000000540 RDI: 0000000000000007 [ 465.973138][ T9393] RBP: 00007f9b0af13090 R08: 0000000000000000 R09: 0000000000000000 [ 465.973148][ T9393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.973158][ T9393] R13: 0000000000000000 R14: 00007f9b0a3b6080 R15: 00007ffc30399708 [ 465.973186][ T9393] [ 466.032650][ T9396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 466.036056][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.043301][ T9396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 466.363380][ T9382] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 466.407972][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 466.416383][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 466.496357][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 466.504443][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 466.517873][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 466.520782][ T8051] bridge_slave_0: left allmulticast mode [ 466.642101][ T8051] bridge_slave_0: left promiscuous mode [ 466.648044][ T8051] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.954492][ T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 467.140432][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 467.331894][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 467.372395][ T9] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 468.034897][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 468.075730][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.095315][ T9] usb 2-1: Product: syz [ 468.099548][ T9] usb 2-1: Manufacturer: syz [ 468.108691][ T9] usb 2-1: SerialNumber: syz [ 468.576117][ T8051] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 468.597784][ T8051] bond_slave_0: left promiscuous mode [ 468.606229][ T8051] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 468.622249][ T9396] Bluetooth: hci0: command tx timeout [ 468.643652][ T9423] vxcan0: tx address claim with dlc 1 [ 468.718128][ T9424] syz.0.939 uses obsolete (PF_INET,SOCK_PACKET) [ 468.747286][ T8051] bond_slave_1: left promiscuous mode [ 468.845969][ T8051] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 468.895838][ T8051] bond0 (unregistering): Released all slaves [ 469.040564][ T8051] tipc: Left network mode [ 469.169623][ T9395] lo speed is unknown, defaulting to 1000 [ 469.311113][ T8051] hsr_slave_0: left promiscuous mode [ 469.336204][ T8051] hsr_slave_1: left promiscuous mode [ 469.402267][ T5958] usb 2-1: USB disconnect, device number 26 [ 469.441254][ T8051] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 469.467318][ T8051] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 469.615994][ T8051] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.642154][ T8051] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 469.701826][ T8051] veth1_macvtap: left promiscuous mode [ 469.708122][ T8051] veth0_macvtap: left promiscuous mode [ 469.715065][ T8051] veth1_vlan: left promiscuous mode [ 469.720478][ T8051] veth0_vlan: left promiscuous mode [ 470.502117][ T5900] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 470.560980][ T8051] team0 (unregistering): Port device team_slave_1 removed [ 470.614363][ T8051] team0 (unregistering): Port device team_slave_0 removed [ 470.684798][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 470.706389][ T9396] Bluetooth: hci0: command tx timeout [ 470.747291][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 470.784762][ T5900] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 470.796517][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 470.807452][ T5900] usb 2-1: SerialNumber: syz [ 471.021398][ T9448] IPVS: length: 8 != 1690580952 [ 471.350579][ T5900] usb 2-1: 0:2 : does not exist [ 471.378389][ T5900] usb 2-1: USB disconnect, device number 27 [ 472.054761][ T9461] FAULT_INJECTION: forcing a failure. [ 472.054761][ T9461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.176664][ T9461] CPU: 1 UID: 0 PID: 9461 Comm: syz.0.947 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 472.176694][ T9461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 472.176706][ T9461] Call Trace: [ 472.176714][ T9461] [ 472.176722][ T9461] dump_stack_lvl+0x189/0x250 [ 472.176749][ T9461] ? __pfx____ratelimit+0x10/0x10 [ 472.176785][ T9461] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.176825][ T9461] ? __pfx__printk+0x10/0x10 [ 472.176851][ T9461] ? __might_fault+0xb0/0x130 [ 472.176891][ T9461] should_fail_ex+0x414/0x560 [ 472.176925][ T9461] _copy_from_iter+0x1db/0x16f0 [ 472.176950][ T9461] ? rcu_is_watching+0x15/0xb0 [ 472.176975][ T9461] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 472.177005][ T9461] ? __pfx__copy_from_iter+0x10/0x10 [ 472.177027][ T9461] ? __build_skb_around+0x257/0x3e0 [ 472.177054][ T9461] ? netlink_sendmsg+0x642/0xb30 [ 472.177087][ T9461] ? skb_put+0x11b/0x210 [ 472.177113][ T9461] netlink_sendmsg+0x6b2/0xb30 [ 472.177145][ T9461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 472.177176][ T9461] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 472.177203][ T9461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 472.177226][ T9461] __sock_sendmsg+0x219/0x270 [ 472.177258][ T9461] ____sys_sendmsg+0x505/0x830 [ 472.177287][ T9461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 472.177319][ T9461] ? ___sys_sendmsg+0x205/0x2a0 [ 472.177348][ T9461] ___sys_sendmsg+0x21f/0x2a0 [ 472.177375][ T9461] ? __pfx____sys_sendmsg+0x10/0x10 [ 472.177399][ T9461] ? preempt_schedule_common+0x83/0xd0 [ 472.177464][ T9461] ? __fget_files+0x2a/0x420 [ 472.177480][ T9461] ? __fget_files+0x3a0/0x420 [ 472.177508][ T9461] __x64_sys_sendmsg+0x19b/0x260 [ 472.177553][ T9461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 472.177605][ T9461] do_syscall_64+0xfa/0x3b0 [ 472.177625][ T9461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.177644][ T9461] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 472.177664][ T9461] ? clear_bhb_loop+0x60/0xb0 [ 472.177688][ T9461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.177707][ T9461] RIP: 0033:0x7f9b0a18e929 [ 472.177725][ T9461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.177742][ T9461] RSP: 002b:00007f9b0af34038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 472.177763][ T9461] RAX: ffffffffffffffda RBX: 00007f9b0a3b5fa0 RCX: 00007f9b0a18e929 [ 472.177783][ T9461] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 472.177796][ T9461] RBP: 00007f9b0af34090 R08: 0000000000000000 R09: 0000000000000000 [ 472.177808][ T9461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.177820][ T9461] R13: 0000000000000000 R14: 00007f9b0a3b5fa0 R15: 00007ffc30399708 [ 472.177851][ T9461] [ 472.451463][ C1] vkms_vblank_simulate: vblank timer overrun [ 472.782511][ T9396] Bluetooth: hci0: command tx timeout [ 473.778744][ T9395] chnl_net:caif_netlink_parms(): no params data found [ 473.945316][ T9477] syz.4.949 (9477): attempted to duplicate a private mapping with mremap. This is not supported. [ 474.037873][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 474.037892][ T30] audit: type=1326 audit(1752223635.849:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcac18e929 code=0x7ffc0000 [ 474.177063][ T8051] IPVS: stop unused estimator thread 0... [ 474.402501][ T30] audit: type=1326 audit(1752223635.849:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcac18e929 code=0x7ffc0000 [ 474.423939][ C1] vkms_vblank_simulate: vblank timer overrun [ 475.095290][ T9396] Bluetooth: hci0: command tx timeout [ 475.108558][ T30] audit: type=1326 audit(1752223635.849:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7fbcac18e929 code=0x7ffc0000 [ 475.130063][ T30] audit: type=1326 audit(1752223636.059:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcac18e929 code=0x7ffc0000 [ 475.152230][ T30] audit: type=1326 audit(1752223636.059:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcac18e929 code=0x7ffc0000 [ 475.174409][ T30] audit: type=1326 audit(1752223636.449:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9478 comm="syz.0.951" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b0a18e929 code=0x0 [ 475.469115][ T9493] syz.1.954 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 475.522246][ T5900] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 475.659434][ T9395] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.667023][ T9395] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.674691][ T9395] bridge_slave_0: entered allmulticast mode [ 475.682955][ T9395] bridge_slave_0: entered promiscuous mode [ 475.695603][ T9395] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.703277][ T9395] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.710733][ T9395] bridge_slave_1: entered allmulticast mode [ 475.719503][ T9395] bridge_slave_1: entered promiscuous mode [ 475.764554][ T9395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.777811][ T9395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.825734][ T9395] team0: Port device team_slave_0 added [ 475.837060][ T9395] team0: Port device team_slave_1 added [ 475.862094][ T5900] usb 5-1: Using ep0 maxpacket: 16 [ 475.870653][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 475.884006][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 475.897829][ T5900] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 475.907223][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.915332][ T5900] usb 5-1: Product: syz [ 475.919585][ T5900] usb 5-1: Manufacturer: syz [ 475.924302][ T5900] usb 5-1: SerialNumber: syz [ 475.926609][ T9395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.932392][ T5900] usb 5-1: config 0 descriptor?? [ 475.940765][ T9395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.976865][ T9395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.679926][ T9395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.689728][ T9395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 477.042565][ T5900] appledisplay 5-1:0.0: Error while getting initial brightness: -71 [ 477.056368][ T5900] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -71 [ 477.082179][ T9395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 477.094158][ T5900] usb 5-1: USB disconnect, device number 23 [ 478.348142][ T9530] siw: device registration error -23 [ 480.387909][ T9395] hsr_slave_0: entered promiscuous mode [ 480.409890][ T9543] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 480.418807][ T9395] hsr_slave_1: entered promiscuous mode [ 480.430037][ T9395] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 480.440648][ T9543] overlayfs: failed to set xattr on upper [ 480.452717][ T9395] Cannot create hsr debugfs directory [ 480.458213][ T9543] overlayfs: ...falling back to redirect_dir=nofollow. [ 480.491124][ T9543] overlayfs: ...falling back to index=off. [ 480.519079][ T9543] overlayfs: ...falling back to uuid=null. [ 482.068155][ T9559] binder: 9558:9559 unknown command 0 [ 482.073714][ T9559] binder: 9558:9559 ioctl c0306201 200000000080 returned -22 [ 482.153151][ T9395] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 482.185370][ T9395] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 482.207625][ T9395] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 482.235392][ T9395] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 482.352163][ T5951] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 482.535725][ T5951] usb 3-1: Using ep0 maxpacket: 8 [ 482.546201][ T5951] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 482.556195][ T5951] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.564475][ T5951] usb 3-1: Product: syz [ 482.568775][ T5951] usb 3-1: Manufacturer: syz [ 482.573683][ T5951] usb 3-1: SerialNumber: syz [ 482.589990][ T5951] usb 3-1: config 0 descriptor?? [ 482.712312][ T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 482.820568][ T5951] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 482.860829][ T9395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 482.891834][ T9395] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.909880][ T6354] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.917300][ T6354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.948687][ T6354] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.952085][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 482.955965][ T6354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.987095][ T9395] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 483.000409][ T9395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 483.018575][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 483.060282][ T9] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 483.090134][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.116888][ T9] usb 2-1: Product: syz [ 483.121110][ T9] usb 2-1: Manufacturer: syz [ 483.143882][ T9] usb 2-1: SerialNumber: syz [ 483.163133][ T9] usb 2-1: config 0 descriptor?? [ 483.169749][ T9568] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 483.180808][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 483.390233][ T9] usb 2-1: USB disconnect, device number 28 [ 484.191180][ T9395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.663106][ T5951] gspca_sunplus: reg_r err -110 [ 484.668190][ T5951] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 484.705488][ T9] usb 3-1: USB disconnect, device number 24 [ 484.717696][ T9395] veth0_vlan: entered promiscuous mode [ 484.741922][ T9395] veth1_vlan: entered promiscuous mode [ 484.788986][ T9395] veth0_macvtap: entered promiscuous mode [ 484.799626][ T9395] veth1_macvtap: entered promiscuous mode [ 484.831416][ T9395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.858007][ T9395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.879124][ T9395] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.890201][ T9395] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.901389][ T9395] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.914671][ T9395] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.103006][ T163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 485.110957][ T163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.149922][ T9594] FAULT_INJECTION: forcing a failure. [ 485.149922][ T9594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 485.181429][ T8083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 485.182343][ T9594] CPU: 1 UID: 0 PID: 9594 Comm: syz.0.979 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 485.182372][ T9594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 485.182384][ T9594] Call Trace: [ 485.182394][ T9594] [ 485.182402][ T9594] dump_stack_lvl+0x189/0x250 [ 485.182430][ T9594] ? __pfx____ratelimit+0x10/0x10 [ 485.182461][ T9594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.182484][ T9594] ? __pfx__printk+0x10/0x10 [ 485.182510][ T9594] ? __might_fault+0xb0/0x130 [ 485.182552][ T9594] should_fail_ex+0x414/0x560 [ 485.182585][ T9594] _copy_from_user+0x2d/0xb0 [ 485.182609][ T9594] proc_control_compat+0xa3/0x170 [ 485.182641][ T9594] ? __pfx_proc_control_compat+0x10/0x10 [ 485.182678][ T9594] ? smack_file_ioctl+0x2a9/0x340 [ 485.182709][ T9594] usbdev_ioctl+0x13ba/0x20c0 [ 485.182755][ T9594] ? __pfx_usbdev_ioctl+0x10/0x10 [ 485.182778][ T9594] ? __fget_files+0x2a/0x420 [ 485.182795][ T9594] ? __fget_files+0x3a0/0x420 [ 485.182811][ T9594] ? __fget_files+0x2a/0x420 [ 485.182833][ T9594] ? bpf_lsm_file_ioctl+0x9/0x20 [ 485.182853][ T9594] ? __pfx_usbdev_ioctl+0x10/0x10 [ 485.182877][ T9594] __se_sys_ioctl+0xf9/0x170 [ 485.182907][ T9594] do_syscall_64+0xfa/0x3b0 [ 485.182924][ T9594] ? lockdep_hardirqs_on+0x9c/0x150 [ 485.182953][ T9594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.182974][ T9594] ? clear_bhb_loop+0x60/0xb0 [ 485.183002][ T9594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.183022][ T9594] RIP: 0033:0x7f9b0a18e929 [ 485.183040][ T9594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.183058][ T9594] RSP: 002b:00007f9b0af34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 485.183078][ T9594] RAX: ffffffffffffffda RBX: 00007f9b0a3b5fa0 RCX: 00007f9b0a18e929 [ 485.183093][ T9594] RDX: 0000000000000000 RSI: 00000000c0105500 RDI: 0000000000000005 [ 485.183105][ T9594] RBP: 00007f9b0af34090 R08: 0000000000000000 R09: 0000000000000000 [ 485.183117][ T9594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.183129][ T9594] R13: 0000000000000000 R14: 00007f9b0a3b5fa0 R15: 00007ffc30399708 [ 485.183160][ T9594] [ 485.508575][ T8083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.770216][ T9601] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 485.770257][ T9601] overlayfs: failed to set xattr on upper [ 485.770267][ T9601] overlayfs: ...falling back to redirect_dir=nofollow. [ 485.770277][ T9601] overlayfs: ...falling back to index=off. [ 485.770286][ T9601] overlayfs: ...falling back to uuid=null. [ 488.156133][ T9613] ubi31: attaching mtd0 [ 488.162451][ T9613] ubi31: scanning is finished [ 488.192041][ T9617] sp0: Synchronizing with TNC [ 488.359600][ T9616] sp0: Synchronizing with TNC [ 488.447789][ T9613] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 488.455691][ T9613] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 488.463146][ T9613] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 488.470197][ T9613] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 488.477771][ T9613] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 488.485392][ T9613] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 488.493584][ T9613] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4186474123 [ 488.503727][ T9613] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 488.514386][ T9621] ubi31: background thread "ubi_bgt31d" started, PID 9621 [ 488.572082][ T5958] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 488.744922][ T5958] usb 2-1: Using ep0 maxpacket: 8 [ 488.764653][ T5958] usb 2-1: unable to get BOS descriptor or descriptor too short [ 488.777722][ T5958] usb 2-1: config 8 has an invalid interface number: 119 but max is 0 [ 488.812132][ T5958] usb 2-1: config 8 has no interface number 0 [ 488.818309][ T5958] usb 2-1: config 8 interface 119 has no altsetting 0 [ 488.845060][ T5958] usb 2-1: New USB device found, idVendor=1fb9, idProduct=0202, bcdDevice=4a.34 [ 488.862084][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.870150][ T5958] usb 2-1: Product: syz [ 488.882063][ T5958] usb 2-1: Manufacturer: syz [ 488.886714][ T5958] usb 2-1: SerialNumber: syz [ 488.917375][ T6354] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.952137][ T5951] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 489.112774][ T5951] usb 1-1: Using ep0 maxpacket: 32 [ 489.123467][ T5951] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 489.151526][ T5951] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 489.168368][ T5951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.188668][ T5951] usb 1-1: Product: syz [ 489.198262][ T5951] usb 1-1: Manufacturer: syz [ 489.209399][ T5951] usb 1-1: SerialNumber: syz [ 489.228533][ T5951] usb 1-1: config 0 descriptor?? [ 489.240812][ T9623] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 489.264232][ T5951] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 489.343609][ T6354] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.432841][ T6354] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.478055][ T5929] usb 1-1: USB disconnect, device number 21 [ 489.519966][ T6354] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.724172][ T6354] bridge_slave_1: left allmulticast mode [ 489.736373][ T6354] bridge_slave_1: left promiscuous mode [ 489.748930][ T6354] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.768921][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 489.781228][ T6354] bridge_slave_0: left allmulticast mode [ 489.782783][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 489.793739][ T6354] bridge_slave_0: left promiscuous mode [ 489.799646][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 489.807162][ T6354] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.808591][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 489.828265][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 490.842856][ T5958] cp210x 2-1:8.119: cp210x converter detected [ 490.852869][ T5958] cp210x 2-1:8.119: failed to get vendor val 0x370b size 1: -71 [ 490.874520][ T5958] cp210x 2-1:8.119: querying part number failed [ 490.890377][ T5958] usb 2-1: cp210x converter now attached to ttyUSB0 [ 490.909483][ T5958] usb 2-1: USB disconnect, device number 29 [ 490.968764][ T5958] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 490.977050][ T5958] cp210x 2-1:8.119: device disconnected [ 491.280987][ T9640] binder: 9639:9640 unknown command 0 [ 491.353120][ T9642] ubi31: detaching mtd0 [ 491.358265][ T9640] binder: 9639:9640 ioctl c0306201 200000000080 returned -22 [ 491.406458][ T9642] ubi31: mtd0 is detached [ 491.533258][ T9640] binder: BINDER_SET_CONTEXT_MGR already set [ 491.648468][ T9640] binder: 9639:9640 ioctl 4018620d 200000000040 returned -16 [ 491.873756][ T5900] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 491.906904][ T5848] Bluetooth: hci0: command tx timeout [ 491.950173][ T6354] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 491.966100][ T6354] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 491.977267][ T6354] bond0 (unregistering): Released all slaves [ 492.031413][ T9625] lo speed is unknown, defaulting to 1000 [ 492.054504][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 492.078705][ T5900] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 492.093256][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.101434][ T5900] usb 1-1: Product: syz [ 492.110123][ T5900] usb 1-1: Manufacturer: syz [ 492.116890][ T5900] usb 1-1: SerialNumber: syz [ 492.138426][ T5900] usb 1-1: config 0 descriptor?? [ 492.236045][ T9648] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 492.243198][ T9648] overlayfs: failed to set xattr on upper [ 492.248983][ T9648] overlayfs: ...falling back to redirect_dir=nofollow. [ 492.256017][ T9648] overlayfs: ...falling back to index=off. [ 492.261878][ T9648] overlayfs: ...falling back to uuid=null. [ 492.369010][ T5900] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 493.142410][ T9652] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 494.027949][ T6354] hsr_slave_0: left promiscuous mode [ 494.058591][ T6354] hsr_slave_1: left promiscuous mode [ 494.077824][ T6354] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 494.096418][ T6354] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 494.122996][ T6354] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 494.142352][ T6354] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 494.261550][ T6354] veth1_macvtap: left promiscuous mode [ 494.322237][ T6354] veth0_macvtap: left promiscuous mode [ 494.327908][ T6354] veth1_vlan: left promiscuous mode [ 494.349483][ T6354] veth0_vlan: left promiscuous mode [ 494.377177][ T9672] netlink: 'syz.1.1000': attribute type 2 has an invalid length. [ 494.569582][ T9396] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 494.582271][ T9396] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 494.593049][ T9396] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 494.605741][ T9396] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 494.616377][ T9396] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 494.682736][ T5900] gspca_sunplus: reg_r err -110 [ 495.034087][ T9678] ubi31: attaching mtd0 [ 495.048923][ T9678] ubi31: scanning is finished [ 495.364893][ T5900] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 495.769599][ T5900] usb 1-1: USB disconnect, device number 22 [ 496.176765][ T9678] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 496.184687][ T9678] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 496.192741][ T9678] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 496.200401][ T9678] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 496.208096][ T9678] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 496.215154][ T9678] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 496.223306][ T9678] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4186474123 [ 496.233754][ T9678] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 496.695324][ T9680] ubi31: background thread "ubi_bgt31d" started, PID 9680 [ 497.494468][ T5848] Bluetooth: hci5: command tx timeout [ 499.619515][ T5848] Bluetooth: hci5: command tx timeout [ 499.728150][ T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 499.865011][ T9] usb 1-1: device descriptor read/64, error -71 [ 500.117267][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 500.291816][ T6354] team0 (unregistering): Port device team_slave_1 removed [ 500.302213][ T9] usb 1-1: device descriptor read/64, error -71 [ 500.331474][ T6354] team0 (unregistering): Port device team_slave_0 removed [ 500.415263][ T9] usb usb1-port1: attempt power cycle [ 500.482194][ T5929] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 500.642125][ T5929] usb 3-1: Using ep0 maxpacket: 8 [ 500.651038][ T5929] usb 3-1: unable to get BOS descriptor or descriptor too short [ 500.666431][ T5929] usb 3-1: config 8 has an invalid interface number: 119 but max is 0 [ 500.675007][ T5929] usb 3-1: config 8 has no interface number 0 [ 500.681849][ T5929] usb 3-1: config 8 interface 119 has no altsetting 0 [ 500.692806][ T5929] usb 3-1: New USB device found, idVendor=1fb9, idProduct=0202, bcdDevice=4a.34 [ 500.712173][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.720239][ T5929] usb 3-1: Product: syz [ 500.734670][ T5929] usb 3-1: Manufacturer: syz [ 500.739328][ T5929] usb 3-1: SerialNumber: syz [ 500.762163][ T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 500.781255][ T9699] sp0: Synchronizing with TNC [ 500.781816][ T9625] chnl_net:caif_netlink_parms(): no params data found [ 500.793268][ T9] usb 1-1: device descriptor read/8, error -71 [ 500.903552][ T9701] sp0: Synchronizing with TNC [ 500.920431][ T9705] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 500.927704][ T9671] lo speed is unknown, defaulting to 1000 [ 500.934190][ T9705] overlayfs: failed to set xattr on upper [ 500.939923][ T9705] overlayfs: ...falling back to redirect_dir=nofollow. [ 500.946916][ T9705] overlayfs: ...falling back to index=off. [ 500.952800][ T9705] overlayfs: ...falling back to uuid=null. [ 501.054141][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 501.095185][ T9] usb 1-1: device descriptor read/8, error -71 [ 501.115179][ T9625] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.131236][ T9625] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.138855][ T9625] bridge_slave_0: entered allmulticast mode [ 501.146833][ T9625] bridge_slave_0: entered promiscuous mode [ 501.163169][ T9625] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.177952][ T9625] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.187252][ T9625] bridge_slave_1: entered allmulticast mode [ 501.195269][ T9625] bridge_slave_1: entered promiscuous mode [ 501.222628][ T9] usb usb1-port1: unable to enumerate USB device [ 501.253664][ T9625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 501.256115][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.266530][ T9625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 501.269301][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.368837][ T9625] team0: Port device team_slave_0 added [ 501.393360][ T9625] team0: Port device team_slave_1 added [ 501.453735][ T9625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 501.460839][ T9625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 501.488009][ T9625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 501.523863][ T9625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 501.530890][ T9625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 501.557647][ T9625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 501.613065][ T43] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 501.641701][ T9625] hsr_slave_0: entered promiscuous mode [ 501.648706][ T9625] hsr_slave_1: entered promiscuous mode [ 501.655816][ T9625] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 501.664010][ T5848] Bluetooth: hci5: command tx timeout [ 501.664293][ T9625] Cannot create hsr debugfs directory [ 501.678215][ T9671] chnl_net:caif_netlink_parms(): no params data found [ 501.709514][ T8083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.772222][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 501.780540][ T43] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 501.805512][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.824999][ T43] usb 2-1: config 0 descriptor?? [ 501.838564][ T43] gspca_main: sunplus-2.14.0 probing 041e:400b [ 501.852384][ T8083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.371336][ T8083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.551180][ T9716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 502.561931][ T9716] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 502.611805][ T8083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.768643][ T9671] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.778176][ T9671] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.791665][ T9728] binder: 9727:9728 unknown command 0 [ 502.797283][ T9728] binder: 9727:9728 ioctl c0306201 200000000080 returned -22 [ 502.797491][ T9671] bridge_slave_0: entered allmulticast mode [ 502.813352][ T9671] bridge_slave_0: entered promiscuous mode [ 502.847042][ T9671] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.855533][ T9671] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.863076][ T9671] bridge_slave_1: entered allmulticast mode [ 502.871872][ T9671] bridge_slave_1: entered promiscuous mode [ 502.914785][ T5929] cp210x 3-1:8.119: cp210x converter detected [ 502.923707][ T5929] cp210x 3-1:8.119: failed to get vendor val 0x370b size 1: -71 [ 502.931529][ T5929] cp210x 3-1:8.119: querying part number failed [ 502.952997][ T5929] usb 3-1: cp210x converter now attached to ttyUSB0 [ 502.969132][ T5929] usb 3-1: USB disconnect, device number 25 [ 502.984242][ T5929] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 502.997720][ T5929] cp210x 3-1:8.119: device disconnected [ 503.011648][ T9671] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.033281][ T43] gspca_sunplus: reg_w_riv err -110 [ 503.057324][ T9671] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.062171][ T43] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 503.082555][ T5908] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 503.135590][ T9671] team0: Port device team_slave_0 added [ 503.180327][ T9671] team0: Port device team_slave_1 added [ 503.215298][ T8083] bridge_slave_1: left allmulticast mode [ 503.221409][ T8083] bridge_slave_1: left promiscuous mode [ 503.228634][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.240623][ T8083] bridge_slave_0: left allmulticast mode [ 503.247566][ T8083] bridge_slave_0: left promiscuous mode [ 503.254175][ T5908] usb 1-1: Using ep0 maxpacket: 8 [ 503.256487][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.281328][ T5908] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 503.293293][ T9731] QAT: Device 7 not found [ 503.304841][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.314090][ T5908] usb 1-1: Product: syz [ 503.318461][ T5908] usb 1-1: Manufacturer: syz [ 503.326847][ T5908] usb 1-1: SerialNumber: syz [ 503.352996][ T5908] usb 1-1: config 0 descriptor?? [ 503.568640][ T5908] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 503.733219][ T5848] Bluetooth: hci5: command tx timeout [ 503.735123][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.751677][ T8083] bond_slave_0: left promiscuous mode [ 503.762778][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.772348][ T8083] bond_slave_1: left promiscuous mode [ 503.779815][ T8083] bond0 (unregistering): Released all slaves [ 503.875139][ T9671] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.888626][ T9671] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.929050][ T9671] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.945345][ T8083] tipc: Left network mode [ 503.965738][ T9671] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.973968][ T9671] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.001048][ T9671] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.268491][ T9671] hsr_slave_0: entered promiscuous mode [ 504.281833][ T9671] hsr_slave_1: entered promiscuous mode [ 504.295930][ T9671] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 504.306405][ T9671] Cannot create hsr debugfs directory [ 504.347989][ T8083] hsr_slave_0: left promiscuous mode [ 504.355791][ T8083] hsr_slave_1: left promiscuous mode [ 504.364813][ T9716] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 504.375122][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 504.462125][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 504.471661][ T8083] batman_adv: batadv0: Interface deactivated: 26±ÿ [ 504.479043][ T8083] batman_adv: batadv0: Removing interface: 26±ÿ [ 504.489649][ T978] usb 2-1: USB disconnect, device number 30 [ 504.536546][ T8083] veth1_macvtap: left promiscuous mode [ 504.542491][ T8083] veth0_macvtap: left promiscuous mode [ 504.550044][ T8083] veth1_vlan: left promiscuous mode [ 504.555877][ T8083] veth0_vlan: left promiscuous mode [ 504.932048][ T9736] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 505.434282][ T5908] gspca_sunplus: reg_r err -71 [ 505.512147][ T5908] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 505.541102][ T5908] usb 1-1: USB disconnect, device number 27 [ 506.498801][ T9740] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 506.828675][ T9747] ubi31: detaching mtd0 [ 506.837503][ T9745] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 506.844595][ T9745] overlayfs: failed to set xattr on upper [ 506.850342][ T9745] overlayfs: ...falling back to redirect_dir=nofollow. [ 506.857336][ T9745] overlayfs: ...falling back to index=off. [ 506.863188][ T9745] overlayfs: ...falling back to uuid=null. [ 506.895150][ T9747] ubi31: mtd0 is detached [ 507.484094][ T8083] team_slave_1 (unregistering): left promiscuous mode [ 507.499570][ T8083] team0 (unregistering): Port device team_slave_1 removed [ 507.683306][ T8083] team_slave_0 (unregistering): left promiscuous mode [ 507.726735][ T8083] team0 (unregistering): Port device team_slave_0 removed [ 507.763302][ T9753] fuse: Unknown parameter 'group_id00000000000000000000' [ 508.737133][ T9769] kvm: kvm [9768]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001b) [ 508.974718][ T9773] binder: 9772:9773 unknown command 0 [ 508.980281][ T9773] binder: 9772:9773 ioctl c0306201 200000000080 returned -22 [ 509.242270][ T5908] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 509.433969][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 509.535731][ T5908] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 509.569496][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.586982][ T5908] usb 3-1: Product: syz [ 509.591227][ T5908] usb 3-1: Manufacturer: syz [ 509.596367][ T5908] usb 3-1: SerialNumber: syz [ 509.619011][ T5908] usb 3-1: config 0 descriptor?? [ 509.733938][ T9778] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 509.740945][ T9778] overlayfs: failed to set xattr on upper [ 509.746833][ T9778] overlayfs: ...falling back to redirect_dir=nofollow. [ 509.753754][ T9778] overlayfs: ...falling back to index=off. [ 509.758741][ T9625] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 509.759805][ T9778] overlayfs: ...falling back to uuid=null. [ 509.835621][ T5908] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 509.845146][ T9625] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 509.863982][ T9625] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 509.933575][ T9783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.944411][ T9783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.964534][ T9625] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 510.024279][ T9784] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1027'. [ 510.056616][ T8083] IPVS: stop unused estimator thread 0... [ 510.147237][ T9671] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 510.162741][ T5958] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 510.184066][ T9671] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 510.204801][ T9671] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 510.227876][ T9671] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 510.312689][ T5958] usb 2-1: device descriptor read/64, error -71 [ 510.347598][ T9625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.398464][ T9625] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.431397][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.438632][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 510.474581][ T9671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.485562][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.492758][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 510.666503][ T5958] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 510.720636][ T9671] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.751650][ T8083] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.758829][ T8083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 510.832215][ T5958] usb 2-1: device descriptor read/64, error -71 [ 510.868528][ T9625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 510.944325][ T5958] usb usb2-port1: attempt power cycle [ 511.249342][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.256570][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.377203][ T5958] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 511.442107][ T5958] usb 2-1: device descriptor read/8, error -71 [ 511.768186][ T5908] gspca_sunplus: reg_r err -71 [ 511.781090][ T5908] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 511.807704][ T5908] usb 3-1: USB disconnect, device number 26 [ 511.819528][ T9671] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 511.832085][ T5958] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 512.197506][ T9625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 512.534153][ T5958] usb 2-1: device descriptor read/8, error -71 [ 512.607367][ T9625] veth0_vlan: entered promiscuous mode [ 512.618492][ T9829] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 512.625656][ T9829] overlayfs: failed to set xattr on upper [ 512.631460][ T9829] overlayfs: ...falling back to redirect_dir=nofollow. [ 512.640676][ T9829] overlayfs: ...falling back to index=off. [ 512.640997][ T9625] veth1_vlan: entered promiscuous mode [ 512.646642][ T9829] overlayfs: ...falling back to uuid=null. [ 512.659695][ T5958] usb usb2-port1: unable to enumerate USB device [ 512.714017][ T9625] veth0_macvtap: entered promiscuous mode [ 512.757855][ T9625] veth1_macvtap: entered promiscuous mode [ 512.814320][ T9625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.837045][ T9625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.852228][ T9625] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.861132][ T9625] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.875891][ T9625] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.884811][ T9625] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.993862][ T9841] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 513.007741][ T9671] veth0_vlan: entered promiscuous mode [ 513.062268][ T8061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.070125][ T8061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.081579][ T9671] veth1_vlan: entered promiscuous mode [ 513.134701][ T6354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.157717][ T9671] veth0_macvtap: entered promiscuous mode [ 513.162086][ T6354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.178279][ T9671] veth1_macvtap: entered promiscuous mode [ 513.243839][ T9671] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 513.272886][ T9671] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 513.287475][ T9671] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.307548][ T9671] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.321583][ T9671] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.333996][ T9671] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.576768][ T6354] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.603788][ T6354] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 514.223260][ T9855] ubi31: attaching mtd0 [ 514.233288][ T9855] ubi31: scanning is finished [ 514.384852][ T6354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 514.396204][ T6354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 514.450774][ T9855] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 514.459463][ T9855] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 514.466955][ T9855] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 514.474079][ T9855] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 514.481852][ T9855] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 514.489171][ T9855] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 514.497325][ T9855] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4186474123 [ 514.507487][ T9855] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 514.541660][ T9859] ubi31: background thread "ubi_bgt31d" started, PID 9859 [ 514.682296][ T9866] binder: 9865:9866 unknown command 0 [ 514.687905][ T9866] binder: 9865:9866 ioctl c0306201 200000000080 returned -22 [ 515.652219][ T5951] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 516.002603][ T5951] usb 2-1: Using ep0 maxpacket: 8 [ 516.019886][ T5951] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 516.031624][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.041350][ T5951] usb 2-1: Product: syz [ 516.047915][ T5951] usb 2-1: Manufacturer: syz [ 516.054399][ T5951] usb 2-1: SerialNumber: syz [ 516.199326][ T9877] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1045'. [ 516.215231][ T5951] usb 2-1: config 0 descriptor?? [ 519.893291][ T5951] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 520.504610][ T5951] gspca_sunplus: reg_w_riv err -71 [ 520.509877][ T5951] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 520.519643][ T5951] usb 2-1: USB disconnect, device number 35 [ 520.602120][ T43] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 520.648021][ T9889] FAULT_INJECTION: forcing a failure. [ 520.648021][ T9889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 520.661491][ T9889] CPU: 1 UID: 0 PID: 9889 Comm: syz.1.1048 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 520.661520][ T9889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 520.661534][ T9889] Call Trace: [ 520.661544][ T9889] [ 520.661553][ T9889] dump_stack_lvl+0x189/0x250 [ 520.661582][ T9889] ? __pfx____ratelimit+0x10/0x10 [ 520.661615][ T9889] ? __pfx_dump_stack_lvl+0x10/0x10 [ 520.661639][ T9889] ? __pfx__printk+0x10/0x10 [ 520.661667][ T9889] ? __might_fault+0xb0/0x130 [ 520.661710][ T9889] should_fail_ex+0x414/0x560 [ 520.661747][ T9889] _copy_from_user+0x2d/0xb0 [ 520.661773][ T9889] snd_pcm_oss_write+0x84f/0x11a0 [ 520.661804][ T9889] ? get_pid_task+0x20/0x1f0 [ 520.661853][ T9889] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 520.661887][ T9889] ? bpf_lsm_file_permission+0x9/0x20 [ 520.661905][ T9889] ? security_file_permission+0x75/0x290 [ 520.661940][ T9889] ? rw_verify_area+0x258/0x650 [ 520.661979][ T9889] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 520.662011][ T9889] vfs_write+0x27e/0xa90 [ 520.662046][ T9889] ? __pfx_vfs_write+0x10/0x10 [ 520.662075][ T9889] ? __fget_files+0x2a/0x420 [ 520.662097][ T9889] ? __fget_files+0x2a/0x420 [ 520.662114][ T9889] ? __fget_files+0x3a0/0x420 [ 520.662130][ T9889] ? __fget_files+0x2a/0x420 [ 520.662157][ T9889] ksys_write+0x145/0x250 [ 520.662199][ T9889] ? __pfx_ksys_write+0x10/0x10 [ 520.662229][ T9889] ? do_syscall_64+0xbe/0x3b0 [ 520.662253][ T9889] do_syscall_64+0xfa/0x3b0 [ 520.662270][ T9889] ? lockdep_hardirqs_on+0x9c/0x150 [ 520.662299][ T9889] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.662318][ T9889] ? clear_bhb_loop+0x60/0xb0 [ 520.662343][ T9889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.662361][ T9889] RIP: 0033:0x7f2f9398e929 [ 520.662379][ T9889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.662397][ T9889] RSP: 002b:00007f2f94763038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 520.662417][ T9889] RAX: ffffffffffffffda RBX: 00007f2f93bb6080 RCX: 00007f2f9398e929 [ 520.662432][ T9889] RDX: 00000000ffffffd9 RSI: 00002000000001c0 RDI: 0000000000000003 [ 520.662444][ T9889] RBP: 00007f2f94763090 R08: 0000000000000000 R09: 0000000000000000 [ 520.662456][ T9889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 520.662467][ T9889] R13: 0000000000000001 R14: 00007f2f93bb6080 R15: 00007ffe8c412118 [ 520.662498][ T9889] [ 520.686503][ T8051] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.927079][ T43] usb 6-1: config 0 has an invalid descriptor of length 47, skipping remainder of the config [ 520.999997][ T43] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 521.046242][ T43] usb 6-1: New USB device found, idVendor=1b96, idProduct=000e, bcdDevice= 0.00 [ 521.074695][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.103141][ T43] usb 6-1: config 0 descriptor?? [ 521.109153][ T43] usb 6-1: can't set config #0, error -71 [ 521.128078][ T8051] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.131462][ T43] usb 6-1: USB disconnect, device number 2 [ 521.234098][ T8051] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.463186][ T8051] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.781793][ T8051] bridge_slave_1: left allmulticast mode [ 523.745063][ T9396] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 523.758400][ T9396] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 523.767489][ T8051] bridge_slave_1: left promiscuous mode [ 523.773708][ T8051] bridge0: port 2(bridge_slave_1) entered disabled state [ 523.941419][ T9396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 523.984290][ T9396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 523.992904][ T9396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 524.003715][ T9923] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 524.052128][ T9928] binder: 9927:9928 unknown command 0 [ 524.057669][ T9928] binder: 9927:9928 ioctl c0306201 200000000080 returned -22 [ 524.070343][ T9916] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 524.094584][ T8051] bridge_slave_0: left allmulticast mode [ 524.134994][ T8051] bridge_slave_0: left promiscuous mode [ 524.140812][ T8051] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.344142][ T9936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 524.372336][ T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 524.612706][ T9937] tmpfs: Bad value for 'size' [ 524.692221][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 524.701572][ T9] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 524.904037][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.932040][ T9] usb 1-1: Product: syz [ 524.941484][ T9] usb 1-1: Manufacturer: syz [ 525.006748][ T9] usb 1-1: SerialNumber: syz [ 525.021351][ T9] usb 1-1: config 0 descriptor?? [ 525.252573][ T9] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 525.325836][ T8051] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 525.337218][ T8051] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 525.349832][ T8051] bond0 (unregistering): Released all slaves [ 525.778875][ T8051] hsr_slave_0: left promiscuous mode [ 525.814467][ T8051] hsr_slave_1: left promiscuous mode [ 525.832570][ T8051] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 525.860522][ T8051] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 525.902956][ T8051] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 525.915632][ T9951] 9pnet_fd: Insufficient options for proto=fd [ 525.937300][ T8051] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 525.946497][ T9952] FAULT_INJECTION: forcing a failure. [ 525.946497][ T9952] name failslab, interval 1, probability 0, space 0, times 0 [ 525.962964][ T9952] CPU: 1 UID: 0 PID: 9952 Comm: syz.5.1067 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 525.962990][ T9952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 525.963001][ T9952] Call Trace: [ 525.963009][ T9952] [ 525.963016][ T9952] dump_stack_lvl+0x189/0x250 [ 525.963040][ T9952] ? __pfx____ratelimit+0x10/0x10 [ 525.963068][ T9952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 525.963089][ T9952] ? __pfx__printk+0x10/0x10 [ 525.963116][ T9952] ? __pfx___might_resched+0x10/0x10 [ 525.963141][ T9952] should_fail_ex+0x414/0x560 [ 525.963171][ T9952] should_failslab+0xa8/0x100 [ 525.963200][ T9952] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 525.963228][ T9952] ? __alloc_skb+0x112/0x2d0 [ 525.963252][ T9952] __alloc_skb+0x112/0x2d0 [ 525.963275][ T9952] netlink_sendmsg+0x5c6/0xb30 [ 525.963305][ T9952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 525.963335][ T9952] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 525.963361][ T9952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 525.963383][ T9952] __sock_sendmsg+0x219/0x270 [ 525.963413][ T9952] ____sys_sendmsg+0x505/0x830 [ 525.963440][ T9952] ? __pfx_____sys_sendmsg+0x10/0x10 [ 525.963471][ T9952] ? import_iovec+0x74/0xa0 [ 525.963495][ T9952] ___sys_sendmsg+0x21f/0x2a0 [ 525.963521][ T9952] ? __pfx____sys_sendmsg+0x10/0x10 [ 525.963576][ T9952] ? __fget_files+0x2a/0x420 [ 525.963591][ T9952] ? __fget_files+0x3a0/0x420 [ 525.963617][ T9952] __x64_sys_sendmsg+0x19b/0x260 [ 525.963643][ T9952] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 525.963674][ T9952] ? __pfx_ksys_write+0x10/0x10 [ 525.963696][ T9952] ? rcu_is_watching+0x15/0xb0 [ 525.963721][ T9952] ? do_syscall_64+0xbe/0x3b0 [ 525.963741][ T9952] do_syscall_64+0xfa/0x3b0 [ 525.963756][ T9952] ? lockdep_hardirqs_on+0x9c/0x150 [ 525.963782][ T9952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.963800][ T9952] ? clear_bhb_loop+0x60/0xb0 [ 525.963829][ T9952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.963847][ T9952] RIP: 0033:0x7fbbd0f8e929 [ 525.963862][ T9952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.963877][ T9952] RSP: 002b:00007fbbd1d8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 525.963895][ T9952] RAX: ffffffffffffffda RBX: 00007fbbd11b5fa0 RCX: 00007fbbd0f8e929 [ 525.963908][ T9952] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 525.963919][ T9952] RBP: 00007fbbd1d8f090 R08: 0000000000000000 R09: 0000000000000000 [ 525.963929][ T9952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 525.963939][ T9952] R13: 0000000000000000 R14: 00007fbbd11b5fa0 R15: 00007ffe48b41048 [ 525.963965][ T9952] [ 526.370619][ T8051] veth1_macvtap: left promiscuous mode [ 526.414711][ T9396] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 526.425003][ T9396] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 526.428690][ T8051] veth0_macvtap: left promiscuous mode [ 526.439069][ T9396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 526.452691][ T9396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 526.463559][ T9396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 526.524972][ T8051] veth1_vlan: left promiscuous mode [ 526.549085][ T8051] veth0_vlan: left promiscuous mode [ 527.085056][ T9] gspca_sunplus: reg_r err -71 [ 527.089923][ T9] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 527.113009][ T9] usb 1-1: USB disconnect, device number 28 [ 527.545232][ T8051] team0 (unregistering): Port device team_slave_1 removed [ 527.581928][ T8051] team0 (unregistering): Port device team_slave_0 removed [ 528.024110][ T9962] siw: device registration error -23 [ 528.561361][ T9396] Bluetooth: hci0: command tx timeout [ 528.795983][ T9954] lo speed is unknown, defaulting to 1000 [ 528.929585][ T9966] netlink: 'syz.5.1071': attribute type 10 has an invalid length. [ 529.003904][ T9969] new mount options do not match the existing superblock, will be ignored [ 529.023704][ T9966] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 529.071697][ T9966] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 529.858456][ T9974] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 529.955247][ T9980] FAULT_INJECTION: forcing a failure. [ 529.955247][ T9980] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 529.968467][ T9980] CPU: 0 UID: 0 PID: 9980 Comm: syz.0.1070 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 529.968492][ T9980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 529.968504][ T9980] Call Trace: [ 529.968511][ T9980] [ 529.968519][ T9980] dump_stack_lvl+0x189/0x250 [ 529.968547][ T9980] ? __pfx____ratelimit+0x10/0x10 [ 529.968577][ T9980] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.968598][ T9980] ? __pfx__printk+0x10/0x10 [ 529.968623][ T9980] ? __might_fault+0xb0/0x130 [ 529.968662][ T9980] should_fail_ex+0x414/0x560 [ 529.968693][ T9980] _copy_from_user+0x2d/0xb0 [ 529.968716][ T9980] __sys_bind+0x199/0x3e0 [ 529.968738][ T9980] ? __pfx___sys_bind+0x10/0x10 [ 529.968770][ T9980] ? __pfx_ksys_write+0x10/0x10 [ 529.968794][ T9980] ? rcu_is_watching+0x15/0xb0 [ 529.968822][ T9980] __x64_sys_bind+0x7a/0x90 [ 529.968843][ T9980] do_syscall_64+0xfa/0x3b0 [ 529.968860][ T9980] ? lockdep_hardirqs_on+0x9c/0x150 [ 529.968888][ T9980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.968906][ T9980] ? clear_bhb_loop+0x60/0xb0 [ 529.968930][ T9980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.968948][ T9980] RIP: 0033:0x7f9b0a18e929 [ 529.968964][ T9980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.968981][ T9980] RSP: 002b:00007f9b07ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 529.969001][ T9980] RAX: ffffffffffffffda RBX: 00007f9b0a3b6160 RCX: 00007f9b0a18e929 [ 529.969015][ T9980] RDX: 000000000000006e RSI: 0000200000000000 RDI: 0000000000000003 [ 529.969027][ T9980] RBP: 00007f9b07ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 529.969038][ T9980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.969049][ T9980] R13: 0000000000000000 R14: 00007f9b0a3b6160 R15: 00007ffc30399708 [ 529.969078][ T9980] [ 530.194884][ T9954] chnl_net:caif_netlink_parms(): no params data found [ 530.828919][ T9986] trusted_key: encrypted_key: master key parameter 'ds5Ϊœefault' is invalid [ 531.523297][ T9991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 531.543615][ T9954] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.550735][ T9954] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.616210][ T9954] bridge_slave_0: entered allmulticast mode [ 531.644994][ T9954] bridge_slave_0: entered promiscuous mode [ 531.680802][ T9954] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.705415][ T9954] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.724798][ T9954] bridge_slave_1: entered allmulticast mode [ 531.747128][ T9954] bridge_slave_1: entered promiscuous mode [ 531.994087][ T9954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.066344][ T9954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.218070][ T9954] team0: Port device team_slave_0 added [ 532.257588][ T9954] team0: Port device team_slave_1 added [ 532.472872][ T9954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 532.551125][ T9954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.730163][T10010] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1079'. [ 532.791522][ T9954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.073693][ T9954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 533.089114][ T9954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.144574][ T9954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 533.423973][T10018] netlink: 'syz.2.1080': attribute type 10 has an invalid length. [ 534.740795][T10018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.774481][T10018] batadv0: entered promiscuous mode [ 534.780088][T10018] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 537.060454][ T9954] hsr_slave_0: entered promiscuous mode [ 537.102276][ T9954] hsr_slave_1: entered promiscuous mode [ 537.153807][ T9954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 537.163397][ T9954] Cannot create hsr debugfs directory [ 537.185641][T10034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.411493][T10045] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 537.422295][T10045] overlayfs: failed to set xattr on upper [ 537.428075][T10045] overlayfs: ...falling back to redirect_dir=nofollow. [ 537.435626][T10045] overlayfs: ...falling back to index=off. [ 537.441459][T10045] overlayfs: ...falling back to uuid=null. [ 540.666761][T10067] pim6reg: entered allmulticast mode [ 540.680700][T10067] pim6reg: left allmulticast mode [ 543.540239][T10081] siw: device registration error -23 [ 544.039168][ T9954] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 544.055433][ T9954] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 544.068621][ T9954] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 544.090903][ T9954] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 544.391823][T10092] input: syz1 as /devices/virtual/input/input12 [ 544.421132][ T9954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 544.472625][ T9954] 8021q: adding VLAN 0 to HW filter on device team0 [ 544.630696][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.637927][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 544.801304][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.808505][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 544.916230][T10097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 545.379804][T10109] kAFS: No cell specified [ 545.392804][T10108] usb usb9: usbfs: process 10108 (syz.1.1109) did not claim interface 0 before use [ 546.504002][T10109] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 546.893388][ T5929] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 546.970911][T10126] siw: device registration error -23 [ 548.024779][ T5929] usb 2-1: Using ep0 maxpacket: 32 [ 548.045813][ T5929] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 548.055285][ T9954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 548.062299][ T5929] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 548.062341][ T5929] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 548.062366][ T5929] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 548.062390][ T5929] usb 2-1: config 0 interface 0 has no altsetting 0 [ 548.065029][ T5929] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 548.231556][T10133] trusted_key: encrypted_key: master key parameter 'ds5Ϊœefault' is invalid [ 548.269787][T10136] tipc: Started in network mode [ 548.280638][T10136] tipc: Node identity 8ef4fea6e0b8, cluster identity 4711 [ 548.311843][T10136] tipc: Enabled bearer , priority 10 [ 548.368076][T10138] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 548.375187][T10138] overlayfs: failed to set xattr on upper [ 548.380932][T10138] overlayfs: ...falling back to redirect_dir=nofollow. [ 548.387927][T10138] overlayfs: ...falling back to index=off. [ 548.393798][T10138] overlayfs: ...falling back to uuid=null. [ 548.431279][ T9954] veth0_vlan: entered promiscuous mode [ 548.457803][T10138] evm: overlay not supported [ 548.507895][ T9954] veth1_vlan: entered promiscuous mode [ 548.667936][ T9954] veth0_macvtap: entered promiscuous mode [ 548.728907][ T9954] veth1_macvtap: entered promiscuous mode [ 548.822859][ T9954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 548.886455][ T9954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 548.894124][ T5929] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 548.902945][ T5929] usb 2-1: Product: syz [ 548.907744][ T5929] usb 2-1: Manufacturer: syz [ 548.912415][ T5929] usb 2-1: SerialNumber: syz [ 548.923280][ T9954] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.932936][ T5929] usb 2-1: config 0 descriptor?? [ 548.938119][ T9954] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.947162][ T9954] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.957837][ T5929] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 548.967237][ T9954] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.981525][ T5929] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 549.132585][ T8051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.169033][ T8051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.173212][ T9] usb 2-1: USB disconnect, device number 36 [ 549.196938][ T9] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 549.238595][ T8079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.272525][ T8079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.302208][ T5951] tipc: Node number set to 1850539686 [ 549.324007][ T5929] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 549.493298][ T5929] usb 3-1: Using ep0 maxpacket: 16 [ 549.503432][ T5929] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 549.522032][ T5929] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 549.534866][ T5929] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 549.544253][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.552675][ T5929] usb 3-1: Product: syz [ 549.556985][ T5929] usb 3-1: Manufacturer: syz [ 549.561674][ T5929] usb 3-1: SerialNumber: syz [ 549.834074][T10151] FAULT_INJECTION: forcing a failure. [ 549.834074][T10151] name failslab, interval 1, probability 0, space 0, times 0 [ 549.847228][T10151] CPU: 1 UID: 0 PID: 10151 Comm: syz.1.1123 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 549.847253][T10151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 549.847263][T10151] Call Trace: [ 549.847270][T10151] [ 549.847278][T10151] dump_stack_lvl+0x189/0x250 [ 549.847302][T10151] ? __pfx____ratelimit+0x10/0x10 [ 549.847330][T10151] ? __pfx_dump_stack_lvl+0x10/0x10 [ 549.847350][T10151] ? __pfx__printk+0x10/0x10 [ 549.847375][T10151] ? __pfx___might_resched+0x10/0x10 [ 549.847395][T10151] ? fs_reclaim_acquire+0x7d/0x100 [ 549.847418][T10151] should_fail_ex+0x414/0x560 [ 549.847447][T10151] should_failslab+0xa8/0x100 [ 549.847476][T10151] __kmalloc_noprof+0xcb/0x4f0 [ 549.847500][T10151] ? tomoyo_encode+0x28b/0x550 [ 549.847523][T10151] tomoyo_encode+0x28b/0x550 [ 549.847547][T10151] tomoyo_realpath_from_path+0x58d/0x5d0 [ 549.847568][T10151] ? tomoyo_domain+0xda/0x130 [ 549.847592][T10151] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 549.847618][T10151] tomoyo_path_number_perm+0x1e8/0x5a0 [ 549.847654][T10151] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 549.847696][T10151] ? __lock_acquire+0xab9/0xd20 [ 549.847733][T10151] ? __fget_files+0x2a/0x420 [ 549.847753][T10151] ? __fget_files+0x2a/0x420 [ 549.847767][T10151] ? __fget_files+0x3a0/0x420 [ 549.847783][T10151] ? __fget_files+0x2a/0x420 [ 549.847803][T10151] security_file_ioctl+0xcb/0x2d0 [ 549.847833][T10151] __se_sys_ioctl+0x47/0x170 [ 549.847858][T10151] do_syscall_64+0xfa/0x3b0 [ 549.847874][T10151] ? lockdep_hardirqs_on+0x9c/0x150 [ 549.847900][T10151] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.847918][T10151] ? clear_bhb_loop+0x60/0xb0 [ 549.847939][T10151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.847956][T10151] RIP: 0033:0x7f2f9398e929 [ 549.847972][T10151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.847987][T10151] RSP: 002b:00007f2f94763038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 549.848005][T10151] RAX: ffffffffffffffda RBX: 00007f2f93bb6080 RCX: 00007f2f9398e929 [ 549.848018][T10151] RDX: 0000200000000100 RSI: 0000000000008905 RDI: 000000000000000a [ 549.848029][T10151] RBP: 00007f2f94763090 R08: 0000000000000000 R09: 0000000000000000 [ 549.848040][T10151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.848050][T10151] R13: 0000000000000000 R14: 00007f2f93bb6080 R15: 00007ffe8c412118 [ 549.848078][T10151] [ 550.092094][ C1] vkms_vblank_simulate: vblank timer overrun [ 550.104642][T10151] ERROR: Out of memory at tomoyo_realpath_from_path. [ 550.737275][ T8079] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.773558][ T5929] usb 3-1: 0:2 : does not exist [ 550.785259][ T5929] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 550.825783][ T5929] usb 3-1: USB disconnect, device number 27 [ 550.896693][ T8079] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.708842][ T8079] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.784524][T10164] kAFS: No cell specified [ 552.301787][ T5908] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 552.387588][ T8079] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.695324][T10176] trusted_key: encrypted_key: master key parameter 'ds5Ϊœefault' is invalid [ 552.794847][ T5908] usb 2-1: Using ep0 maxpacket: 16 [ 553.525624][ T5908] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 553.542077][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 553.567648][ T5908] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 553.577010][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.585046][ T5908] usb 2-1: Product: syz [ 553.589343][ T5908] usb 2-1: Manufacturer: syz [ 553.603736][ T5908] usb 2-1: SerialNumber: syz [ 553.634751][ T5908] usb 2-1: config 0 descriptor?? [ 553.644299][ T5908] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 553.672146][ T5908] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 553.688531][ T8079] bridge_slave_1: left allmulticast mode [ 553.707774][ T8079] bridge_slave_1: left promiscuous mode [ 553.742323][ T8079] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.782303][ T5929] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 553.800703][ T8079] bridge_slave_0: left allmulticast mode [ 553.942322][ T5929] usb 3-1: Using ep0 maxpacket: 16 [ 554.016700][ T8079] bridge_slave_0: left promiscuous mode [ 554.022926][ T8079] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.057812][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 554.073442][ T5929] usb 3-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47 [ 554.083002][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 554.091504][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 554.108780][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.117061][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 554.134029][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 554.153698][ T5929] usb 3-1: Product: syz [ 554.157979][ T5929] usb 3-1: Manufacturer: syz [ 554.162938][ T5929] usb 3-1: SerialNumber: syz [ 554.170501][ T5929] usb 3-1: config 0 descriptor?? [ 554.280346][ T5929] gspca_main: sn9c2028-2.14.0 probing 0c45:800a [ 554.313907][T10160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 554.396593][T10160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.551524][ T5908] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 554.594143][ T5929] gspca_sn9c2028: read1 error -32 [ 555.216920][ T5929] gspca_sn9c2028: read1 error -110 [ 555.258650][ T5929] gspca_sn9c2028: read1 error -32 [ 555.258975][ T5929] sn9c2028 3-1:0.0: probe with driver sn9c2028 failed with error -32 [ 555.440915][ T5908] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 555.460372][T10160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1125'. [ 555.989780][ T5908] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 556.005373][ T5908] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 556.021713][ T5951] usb 3-1: USB disconnect, device number 28 [ 556.096613][ T8079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 556.110121][ T8079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 556.121614][ T8079] bond0 (unregistering): Released all slaves [ 556.149002][T10186] pim6reg: entered allmulticast mode [ 556.165220][T10190] pim6reg: left allmulticast mode [ 556.212337][ T9396] Bluetooth: hci0: command tx timeout [ 556.831626][ T5908] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 556.840621][ T5908] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 556.866033][ T5908] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 556.881425][ T5908] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 556.901802][T10187] lo speed is unknown, defaulting to 1000 [ 556.933820][ T5908] usb 2-1: USB disconnect, device number 37 [ 557.071067][T10201] syz_tun: entered allmulticast mode [ 557.175429][ T8079] hsr_slave_0: left promiscuous mode [ 557.187593][ T8079] hsr_slave_1: left promiscuous mode [ 557.329874][ T8079] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 557.355703][ T8079] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 557.385859][ T8079] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 557.403443][ T8079] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.465587][ T8079] veth1_macvtap: left promiscuous mode [ 557.480077][ T8079] veth0_macvtap: left promiscuous mode [ 557.492243][ T8079] veth1_vlan: left promiscuous mode [ 557.497765][ T8079] veth0_vlan: left promiscuous mode [ 557.542933][ T5908] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 557.604954][T10211] ubi31: detaching mtd0 [ 557.629668][T10211] ubi31: mtd0 is detached [ 557.823116][ T5908] usb 2-1: Using ep0 maxpacket: 16 [ 557.866097][ T5908] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 557.976745][ T5908] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 558.084488][ T5908] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 558.185281][ T5908] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 558.207108][ T5908] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 558.225814][ T5908] usb 2-1: config 1 interface 0 has no altsetting 0 [ 558.232870][ T5908] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 558.242081][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.257742][ T5908] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 558.292234][ T9396] Bluetooth: hci0: command tx timeout [ 558.770253][ T5908] scsi host1: usb-storage 2-1:1.0 [ 559.663814][T10227] ubi31: attaching mtd0 [ 559.669794][T10227] ubi31: scanning is finished [ 559.794985][T10227] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 559.802698][T10227] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 559.810016][T10227] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 559.817459][T10227] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 559.825049][T10227] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 559.831926][T10227] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 559.837753][ T64] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 559.840100][T10227] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4186474123 [ 559.840123][T10227] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 559.840691][T10228] ubi31: background thread "ubi_bgt31d" started, PID 10228 [ 559.982060][ T64] sd 1:0:0:0: Attached scsi generic sg1 type 0 [ 560.058952][ T8079] team0 (unregistering): Port device team_slave_1 removed [ 560.164298][ T8079] team0 (unregistering): Port device team_slave_0 removed [ 560.276053][ T5929] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 560.372285][ T9396] Bluetooth: hci0: command tx timeout [ 560.488171][ T5929] usb 6-1: Using ep0 maxpacket: 32 [ 560.642026][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 560.653175][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 560.677382][ T5929] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 560.687787][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.051517][ T5929] usb 6-1: config 0 descriptor?? [ 561.079950][ T5908] usb 2-1: USB disconnect, device number 38 [ 561.213199][ T12] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK [ 561.232151][ T12] sd 1:0:0:0: [sdb] Sense not available. [ 561.238916][ T12] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 561.256746][ T12] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 561.271331][ T12] sd 1:0:0:0: [sdb] Write Protect is off [ 561.278914][ T12] sd 1:0:0:0: [sdb] Asking for cache data failed [ 561.289223][ T12] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 561.451173][ T12] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 561.477771][ T5929] ft260 0003:0403:6030.0005: unknown main item tag 0x0 [ 561.554917][T10201] dvmrp8: entered allmulticast mode [ 561.580679][T10200] syz_tun: left allmulticast mode [ 561.593980][T10231] syz_tun: entered allmulticast mode [ 561.710891][ T5929] ft260 0003:0403:6030.0005: failed to retrieve chip version [ 561.742430][ T5929] ft260 0003:0403:6030.0005: probe with driver ft260 failed with error -5 [ 562.213350][T10245] QAT: Device 7 not found [ 562.462246][ T9396] Bluetooth: hci0: command tx timeout [ 562.601489][T10232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 562.647003][T10232] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 562.647688][T10187] chnl_net:caif_netlink_parms(): no params data found [ 562.696508][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.707709][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.857295][T10252] FAULT_INJECTION: forcing a failure. [ 562.857295][T10252] name failslab, interval 1, probability 0, space 0, times 0 [ 562.870768][T10252] CPU: 0 UID: 0 PID: 10252 Comm: syz.2.1148 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 562.870797][T10252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 562.870809][T10252] Call Trace: [ 562.870817][T10252] [ 562.870826][T10252] dump_stack_lvl+0x189/0x250 [ 562.870854][T10252] ? __pfx____ratelimit+0x10/0x10 [ 562.870885][T10252] ? __pfx_dump_stack_lvl+0x10/0x10 [ 562.870922][T10252] ? __pfx__printk+0x10/0x10 [ 562.870966][T10252] ? __pfx___might_resched+0x10/0x10 [ 562.870993][T10252] should_fail_ex+0x414/0x560 [ 562.871026][T10252] should_failslab+0xa8/0x100 [ 562.871057][T10252] __kmalloc_cache_noprof+0x70/0x3d0 [ 562.871084][T10252] ? snd_seq_port_connect+0x6b/0x430 [ 562.871114][T10252] snd_seq_port_connect+0x6b/0x430 [ 562.871138][T10252] ? do_raw_read_unlock+0x3d/0x80 [ 562.871163][T10252] ? _raw_read_unlock+0x28/0x50 [ 562.871195][T10252] snd_seq_ioctl_subscribe_port+0x339/0x710 [ 562.871230][T10252] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 562.871271][T10252] snd_seq_ioctl+0x254/0x420 [ 562.871297][T10252] ? smk_tskacc+0x2fc/0x370 [ 562.871335][T10252] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 562.871359][T10252] ? smack_file_ioctl+0x24a/0x340 [ 562.871400][T10252] ? security_file_ioctl+0x19/0x2d0 [ 562.871432][T10252] ? bpf_lsm_file_ioctl+0x9/0x20 [ 562.871450][T10252] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 562.871476][T10252] __se_sys_ioctl+0xf9/0x170 [ 562.871502][T10252] do_syscall_64+0xfa/0x3b0 [ 562.871520][T10252] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.871537][T10252] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 562.871554][T10252] ? clear_bhb_loop+0x60/0xb0 [ 562.871575][T10252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.871592][T10252] RIP: 0033:0x7fe1e618e929 [ 562.871608][T10252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.871623][T10252] RSP: 002b:00007fe1e6f44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 562.871641][T10252] RAX: ffffffffffffffda RBX: 00007fe1e63b5fa0 RCX: 00007fe1e618e929 [ 562.871654][T10252] RDX: 0000200000000bc0 RSI: 0000000040505330 RDI: 0000000000000003 [ 562.871665][T10252] RBP: 00007fe1e6f44090 R08: 0000000000000000 R09: 0000000000000000 [ 562.871676][T10252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 562.871686][T10252] R13: 0000000000000000 R14: 00007fe1e63b5fa0 R15: 00007ffc1d6f7468 [ 562.871714][T10252] [ 563.481939][T10187] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.506203][T10187] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.521509][T10187] bridge_slave_0: entered allmulticast mode [ 563.529377][T10187] bridge_slave_0: entered promiscuous mode [ 563.599375][T10187] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.627573][T10187] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.652910][T10187] bridge_slave_1: entered allmulticast mode [ 563.680645][T10187] bridge_slave_1: entered promiscuous mode [ 564.183429][T10282] siw: device registration error -23 [ 564.709891][ T5929] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 564.725456][T10187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 564.821020][ T978] usb 6-1: USB disconnect, device number 3 [ 564.845386][T10187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.947579][T10229] syz_tun: left allmulticast mode [ 565.188021][ T5929] usb 2-1: Using ep0 maxpacket: 32 [ 565.205546][T10187] team0: Port device team_slave_0 added [ 565.266524][T10289] ======================================================= [ 565.266524][T10289] WARNING: The mand mount option has been deprecated and [ 565.266524][T10289] and is ignored by this kernel. Remove the mand [ 565.266524][T10289] option from the mount to silence this warning. [ 565.266524][T10289] ======================================================= [ 565.423951][T10187] team0: Port device team_slave_1 added [ 565.464289][ T5929] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 565.474691][ T5929] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 565.513689][ T5929] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 565.523530][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.538664][T10187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 565.542431][ T5929] usb 2-1: Product: syz [ 565.550577][ T5929] usb 2-1: Manufacturer: syz [ 565.566494][ T5929] usb 2-1: SerialNumber: syz [ 565.567150][T10187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.873072][T10187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 566.106445][T10187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 566.115446][T10187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.171583][T10187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 566.465040][T10187] hsr_slave_0: entered promiscuous mode [ 566.501918][T10187] hsr_slave_1: entered promiscuous mode [ 566.520398][T10187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 566.529766][T10187] Cannot create hsr debugfs directory [ 567.833035][T10304] siw: device registration error -23 [ 568.737048][ T5929] usb 2-1: 0:2 : does not exist [ 568.769387][ T5929] usb 2-1: USB disconnect, device number 39 [ 568.825952][T10302] lo speed is unknown, defaulting to 1000 [ 569.157682][T10314] FAULT_INJECTION: forcing a failure. [ 569.157682][T10314] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 569.379418][T10316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 569.599610][T10314] CPU: 0 UID: 0 PID: 10314 Comm: syz.5.1164 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 569.599636][T10314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 569.599647][T10314] Call Trace: [ 569.599654][T10314] [ 569.599662][T10314] dump_stack_lvl+0x189/0x250 [ 569.599687][T10314] ? __pfx____ratelimit+0x10/0x10 [ 569.599714][T10314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 569.599735][T10314] ? __pfx__printk+0x10/0x10 [ 569.599759][T10314] ? fs_reclaim_acquire+0x7d/0x100 [ 569.599786][T10314] should_fail_ex+0x414/0x560 [ 569.599816][T10314] prepare_alloc_pages+0x213/0x610 [ 569.599842][T10314] __alloc_frozen_pages_noprof+0x123/0x370 [ 569.599865][T10314] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 569.599894][T10314] ? policy_nodemask+0x27c/0x720 [ 569.599918][T10314] ? __lock_acquire+0xab9/0xd20 [ 569.599940][T10314] alloc_pages_mpol+0x232/0x4a0 [ 569.599970][T10314] vma_alloc_folio_noprof+0xe4/0x200 [ 569.599995][T10314] ? irqentry_exit+0x74/0x90 [ 569.600023][T10314] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 569.600061][T10314] folio_prealloc+0x30/0x180 [ 569.600095][T10314] __handle_mm_fault+0x2c88/0x5620 [ 569.600155][T10314] ? __pfx___handle_mm_fault+0x10/0x10 [ 569.600195][T10314] ? follow_page_pte+0x8d6/0x14b0 [ 569.600230][T10314] handle_mm_fault+0x2d5/0x7f0 [ 569.600254][T10314] ? vma_is_secretmem+0xd/0x50 [ 569.600291][T10314] __get_user_pages+0x1af4/0x30b0 [ 569.600350][T10314] ? __pfx___get_user_pages+0x10/0x10 [ 569.600373][T10314] ? __gup_longterm_locked+0xbf7/0x15b0 [ 569.600397][T10314] ? down_read_killable+0x1d1/0x350 [ 569.600422][T10314] __gup_longterm_locked+0xd66/0x15b0 [ 569.600455][T10314] ? sanity_check_pinned_pages+0x11ca/0x12c0 [ 569.600479][T10314] ? sanity_check_pinned_pages+0x11cf/0x12c0 [ 569.600503][T10314] ? gup_fast_fallback+0x1b8e/0x2260 [ 569.600532][T10314] gup_fast_fallback+0x1cd4/0x2260 [ 569.600593][T10314] ? __pfx_gup_fast_fallback+0x10/0x10 [ 569.600625][T10314] ? rcu_is_watching+0x15/0xb0 [ 569.600644][T10314] ? is_valid_gup_args+0x11f/0x200 [ 569.600671][T10314] ? pin_user_pages_fast+0x4d/0xb0 [ 569.600697][T10314] rds_info_getsockopt+0x1fb/0x470 [ 569.600723][T10314] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 569.600739][T10314] ? __pfx_rds_getsockopt+0x10/0x10 [ 569.600770][T10314] ? __sanitizer_cov_trace_switch+0x7/0x130 [ 569.600798][T10314] ? rds_getsockopt+0x2b4/0x500 [ 569.600826][T10314] do_sock_getsockopt+0x35d/0x650 [ 569.600853][T10314] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 569.600875][T10314] ? do_syscall_64+0x40/0x3b0 [ 569.600891][T10314] ? __fget_files+0x3a0/0x420 [ 569.600907][T10314] ? __fget_files+0x2a/0x420 [ 569.600933][T10314] __x64_sys_getsockopt+0x1a5/0x250 [ 569.600955][T10314] ? do_syscall_64+0x40/0x3b0 [ 569.600974][T10314] ? do_syscall_64+0x40/0x3b0 [ 569.600996][T10314] do_syscall_64+0xfa/0x3b0 [ 569.601014][T10314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.601032][T10314] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 569.601049][T10314] ? clear_bhb_loop+0x60/0xb0 [ 569.601078][T10314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.601096][T10314] RIP: 0033:0x7fbbd0f8e929 [ 569.601113][T10314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.601129][T10314] RSP: 002b:00007fbbd1d8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 569.601149][T10314] RAX: ffffffffffffffda RBX: 00007fbbd11b5fa0 RCX: 00007fbbd0f8e929 [ 569.601163][T10314] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003 [ 569.601174][T10314] RBP: 00007fbbd1d8f090 R08: 0000200000000000 R09: 0000000000000000 [ 569.601186][T10314] R10: 0000200000032580 R11: 0000000000000246 R12: 0000000000000001 [ 569.601197][T10314] R13: 0000000000000000 R14: 00007fbbd11b5fa0 R15: 00007ffe48b41048 [ 569.601225][T10314] [ 570.260011][T10322] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 570.576661][T10187] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 570.588833][T10187] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 570.692209][ T5951] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 570.692679][T10187] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 570.857989][T10187] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 570.952811][ T5951] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.515419][ T5951] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 571.542063][ T5951] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.076155][ T5951] usb 6-1: config 0 descriptor?? [ 574.195997][T10187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 576.086531][T10187] 8021q: adding VLAN 0 to HW filter on device team0 [ 576.109769][ T5951] usbhid 6-1:0.0: can't add hid device: -71 [ 576.134327][ T5951] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 576.666555][ T5951] usb 6-1: USB disconnect, device number 4 [ 577.451627][ T8053] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.458934][ T8053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.500807][T10187] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 577.511592][T10187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 577.774652][ T5900] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 577.819284][ T8053] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.826602][ T8053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.897463][T10368] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 577.952244][ T5900] usb 2-1: Using ep0 maxpacket: 32 [ 578.065684][ T5900] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 578.082046][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 578.662513][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 578.821348][ T5900] usb 2-1: string descriptor 0 read error: -71 [ 578.846140][ T5900] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 578.912147][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.954159][ T5900] usb 2-1: can't set config #1, error -71 [ 578.975371][ T5900] usb 2-1: USB disconnect, device number 40 [ 579.876119][T10378] 9pnet_fd: Insufficient options for proto=fd [ 579.942684][T10380] QAT: Device 7 not found [ 580.922652][T10402] siw: device registration error -23 [ 582.108960][ T5900] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 589.302040][ T5900] usb 1-1: device descriptor read/64, error -110 [ 591.272085][ T5900] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 593.612084][ T5900] usb 1-1: device descriptor read/64, error -32 [ 595.415214][ T5900] usb usb1-port1: attempt power cycle [ 597.522059][ T5900] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 599.693194][ T5900] usb 1-1: device descriptor read/8, error -32 [ 601.712143][ T5900] raw-gadget.0 gadget.0: failed to queue resume event [ 603.772044][ T5900] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 605.922269][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 605.929402][ T5900] usb 1-1: device descriptor read/8, error -32 [ 606.042102][ T5900] raw-gadget.0 gadget.0: failed to queue suspend event [ 607.980646][ T5900] usb usb1-port1: unable to enumerate USB device [ 621.102055][ T5848] Bluetooth: hci5: command 0x0406 tx timeout [ 624.136018][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.143789][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.576847][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.777506][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.651929][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 688.658912][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P10396/1:b..l P9671/1:b..l P10187/1:b..l [ 688.669615][ C0] rcu: (detected by 0, t=10502 jiffies, g=39361, q=592 ncpus=2) [ 688.677323][ C0] task:syz-executor state:R running task stack:21128 pid:10187 tgid:10187 ppid:10153 task_flags:0x400140 flags:0x00004000 [ 688.691405][ C0] Call Trace: [ 688.694684][ C0] [ 688.697616][ C0] __schedule+0x16a2/0x4cb0 [ 688.702142][ C0] ? preempt_schedule_irq+0xb5/0x150 [ 688.707445][ C0] ? __pfx___schedule+0x10/0x10 [ 688.712336][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 688.717619][ C0] preempt_schedule_irq+0xb5/0x150 [ 688.722746][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 688.728480][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 688.734280][ C0] irqentry_exit+0x6f/0x90 [ 688.738699][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 688.744670][ C0] RIP: 0010:rcu_is_watching+0x9/0xb0 [ 688.749949][ C0] Code: 48 03 eb cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 53 <65> ff 05 80 e1 f5 10 e8 1b 03 c1 09 89 c3 83 f8 08 73 65 49 bf 00 [ 688.769545][ C0] RSP: 0018:ffffc9000fb0f7d8 EFLAGS: 00000202 [ 688.775605][ C0] RAX: 0000000000000001 RBX: ffffffff82169b81 RCX: ffff888075f65a00 [ 688.783580][ C0] RDX: 0000000000000001 RSI: ffffffff8db71d8d RDI: ffffffff8be1ca40 [ 688.791545][ C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8172aae5 [ 688.799508][ C0] R10: ffffc9000fb0f918 R11: ffffffff81ad0290 R12: 1ffff92001f61f19 [ 688.807474][ C0] R13: ffffc9000fb0f900 R14: ffffc9000fb0f8c8 R15: ffffffff8172aae5 [ 688.815442][ C0] ? unwind_next_frame+0xa5/0x2390 [ 688.820555][ C0] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 688.826194][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 688.832348][ C0] ? unwind_next_frame+0xa5/0x2390 [ 688.837466][ C0] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 688.843102][ C0] ? unwind_next_frame+0xa5/0x2390 [ 688.848209][ C0] unwind_next_frame+0xd4/0x2390 [ 688.853147][ C0] ? unwind_next_frame+0xa5/0x2390 [ 688.858250][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 688.863298][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 688.869447][ C0] arch_stack_walk+0x11c/0x150 [ 688.874206][ C0] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 688.879837][ C0] stack_trace_save+0x9c/0xe0 [ 688.884519][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 688.889894][ C0] kasan_save_track+0x3e/0x80 [ 688.894569][ C0] ? kasan_save_track+0x3e/0x80 [ 688.899427][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 688.904472][ C0] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 688.910135][ C0] __kasan_slab_alloc+0x6c/0x80 [ 688.915009][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 688.920472][ C0] ? security_file_alloc+0x34/0x330 [ 688.925688][ C0] security_file_alloc+0x34/0x330 [ 688.930721][ C0] init_file+0x93/0x2f0 [ 688.934877][ C0] alloc_empty_file+0x6e/0x1d0 [ 688.939726][ C0] alloc_file_pseudo+0x13d/0x210 [ 688.944712][ C0] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 688.950206][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 688.955422][ C0] ? _raw_spin_unlock+0x28/0x50 [ 688.960295][ C0] sock_alloc_file+0xb8/0x2e0 [ 688.964990][ C0] ? __sys_socket+0x12c/0x1b0 [ 688.969661][ C0] __sys_socket+0x13d/0x1b0 [ 688.974162][ C0] __x64_sys_socket+0x7a/0x90 [ 688.978848][ C0] do_syscall_64+0xfa/0x3b0 [ 688.983344][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.989403][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 688.995032][ C0] ? clear_bhb_loop+0x60/0xb0 [ 688.999706][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.005620][ C0] RIP: 0033:0x7fa6c7b90847 [ 689.010026][ C0] RSP: 002b:00007ffdcece4f58 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 689.018434][ C0] RAX: ffffffffffffffda RBX: 00007fa6c7c11b19 RCX: 00007fa6c7b90847 [ 689.026425][ C0] RDX: 0000000000000000 RSI: 0000000000080002 RDI: 0000000000000001 [ 689.034400][ C0] RBP: 00007ffdcece4f70 R08: 000000000000000a R09: 00007ffdcece5290 [ 689.042374][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 689.050341][ C0] R13: 00007fa6c88e4620 R14: 0000000000000006 R15: 0000000000000000 [ 689.058329][ C0] [ 689.061348][ C0] task:syz-executor state:R running task stack:21784 pid:9671 tgid:9671 ppid:9656 task_flags:0x400140 flags:0x00004000 [ 689.074843][ C0] Call Trace: [ 689.078119][ C0] [ 689.081047][ C0] __schedule+0x16a2/0x4cb0 [ 689.085569][ C0] ? preempt_schedule_common+0x83/0xd0 [ 689.091038][ C0] ? __pfx___schedule+0x10/0x10 [ 689.095900][ C0] ? do_raw_spin_lock+0x121/0x290 [ 689.100942][ C0] ? preempt_schedule+0xae/0xc0 [ 689.105841][ C0] preempt_schedule_common+0x83/0xd0 [ 689.111146][ C0] preempt_schedule+0xae/0xc0 [ 689.115855][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 689.121246][ C0] preempt_schedule_thunk+0x16/0x30 [ 689.126455][ C0] _raw_spin_unlock+0x3f/0x50 [ 689.131135][ C0] ? copy_pmd_range+0x66f1/0x7000 [ 689.136178][ C0] copy_pmd_range+0x6727/0x7000 [ 689.141043][ C0] ? arch_stack_walk+0xfc/0x150 [ 689.145924][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 689.151147][ C0] copy_page_range+0xc46/0x1270 [ 689.156006][ C0] ? __lock_acquire+0xab9/0xd20 [ 689.160875][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 689.166168][ C0] ? up_write+0x1c4/0x420 [ 689.170499][ C0] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 689.177290][ C0] dup_mmap+0xf57/0x1ac0 [ 689.181557][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 689.186298][ C0] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 689.192188][ C0] ? mm_init+0xc68/0xec0 [ 689.196432][ C0] copy_mm+0x13c/0x4b0 [ 689.200504][ C0] ? copy_process+0x978/0x3b80 [ 689.205269][ C0] copy_process+0x16d3/0x3b80 [ 689.209944][ C0] ? copy_process+0x978/0x3b80 [ 689.214722][ C0] ? __pfx_copy_process+0x10/0x10 [ 689.219742][ C0] ? __handle_mm_fault+0x1144/0x5620 [ 689.225041][ C0] kernel_clone+0x224/0x7f0 [ 689.229540][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 689.234575][ C0] __x64_sys_clone+0x18b/0x1e0 [ 689.239340][ C0] ? count_memcg_event_mm+0x21/0x260 [ 689.244624][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 689.249919][ C0] ? do_user_addr_fault+0xc8a/0x1390 [ 689.255205][ C0] ? do_syscall_64+0xbe/0x3b0 [ 689.259875][ C0] do_syscall_64+0xfa/0x3b0 [ 689.264373][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 689.269566][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.275637][ C0] ? clear_bhb_loop+0x60/0xb0 [ 689.280329][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.286221][ C0] RIP: 0033:0x7fbbd0f85193 [ 689.290644][ C0] RSP: 002b:00007ffe48b412c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 689.299057][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbbd0f85193 [ 689.307051][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 689.315020][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 689.322984][ C0] R10: 000055558930a7d0 R11: 0000000000000246 R12: 0000000000000000 [ 689.330948][ C0] R13: 00000000000927c0 R14: 000000000008e01c R15: 00007ffe48b41460 [ 689.338930][ C0] [ 689.341954][ C0] task:syz.2.1187 state:R running task stack:22408 pid:10396 tgid:10396 ppid:5842 task_flags:0x40004c flags:0x00004000 [ 689.355432][ C0] Call Trace: [ 689.358704][ C0] [ 689.361637][ C0] __schedule+0x16a2/0x4cb0 [ 689.366155][ C0] ? preempt_schedule_common+0x83/0xd0 [ 689.371630][ C0] ? __pfx___schedule+0x10/0x10 [ 689.376484][ C0] ? do_raw_spin_lock+0x121/0x290 [ 689.381527][ C0] ? preempt_schedule+0xae/0xc0 [ 689.386392][ C0] preempt_schedule_common+0x83/0xd0 [ 689.391678][ C0] preempt_schedule+0xae/0xc0 [ 689.396361][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 689.401759][ C0] preempt_schedule_thunk+0x16/0x30 [ 689.406959][ C0] _raw_spin_unlock+0x3f/0x50 [ 689.411634][ C0] unmap_page_range+0x3842/0x41c0 [ 689.416697][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 689.422072][ C0] ? unmap_vmas+0x144/0x580 [ 689.426573][ C0] unmap_vmas+0x399/0x580 [ 689.430905][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 689.435775][ C0] exit_mmap+0x248/0xb50 [ 689.440075][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 689.444849][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 689.450064][ C0] ? __khugepaged_exit+0x319/0x470 [ 689.455167][ C0] ? kmem_cache_free+0x18f/0x400 [ 689.460100][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 689.465296][ C0] ? __khugepaged_exit+0x347/0x470 [ 689.470404][ C0] __mmput+0x118/0x410 [ 689.474472][ C0] exit_mm+0x1da/0x2c0 [ 689.478538][ C0] ? __pfx_exit_mm+0x10/0x10 [ 689.483126][ C0] ? rcu_is_watching+0x15/0xb0 [ 689.487888][ C0] do_exit+0x648/0x22e0 [ 689.492052][ C0] ? preempt_schedule_common+0x83/0xd0 [ 689.497512][ C0] ? preempt_schedule+0xae/0xc0 [ 689.502360][ C0] ? __pfx_do_exit+0x10/0x10 [ 689.506952][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 689.512328][ C0] do_group_exit+0x21c/0x2d0 [ 689.516933][ C0] __x64_sys_exit_group+0x3f/0x40 [ 689.521981][ C0] x64_sys_call+0x21ba/0x21c0 [ 689.526658][ C0] do_syscall_64+0xfa/0x3b0 [ 689.531157][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.537222][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 689.543370][ C0] ? clear_bhb_loop+0x60/0xb0 [ 689.548042][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.553926][ C0] RIP: 0033:0x7fe1e618e929 [ 689.558359][ C0] RSP: 002b:00007ffc1d6f77c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 689.566775][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe1e618e929 [ 689.574738][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 689.582699][ C0] RBP: 00007ffc1d6f782c R08: 0000001b1d6f78bf R09: 00000000000927c0 [ 689.590666][ C0] R10: 0000000000001364 R11: 0000000000000246 R12: 00000000000000fd [ 689.598633][ C0] R13: 00000000000927c0 R14: 000000000008db0c R15: 00007ffc1d6f7880 [ 689.606612][ C0] [ 689.609633][ C0] rcu: rcu_preempt kthread starved for 10258 jiffies! g39361 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 689.620849][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 689.630818][ C0] rcu: RCU grace-period kthread stack dump: [ 689.636701][ C0] task:rcu_preempt state:R running task stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 689.650185][ C0] Call Trace: [ 689.653478][ C0] [ 689.656410][ C0] __schedule+0x16a2/0x4cb0 [ 689.660954][ C0] ? schedule+0x165/0x360 [ 689.665324][ C0] ? __pfx___schedule+0x10/0x10 [ 689.670182][ C0] ? schedule+0x91/0x360 [ 689.674447][ C0] schedule+0x165/0x360 [ 689.678604][ C0] schedule_timeout+0x12b/0x270 [ 689.683461][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 689.688826][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 689.694716][ C0] ? __pfx_process_timeout+0x10/0x10 [ 689.699999][ C0] ? prepare_to_swait_event+0x341/0x380 [ 689.705543][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 689.710396][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 689.715616][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 689.721778][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 689.727078][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 689.732275][ C0] ? finish_swait+0xcd/0x1f0 [ 689.736864][ C0] rcu_gp_kthread+0x99/0x390 [ 689.741445][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 689.746639][ C0] ? __kthread_parkme+0x7b/0x200 [ 689.751571][ C0] ? __kthread_parkme+0x1a1/0x200 [ 689.756605][ C0] kthread+0x711/0x8a0 [ 689.760687][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 689.765879][ C0] ? __pfx_kthread+0x10/0x10 [ 689.770465][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 689.775682][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 689.780880][ C0] ? __pfx_kthread+0x10/0x10 [ 689.785476][ C0] ret_from_fork+0x3fc/0x770 [ 689.790061][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 689.795174][ C0] ? __switch_to_asm+0x39/0x70 [ 689.799947][ C0] ? __switch_to_asm+0x33/0x70 [ 689.804707][ C0] ? __pfx_kthread+0x10/0x10 [ 689.809291][ C0] ret_from_fork_asm+0x1a/0x30 [ 689.814061][ C0] [ 689.817081][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 689.823399][ C0] Sending NMI from CPU 0 to CPUs 1: [ 689.828625][ C1] NMI backtrace for cpu 1 [ 689.828648][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 689.828675][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 689.828689][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 689.828717][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 1d 20 00 f3 0f 1e fa fb f4 88 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 689.828730][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 689.828745][ C1] RAX: 2aaae4b674e1f400 RBX: ffffffff81976b68 RCX: 2aaae4b674e1f400 [ 689.828757][ C1] RDX: 0000000000000001 RSI: ffffffff8d985220 RDI: ffffffff8be1ca40 [ 689.828768][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 689.828780][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0c9f0 [ 689.828791][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a5db40 [ 689.828812][ C1] FS: 0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000 [ 689.828824][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 689.828834][ C1] CR2: 000055556a3205c8 CR3: 000000000df38000 CR4: 00000000003526f0 [ 689.828855][ C1] Call Trace: [ 689.828862][ C1] [ 689.828867][ C1] default_idle+0x13/0x20 [ 689.828882][ C1] default_idle_call+0x74/0xb0 [ 689.828897][ C1] do_idle+0x1e8/0x510 [ 689.828916][ C1] ? __pfx_do_idle+0x10/0x10 [ 689.828948][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 689.828980][ C1] cpu_startup_entry+0x44/0x60 [ 689.828997][ C1] start_secondary+0x101/0x110 [ 689.829020][ C1] common_startup_64+0x13e/0x147 [ 689.829048][ C1] [ 691.029941][T10187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.163988][T10390] raw-gadget.0 gadget.0: failed to queue disconnect event SYZFAIL: failed to send rpc fd=3 want=11536 sent=0 n=-1 (errno 32: Broken pipe) [ 692.685077][ T8083] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.802672][ T8083] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.824634][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 692.834957][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 692.844167][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 692.864198][ T8083] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.865393][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 692.886593][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 692.931739][ T8083] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.946306][T10410] lo speed is unknown, defaulting to 1000 [ 693.099704][ T8083] bridge_slave_1: left allmulticast mode [ 693.105738][ T8083] bridge_slave_1: left promiscuous mode [ 693.111455][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.120805][ T8083] bridge_slave_0: left allmulticast mode [ 693.126850][ T8083] bridge_slave_0: left promiscuous mode [ 693.132811][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.434236][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 693.443309][ T8083] bond_slave_0: left promiscuous mode [ 693.450537][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 693.460170][ T8083] bond_slave_1: left promiscuous mode [ 693.468119][ T8083] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 693.476855][ T8083] batadv0: left promiscuous mode [ 693.486288][ T8083] bond0 (unregistering): Released all slaves [ 693.573495][ T8083] bond1 (unregistering): Released all slaves [ 693.591686][T10410] chnl_net:caif_netlink_parms(): no params data found [ 693.705706][T10410] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.713469][T10410] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.720609][T10410] bridge_slave_0: entered allmulticast mode [ 693.727812][T10410] bridge_slave_0: entered promiscuous mode [ 693.740735][T10410] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.747963][T10410] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.756100][T10410] bridge_slave_1: entered allmulticast mode [ 693.763607][T10410] bridge_slave_1: entered promiscuous mode [ 693.814542][T10410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.826359][T10410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 693.876350][ T8083] hsr_slave_0: left promiscuous mode [ 693.885202][ T8083] hsr_slave_1: left promiscuous mode [ 693.891026][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 693.900262][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 693.908116][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 693.915629][ T8083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 693.934378][ T8083] veth1_macvtap: left promiscuous mode [ 693.939904][ T8083] veth0_macvtap: left promiscuous mode [ 693.946254][ T8083] veth1_vlan: left promiscuous mode [ 693.951558][ T8083] veth0_vlan: left promiscuous mode [ 694.316418][ T8083] team0 (unregistering): Port device team_slave_1 removed [ 694.351531][ T8083] team0 (unregistering): Port device team_slave_0 removed [ 694.681360][T10410] team0: Port device team_slave_0 added [ 694.693610][T10410] team0: Port device team_slave_1 added [ 694.737159][T10410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 694.744411][T10410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 694.770739][T10410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 694.785055][T10410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 694.792496][T10410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 694.819386][T10410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 694.878421][T10410] hsr_slave_0: entered promiscuous mode [ 694.885957][T10410] hsr_slave_1: entered promiscuous mode [ 694.935039][ T9396] Bluetooth: hci0: command tx timeout [ 695.012693][ T8083] IPVS: stop unused estimator thread 0... [ 695.055743][T10410] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 695.065725][T10410] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 695.076873][T10410] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 695.086191][T10410] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 695.143421][ T8083] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.199827][T10410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 695.219630][ T8083] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.249706][T10410] 8021q: adding VLAN 0 to HW filter on device team0 [ 695.266338][ T8053] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.273554][ T8053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 695.289091][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.296261][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 695.327903][ T8083] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.565752][T10410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 695.837155][ T8083] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.876448][T10410] veth0_vlan: entered promiscuous mode [ 695.886675][T10410] veth1_vlan: entered promiscuous mode [ 695.917553][ T8083] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.948648][T10410] veth0_macvtap: entered promiscuous mode [ 695.958033][T10410] veth1_macvtap: entered promiscuous mode [ 695.984598][ T8083] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.008591][T10410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 696.022869][T10410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 696.046156][ T8083] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.064721][T10410] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.073759][T10410] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.082511][T10410] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.091208][T10410] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.161545][ T8079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.173494][ T8079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 696.200003][ T8053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.208327][ T8053] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 696.296202][ T8083] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.376962][ T8083] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.473739][ T8083] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.525010][ T8083] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.616748][ T8083] bridge_slave_1: left allmulticast mode [ 696.622688][ T8083] bridge_slave_1: left promiscuous mode [ 696.628367][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.637448][ T8083] bridge_slave_0: left allmulticast mode [ 696.643384][ T8083] bridge_slave_0: left promiscuous mode [ 696.649075][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.659298][ T8083] bridge_slave_1: left allmulticast mode [ 696.665086][ T8083] bridge_slave_1: left promiscuous mode [ 696.670762][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.680731][ T8083] bridge_slave_0: left allmulticast mode [ 696.686686][ T8083] bridge_slave_0: left promiscuous mode [ 696.693621][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.707776][ T8083] bridge_slave_1: left allmulticast mode [ 696.713590][ T8083] bridge_slave_1: left promiscuous mode [ 696.719250][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.728709][ T8083] bridge_slave_0: left allmulticast mode [ 696.735268][ T8083] bridge_slave_0: left promiscuous mode [ 696.740936][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.765620][ T8083] bridge_slave_1: left allmulticast mode [ 696.771274][ T8083] bridge_slave_1: left promiscuous mode [ 696.777594][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.787743][ T8083] bridge_slave_0: left allmulticast mode [ 696.793708][ T8083] bridge_slave_0: left promiscuous mode [ 696.799422][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.813163][ T8083] tipc: Resetting bearer [ 697.047032][ T8083] dvmrp8 (unregistering): left allmulticast mode [ 697.231701][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.240778][ T8083] bond_slave_0: left promiscuous mode [ 697.248531][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.257724][ T8083] bond_slave_1: left promiscuous mode [ 697.264902][ T8083] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 697.273713][ T8083] batadv0: left promiscuous mode [ 697.279201][ T8083] bond0 (unregistering): Released all slaves [ 697.564029][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.575813][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.586076][ T8083] bond0 (unregistering): Released all slaves [ 697.931635][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.941254][ T8083] bond_slave_0: left promiscuous mode [ 697.952843][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.961629][ T8083] bond_slave_1: left promiscuous mode [ 697.970553][ T8083] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 697.979525][ T8083] batadv0: left promiscuous mode [ 697.985401][ T8083] bond0 (unregistering): Released all slaves [ 698.043188][ T8083] tipc: Disabling bearer [ 698.236709][ T8083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.248197][ T8083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 698.257969][ T8083] bond0 (unregistering): Released all slaves [ 698.405413][ T8083] tipc: Left network mode