last executing test programs: 4m35.305926059s ago: executing program 3 (id=877): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x7ffffc, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0) 4m7.496364921s ago: executing program 3 (id=877): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x7ffffc, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0) 3m36.2663033s ago: executing program 3 (id=877): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x7ffffc, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0) 3m3.925509607s ago: executing program 3 (id=877): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x7ffffc, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0) 2m13.982991372s ago: executing program 3 (id=877): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x7ffffc, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0) 1m40.128562652s ago: executing program 3 (id=877): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x7ffffc, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0) 37.326091765s ago: executing program 4 (id=1793): close(0xffffffffffffffff) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = semget$private(0x0, 0x0, 0x587) r4 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x2b, &(0x7f0000002640), 0x42) sendmsg$kcm(r4, &(0x7f0000000840)={&(0x7f0000000080)=@phonet={0x23, 0xd, 0x1, 0x4}, 0x80, 0x0}, 0xc4140) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="08010000190001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044000500000000000000000000000000000000000000fe80000000000000000000000000000000000000000000000000000000000000000000000a001000"/192], 0x108}}, 0x0) semop(r3, &(0x7f0000000240)=[{0x4, 0x0, 0x38c652153765b23a}], 0x1) semctl$SETVAL(r3, 0x2, 0x8, 0x0) close(0xffffffffffffffff) r6 = socket$tipc(0x1e, 0x4, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x43}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000005c0)=ANY=[@ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r6]) mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000001dc0)={0xf, 0x4, 0x100000}, 0x20) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040), 0x0, 0xffffffffffffffff, 0x0, 0x12, 0x0, 0x2}) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110e22fff6) 36.329265992s ago: executing program 4 (id=1796): socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = memfd_create(&(0x7f00000000c0)='\xfbm\xe3\xc8L\x15\x0f\xd9\b\x00\x8cp,e\x7f\x00\x02e#vH\x9e\x9f]\"\xcf\xe9\xc6*#\xad\xe80\xec\xf0\x87\x92&\xf2@B`5\xe2\xaa\xd3\"\x81\xe6\xfb\xfcB\x90|\xc0\xe8\xee\'_\\\f#', 0x2) fstatfs(r0, &(0x7f00000003c0)=""/146) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$kcm(0x10, 0x5, 0x10) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300), 0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x40000, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x3, 0x1, 0x0, 'syz0\x00'}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) socket$igmp(0x2, 0x3, 0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = userfaultfd(0x1) io_setup(0xcb, &(0x7f0000000000)) r6 = socket(0x11, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@getqdisc={0x38, 0x26, 0x1, 0x70bc2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x1, 0x1}, {0xffff, 0xffe0}, {0xfff1, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}, 0x1, 0x7a00, 0x0, 0x404}, 0x4000000) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0) write$UHID_CREATE2(r5, 0x0, 0x0) eventfd(0x3c) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r9, &(0x7f0000bac000/0x400000)=nil) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r9, 0x4020aed2, &(0x7f0000000080)={0x100000, 0x388000, 0x8}) eventfd(0x67) 33.428593201s ago: executing program 4 (id=1799): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x48, r6, 0x801, 0x70bd2c, 0x3, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "7ee5d52ffd"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x48}}, 0x0) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x840) bpf$PROG_LOAD(0x5, 0x0, 0x0) 30.454660559s ago: executing program 4 (id=1804): socket$nl_route(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff6ffc}]}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r1}}, 0x20) 30.090246161s ago: executing program 4 (id=1807): ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000004c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000500)) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x952f, &(0x7f0000000100)=[{&(0x7f0000000000)="3a10", 0xffd0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) ptrace(0x10, r1) rt_tgsigqueueinfo(r1, r1, 0x2b, &(0x7f0000000140)={0x3a, 0x3, 0xfffffff9}) ptrace$peeksig(0x4209, r1, &(0x7f0000000ac0)={0x5692, 0x0, 0x6}, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}]) syz_usb_connect$uac1(0x4, 0xa7, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESOCT=0x0, @ANYBLOB="106583d1dfc3ac1b598417012266b64f2e114be5cc9df713a3a93b45ad5828f805a0f5d22ea5da588f974d0880fe1716a11ce5747e1f79f173bc4eb438e7c0f48d5c20d28ce220896618d8492cfe041982ad867b8496b0934e530a08b4453ddf097a1896af967e609134dd7e3fd030a766e117cb499dbb6323f7102f52ee62134f93e7b382ba19b1df3ba12fdfb75e7bc8fc659756ec071c389e0bdedcd9adeee24bbd1e777446feddc78ee64970de41fa4a85f7e11d7702bd93f0fa17fba9a6f405fe66f9d3bff93d89803839c33e5e24859af052fdcb935b0fefd7e34a8f", @ANYRES8, @ANYRES64=r1, @ANYRES64, @ANYRES8=r1, @ANYRES64=r1], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_connect$cdc_ncm(0x2, 0x77, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x65, 0x2, 0x1, 0xd, 0xa0, 0xe5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "068b"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x800, 0x2, 0x3, 0x2}, {0x6, 0x24, 0x1a, 0x1ff, 0x20}, [@dmm={0x7, 0x24, 0x14, 0x3, 0xfff}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x3, 0x1a, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0x7, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xde, 0xd, 0x9f}}}}}}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x8, 0x0, 0x9a, 0x8, 0x4}, 0xb4, &(0x7f00000000c0)={0x5, 0xf, 0xb4, 0x2, [@generic={0xa8, 0x10, 0x3, "19129e7f0cd2bd9857428a406b45e791b042cedef94b27ffb4b4ad081c7a5cdf452cdebea6628d7a39ffceefb14481409f29478d368a32f2326397fb2810b5be95250f88cbd2e2ac7345af03f4484609d744d01c63330ba3633bc2f3d0bcd3921852635df0a9b95f660de84a7ac1a662694ffaf27df1b3ff60833800db14ed36ac46d5a5826f3fba2b09c4414dd169b08a5a764aa921310b35dac2782f658420e6f5e31308"}, @ext_cap={0x7, 0x10, 0x2, 0xd3b7f190f98a9770, 0xf, 0xa, 0xf}]}, 0x4, [{0xf0, &(0x7f00000001c0)=@string={0xf0, 0x3, "6e6b6b8d81b0e9b142391a09ded47765d3284859754a65e2c23af511d3b695dd99a8225abf34f39f79d9c28b3f7b63d3a0105446895746a8f387dd81edcd415300e1f6c89167108bf5f095982eaffe37f3a6a69fc78225face9d01ec7a74d5730eef94710cfcaf5aed48e4f115a882297e1913f31b30948f39610b050f2760ce37ac2f0bad3e3e431b405b787a3bb48bfbe288a488c6efd72b6aaeecb04f66ff85f4a930f3b1340eafce40db1df6195289ef60e7da4fc4f8023e38d812b5f413f854856c4965646a6e45364986128f82120af6017a9c9bb9292e2d3d2799f6728316643adebf8891262449e4ea6a"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x140c}}, {0x12, &(0x7f0000000340)=@string={0x12, 0x3, "ee8e8dba47103ffda04c9a143d1094e6"}}]}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETSNDBUF(r4, 0x400454d4, &(0x7f00000002c0)) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) 27.547874413s ago: executing program 4 (id=1811): syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @multicast}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r2, &(0x7f0000000140)="8269b66f", 0x18, 0x0, 0x0, 0x0) 26.308016379s ago: executing program 0 (id=1813): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000400)={0x1, @pix_mp={0x0, 0x0, 0x50424752, 0x2, 0x0, [{}, {0x1}, {0x4}, {}, {0x1}, {0xfffffffe, 0x3}], 0x4, 0x0, 0x0, 0x1}}) 26.068484443s ago: executing program 0 (id=1814): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x30, 0x0, 0x0, 0x36fd}, {0x30, 0x0, 0x0, 0x80000001}, {0x6}]}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007000000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000640)='syzkaller\x00', 0x8, 0x8d, &(0x7f0000000680)=""/141, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$binfmt_elf64(r0, &(0x7f0000000b40)=ANY=[], 0x457f) 25.816137323s ago: executing program 0 (id=1816): openat$rtc(0xffffffffffffff9c, &(0x7f0000001a40), 0x40000, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000001a80)=0xfffffffffffffffb, 0x7) 25.616377412s ago: executing program 0 (id=1817): socket$nl_route(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff6ffc}]}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r1}}, 0x20) 24.84713542s ago: executing program 0 (id=1818): sched_setaffinity(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x81c6, 0x0) ioctl$TIOCSISO7816(r1, 0xc0285443, &(0x7f0000000540)={0x400, 0xfffffffb, 0x100, 0x4, 0x4}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r4) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x20002, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000005c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) setfsgid(0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x14, r5, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x20008801) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x44089) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb010018000000000000006000000060000000050000000000000000000003000000000400000005000000060000000800000005000085010000001000000000000000018000000000000005000000000000000400010004000000000001000a00000001000000030000000900000004000000300e0000005f305f5f3000"], &(0x7f0000000780)=""/178, 0x7f, 0xb2, 0x1, 0x1b0, 0x10000, @value}, 0x28) r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r7, 0xc02c564a, &(0x7f0000000000)={0x2, 0x34325241, 0x3, @stepwise={0x7b1, 0x3, 0x4, 0x0, 0x6, 0x2}}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r6, {0x7fffffff}}, './file0\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x4, 0x1, 0x0, 0xc, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00') read$FUSE(r8, &(0x7f0000005580)={0x2020}, 0x2020) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf0500000000000073350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0675a09563578b6756985417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846a8629d1d93265ba474580e358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fd"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r9}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r10, 0x4058534c, &(0x7f0000000040)={0x6, 0x200, 0x0, 0x7, 0x5, 0x800}) 23.943865787s ago: executing program 0 (id=1822): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x8d}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x8}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xd3, &(0x7f0000000280)=""/211, 0x0, 0x2a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x10}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c) sendto$inet6(r0, &(0x7f0000000500)="a4", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x4, @loopback, 0xffffffff}, 0x1c) syz_open_dev$loop(&(0x7f00000000c0), 0x9, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00'}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r3 = add_key$keyring(&(0x7f00000085c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r4 = add_key$keyring(&(0x7f0000008540), &(0x7f0000008580)={'syz', 0x3}, 0x0, 0x0, r3) keyctl$unlink(0x9, r4, r3) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r5, 0x4c80, 0x7000000) socket$can_raw(0x1d, 0x3, 0x1) r6 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setsig(r6, 0xa, 0x21) fcntl$setlease(r6, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x72) getrandom(0x0, 0x0, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, 0x0) 6.568135575s ago: executing program 1 (id=1850): socket$nl_route(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x8020000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff6ffc}]}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r2}}, 0x20) 6.071378026s ago: executing program 1 (id=1852): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x1, 0x66c, 0x0, 'queue1\x00'}) poll(&(0x7f0000000100)=[{r0}], 0x1, 0x9d) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0x0, &(0x7f0000000080)={0x0, 0x1000000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00009ba000/0x1000)=nil) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x1c, r5, 0x331, 0x0, 0x25dfdbfb, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000240), 0x36, 0xcc800) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c, @void, @value}, 0x94) 4.948887034s ago: executing program 2 (id=1853): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) syz_open_dev$vim2m(0x0, 0x0, 0x2) r1 = socket(0xa, 0x3, 0x3a) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003700), 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) connect$packet(r1, &(0x7f0000000200)={0x11, 0xf8, 0x0, 0x1, 0xa, 0x6, @multicast}, 0x14) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000240)='resize', 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000480)={0xa, 0x0, 0x3c000, @mcast2, 0x5}, 0x1c) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmmsg$unix(r5, &(0x7f0000006d00)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000002ac0)="7e5361fc8bbdce73b54b9c8ebbed490e0ae5162aad0b408cdc18e20eb20b692250bdef0d431294de", 0x28}], 0x1}}], 0x1, 0x4008890) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) listen(r0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 4.070894386s ago: executing program 2 (id=1854): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x0, 0x7fff0000}]}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) getpriority(0x1, r1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, '\a\x00', "b2777282398f8d460bffffffff0000009018b860a90da11410b46ce7977240ac", "fb5ee4ad"}, 0x38) unshare(0xa000400) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x10d042, 0x0) sendfile(r4, r4, 0x0, 0x40008) 2.861411719s ago: executing program 2 (id=1855): r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x676e7000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000040)=@x86={0x6, 0x4, 0x8, 0x0, 0x1, 0x9, 0xff, 0x2, 0x0, 0xd, 0x7f, 0x2, 0x0, 0x134, 0xffffffff, 0x4, 0x6, 0x5, 0x11, '\x00', 0x1, 0x2}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = open(&(0x7f0000000300)='./file0\x00', 0x80400, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x4004010) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000060000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000d8ffffffb702000008000000b7030000000080008500000006000000b7080000ff000000dbaaf8fff1000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r7}, 0xc) fchdir(r5) mkdir(0x0, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x8) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='./control\x00') write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0) 2.466232714s ago: executing program 1 (id=1856): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x1002, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioperm(0x0, 0x82, 0x1f) rt_sigprocmask(0x2, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x80000043, 0x0, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 2.365846622s ago: executing program 1 (id=1857): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fdf000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x18, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x100, 0x3, 0x30324c4a, 0x9, 0x8, [{}, {0x7fffffff, 0x8}, {0xf, 0xe04}, {0x7, 0x4c6}, {0x7, 0x3}, {0x8001, 0xe1}, {}, {0xffffffff, 0xffffffff}], 0xf1, 0x2c, 0x9, 0x2, 0x2}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000001c0)={0x2, 0x4, 0xe, 0x8, 0x7, 0x1, 0x40, 0x9, 0x5, 0x2, 0x9, 0x4, 0xf, 0x7f}, 0xe) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[], 0x48) r7 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x632f02, 0x188) read$hiddev(r7, &(0x7f0000000080)=""/39, 0x27) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(r8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r11 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32=r10, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="b1da8de5fa3ae96034e1cd1f5178a3b86ceba72c5ecf7be198727c56a1b8b12246166f70bfe9dedf37c62fd67c47d03565b07307fd676ba5456e56a7304af996c0013da7f3cbb799dc8dc2066daeeffc05161f42440eefee9ce345f26f7e809111171e4638da8e4d8cae1135b9d40a84d1de51f50f3295810562e7693663157580d0184995171d811f96a3ee", @ANYRES32], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r11}, &(0x7f0000000000), &(0x7f0000000080)=r8}, 0x20) sendmsg$inet(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x1}], 0x1}, 0x40001) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000000)=ANY=[@ANYBLOB="0fab"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.035533588s ago: executing program 2 (id=1858): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x0, 0x7fff0000}]}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) getpriority(0x1, r1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6(0xa, 0x1, 0x8010000000000084) unshare(0xa000400) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x10d042, 0x0) sendfile(r3, r3, 0x0, 0x40008) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000000880)={{}, 0xfe}) r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) lseek(r5, 0xa, 0x1) rmdir(&(0x7f0000000440)='./file0\x00') 1.915201715s ago: executing program 1 (id=1859): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x0, 0x7fff0000}]}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) getpriority(0x1, r1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, '\a\x00', "b2777282398f8d460bffffffff0000009018b860a90da11410b46ce7977240ac", "fb5ee4ad"}, 0x38) unshare(0xa000400) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x10d042, 0x0) sendfile(r4, r4, 0x0, 0x40008) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$IOCTL_STOP_ACCEL_DEV(r5, 0x40096101, &(0x7f0000000880)={{}, 0xfe}) r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) lseek(r6, 0xa, 0x1) rmdir(&(0x7f0000000440)='./file0\x00') 836.721794ms ago: executing program 2 (id=1860): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfe89, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100"], 0x54}, 0x1, 0x0, 0x0, 0x20048004}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}}, 0x0) (fail_nth: 7) 517.755192ms ago: executing program 1 (id=1861): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = creat(0x0, 0x0) syz_emit_vhci(0x0, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000100)={0x1, 0x145}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3}}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x6, '\x00', r4, r1, 0x0, 0x4, 0x1, 0x0, @void, @value, @void, @value}, 0x50) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) r5 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_S_MODE(r5, 0x40046109, &(0x7f0000000300)=0xd0) r6 = semget$private(0x0, 0x0, 0x53) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000280)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0x1}}, 0x10) semctl$GETALL(r6, 0x0, 0xd, &(0x7f0000000040)=""/119) r7 = userfaultfd(0x80001) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1}) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r7, 0xc020aa08, 0x0) ioctl$UFFDIO_COPY(r7, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3}) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) clock_settime(0x0, &(0x7f0000000040)={0x77359400}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="03000800010000000000140000004500003014000000000190780a010100ac1414aa0400907800000000450000000000000000110000ac1414aa7f000001"], 0x3e) 0s ago: executing program 2 (id=1862): syz_emit_ethernet(0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0xfd, 0xa4, 0x2, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, 0x0, 0x10, 0xfffffffd, 0xdc69}}) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x18b801, 0x0) r1 = socket$key(0xf, 0x3, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400008a, 0x700) sendmsg$key(r1, &(0x7f0000000000)={0x9, 0x0, 0x0}, 0x4000000) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x18, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x18}}, 0xc000) syz_genetlink_get_family_id$team(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000300)={@ipv4={""/10, ""/2, @multicast2}}, &(0x7f0000000380)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f00000003c0)={'sit0\x00', r0, 0x40, 0x8000, 0x3, 0x3ff, {{0x9, 0x4, 0x3, 0x1c, 0x24, 0x64, 0x0, 0x5, 0x4, 0x0, @private=0xa010100, @remote, {[@timestamp_prespec={0x44, 0xc, 0xab, 0x3, 0x2, [{@private=0xa010102, 0x9}]}, @noop]}}}}}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00'}) kernel console output (not intermixed with test programs): orwarding state [ 630.430006][T10739] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.437301][T10739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 631.996421][T12136] FAULT_INJECTION: forcing a failure. [ 631.996421][T12136] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 632.060045][T12136] CPU: 0 UID: 0 PID: 12136 Comm: syz.4.1503 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 632.060069][T12136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 632.060077][T12136] Call Trace: [ 632.060084][T12136] [ 632.060090][T12136] dump_stack_lvl+0x189/0x250 [ 632.060114][T12136] ? __lock_acquire+0xaac/0xd20 [ 632.060136][T12136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 632.060156][T12136] ? __pfx__printk+0x10/0x10 [ 632.060179][T12136] ? __might_fault+0xb0/0x130 [ 632.060211][T12136] should_fail_ex+0x414/0x560 [ 632.060230][T12136] _copy_from_iter+0x1db/0x15a0 [ 632.060251][T12136] ? rcu_is_watching+0x15/0xb0 [ 632.060281][T12136] ? __pfx__copy_from_iter+0x10/0x10 [ 632.060298][T12136] ? __build_skb_around+0x257/0x3e0 [ 632.060320][T12136] ? skb_put+0x11b/0x210 [ 632.060337][T12136] ? tipc_msg_build+0x8c6/0xcf0 [ 632.060372][T12136] tipc_msg_build+0x72b/0xcf0 [ 632.060397][T12136] ? __pfx_tipc_msg_build+0x10/0x10 [ 632.060418][T12136] ? net_generic+0x1e/0x240 [ 632.060431][T12136] ? net_generic+0x1e/0x240 [ 632.060448][T12136] ? tipc_group_bc_cong+0x15f/0x210 [ 632.060471][T12136] tipc_send_group_bcast+0x76c/0xa70 [ 632.060511][T12136] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 632.060549][T12136] ? __pfx_woken_wake_function+0x10/0x10 [ 632.060591][T12136] __tipc_sendmsg+0x2d7/0x2960 [ 632.060618][T12136] ? process_measurement+0x72d/0x1a40 [ 632.060640][T12136] ? __pfx___tipc_sendmsg+0x10/0x10 [ 632.060659][T12136] ? process_measurement+0x1640/0x1a40 [ 632.060688][T12136] ? __pfx_process_measurement+0x10/0x10 [ 632.060704][T12136] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 632.060720][T12136] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 632.060735][T12136] ? smk_access+0x14c/0x4e0 [ 632.060769][T12136] ? __lock_acquire+0xaac/0xd20 [ 632.060796][T12136] ? __local_bh_enable_ip+0x12d/0x1c0 [ 632.060817][T12136] ? lockdep_hardirqs_on+0x9c/0x150 [ 632.060836][T12136] ? __local_bh_enable_ip+0x12d/0x1c0 [ 632.060856][T12136] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 632.060885][T12136] tipc_sendmsg+0x55/0x70 [ 632.060901][T12136] ? __pfx_tipc_sendmsg+0x10/0x10 [ 632.060917][T12136] __sock_sendmsg+0x219/0x270 [ 632.060935][T12136] ____sys_sendmsg+0x52d/0x830 [ 632.060959][T12136] ? __pfx_____sys_sendmsg+0x10/0x10 [ 632.061022][T12136] ? import_iovec+0x74/0xa0 [ 632.061056][T12136] ___sys_sendmsg+0x21f/0x2a0 [ 632.061087][T12136] ? __pfx____sys_sendmsg+0x10/0x10 [ 632.061163][T12136] ? __fget_files+0x2a/0x420 [ 632.061180][T12136] ? __fget_files+0x3a0/0x420 [ 632.061208][T12136] __sys_sendmmsg+0x227/0x430 [ 632.061240][T12136] ? __pfx___sys_sendmmsg+0x10/0x10 [ 632.061278][T12136] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 632.061315][T12136] ? ksys_write+0x1f0/0x250 [ 632.061334][T12136] ? rcu_is_watching+0x15/0xb0 [ 632.061361][T12136] __x64_sys_sendmmsg+0xa0/0xc0 [ 632.061382][T12136] do_syscall_64+0xf6/0x210 [ 632.061419][T12136] ? clear_bhb_loop+0x60/0xb0 [ 632.061437][T12136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.061451][T12136] RIP: 0033:0x7f7f1278e969 [ 632.061465][T12136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.061477][T12136] RSP: 002b:00007f7f136c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 632.061493][T12136] RAX: ffffffffffffffda RBX: 00007f7f129b5fa0 RCX: 00007f7f1278e969 [ 632.061504][T12136] RDX: 0400000000000181 RSI: 00002000000030c0 RDI: 0000000000000005 [ 632.061513][T12136] RBP: 00007f7f136c1090 R08: 0000000000000000 R09: 0000000000000000 [ 632.061522][T12136] R10: 9200000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 632.061532][T12136] R13: 0000000000000000 R14: 00007f7f129b5fa0 R15: 00007ffde1494f88 [ 632.061554][T12136] [ 632.770401][T11868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 632.828315][T11868] veth0_vlan: entered promiscuous mode [ 632.845297][T11868] veth1_vlan: entered promiscuous mode [ 633.051066][T12150] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1505' sets config #1 [ 633.647405][T11868] veth0_macvtap: entered promiscuous mode [ 633.660056][T11868] veth1_macvtap: entered promiscuous mode [ 633.760655][T11868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 633.782974][T11868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 633.830350][T11868] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.863619][T11868] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.873076][T11868] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.883026][T11868] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.102374][T12168] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 635.126476][T12161] SET target dimension over the limit! [ 635.403878][T12168] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 635.476938][T10739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.496069][T10739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.599949][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.622278][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.989239][T12185] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1517'. [ 636.137569][ T96] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 636.662742][T12190] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1519'. [ 636.772751][T12194] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1518' sets config #1 [ 637.210566][ T96] usb 5-1: Using ep0 maxpacket: 32 [ 637.255002][ T96] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 637.263182][ T96] usb 5-1: config 0 has no interface number 0 [ 637.275476][ T96] usb 5-1: config 0 interface 12 has no altsetting 0 [ 637.325637][ T96] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 637.335508][ T96] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.343566][ T96] usb 5-1: Product: syz [ 637.368002][ T96] usb 5-1: Manufacturer: syz [ 637.372670][ T96] usb 5-1: SerialNumber: syz [ 637.389745][ T96] usb 5-1: config 0 descriptor?? [ 638.375912][T10739] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.458804][ T96] f81534 5-1:0.12: f81534_set_register: reg: 1003 data: e0 failed: -32 [ 640.472063][ T96] f81534 5-1:0.12: f81534_find_config_idx: read failed: -32 [ 640.480814][ T96] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -32 [ 640.492863][ T96] f81534 5-1:0.12: probe with driver f81534 failed with error -32 [ 640.571263][T10739] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.571952][T10606] usb 5-1: USB disconnect, device number 21 [ 641.034985][ T96] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 641.334938][ T96] usb 1-1: config index 0 descriptor too short (expected 824, got 56) [ 641.350657][T10739] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.423405][T12229] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1527'. [ 641.931115][ T96] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 641.942267][ T96] usb 1-1: config 0 has no interfaces? [ 642.114736][ T96] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 642.354886][ T96] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.354925][ T96] usb 1-1: Product: syz [ 642.354943][ T96] usb 1-1: Manufacturer: syz [ 642.354961][ T96] usb 1-1: SerialNumber: syz [ 642.397216][ T96] usb 1-1: config 0 descriptor?? [ 642.717055][T12236] SET target dimension over the limit! [ 642.759209][T10739] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.789531][ T9512] usb 1-1: USB disconnect, device number 16 [ 643.056146][T12239] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1530' sets config #1 [ 643.829349][ T5825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 643.841953][ T5825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 643.843898][ T5825] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 643.846406][ T5825] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 643.854135][ T5825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 643.890722][T10739] bridge_slave_1: left allmulticast mode [ 643.890790][T10739] bridge_slave_1: left promiscuous mode [ 643.891017][T10739] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.425928][T10739] bridge_slave_0: left allmulticast mode [ 644.425957][T10739] bridge_slave_0: left promiscuous mode [ 644.426195][T10739] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.874659][ T5825] Bluetooth: hci2: command tx timeout [ 645.997581][T12268] SET target dimension over the limit! [ 646.511789][T12272] siw: device registration error -23 [ 647.068185][T12280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1538'. [ 647.544459][ T47] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 647.578084][T10739] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 647.591811][T10739] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 647.605689][T10739] bond0 (unregistering): Released all slaves [ 647.768899][ T47] usb 2-1: Using ep0 maxpacket: 32 [ 647.802067][T12244] lo speed is unknown, defaulting to 1000 [ 647.815979][ T47] usb 2-1: config 0 has an invalid interface number: 88 but max is 0 [ 647.834719][ T47] usb 2-1: config 0 has no interface number 0 [ 647.850542][ T47] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.12 [ 647.869842][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.910487][ T47] usb 2-1: Product: syz [ 647.930765][ T47] usb 2-1: Manufacturer: syz [ 647.941320][ T47] usb 2-1: SerialNumber: syz [ 647.946831][ T5825] Bluetooth: hci2: command tx timeout [ 647.987929][ T47] usb 2-1: config 0 descriptor?? [ 648.260695][T12290] QAT: Stopping all acceleration devices. [ 649.071953][T12278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 649.105839][T12292] SET target dimension over the limit! [ 649.125688][T12278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 649.179355][T12297] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 649.186997][ T47] usb 2-1: USB disconnect, device number 18 [ 649.221710][ T47] f81534a_ctrl 2-1:0.88: failed to set register 0x116: -19 [ 649.238275][T12297] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 649.289255][ T47] f81534a_ctrl 2-1:0.88: failed to enable ports: -19 [ 650.025195][ T5825] Bluetooth: hci2: command tx timeout [ 650.144804][T10739] hsr_slave_0: left promiscuous mode [ 650.166998][T10739] hsr_slave_1: left promiscuous mode [ 650.191111][T10739] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 650.214358][T10739] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.224865][T10739] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.295911][T10739] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.429584][T12324] siw: device registration error -23 [ 650.483887][T10739] veth1_macvtap: left promiscuous mode [ 650.530955][T12330] FAULT_INJECTION: forcing a failure. [ 650.530955][T12330] name failslab, interval 1, probability 0, space 0, times 0 [ 650.579180][T10739] veth0_macvtap: left promiscuous mode [ 650.599277][T10739] veth1_vlan: left promiscuous mode [ 650.614180][T10739] veth0_vlan: left promiscuous mode [ 650.786895][T12333] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1550'. [ 650.834580][T12330] CPU: 1 UID: 0 PID: 12330 Comm: syz.1.1549 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 650.834612][T12330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 650.834625][T12330] Call Trace: [ 650.834632][T12330] [ 650.834641][T12330] dump_stack_lvl+0x189/0x250 [ 650.834679][T12330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 650.834707][T12330] ? __pfx__printk+0x10/0x10 [ 650.834745][T12330] ? __pfx___might_resched+0x10/0x10 [ 650.834776][T12330] ? fs_reclaim_acquire+0x7d/0x100 [ 650.834804][T12330] should_fail_ex+0x414/0x560 [ 650.834831][T12330] should_failslab+0xa8/0x100 [ 650.834853][T12330] __kmalloc_noprof+0xcb/0x4f0 [ 650.834882][T12330] ? kfree+0x4d/0x440 [ 650.834907][T12330] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 650.834941][T12330] tomoyo_realpath_from_path+0xe3/0x5d0 [ 650.834972][T12330] ? tomoyo_domain+0xda/0x130 [ 650.835007][T12330] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 650.835030][T12330] tomoyo_path_number_perm+0x1e8/0x5a0 [ 650.835056][T12330] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 650.835099][T12330] ? __lock_acquire+0xaac/0xd20 [ 650.835148][T12330] ? __fget_files+0x2a/0x420 [ 650.835172][T12330] ? __fget_files+0x3a0/0x420 [ 650.835189][T12330] ? __fget_files+0x2a/0x420 [ 650.835213][T12330] security_file_ioctl+0xcb/0x2d0 [ 650.835240][T12330] __se_sys_ioctl+0x47/0x170 [ 650.835270][T12330] do_syscall_64+0xf6/0x210 [ 650.835304][T12330] ? clear_bhb_loop+0x60/0xb0 [ 650.835330][T12330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.835349][T12330] RIP: 0033:0x7fc3b798e969 [ 650.835374][T12330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 650.835392][T12330] RSP: 002b:00007fc3b88d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 650.835414][T12330] RAX: ffffffffffffffda RBX: 00007fc3b7bb5fa0 RCX: 00007fc3b798e969 [ 650.835429][T12330] RDX: 0000000000000000 RSI: 0000000040087602 RDI: 0000000000000003 [ 650.835441][T12330] RBP: 00007fc3b88d4090 R08: 0000000000000000 R09: 0000000000000000 [ 650.835454][T12330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 650.835466][T12330] R13: 0000000000000000 R14: 00007fc3b7bb5fa0 R15: 00007fff24ea6d08 [ 650.835499][T12330] [ 651.437213][T12330] ERROR: Out of memory at tomoyo_realpath_from_path. [ 652.115976][ T5825] Bluetooth: hci2: command tx timeout [ 652.744357][ T9512] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 652.861392][T12349] SET target dimension over the limit! [ 652.910621][ T9512] usb 2-1: Using ep0 maxpacket: 16 [ 652.933548][ T9512] usb 2-1: unable to get BOS descriptor or descriptor too short [ 652.942706][ T9512] usb 2-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 652.973979][ T9512] usb 2-1: config 1 interface 0 has no altsetting 0 [ 653.003581][ T9512] usb 2-1: New USB device found, idVendor=05ac, idProduct=021d, bcdDevice= 0.40 [ 653.028659][ T9512] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.038683][ T9512] usb 2-1: Product: syz [ 653.043129][ T9512] usb 2-1: Manufacturer: 㥓扶壘䱳ä©ì „괧忋è«è˜´ç­ªîžé¡µìŒ«æŸ¢æª á‚„㰤鋳é±ï¹ã›‚퉯펴᎚鼖æ†ê©·ë¶¶ë ®ì²°ä—®æ° é—“﷟兇옞ﵰ糈旴̭빽㨈鳢㎴à®ë“„걕皔۶娄詈詟䘵팑ᦞﴴ醙󟪌 [ 653.079619][ T9512] usb 2-1: SerialNumber: syz [ 653.401900][T10739] team0 (unregistering): Port device team_slave_1 removed [ 653.459511][T10739] team0 (unregistering): Port device team_slave_0 removed [ 654.241572][ T9512] usbhid 2-1:1.0: can't add hid device: -71 [ 654.273685][ T9512] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 654.355907][ T9512] usb 2-1: USB disconnect, device number 19 [ 654.382562][T12364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1557'. [ 654.422211][T12364] FAULT_INJECTION: forcing a failure. [ 654.422211][T12364] name failslab, interval 1, probability 0, space 0, times 0 [ 654.454889][T12244] chnl_net:caif_netlink_parms(): no params data found [ 654.504522][T12364] CPU: 1 UID: 0 PID: 12364 Comm: syz.2.1557 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 654.504554][T12364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.504568][T12364] Call Trace: [ 654.504576][T12364] [ 654.504585][T12364] dump_stack_lvl+0x189/0x250 [ 654.504623][T12364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 654.504651][T12364] ? __pfx__printk+0x10/0x10 [ 654.504689][T12364] ? __pfx___might_resched+0x10/0x10 [ 654.504720][T12364] ? fs_reclaim_acquire+0x7d/0x100 [ 654.504748][T12364] should_fail_ex+0x414/0x560 [ 654.504776][T12364] should_failslab+0xa8/0x100 [ 654.504797][T12364] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 654.504830][T12364] ? __alloc_skb+0x112/0x2d0 [ 654.504860][T12364] __alloc_skb+0x112/0x2d0 [ 654.504890][T12364] netlink_ack+0x146/0xa50 [ 654.504934][T12364] netlink_rcv_skb+0x2a0/0x490 [ 654.504960][T12364] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 654.505000][T12364] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 654.505040][T12364] ? safesetid_security_capable+0xa9/0x1a0 [ 654.505067][T12364] ? bpf_lsm_capable+0x9/0x20 [ 654.505094][T12364] ? security_capable+0x7e/0x2e0 [ 654.505131][T12364] nfnetlink_rcv+0x273/0x2530 [ 654.505163][T12364] ? __dev_queue_xmit+0x27e/0x3a70 [ 654.505194][T12364] ? __dev_queue_xmit+0x27e/0x3a70 [ 654.505221][T12364] ? __dev_queue_xmit+0x27e/0x3a70 [ 654.505252][T12364] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 654.505292][T12364] ? __dev_queue_xmit+0x27e/0x3a70 [ 654.505323][T12364] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.505347][T12364] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 654.505383][T12364] ? __pfx___dev_queue_xmit+0x10/0x10 [ 654.505428][T12364] ? ref_tracker_free+0x63a/0x7d0 [ 654.505450][T12364] ? __copy_skb_header+0xa7/0x550 [ 654.505480][T12364] ? __pfx_ref_tracker_free+0x10/0x10 [ 654.505527][T12364] ? skb_clone+0x246/0x3a0 [ 654.505561][T12364] ? __netlink_deliver_tap+0x807/0x850 [ 654.505584][T12364] ? netlink_deliver_tap+0x2e/0x1b0 [ 654.505615][T12364] ? netlink_deliver_tap+0x2e/0x1b0 [ 654.505639][T12364] ? netlink_deliver_tap+0x2e/0x1b0 [ 654.505668][T12364] netlink_unicast+0x758/0x8d0 [ 654.505702][T12364] netlink_sendmsg+0x805/0xb30 [ 654.505725][T12364] ? is_bpf_text_address+0x26/0x2b0 [ 654.505762][T12364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 654.505796][T12364] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 654.505818][T12364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 654.505843][T12364] __sock_sendmsg+0x219/0x270 [ 654.505868][T12364] ____sys_sendmsg+0x505/0x830 [ 654.505903][T12364] ? __pfx_____sys_sendmsg+0x10/0x10 [ 654.505941][T12364] ? import_iovec+0x74/0xa0 [ 654.505981][T12364] ___sys_sendmsg+0x21f/0x2a0 [ 654.506013][T12364] ? __pfx____sys_sendmsg+0x10/0x10 [ 654.506080][T12364] ? __fget_files+0x2a/0x420 [ 654.506099][T12364] ? __fget_files+0x3a0/0x420 [ 654.506130][T12364] __x64_sys_sendmsg+0x19b/0x260 [ 654.506161][T12364] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 654.506209][T12364] ? do_syscall_64+0xba/0x210 [ 654.506240][T12364] do_syscall_64+0xf6/0x210 [ 654.506268][T12364] ? clear_bhb_loop+0x60/0xb0 [ 654.506293][T12364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.506313][T12364] RIP: 0033:0x7fd11ad8e969 [ 654.506331][T12364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.506349][T12364] RSP: 002b:00007fd11bce3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 654.506371][T12364] RAX: ffffffffffffffda RBX: 00007fd11afb5fa0 RCX: 00007fd11ad8e969 [ 654.506386][T12364] RDX: 0000000000004000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 654.506399][T12364] RBP: 00007fd11bce3090 R08: 0000000000000000 R09: 0000000000000000 [ 654.506412][T12364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.506424][T12364] R13: 0000000000000000 R14: 00007fd11afb5fa0 R15: 00007ffd1d1fb918 [ 654.506456][T12364] [ 654.944553][T12369] QAT: Stopping all acceleration devices. [ 656.119487][ T9512] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 656.318716][ T9512] usb 5-1: Using ep0 maxpacket: 32 [ 656.355997][ T9512] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 656.520428][ T9512] usb 5-1: config 0 has no interface number 0 [ 656.527892][ T9512] usb 5-1: config 0 interface 12 has no altsetting 0 [ 656.555535][ T9512] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 656.564916][ T9512] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.572951][ T9512] usb 5-1: Product: syz [ 656.583685][ T9512] usb 5-1: Manufacturer: syz [ 656.591446][ T9512] usb 5-1: SerialNumber: syz [ 656.958040][ T9512] usb 5-1: config 0 descriptor?? [ 657.316312][T12244] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.337867][T12244] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.492784][T12244] bridge_slave_0: entered allmulticast mode [ 657.549366][T12244] bridge_slave_0: entered promiscuous mode [ 657.623061][T12244] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.646076][T12244] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.660777][T12244] bridge_slave_1: entered allmulticast mode [ 657.671322][T12244] bridge_slave_1: entered promiscuous mode [ 658.867524][T12244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 659.207700][T12244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.395649][T12414] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1565'. [ 659.968570][ T9512] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 659.978248][ T9512] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 659.993565][ T9512] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 660.001828][ T9512] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 660.024243][ T9512] usb 5-1: USB disconnect, device number 22 [ 660.264000][ T96] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 660.977812][ T96] usb 1-1: unable to get BOS descriptor or descriptor too short [ 661.007505][ T96] usb 1-1: not running at top speed; connect to a high speed hub [ 661.026498][ T96] usb 1-1: config 129 has an invalid interface number: 28 but max is 0 [ 661.039623][ T96] usb 1-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 661.060577][ T96] usb 1-1: config 129 has no interface number 0 [ 661.074785][ T96] usb 1-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 661.101150][ T96] usb 1-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid wMaxPacketSize 0 [ 661.128759][ T96] usb 1-1: config 129 interface 28 has no altsetting 0 [ 661.284970][T12436] QAT: Stopping all acceleration devices. [ 661.996500][ T96] usb 1-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 662.013419][ T96] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.021608][ T96] usb 1-1: Product: syz [ 662.027214][ T96] usb 1-1: Manufacturer: syz [ 662.032003][ T96] usb 1-1: SerialNumber: syz [ 662.276220][ T96] etas_es58x 1-1:129.28: Starting syz syz (Serial Number syz) [ 662.297186][ T96] etas_es58x 1-1:129.28: could not retrieve the product info string [ 662.396464][ T9667] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 662.588801][ T9667] usb 3-1: config 252 has an invalid interface number: 107 but max is 0 [ 662.602617][ T9667] usb 3-1: config 252 has no interface number 0 [ 662.610439][ T9667] usb 3-1: config 252 interface 107 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 662.633185][ T9667] usb 3-1: config 252 interface 107 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 662.651711][ T9667] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=d7.67 [ 662.661063][ T9667] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.669178][ T9667] usb 3-1: Product: syz [ 662.682432][ T9667] usb 3-1: Manufacturer: syz [ 662.687713][ T9667] usb 3-1: SerialNumber: syz [ 662.978857][ T47] usb 3-1: USB disconnect, device number 24 [ 663.890663][T12443] QAT: Stopping all acceleration devices. [ 665.110631][T12244] team0: Port device team_slave_0 added [ 665.208108][T12448] siw: device registration error -23 [ 665.866295][T12453] QAT: Stopping all acceleration devices. [ 666.251562][T12458] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1576'. [ 666.288258][T12244] team0: Port device team_slave_1 added [ 666.373908][T12244] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.386333][ T96] usb 1-1: USB disconnect, device number 17 [ 666.393822][T12244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.400284][ T96] etas_es58x 1-1:129.28: Disconnecting syz syz [ 666.575743][T12466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1579'. [ 666.899719][T12244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 666.913137][T12244] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 666.920148][T12244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.947298][T12244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 667.095617][T12244] hsr_slave_0: entered promiscuous mode [ 667.102976][T12244] hsr_slave_1: entered promiscuous mode [ 667.510336][T12476] QAT: Stopping all acceleration devices. [ 669.479819][T12495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1584'. [ 670.850305][T12518] siw: device registration error -23 [ 671.865737][T12528] QAT: Stopping all acceleration devices. [ 673.234996][T12538] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1590' sets config #1 [ 675.113807][T12556] QAT: Stopping all acceleration devices. [ 675.419379][ T96] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 675.610461][T12244] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 675.634918][T12548] QAT: Stopping all acceleration devices. [ 675.674222][ T96] usb 5-1: Using ep0 maxpacket: 8 [ 675.719766][ T96] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 675.775592][T12561] SET target dimension over the limit! [ 675.780731][ T96] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.781833][T12244] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 675.844492][ T96] usb 5-1: Product: syz [ 675.848734][ T96] usb 5-1: Manufacturer: syz [ 675.874163][ T96] usb 5-1: SerialNumber: syz [ 675.901425][T12244] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 675.919122][ T96] usb 5-1: config 0 descriptor?? [ 675.983689][T12244] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 676.212273][ T96] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 677.640723][ T96] usb write operation failed. (-71) [ 677.689457][ T96] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 677.728854][ T96] dvbdev: DVB: registering new adapter (Terratec H7) [ 677.885263][ T96] usb 5-1: media controller created [ 677.904564][ T96] usb read operation failed. (-71) [ 677.926153][ T96] usb write operation failed. (-71) [ 677.981276][ T96] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 678.226658][ T96] usb 5-1: USB disconnect, device number 23 [ 678.602678][ T59] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 678.954726][ T59] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 678.976842][T12590] pim6reg1: entered promiscuous mode [ 678.982291][T12590] pim6reg1: entered allmulticast mode [ 679.003335][ T59] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 679.045657][ T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.072112][ T59] usb 1-1: Product: syz [ 679.076443][ T59] usb 1-1: Manufacturer: syz [ 679.081626][ T59] usb 1-1: SerialNumber: syz [ 679.245540][ T59] usb 1-1: config 0 descriptor?? [ 679.270262][ T59] powermate 1-1:0.0: probe with driver powermate failed with error -5 [ 679.284863][T12244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 679.326829][T12244] 8021q: adding VLAN 0 to HW filter on device team0 [ 679.359276][ T9669] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.366532][ T9669] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.396151][T12602] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1604' sets config #1 [ 679.418045][T12605] SET target dimension over the limit! [ 679.458856][ T9669] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.466178][ T9669] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.049384][ T59] usb 1-1: USB disconnect, device number 18 [ 680.561303][T12244] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 680.806518][T12629] QAT: Stopping all acceleration devices. [ 681.549250][T12244] veth0_vlan: entered promiscuous mode [ 681.563302][T12244] veth1_vlan: entered promiscuous mode [ 682.549238][T12244] veth0_macvtap: entered promiscuous mode [ 682.780513][T12244] veth1_macvtap: entered promiscuous mode [ 682.855521][T12244] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.870639][T12244] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 682.886788][T12244] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.895946][T12244] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.906800][T12244] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.917381][T12244] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 683.013345][T12645] FAULT_INJECTION: forcing a failure. [ 683.013345][T12645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 683.082315][T12645] CPU: 1 UID: 0 PID: 12645 Comm: syz.1.1612 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 683.082344][T12645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 683.082355][T12645] Call Trace: [ 683.082362][T12645] [ 683.082370][T12645] dump_stack_lvl+0x189/0x250 [ 683.082420][T12645] ? __pfx_dump_stack_lvl+0x10/0x10 [ 683.082444][T12645] ? __pfx__printk+0x10/0x10 [ 683.082482][T12645] should_fail_ex+0x414/0x560 [ 683.082505][T12645] _copy_to_user+0x31/0xb0 [ 683.082532][T12645] simple_read_from_buffer+0xe1/0x170 [ 683.082564][T12645] proc_fail_nth_read+0x1df/0x250 [ 683.082588][T12645] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 683.082609][T12645] ? rw_verify_area+0x258/0x650 [ 683.082632][T12645] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 683.082653][T12645] vfs_read+0x200/0x980 [ 683.082684][T12645] ? __pfx___mutex_lock+0x10/0x10 [ 683.082710][T12645] ? __pfx_vfs_read+0x10/0x10 [ 683.082739][T12645] ? __fget_files+0x2a/0x420 [ 683.082763][T12645] ? __fget_files+0x3a0/0x420 [ 683.082780][T12645] ? __fget_files+0x2a/0x420 [ 683.082805][T12645] ksys_read+0x145/0x250 [ 683.082831][T12645] ? __fget_files+0x2a/0x420 [ 683.082851][T12645] ? __pfx_ksys_read+0x10/0x10 [ 683.082883][T12645] ? do_syscall_64+0xba/0x210 [ 683.082914][T12645] do_syscall_64+0xf6/0x210 [ 683.082941][T12645] ? clear_bhb_loop+0x60/0xb0 [ 683.082966][T12645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.082984][T12645] RIP: 0033:0x7fc3b798d37c [ 683.083002][T12645] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 683.083018][T12645] RSP: 002b:00007fc3b88d4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 683.083037][T12645] RAX: ffffffffffffffda RBX: 00007fc3b7bb5fa0 RCX: 00007fc3b798d37c [ 683.083049][T12645] RDX: 000000000000000f RSI: 00007fc3b88d40a0 RDI: 0000000000000004 [ 683.083060][T12645] RBP: 00007fc3b88d4090 R08: 0000000000000000 R09: 0000000000000000 [ 683.083070][T12645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 683.083079][T12645] R13: 0000000000000000 R14: 00007fc3b7bb5fa0 R15: 00007fff24ea6d08 [ 683.083106][T12645] [ 683.414847][T10676] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 683.443790][T10676] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 683.458290][T10676] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 683.468533][T10676] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 683.477576][T10676] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 683.539132][T12653] SET target dimension over the limit! [ 684.636133][ T9669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.698250][ T9669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.832716][T12649] lo speed is unknown, defaulting to 1000 [ 685.022808][ T9669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.068930][ T9669] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.148955][T12668] FAULT_INJECTION: forcing a failure. [ 685.148955][T12668] name failslab, interval 1, probability 0, space 0, times 0 [ 685.215745][T12668] CPU: 1 UID: 0 PID: 12668 Comm: syz.0.1617 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 685.215775][T12668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 685.215787][T12668] Call Trace: [ 685.215795][T12668] [ 685.215803][T12668] dump_stack_lvl+0x189/0x250 [ 685.215838][T12668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 685.215865][T12668] ? __pfx__printk+0x10/0x10 [ 685.215902][T12668] ? __pfx___might_resched+0x10/0x10 [ 685.215948][T12668] ? fs_reclaim_acquire+0x7d/0x100 [ 685.215976][T12668] should_fail_ex+0x414/0x560 [ 685.216004][T12668] should_failslab+0xa8/0x100 [ 685.216025][T12668] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 685.216056][T12668] ? __alloc_skb+0x112/0x2d0 [ 685.216086][T12668] __alloc_skb+0x112/0x2d0 [ 685.216116][T12668] inet_ifmcaddr_notify+0x7e/0x150 [ 685.216145][T12668] __ip_mc_dec_group+0x40b/0x690 [ 685.216172][T12668] ip_mc_leave_group+0x3f9/0x4d0 [ 685.216203][T12668] do_ip_setsockopt+0x2269/0x2d00 [ 685.216248][T12668] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 685.216282][T12668] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 685.216312][T12668] ? vfs_write+0x8d8/0xa90 [ 685.216368][T12668] ip_setsockopt+0x66/0x110 [ 685.216385][T12668] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 685.216410][T12668] do_sock_setsockopt+0x257/0x3e0 [ 685.216441][T12668] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 685.216464][T12668] ? __fget_files+0x2a/0x420 [ 685.216489][T12668] ? __fget_files+0x3a0/0x420 [ 685.216506][T12668] ? __fget_files+0x2a/0x420 [ 685.216535][T12668] __x64_sys_setsockopt+0x18b/0x220 [ 685.216569][T12668] do_syscall_64+0xf6/0x210 [ 685.216598][T12668] ? clear_bhb_loop+0x60/0xb0 [ 685.216624][T12668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.216643][T12668] RIP: 0033:0x7f40e7d8e969 [ 685.216661][T12668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.216678][T12668] RSP: 002b:00007f40e8b5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 685.216700][T12668] RAX: ffffffffffffffda RBX: 00007f40e7fb5fa0 RCX: 00007f40e7d8e969 [ 685.216714][T12668] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000003 [ 685.216726][T12668] RBP: 00007f40e8b5e090 R08: 000000000000000c R09: 0000000000000000 [ 685.216739][T12668] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 685.216752][T12668] R13: 0000000000000000 R14: 00007f40e7fb5fa0 R15: 00007ffc81f35a48 [ 685.216786][T12668] [ 685.522626][T12669] siw: device registration error -23 [ 685.703586][ T5825] Bluetooth: hci1: command tx timeout [ 686.202647][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.209014][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.515751][T12700] QAT: Stopping all acceleration devices. [ 687.782138][ T5825] Bluetooth: hci1: command tx timeout [ 688.308949][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 688.460839][T12649] chnl_net:caif_netlink_parms(): no params data found [ 688.605696][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 688.746676][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 688.887578][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 688.973252][T12649] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.980550][T12649] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.000247][T12649] bridge_slave_0: entered allmulticast mode [ 689.014346][T12649] bridge_slave_0: entered promiscuous mode [ 689.028048][T12649] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.038255][T12649] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.049299][T12649] bridge_slave_1: entered allmulticast mode [ 689.060463][T12649] bridge_slave_1: entered promiscuous mode [ 689.196874][T12649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 689.258605][T12649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 689.320110][ T12] bridge_slave_1: left allmulticast mode [ 689.327835][ T12] bridge_slave_1: left promiscuous mode [ 689.339860][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.357892][ T12] bridge_slave_0: left allmulticast mode [ 689.366749][ T12] bridge_slave_0: left promiscuous mode [ 689.375875][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.862497][ T5825] Bluetooth: hci1: command tx timeout [ 690.014185][T12742] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1623' sets config #1 [ 691.644827][T10676] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 691.657755][T10676] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 691.667693][T10676] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 691.689696][T10676] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 691.700542][T10676] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 691.937856][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 691.963135][ T5825] Bluetooth: hci1: command tx timeout [ 691.975326][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 691.993811][ T12] bond0 (unregistering): Released all slaves [ 692.123305][T12649] team0: Port device team_slave_0 added [ 692.157102][T12649] team0: Port device team_slave_1 added [ 692.263011][T12759] lo speed is unknown, defaulting to 1000 [ 692.322595][T12649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 692.329601][T12649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 692.368070][T12764] binder: 12761:12764 ioctl 4020ae46 200000000400 returned -22 [ 692.384649][T12649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 692.429886][T12649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 692.451671][T12649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 692.494489][T12649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 692.631978][ T9512] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 692.803655][ T9512] usb 2-1: config 1 interface 0 has no altsetting 0 [ 692.815020][ T9512] usb 2-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.40 [ 692.835030][ T9512] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.871860][ T9512] usb 2-1: Product: syz [ 692.876095][ T9512] usb 2-1: Manufacturer: syz [ 692.880735][ T9512] usb 2-1: SerialNumber: syz [ 692.921381][T12649] hsr_slave_0: entered promiscuous mode [ 692.953134][T12649] hsr_slave_1: entered promiscuous mode [ 692.959888][T12649] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 692.973283][T12649] Cannot create hsr debugfs directory [ 693.059730][ T12] hsr_slave_0: left promiscuous mode [ 693.081237][ T12] hsr_slave_1: left promiscuous mode [ 693.100300][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 693.115872][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 693.137015][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 693.148291][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 693.211429][ T12] veth1_macvtap: left promiscuous mode [ 693.218924][ T12] veth0_macvtap: left promiscuous mode [ 693.229621][ T12] veth1_vlan: left promiscuous mode [ 693.236711][ T12] veth0_vlan: left promiscuous mode [ 693.782104][ T5825] Bluetooth: hci2: command tx timeout [ 694.010921][T10676] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 694.023293][T10676] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 694.033919][T10676] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 694.047150][T10676] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 694.055086][T10676] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 694.479133][ T12] team0 (unregistering): Port device team_slave_1 removed [ 694.543262][ T12] team0 (unregistering): Port device team_slave_0 removed [ 695.353077][ T9512] usbhid 2-1:1.0: can't add hid device: -71 [ 695.370179][ T9512] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 695.420893][ T9512] usb 2-1: USB disconnect, device number 20 [ 695.683506][T12797] lo speed is unknown, defaulting to 1000 [ 695.891768][ T5825] Bluetooth: hci2: command tx timeout [ 696.125275][ T5825] Bluetooth: hci0: command tx timeout [ 696.538825][T12806] QAT: Stopping all acceleration devices. [ 697.455634][T12759] chnl_net:caif_netlink_parms(): no params data found [ 697.871381][ T9667] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 697.941923][ T5825] Bluetooth: hci2: command tx timeout [ 698.031689][ T9667] usb 2-1: Using ep0 maxpacket: 32 [ 698.064578][ T9667] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 698.076259][ T9667] usb 2-1: config 0 has no interface number 0 [ 698.112219][T12649] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.129114][ T9667] usb 2-1: config 0 interface 12 has no altsetting 0 [ 698.158243][ T9667] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 698.180971][ T9667] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.189288][ T5825] Bluetooth: hci0: command tx timeout [ 698.209510][ T9667] usb 2-1: Product: syz [ 698.217730][ T9667] usb 2-1: Manufacturer: syz [ 698.229325][ T9667] usb 2-1: SerialNumber: syz [ 698.264893][ T9667] usb 2-1: config 0 descriptor?? [ 698.418911][T12649] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.530677][T12759] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.538259][T12759] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.553317][T12759] bridge_slave_0: entered allmulticast mode [ 698.568427][T12759] bridge_slave_0: entered promiscuous mode [ 698.578947][T12759] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.592593][T12759] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.601582][T12759] bridge_slave_1: entered allmulticast mode [ 698.610009][T12759] bridge_slave_1: entered promiscuous mode [ 698.756793][T12649] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.867679][T12759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 698.943233][T12759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 699.137166][T12837] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1636' sets config #1 [ 699.871541][T12649] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.021635][ T5825] Bluetooth: hci2: command tx timeout [ 700.106541][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 700.123205][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.170326][T12759] team0: Port device team_slave_0 added [ 700.304040][ T5825] Bluetooth: hci0: command tx timeout [ 700.362352][T12759] team0: Port device team_slave_1 added [ 700.482973][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 700.521266][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.581016][T12797] chnl_net:caif_netlink_parms(): no params data found [ 700.606883][T12854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1639'. [ 700.638462][T12854] netlink: 'syz.4.1639': attribute type 9 has an invalid length. [ 700.718137][T12759] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.730729][T12759] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 700.779296][T12759] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 700.815312][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 700.825845][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.885459][T12854] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 700.905534][T12854] macvlan4: entered allmulticast mode [ 700.911075][T12854] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 700.935676][T12759] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 700.954659][T12759] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.010576][T12759] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.184801][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 701.199586][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.550540][T12871] rdma_rxe: rxe_newlink: failed to add lo [ 701.768375][T12871] netlink: 'syz.4.1641': attribute type 1 has an invalid length. [ 701.776318][T12871] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1641'. [ 702.341428][ T5825] Bluetooth: hci0: command tx timeout [ 702.466528][ T9667] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71 [ 702.501862][ T9667] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 702.523569][ T9667] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 702.551599][ T9667] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 702.590979][ T9667] usb 2-1: USB disconnect, device number 21 [ 702.680435][T12759] hsr_slave_0: entered promiscuous mode [ 702.693873][T12759] hsr_slave_1: entered promiscuous mode [ 702.796253][T12797] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.804377][T12797] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.812044][T12797] bridge_slave_0: entered allmulticast mode [ 702.820847][T12797] bridge_slave_0: entered promiscuous mode [ 702.829803][T12797] bridge0: port 2(bridge_slave_1) entered blocking state [ 702.837516][T12797] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.848707][T12797] bridge_slave_1: entered allmulticast mode [ 702.856972][T12797] bridge_slave_1: entered promiscuous mode [ 702.959945][T12649] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 703.000757][T12884] netlink: 'syz.4.1644': attribute type 3 has an invalid length. [ 703.038365][T12797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 703.051674][T12884] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1644'. [ 703.053589][T12886] ptrace attach of "./syz-executor exec"[5828] was attempted by "\x09   °ÿ Àÿ Ðÿ àÿ ðÿ °ÿ °ÿ ÿÿÿÿ    À ôÿ \x0a \x0a  \x09  syz0 < \x09\x0a   \x0a@ \x09  syz2 \x09  syz0  @ x \x0c\x0a  \x09  syz2…ë L €H €\x0b @ < \x0a@¯TêÚZ connlimit \x0c € @ÿÿÿÿ €â÷%-ì‹5鎢Ÿ£D|VTyÊÞ\x22ýÍšK«à­N/)éõº/éÙH¯Mú&‚¡CsnVkת{Jv1±Á%­èÈ_)Þ$n»:…,þ\x5c¿]n¯+]±2yrŒrîLË•ß-6·^%D³\x5c~Õzèw'Mc\x22o§â–½‹ÄÙ«·`¿Ë¤=s N¾8|?Þ”Ò¡¿øÅBr›ô9šÎɳbõÝFøü…{iÄ$œ]ûë•J¥ø [ 703.177765][T12649] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 703.292669][T12797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 703.345088][T12649] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 703.405573][T12649] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 703.447828][ T12] bridge_slave_1: left allmulticast mode [ 703.454800][ T12] bridge_slave_1: left promiscuous mode [ 703.460837][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.482286][ T12] bridge_slave_0: left allmulticast mode [ 703.488117][ T12] bridge_slave_0: left promiscuous mode [ 703.495409][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.776760][ T12] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 703.787197][ T12] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 02:75:d9:af:59:30 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 703.976558][ T12] erspan0 (unregistering): left promiscuous mode [ 704.329301][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 704.338275][ T12] bond_slave_0: left allmulticast mode [ 704.350275][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 704.364011][ T12] bond_slave_1: left allmulticast mode [ 704.370886][ T12] bond0 (unregistering): Released all slaves [ 704.387110][ T12] bond1 (unregistering): (slave veth3): Releasing backup interface [ 704.398620][ T12] bond1 (unregistering): Released all slaves [ 704.527981][ T12] bond2 (unregistering): Released all slaves [ 704.662098][ T12] bond3 (unregistering): Released all slaves [ 704.783901][ T12] bond4 (unregistering): Released all slaves [ 704.900593][ T12] bond5 (unregistering): Released all slaves [ 705.019209][ T12] bond6 (unregistering): Released all slaves [ 705.084324][T12797] team0: Port device team_slave_0 added [ 705.107590][T12797] team0: Port device team_slave_1 added [ 705.150432][ T12] tipc: Left network mode [ 706.121893][T12797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 706.129854][T12797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 706.228246][T12916] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1647' sets config #1 [ 706.760324][T12797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 706.785663][T12797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 706.810867][T12797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 706.855455][T12797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 707.024772][T12918] block device autoloading is deprecated and will be removed. [ 707.053865][T12918] syz.1.1648: attempt to access beyond end of device [ 707.053865][T12918] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 707.211005][ T9667] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 707.313318][T12797] hsr_slave_0: entered promiscuous mode [ 707.319852][T12797] hsr_slave_1: entered promiscuous mode [ 707.332553][T12797] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 707.340584][T12797] Cannot create hsr debugfs directory [ 707.407631][ T9667] usb 5-1: Using ep0 maxpacket: 8 [ 707.424231][ T9667] usb 5-1: too many configurations: 177, using maximum allowed: 8 [ 707.440691][ T9667] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 112 [ 707.463265][ T9667] usb 5-1: can't read configurations, error -22 [ 707.502658][T12925] syz.1.1651: attempt to access beyond end of device [ 707.502658][T12925] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 707.519929][ T12] dummy0: left promiscuous mode [ 707.543083][ T12] hsr_slave_0: left promiscuous mode [ 707.549518][ T12] hsr_slave_1: left promiscuous mode [ 707.556229][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 707.565674][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 707.574241][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 707.585520][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 707.601115][ T9667] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 707.618019][ T12] veth1_macvtap: left promiscuous mode [ 707.623882][ T12] veth0_macvtap: left promiscuous mode [ 707.761722][ T9667] usb 5-1: Using ep0 maxpacket: 8 [ 707.768642][ T9667] usb 5-1: too many configurations: 177, using maximum allowed: 8 [ 707.782271][ T9667] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 112 [ 707.801489][ T9667] usb 5-1: can't read configurations, error -22 [ 707.821109][ T9667] usb usb5-port1: attempt power cycle [ 707.893799][T12930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1653'. [ 708.197010][ T9667] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 708.227238][ T9667] usb 5-1: Using ep0 maxpacket: 8 [ 708.235262][ T9667] usb 5-1: too many configurations: 177, using maximum allowed: 8 [ 708.263838][ T9667] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 112 [ 708.272820][ T9667] usb 5-1: can't read configurations, error -22 [ 708.306747][ T12] team0 (unregistering): Port device team_slave_1 removed [ 708.359023][ T12] team0 (unregistering): Port device team_slave_0 removed [ 708.425083][ T9667] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 708.470568][ T9667] usb 5-1: Using ep0 maxpacket: 8 [ 708.482142][ T9667] usb 5-1: too many configurations: 177, using maximum allowed: 8 [ 708.500478][ T9667] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 112 [ 708.509436][ T9667] usb 5-1: can't read configurations, error -22 [ 708.529450][ T9667] usb usb5-port1: unable to enumerate USB device [ 708.917726][ T12] lo (unregistering): left allmulticast mode [ 709.323900][T12649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 709.351199][ T12] IPVS: stop unused estimator thread 0... [ 709.417100][T12649] 8021q: adding VLAN 0 to HW filter on device team0 [ 709.432310][T12759] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 709.481962][T12759] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 709.503270][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.510468][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 709.544890][T12759] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 709.602676][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.609942][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 709.654245][T12759] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 711.522880][T12759] 8021q: adding VLAN 0 to HW filter on device bond0 [ 711.568710][T12797] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 711.631610][T12797] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 711.666685][T12797] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 711.728492][T12797] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 711.919502][T12759] 8021q: adding VLAN 0 to HW filter on device team0 [ 711.999752][ T9669] bridge0: port 1(bridge_slave_0) entered blocking state [ 712.007058][ T9669] bridge0: port 1(bridge_slave_0) entered forwarding state [ 712.431360][ T7110] bridge0: port 2(bridge_slave_1) entered blocking state [ 712.438649][ T7110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 712.508448][T12649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 712.837244][T12986] tipc: Enabled bearer , priority 10 [ 712.847621][T12986] netlink: 'syz.4.1662': attribute type 3 has an invalid length. [ 712.975488][T12649] veth0_vlan: entered promiscuous mode [ 713.013023][T12797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 713.262637][T12649] veth1_vlan: entered promiscuous mode [ 714.138580][T12649] veth0_macvtap: entered promiscuous mode [ 714.175202][T12797] 8021q: adding VLAN 0 to HW filter on device team0 [ 714.196073][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.203277][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 714.245764][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.253034][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 714.338098][T12649] veth1_macvtap: entered promiscuous mode [ 714.542737][T12649] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 714.595643][T12759] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 714.644162][T12649] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 714.682335][T12649] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.695293][T12649] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.714589][T12649] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.730907][T12649] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.812141][T13018] QAT: Stopping all acceleration devices. [ 715.561747][T12759] veth0_vlan: entered promiscuous mode [ 715.583976][T12759] veth1_vlan: entered promiscuous mode [ 715.878150][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 715.953369][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 716.124856][T12759] veth0_macvtap: entered promiscuous mode [ 716.494004][ T3503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 716.550344][ T3503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 716.616022][T12759] veth1_macvtap: entered promiscuous mode [ 716.677291][T12797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 716.752693][T12759] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 716.808154][T12759] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 717.357145][T12759] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.385074][T12759] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.404180][T12759] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.416662][T12759] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.532832][T13049] 8021q: adding VLAN 0 to HW filter on device bond6 [ 717.671619][T13057] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1671'. [ 717.766701][T12797] veth0_vlan: entered promiscuous mode [ 717.882937][T12797] veth1_vlan: entered promiscuous mode [ 717.964439][ T9669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 717.977169][T13061] FAULT_INJECTION: forcing a failure. [ 717.977169][T13061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.990548][ T9669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 718.029419][T13061] CPU: 0 UID: 0 PID: 13061 Comm: syz.2.1672 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 718.029450][T13061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.029462][T13061] Call Trace: [ 718.029471][T13061] [ 718.029480][T13061] dump_stack_lvl+0x189/0x250 [ 718.029518][T13061] ? __pfx_dump_stack_lvl+0x10/0x10 [ 718.029545][T13061] ? __pfx__printk+0x10/0x10 [ 718.029591][T13061] should_fail_ex+0x414/0x560 [ 718.029617][T13061] _copy_to_user+0x31/0xb0 [ 718.029649][T13061] simple_read_from_buffer+0xe1/0x170 [ 718.029685][T13061] proc_fail_nth_read+0x1df/0x250 [ 718.029710][T13061] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 718.029735][T13061] ? rw_verify_area+0x258/0x650 [ 718.029761][T13061] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 718.029783][T13061] vfs_read+0x200/0x980 [ 718.029817][T13061] ? __pfx___mutex_lock+0x10/0x10 [ 718.029844][T13061] ? __pfx_vfs_read+0x10/0x10 [ 718.029873][T13061] ? __fget_files+0x2a/0x420 [ 718.029897][T13061] ? __fget_files+0x3a0/0x420 [ 718.029914][T13061] ? __fget_files+0x2a/0x420 [ 718.029942][T13061] ksys_read+0x145/0x250 [ 718.029972][T13061] ? __pfx_ksys_read+0x10/0x10 [ 718.030003][T13061] ? do_syscall_64+0xba/0x210 [ 718.030035][T13061] do_syscall_64+0xf6/0x210 [ 718.030061][T13061] ? clear_bhb_loop+0x60/0xb0 [ 718.030087][T13061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.030105][T13061] RIP: 0033:0x7fa9aad8d37c [ 718.030128][T13061] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 718.030145][T13061] RSP: 002b:00007fa9abc48030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 718.030165][T13061] RAX: ffffffffffffffda RBX: 00007fa9aafb5fa0 RCX: 00007fa9aad8d37c [ 718.030179][T13061] RDX: 000000000000000f RSI: 00007fa9abc480a0 RDI: 0000000000000007 [ 718.030192][T13061] RBP: 00007fa9abc48090 R08: 0000000000000000 R09: 0000000000000000 [ 718.030204][T13061] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 718.030216][T13061] R13: 0000000000000000 R14: 00007fa9aafb5fa0 R15: 00007ffc2f0af8b8 [ 718.030247][T13061] [ 718.558012][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 718.574706][T12797] veth0_macvtap: entered promiscuous mode [ 718.599784][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 718.638608][T12797] veth1_macvtap: entered promiscuous mode [ 718.754586][T12797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 718.824335][T12797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 718.886292][T12797] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.917787][T12797] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.954584][T12797] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 718.981888][T12797] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.466725][T13097] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1678' sets config #1 [ 721.334191][ T82] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.501886][ T82] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.520403][T10739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 721.547658][T10739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 721.654777][ T82] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.705914][ T7110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 721.717549][ T7110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 721.776204][ T82] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.003677][ T82] bridge_slave_1: left allmulticast mode [ 722.009394][ T82] bridge_slave_1: left promiscuous mode [ 722.027456][ T82] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.042032][ T82] bridge_slave_0: left allmulticast mode [ 722.047785][ T82] bridge_slave_0: left promiscuous mode [ 722.054556][ T82] bridge0: port 1(bridge_slave_0) entered disabled state [ 722.651707][T13127] QAT: Stopping all acceleration devices. [ 723.929922][ T9667] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 724.110549][ T9667] usb 1-1: Using ep0 maxpacket: 16 [ 725.075540][ T9667] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 725.085074][ T9667] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 725.093423][ T9667] usb 1-1: Product: syz [ 725.097681][ T9667] usb 1-1: Manufacturer: syz [ 725.161696][ T9667] usb 1-1: SerialNumber: syz [ 725.169690][ T9667] usb 1-1: config 0 descriptor?? [ 725.750147][ T9667] usb 1-1: can't set config #0, error -71 [ 725.830704][ T9667] usb 1-1: USB disconnect, device number 19 [ 725.955957][T13147] random: crng reseeded on system resumption [ 726.319830][ T5891] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 727.358823][ T5891] usb 5-1: Using ep0 maxpacket: 32 [ 727.440945][T10676] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 727.462821][T10676] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 727.470124][ T5891] usb 5-1: unable to get BOS descriptor or descriptor too short [ 727.483486][T10676] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 727.485912][ T5891] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 727.491868][T10676] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 727.510984][T10676] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 727.579380][ T5891] usb 5-1: config 1 has an invalid interface descriptor of length 2, skipping [ 727.621057][ T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 727.623617][ T5891] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 727.654692][ T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 727.677955][ T82] bond0 (unregistering): Released all slaves [ 727.701541][ T5891] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 727.795008][ T5891] usb 5-1: config 1 has no interface number 1 [ 727.828106][ T5891] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 727.867474][ T5891] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 727.878594][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 727.907954][ T5891] usb 5-1: Product: syz [ 727.942582][ T5891] usb 5-1: Manufacturer: syz [ 727.947253][ T5891] usb 5-1: SerialNumber: syz [ 728.190100][T13146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 728.252152][T13146] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 728.282230][ T5891] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 728.291310][ T5891] usb 5-1: 2:1 : unknown format tag 0x1 is detected. processed as MPEG. [ 728.304000][ T5891] usb 5-1: found format II with max.bitrate = 6, frame size=2 [ 728.325665][ T5891] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 728.344414][ T5891] usb 5-1: 2:1 : unknown format tag 0x1 is detected. processed as MPEG. [ 728.369771][ T5891] usb 5-1: found format II with max.bitrate = 6, frame size=2 [ 728.545742][ T5891] usb 5-1: USB disconnect, device number 28 [ 728.779838][ T96] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 728.817223][T13160] lo speed is unknown, defaulting to 1000 [ 728.959805][ T96] usb 3-1: Using ep0 maxpacket: 32 [ 729.064597][ T82] hsr_slave_0: left promiscuous mode [ 729.184128][ T82] hsr_slave_1: left promiscuous mode [ 729.297056][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 729.384742][ T82] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 729.518636][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 729.615756][ T82] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 729.619721][T10676] Bluetooth: hci2: command tx timeout [ 729.864770][ T96] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 729.873252][ T96] usb 3-1: config 0 has no interface number 0 [ 729.889566][ T96] usb 3-1: config 0 interface 12 has no altsetting 0 [ 729.900317][ T96] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 729.916855][ T96] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.929548][ T96] usb 3-1: Product: syz [ 729.933833][ T96] usb 3-1: Manufacturer: syz [ 729.944183][ T96] usb 3-1: SerialNumber: syz [ 730.085650][T13192] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1690'. [ 730.457386][ T96] usb 3-1: config 0 descriptor?? [ 730.464332][ T82] veth1_macvtap: left promiscuous mode [ 730.622644][ T82] veth0_macvtap: left promiscuous mode [ 730.666066][ T82] veth1_vlan: left promiscuous mode [ 730.685049][ T82] veth0_vlan: left promiscuous mode [ 730.880700][T13198] QAT: Stopping all acceleration devices. [ 731.831741][T10676] Bluetooth: hci2: command tx timeout [ 733.859424][T10676] Bluetooth: hci2: command tx timeout [ 734.598949][ T82] team0 (unregistering): Port device team_slave_1 removed [ 734.659658][ T82] team0 (unregistering): Port device team_slave_0 removed [ 735.094061][ T96] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -32 [ 735.102867][ T96] f81534 3-1:0.12: f81534_find_config_idx: read failed: -32 [ 735.110545][ T96] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -32 [ 735.118358][ T96] f81534 3-1:0.12: probe with driver f81534 failed with error -32 [ 735.507904][ T96] usb 3-1: USB disconnect, device number 25 [ 735.837895][ T30] audit: type=1800 audit(1747562539.833:176): pid=13226 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1695" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 735.969786][T10676] Bluetooth: hci2: command tx timeout [ 737.329753][T13241] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1698' sets config #1 [ 738.037209][T13160] chnl_net:caif_netlink_parms(): no params data found [ 739.226863][T13160] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.270755][T13160] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.288559][T13160] bridge_slave_0: entered allmulticast mode [ 739.299760][T13160] bridge_slave_0: entered promiscuous mode [ 739.360084][T13160] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.360134][T13252] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1701'. [ 739.368801][T13160] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.387171][T13160] bridge_slave_1: entered allmulticast mode [ 739.395395][T13160] bridge_slave_1: entered promiscuous mode [ 739.496338][T13262] fuse: Bad value for 'user_id' [ 739.509071][T13262] fuse: Bad value for 'user_id' [ 739.542749][T13270] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 739.600438][T13252] x_tables: duplicate underflow at hook 3 [ 739.845244][T13160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 739.925202][T13160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 740.547390][T13285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1706'. [ 741.443207][T13160] team0: Port device team_slave_0 added [ 742.523675][T13160] team0: Port device team_slave_1 added [ 743.276719][ T30] audit: type=1326 audit(1747562546.753:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.368937][ T30] audit: type=1326 audit(1747562546.753:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.391662][ T30] audit: type=1326 audit(1747562546.763:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.645237][ T30] audit: type=1326 audit(1747562546.763:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.694448][ T30] audit: type=1326 audit(1747562546.763:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.847466][ T30] audit: type=1326 audit(1747562546.763:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.950874][T13318] overlayfs: missing 'lowerdir' [ 744.967637][ T30] audit: type=1326 audit(1747562546.763:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 744.990965][ T30] audit: type=1326 audit(1747562546.763:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 745.398083][ T30] audit: type=1326 audit(1747562546.763:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 745.469968][T13317] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1714'. [ 745.488768][ T30] audit: type=1326 audit(1747562546.763:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13294 comm="syz.2.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9aad8e969 code=0x7ffc0000 [ 745.541028][T13160] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 745.592526][T13160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 745.665586][T13160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 745.697575][T13160] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 745.727497][T13160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 745.864012][T13160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 745.976055][T13332] FAULT_INJECTION: forcing a failure. [ 745.976055][T13332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 746.033853][T13332] CPU: 1 UID: 0 PID: 13332 Comm: syz.2.1717 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 746.033886][T13332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 746.033899][T13332] Call Trace: [ 746.033908][T13332] [ 746.033917][T13332] dump_stack_lvl+0x189/0x250 [ 746.033964][T13332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 746.033992][T13332] ? __pfx__printk+0x10/0x10 [ 746.034038][T13332] should_fail_ex+0x414/0x560 [ 746.034066][T13332] _copy_to_user+0x31/0xb0 [ 746.034097][T13332] simple_read_from_buffer+0xe1/0x170 [ 746.034132][T13332] proc_fail_nth_read+0x1df/0x250 [ 746.034158][T13332] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 746.034183][T13332] ? rw_verify_area+0x258/0x650 [ 746.034210][T13332] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 746.034233][T13332] vfs_read+0x200/0x980 [ 746.034267][T13332] ? __pfx___mutex_lock+0x10/0x10 [ 746.034295][T13332] ? __pfx_vfs_read+0x10/0x10 [ 746.034324][T13332] ? __fget_files+0x2a/0x420 [ 746.034352][T13332] ? __fget_files+0x3a0/0x420 [ 746.034369][T13332] ? __fget_files+0x2a/0x420 [ 746.034398][T13332] ksys_read+0x145/0x250 [ 746.034424][T13332] ? rcu_is_watching+0x15/0xb0 [ 746.034455][T13332] ? __pfx_ksys_read+0x10/0x10 [ 746.034487][T13332] ? do_syscall_64+0xba/0x210 [ 746.034519][T13332] do_syscall_64+0xf6/0x210 [ 746.034545][T13332] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 746.034566][T13332] ? clear_bhb_loop+0x60/0xb0 [ 746.034590][T13332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.034609][T13332] RIP: 0033:0x7fa9aad8d37c [ 746.034627][T13332] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 746.034644][T13332] RSP: 002b:00007fa9abc48030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 746.034666][T13332] RAX: ffffffffffffffda RBX: 00007fa9aafb5fa0 RCX: 00007fa9aad8d37c [ 746.034680][T13332] RDX: 000000000000000f RSI: 00007fa9abc480a0 RDI: 0000000000000004 [ 746.034693][T13332] RBP: 00007fa9abc48090 R08: 0000000000000000 R09: 0000000000000000 [ 746.034709][T13332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.034718][T13332] R13: 0000000000000000 R14: 00007fa9aafb5fa0 R15: 00007ffc2f0af8b8 [ 746.034747][T13332] [ 746.565495][T13340] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1718'. [ 747.314917][T13160] hsr_slave_0: entered promiscuous mode [ 747.362094][T13160] hsr_slave_1: entered promiscuous mode [ 747.385571][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.574065][T13358] QAT: Stopping all acceleration devices. [ 749.458712][ T9667] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 749.628718][ T9667] usb 3-1: Using ep0 maxpacket: 16 [ 749.646116][ T9667] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 749.671359][ T9667] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.724980][ T9667] usb 3-1: config 0 descriptor?? [ 749.753211][ T9667] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 750.958739][ T96] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 751.140238][ T96] usb 1-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 751.167922][T13389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 751.168562][ T96] usb 1-1: config 0 interface 0 has no altsetting 0 [ 751.196010][ T96] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 751.207357][T13389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 751.210889][ T96] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.228684][ T59] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 751.294191][ T96] usb 1-1: config 0 descriptor?? [ 751.317328][ T96] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 751.330970][ T9667] usb 3-1: USB disconnect, device number 26 [ 751.452062][ T59] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 751.497359][ T59] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 751.568660][ T59] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 751.596438][ T59] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 751.629387][ T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.690190][ T59] usb 2-1: Product: syz [ 751.726241][ T59] usb 2-1: Manufacturer: syz [ 751.781041][ T59] usb 2-1: SerialNumber: syz [ 751.977330][ T59] usb 2-1: config 0 descriptor?? [ 752.082591][T13384] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 752.472816][ T59] usb 2-1: USB disconnect, device number 22 [ 752.536118][T13160] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 752.689505][T13408] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1732'. [ 753.101255][T13160] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 753.156553][T13160] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 753.281425][T13160] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 754.175322][T13418] QAT: Stopping all acceleration devices. [ 754.949620][T10606] usb 1-1: USB disconnect, device number 20 [ 755.137094][ T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.256436][T13419] : entered promiscuous mode [ 755.428408][T13432] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 755.536391][T13433] netlink: 'syz.1.1741': attribute type 21 has an invalid length. [ 755.701738][ T9] usb 1-1: new low-speed USB device number 21 using dummy_hcd [ 756.022580][ T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.072162][T13433] netlink: 'syz.1.1741': attribute type 6 has an invalid length. [ 756.080925][T13433] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1741'. [ 756.136694][ T9] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 756.151567][ T9] usb 1-1: config 0 has no interface number 0 [ 756.251182][ T5825] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 756.281397][ T5825] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 756.283870][ T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.367130][ T5825] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 756.397371][ T5825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 756.406542][ T5825] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 756.607893][ T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.023927][T13160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 757.632661][T13160] 8021q: adding VLAN 0 to HW filter on device team0 [ 757.657853][T13438] lo speed is unknown, defaulting to 1000 [ 757.687151][ T6061] bridge0: port 1(bridge_slave_0) entered blocking state [ 757.694336][ T6061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 757.803819][ T6061] bridge0: port 2(bridge_slave_1) entered blocking state [ 757.811071][ T6061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 758.531513][ T5825] Bluetooth: hci1: command tx timeout [ 758.957047][ T9] usb 1-1: New USB device found, idVendor=1b3d, idProduct=01ae, bcdDevice=1d.45 [ 758.978156][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.032530][ T9] usb 1-1: config 0 descriptor?? [ 759.050458][ T9] usb 1-1: can't set config #0, error -71 [ 759.090037][ T9] usb 1-1: USB disconnect, device number 21 [ 759.220784][T13160] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 759.378586][ T53] bridge_slave_1: left allmulticast mode [ 759.387301][ T53] bridge_slave_1: left promiscuous mode [ 759.434094][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.262910][ T53] bridge_slave_0: left allmulticast mode [ 760.306060][ T53] bridge_slave_0: left promiscuous mode [ 760.340586][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.592336][ T5825] Bluetooth: hci1: command tx timeout [ 760.745101][T13473] FAULT_INJECTION: forcing a failure. [ 760.745101][T13473] name failslab, interval 1, probability 0, space 0, times 0 [ 760.758451][T13473] CPU: 1 UID: 0 PID: 13473 Comm: syz.4.1748 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 760.758479][T13473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 760.758491][T13473] Call Trace: [ 760.758500][T13473] [ 760.758509][T13473] dump_stack_lvl+0x189/0x250 [ 760.758544][T13473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 760.758570][T13473] ? __pfx__printk+0x10/0x10 [ 760.758602][T13473] ? __pfx___might_resched+0x10/0x10 [ 760.758630][T13473] ? fs_reclaim_acquire+0x7d/0x100 [ 760.758669][T13473] should_fail_ex+0x414/0x560 [ 760.758694][T13473] should_failslab+0xa8/0x100 [ 760.758713][T13473] __kmalloc_cache_noprof+0x70/0x3d0 [ 760.758742][T13473] ? sctp_stream_init_ext+0x57/0x180 [ 760.758770][T13473] sctp_stream_init_ext+0x57/0x180 [ 760.758800][T13473] sctp_sendmsg_to_asoc+0x12fd/0x1810 [ 760.758817][T13473] ? __asan_memcpy+0x40/0x70 [ 760.758851][T13473] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 760.758884][T13473] ? sctp_connect_new_asoc+0x3f0/0x690 [ 760.758904][T13473] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 760.758923][T13473] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 760.758944][T13473] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 760.758964][T13473] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 760.758981][T13473] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 760.759001][T13473] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 760.759025][T13473] ? security_sctp_bind_connect+0x7e/0x2e0 [ 760.759052][T13473] sctp_sendmsg+0x1941/0x2810 [ 760.759082][T13473] ? __pfx_sctp_sendmsg+0x10/0x10 [ 760.759103][T13473] ? __lock_acquire+0xaac/0xd20 [ 760.759147][T13473] ? sock_rps_record_flow+0x19/0x400 [ 760.759181][T13473] ? inet_sendmsg+0x2f4/0x370 [ 760.759217][T13473] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 760.759243][T13473] __sock_sendmsg+0x19c/0x270 [ 760.759269][T13473] __sys_sendto+0x3bd/0x520 [ 760.759297][T13473] ? __pfx___sys_sendto+0x10/0x10 [ 760.759319][T13473] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 760.759361][T13473] ? __fget_files+0x3a0/0x420 [ 760.759393][T13473] ? ksys_write+0x1f0/0x250 [ 760.759432][T13473] __x64_sys_sendto+0xde/0x100 [ 760.759461][T13473] do_syscall_64+0xf6/0x210 [ 760.759490][T13473] ? clear_bhb_loop+0x60/0xb0 [ 760.759515][T13473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.759535][T13473] RIP: 0033:0x7f7f1278e969 [ 760.759554][T13473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.759573][T13473] RSP: 002b:00007f7f136c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 760.759596][T13473] RAX: ffffffffffffffda RBX: 00007f7f129b5fa0 RCX: 00007f7f1278e969 [ 760.759612][T13473] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003 [ 760.759625][T13473] RBP: 00007f7f136c1090 R08: 0000200000000200 R09: 000000000000001c [ 760.759638][T13473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 760.759650][T13473] R13: 0000000000000000 R14: 00007f7f129b5fa0 R15: 00007ffde1494f88 [ 760.759688][T13473] [ 762.172527][T13487] QAT: Stopping all acceleration devices. [ 762.668403][ T5825] Bluetooth: hci1: command tx timeout [ 763.260643][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 763.334611][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 763.373850][ T53] bond0 (unregistering): Released all slaves [ 763.380906][T13496] Falling back ldisc for ttyprintk. [ 763.682015][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 763.682036][ T30] audit: type=1800 audit(1747562567.684:219): pid=13511 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1754" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 763.791487][T13517] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 764.738008][ T5825] Bluetooth: hci1: command tx timeout [ 766.459682][T13538] netlink: 'syz.1.1758': attribute type 1 has an invalid length. [ 766.544742][ T53] hsr_slave_0: left promiscuous mode [ 766.557380][ T53] hsr_slave_1: left promiscuous mode [ 766.569554][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 766.577151][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 766.586782][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 766.603812][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 766.772181][ T53] veth1_macvtap: left promiscuous mode [ 766.806965][ T53] veth0_macvtap: left promiscuous mode [ 766.822149][ T53] veth1_vlan: left promiscuous mode [ 766.848564][ T53] veth0_vlan: left promiscuous mode [ 766.919095][T13554] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1762'. [ 767.057093][ T30] audit: type=1326 audit(1747562571.084:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13556 comm="syz.4.1763" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f1278e969 code=0x0 [ 767.180397][T13560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1762'. [ 767.681283][ T53] team0 (unregistering): Port device team_slave_1 removed [ 767.736245][ T53] team0 (unregistering): Port device team_slave_0 removed [ 767.949084][T13566] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 768.314945][T13160] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 768.395548][T13438] chnl_net:caif_netlink_parms(): no params data found [ 769.361970][T13438] bridge0: port 1(bridge_slave_0) entered blocking state [ 769.371273][T13438] bridge0: port 1(bridge_slave_0) entered disabled state [ 769.380550][T13438] bridge_slave_0: entered allmulticast mode [ 769.389399][T13438] bridge_slave_0: entered promiscuous mode [ 773.200670][T13629] IPVS: length: 78 != 8 [ 774.127816][T13638] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 774.925069][T13438] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.947319][T13438] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.956250][T13438] bridge_slave_1: entered allmulticast mode [ 774.995085][T13438] bridge_slave_1: entered promiscuous mode [ 775.468790][T13160] veth0_vlan: entered promiscuous mode [ 775.517291][T13643] hsr0: entered promiscuous mode [ 775.813250][T13438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 775.852905][T13160] veth1_vlan: entered promiscuous mode [ 775.867966][ T5891] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 776.053927][T13438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 776.960670][ T5891] usb 2-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xB8, changing to 0x88 [ 776.990198][ T5891] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 777.011268][ T5891] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 777.036187][T13438] team0: Port device team_slave_0 added [ 777.054683][ T5891] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 777.071531][T13438] team0: Port device team_slave_1 added [ 777.078867][ T5891] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 777.110035][ T5891] usb 2-1: Manufacturer: syz [ 777.145843][ T5891] usb 2-1: SerialNumber: syz [ 777.190836][T13438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 777.204653][T13438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.239172][T13438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.286022][T13438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.301797][T13438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.336301][T13438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.554782][T13438] hsr_slave_0: entered promiscuous mode [ 777.593761][T13438] hsr_slave_1: entered promiscuous mode [ 777.622968][T13438] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 777.663430][T13438] Cannot create hsr debugfs directory [ 777.855719][T13160] veth0_macvtap: entered promiscuous mode [ 777.994274][T13641] hsr0: left promiscuous mode [ 778.134566][T13160] veth1_macvtap: entered promiscuous mode [ 779.267840][T13160] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 779.343174][ T5891] yealink 2-1:36.0: invalid payload size 0, expected 16 [ 779.362202][ T5891] input: Yealink usb-p1k as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:36.0/input/input18 [ 779.385572][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.385821][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.386074][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.386331][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.386571][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.387885][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.388093][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.388307][ C0] yealink 2-1:36.0: urb_ctl_callback - urb status -71 [ 779.388327][ C0] yealink 2-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 779.423628][ T5891] usb 2-1: USB disconnect, device number 23 [ 780.324404][T13682] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1787'. [ 780.341705][T13682] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1787'. [ 780.463679][T13684] ttyprintk ttyprintk: ldisc open failed (-12), clearing slot 0 [ 780.868156][T13160] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 781.174958][T13160] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.436740][T13160] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.467858][T13160] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.486834][T13160] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.536632][ T5891] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 782.726610][ T5891] usb 1-1: Using ep0 maxpacket: 16 [ 782.733996][ T5891] usb 1-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 782.757797][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 782.774541][ T5891] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.05 [ 782.795579][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.822161][ T5891] usb 1-1: config 0 descriptor?? [ 782.840532][ T5891] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 783.266066][T13438] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 783.282556][T13438] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 783.305379][T13438] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 783.382670][ T7110] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 783.415093][T13438] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 783.514295][ T7110] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 783.629288][T13438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 783.727819][T13438] 8021q: adding VLAN 0 to HW filter on device team0 [ 783.865008][T13727] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1791'. [ 783.882396][T13727] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1791'. [ 784.002807][ T7110] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.149752][ T6572] bridge0: port 1(bridge_slave_0) entered blocking state [ 784.156939][ T6572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 784.378330][T13736] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1793'. [ 784.719538][ T7110] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 784.815718][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 784.822962][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 785.039876][ T5872] usb 1-1: USB disconnect, device number 22 [ 785.162771][T13748] xt_recent: hitcount (262144) is larger than allowed maximum (65535) [ 786.240842][ T5891] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 786.721991][ T5891] usb 2-1: config 0 has an invalid interface number: 39 but max is 0 [ 786.741331][T10676] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 786.766738][T10676] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 786.773904][ T5891] usb 2-1: config 0 has no interface number 0 [ 786.782932][T10676] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 786.795067][T10676] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 786.805215][T10676] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 786.863068][ T5891] usb 2-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 786.912757][ T5891] usb 2-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 786.991615][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.023606][ T7110] bridge_slave_1: left allmulticast mode [ 787.039338][ T5891] usb 2-1: Product: syz [ 787.045143][ T7110] bridge_slave_1: left promiscuous mode [ 787.110619][ T5891] usb 2-1: Manufacturer: syz [ 787.125443][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.166436][ T5891] usb 2-1: SerialNumber: syz [ 787.263017][ T5891] usb 2-1: config 0 descriptor?? [ 787.822028][ T7110] bridge_slave_0: left allmulticast mode [ 787.864326][ T7110] bridge_slave_0: left promiscuous mode [ 787.882979][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state [ 788.896368][T10676] Bluetooth: hci2: command tx timeout [ 789.096700][ T5891] usb 2-1: USB disconnect, device number 24 [ 789.148874][T13651] udevd[13651]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 790.158681][T13802] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1803'. [ 790.592463][ T7110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 790.611450][ T7110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 790.625071][ T7110] bond0 (unregistering): Released all slaves [ 790.922491][T13757] lo speed is unknown, defaulting to 1000 [ 790.979164][T10676] Bluetooth: hci2: command tx timeout [ 791.070882][ T7110] hsr_slave_0: left promiscuous mode [ 791.096605][ T7110] hsr_slave_1: left promiscuous mode [ 791.123056][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 791.171937][ T7110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 791.182475][T13819] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1806'. [ 791.219199][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 791.241066][ T7110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 791.379176][ T7110] veth1_macvtap: left promiscuous mode [ 791.400364][ T7110] veth0_macvtap: left promiscuous mode [ 791.408449][ T7110] veth1_vlan: left promiscuous mode [ 791.415171][ T7110] veth0_vlan: left promiscuous mode [ 792.713078][ T7110] team0 (unregistering): Port device team_slave_1 removed [ 792.791813][ T7110] team0 (unregistering): Port device team_slave_0 removed [ 793.061014][T10676] Bluetooth: hci2: command tx timeout [ 793.523660][T13826] tipc: Cannot configure node identity twice [ 793.663283][T13438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 794.093554][T13438] veth0_vlan: entered promiscuous mode [ 794.182099][T13757] chnl_net:caif_netlink_parms(): no params data found [ 794.225059][T13438] veth1_vlan: entered promiscuous mode [ 794.960672][ T7110] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.147819][T10676] Bluetooth: hci2: command tx timeout [ 795.234216][ T7110] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.323838][T13757] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.346010][T13757] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.567589][T13757] bridge_slave_0: entered allmulticast mode [ 795.576443][T13757] bridge_slave_0: entered promiscuous mode [ 795.587697][T13757] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.594854][T13757] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.602195][T13757] bridge_slave_1: entered allmulticast mode [ 795.609802][T13757] bridge_slave_1: entered promiscuous mode [ 796.340332][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 796.355584][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 796.364108][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 796.372301][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 796.380217][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 796.417212][ T7110] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.488850][T13438] veth0_macvtap: entered promiscuous mode [ 796.537646][T13438] veth1_macvtap: entered promiscuous mode [ 796.662801][T13757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 797.087161][ T7110] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 797.239669][T13757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 797.259376][T13869] lo speed is unknown, defaulting to 1000 [ 797.289826][T13875] tipc: Cannot configure node identity twice [ 797.310998][T13438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 797.520554][T13438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 797.951342][T13757] team0: Port device team_slave_0 added [ 798.080851][T13757] team0: Port device team_slave_1 added [ 798.447319][T10676] Bluetooth: hci4: command tx timeout [ 798.665220][T13438] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.685785][T13438] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.694558][T13438] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.725793][T13438] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.762073][T13757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 798.790792][T13757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 798.835755][T13757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 798.853447][T13757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 798.862225][T13757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 798.889784][T13757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 798.933516][ T7110] bridge_slave_1: left allmulticast mode [ 798.939454][ T7110] bridge_slave_1: left promiscuous mode [ 798.945289][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state [ 798.995011][ T7110] bridge_slave_0: left allmulticast mode [ 799.016568][ T7110] bridge_slave_0: left promiscuous mode [ 799.022431][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state [ 799.893152][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 799.916397][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 799.920923][T13896] FAULT_INJECTION: forcing a failure. [ 799.920923][T13896] name failslab, interval 1, probability 0, space 0, times 0 [ 799.943901][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 799.945659][T13896] CPU: 0 UID: 0 PID: 13896 Comm: syz.1.1824 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 799.945689][T13896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 799.945703][T13896] Call Trace: [ 799.945712][T13896] [ 799.945722][T13896] dump_stack_lvl+0x189/0x250 [ 799.945762][T13896] ? __pfx_dump_stack_lvl+0x10/0x10 [ 799.945792][T13896] ? __pfx__printk+0x10/0x10 [ 799.945828][T13896] ? __pfx___might_resched+0x10/0x10 [ 799.945869][T13896] ? fs_reclaim_acquire+0x7d/0x100 [ 799.945900][T13896] should_fail_ex+0x414/0x560 [ 799.945928][T13896] should_failslab+0xa8/0x100 [ 799.945951][T13896] kmem_cache_alloc_noprof+0x73/0x3c0 [ 799.945982][T13896] ? security_file_alloc+0x34/0x330 [ 799.946013][T13896] security_file_alloc+0x34/0x330 [ 799.946041][T13896] init_file+0x93/0x2f0 [ 799.946068][T13896] alloc_empty_file+0x6e/0x1d0 [ 799.946099][T13896] path_openat+0x107/0x3830 [ 799.946124][T13896] ? arch_stack_walk+0xfc/0x150 [ 799.946166][T13896] ? stack_trace_save+0x9c/0xe0 [ 799.946190][T13896] ? stack_depot_save_flags+0x40/0x910 [ 799.946216][T13896] ? __lock_acquire+0xaac/0xd20 [ 799.946248][T13896] ? kasan_save_track+0x4f/0x80 [ 799.946277][T13896] ? __kasan_slab_alloc+0x6c/0x80 [ 799.946305][T13896] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 799.946335][T13896] ? getname_flags+0xb8/0x540 [ 799.946355][T13896] ? __pfx_path_openat+0x10/0x10 [ 799.946378][T13896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.946424][T13896] do_filp_open+0x1fa/0x410 [ 799.946453][T13896] ? __pfx_do_filp_open+0x10/0x10 [ 799.946506][T13896] ? _raw_spin_unlock+0x28/0x50 [ 799.946528][T13896] ? alloc_fd+0x64c/0x6c0 [ 799.946574][T13896] do_sys_openat2+0x121/0x1c0 [ 799.946619][T13896] ? __pfx_do_sys_openat2+0x10/0x10 [ 799.946645][T13896] ? exc_page_fault+0x68/0x110 [ 799.946675][T13896] ? do_user_addr_fault+0xc8a/0x1390 [ 799.946714][T13896] __x64_sys_openat+0x138/0x170 [ 799.946745][T13896] do_syscall_64+0xf6/0x210 [ 799.946775][T13896] ? clear_bhb_loop+0x60/0xb0 [ 799.946802][T13896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.946823][T13896] RIP: 0033:0x7fc3b798d2d0 [ 799.946845][T13896] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 799.946865][T13896] RSP: 002b:00007fc3b88d1ef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 799.946888][T13896] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc3b798d2d0 [ 799.946904][T13896] RDX: 0000000000000002 RSI: 00007fc3b7a1078c RDI: 00000000ffffff9c [ 799.946917][T13896] RBP: 00007fc3b7a1078c R08: 0000000000000000 R09: 0000000000000000 [ 799.946931][T13896] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 799.946944][T13896] R13: 0000000000000024 R14: 0000200000000400 R15: 00007fff24ea6d08 [ 799.946977][T13896] [ 800.249912][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 800.276848][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 800.502813][T10676] Bluetooth: hci4: command tx timeout [ 800.833593][ T7110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 800.852444][ T7110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 800.863605][ T7110] bond0 (unregistering): Released all slaves [ 801.042811][ T7110] bond1 (unregistering): Released all slaves [ 801.241651][ T7110] bond2 (unregistering): Released all slaves [ 801.463809][ T7110] bond3 (unregistering): Released all slaves [ 801.498763][T13911] ceph: No mds server is up or the cluster is laggy [ 801.739705][ T7110] bond4 (unregistering): Released all slaves [ 802.011891][ T7110] bond5 (unregistering): Released all slaves [ 802.273448][ T7110] bond6 (unregistering): Released all slaves [ 802.345777][T10676] Bluetooth: hci0: command tx timeout [ 802.581653][T10676] Bluetooth: hci4: command tx timeout [ 802.890480][ T7110] tipc: Disabling bearer [ 802.914302][ T7110] tipc: Left network mode [ 803.179716][T13757] hsr_slave_0: entered promiscuous mode [ 803.190543][T13757] hsr_slave_1: entered promiscuous mode [ 803.204102][T13893] lo speed is unknown, defaulting to 1000 [ 803.909628][T13869] chnl_net:caif_netlink_parms(): no params data found [ 804.002208][ T7110] mac80211_hwsim hwsim8 wlan0 (unregistering): left allmulticast mode [ 804.289980][ T6061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 804.344042][ T6061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.415476][T10676] Bluetooth: hci0: command tx timeout [ 804.655656][T10676] Bluetooth: hci4: command tx timeout [ 805.039113][ T7110] hsr_slave_0: left promiscuous mode [ 805.056051][ T7110] hsr_slave_1: left promiscuous mode [ 805.062465][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 805.077702][ T7110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 805.089968][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 805.099350][ T7110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 805.143758][ T7110] veth1_macvtap: left promiscuous mode [ 805.151681][ T7110] veth0_macvtap: left promiscuous mode [ 805.159168][ T7110] veth1_vlan: left promiscuous mode [ 805.164571][ T7110] veth0_vlan: left promiscuous mode [ 805.780627][ T7110] team0 (unregistering): Port device team_slave_1 removed [ 805.840149][ T7110] team0 (unregistering): Port device team_slave_0 removed [ 806.333906][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 806.344436][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 806.496023][T10676] Bluetooth: hci0: command tx timeout [ 806.641827][T13893] chnl_net:caif_netlink_parms(): no params data found [ 806.674337][T13869] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.692467][T13869] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.701204][T13869] bridge_slave_0: entered allmulticast mode [ 806.714639][T13869] bridge_slave_0: entered promiscuous mode [ 806.730096][T13869] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.740212][T13869] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.765100][T13869] bridge_slave_1: entered allmulticast mode [ 806.783666][T13869] bridge_slave_1: entered promiscuous mode [ 807.033201][ T59] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 807.225556][ T59] usb 2-1: device descriptor read/64, error -71 [ 807.518350][T13869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 807.541183][T13869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 807.564335][ T59] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 807.728461][ T59] usb 2-1: device descriptor read/64, error -71 [ 807.804087][T13869] team0: Port device team_slave_0 added [ 807.848340][T13869] team0: Port device team_slave_1 added [ 807.860844][ T59] usb usb2-port1: attempt power cycle [ 807.914450][ T7110] IPVS: stop unused estimator thread 0... [ 807.955280][ T5872] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 808.003093][T13869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 808.022574][T13869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 808.049220][T13869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 808.062324][T13869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 808.069503][T13869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 808.097995][T13869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 808.138749][ T5872] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 808.150904][T13893] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.165307][T13893] bridge0: port 1(bridge_slave_0) entered disabled state [ 808.172510][ T5872] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 808.189016][T13893] bridge_slave_0: entered allmulticast mode [ 808.195468][ T5872] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 808.204559][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 808.205282][ T59] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 808.215754][T13893] bridge_slave_0: entered promiscuous mode [ 808.244507][ T5872] usb 3-1: config 0 descriptor?? [ 808.251581][ T59] usb 2-1: device descriptor read/8, error -71 [ 808.293622][T13893] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.301010][T13893] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.309174][T13893] bridge_slave_1: entered allmulticast mode [ 808.318005][T13893] bridge_slave_1: entered promiscuous mode [ 808.408818][ T7110] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.495412][ T59] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 808.512337][T13893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 808.515911][ T59] usb 2-1: device descriptor read/8, error -71 [ 808.573551][T13893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 808.575317][T10676] Bluetooth: hci0: command tx timeout [ 808.622710][ T7110] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.651507][ T59] usb usb2-port1: unable to enumerate USB device [ 808.686542][T13869] hsr_slave_0: entered promiscuous mode [ 808.706967][T13869] hsr_slave_1: entered promiscuous mode [ 808.713255][T13869] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 808.723344][ T59] usb 3-1: USB disconnect, device number 27 [ 808.729510][T13869] Cannot create hsr debugfs directory [ 808.820394][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.828977][ T7110] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.907127][T13893] team0: Port device team_slave_0 added [ 808.913467][T13757] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 808.948958][ T7110] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.973461][T13893] team0: Port device team_slave_1 added [ 808.985711][T13757] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 808.997389][T13757] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 809.052364][T13757] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 809.084366][T13893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 809.099575][T13893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 809.126892][T13893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 809.157305][T13893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 809.164324][T13893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 809.190964][T13893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 809.309730][T13893] hsr_slave_0: entered promiscuous mode [ 809.316534][T13893] hsr_slave_1: entered promiscuous mode [ 809.323216][T13893] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 809.331020][T13893] Cannot create hsr debugfs directory [ 810.055789][ T7110] bridge_slave_1: left allmulticast mode [ 810.061900][ T7110] bridge_slave_1: left promiscuous mode [ 810.098304][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state [ 810.304672][ T7110] bridge_slave_0: left allmulticast mode [ 810.319958][ T7110] bridge_slave_0: left promiscuous mode [ 810.333229][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state [ 811.906037][ T7110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 811.921836][ T7110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 811.932219][ T7110] bond0 (unregistering): Released all slaves [ 812.155086][ T5872] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 812.305989][ T5872] usb 3-1: Using ep0 maxpacket: 8 [ 812.389931][ T5872] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 812.413908][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.485945][ T5872] usb 3-1: Product: syz [ 812.490526][ T5872] usb 3-1: Manufacturer: syz [ 812.504982][ T5872] usb 3-1: SerialNumber: syz [ 812.623307][ T5872] usb 3-1: config 0 descriptor?? [ 812.925968][ T5872] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 813.107343][ T7110] hsr_slave_0: left promiscuous mode [ 813.113622][ T7110] hsr_slave_1: left promiscuous mode [ 813.122704][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 813.131788][ T7110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 813.140835][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 813.148840][ T7110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 813.160889][T14003] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1844'. [ 813.184030][ T7110] veth1_macvtap: left promiscuous mode [ 813.189941][ T7110] veth0_macvtap: left promiscuous mode [ 813.196324][ T7110] veth1_vlan: left promiscuous mode [ 813.203067][ T7110] veth0_vlan: left promiscuous mode [ 813.331581][ T5872] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 813.361233][ T5872] usb 3-1: USB disconnect, device number 28 [ 813.760856][ T7110] team0 (unregistering): Port device team_slave_1 removed [ 813.812739][ T7110] team0 (unregistering): Port device team_slave_0 removed [ 814.728240][T13757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 814.779173][T13757] 8021q: adding VLAN 0 to HW filter on device team0 [ 814.799879][T13869] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 814.810599][T14017] 9pnet_fd: Insufficient options for proto=fd [ 815.008579][T14021] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1851'. [ 815.022557][T14021] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1851'. [ 815.054338][T14021] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1851'. [ 815.090920][T14021] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1851'. [ 815.117091][ T6061] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.124302][ T6061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 815.171524][T13869] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 815.288976][T10739] bridge0: port 2(bridge_slave_1) entered blocking state [ 815.296208][T10739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 815.319539][T13869] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 815.362467][T13869] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 816.371425][T13757] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 816.422769][T13757] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 817.249609][T13869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 818.225696][T13869] 8021q: adding VLAN 0 to HW filter on device team0 [ 818.286790][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.293985][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 818.379078][T13893] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 818.476796][T12521] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.483950][T12521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 818.520754][T13893] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 818.619460][T13893] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 818.687212][T13893] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 819.209050][T13757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 819.514877][T14051] QAT: Stopping all acceleration devices. [ 820.350362][T14054] QAT: Stopping all acceleration devices. [ 820.740097][T13869] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 820.779940][T14056] FAULT_INJECTION: forcing a failure. [ 820.779940][T14056] name failslab, interval 1, probability 0, space 0, times 0 [ 820.801329][T14056] CPU: 1 UID: 0 PID: 14056 Comm: syz.2.1860 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 820.801360][T14056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.801373][T14056] Call Trace: [ 820.801382][T14056] [ 820.801391][T14056] dump_stack_lvl+0x189/0x250 [ 820.801427][T14056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 820.801454][T14056] ? __pfx__printk+0x10/0x10 [ 820.801491][T14056] ? __pfx___might_resched+0x10/0x10 [ 820.801525][T14056] should_fail_ex+0x414/0x560 [ 820.801549][T14056] should_failslab+0xa8/0x100 [ 820.801570][T14056] __kmalloc_cache_noprof+0x70/0x3d0 [ 820.801601][T14056] ? nft_delrule+0x57/0xba0 [ 820.801633][T14056] nft_delrule+0x57/0xba0 [ 820.801664][T14056] ? nft_pernet+0x23/0x240 [ 820.801693][T14056] ? nla_strcmp+0x106/0x140 [ 820.801713][T14056] ? nla_strcmp+0x106/0x140 [ 820.801739][T14056] nf_tables_delrule+0x99e/0x12e0 [ 820.801780][T14056] ? __pfx_nf_tables_delrule+0x10/0x10 [ 820.801803][T14056] ? nfnl_pernet+0x23/0x240 [ 820.801842][T14056] ? __nla_parse+0x40/0x60 [ 820.801872][T14056] nfnetlink_rcv+0x1142/0x2530 [ 820.801935][T14056] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 820.802018][T14056] ? skb_clone+0x246/0x3a0 [ 820.802076][T14056] ? netlink_deliver_tap+0x2e/0x1b0 [ 820.802098][T14056] ? netlink_deliver_tap+0x2e/0x1b0 [ 820.802127][T14056] netlink_unicast+0x758/0x8d0 [ 820.802161][T14056] netlink_sendmsg+0x805/0xb30 [ 820.802183][T14056] ? is_bpf_text_address+0x26/0x2b0 [ 820.802220][T14056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 820.802254][T14056] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 820.802276][T14056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 820.802301][T14056] __sock_sendmsg+0x219/0x270 [ 820.802325][T14056] ____sys_sendmsg+0x505/0x830 [ 820.802359][T14056] ? __pfx_____sys_sendmsg+0x10/0x10 [ 820.802394][T14056] ? import_iovec+0x74/0xa0 [ 820.802426][T14056] ___sys_sendmsg+0x21f/0x2a0 [ 820.802457][T14056] ? __pfx____sys_sendmsg+0x10/0x10 [ 820.802527][T14056] ? __fget_files+0x2a/0x420 [ 820.802545][T14056] ? __fget_files+0x3a0/0x420 [ 820.802575][T14056] __x64_sys_sendmsg+0x19b/0x260 [ 820.802606][T14056] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 820.802654][T14056] ? do_syscall_64+0xba/0x210 [ 820.802685][T14056] do_syscall_64+0xf6/0x210 [ 820.802712][T14056] ? clear_bhb_loop+0x60/0xb0 [ 820.802737][T14056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.802756][T14056] RIP: 0033:0x7f3ceaf8e969 [ 820.802775][T14056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 820.802793][T14056] RSP: 002b:00007f3cebe96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 820.802815][T14056] RAX: ffffffffffffffda RBX: 00007f3ceb1b5fa0 RCX: 00007f3ceaf8e969 [ 820.802830][T14056] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 820.802843][T14056] RBP: 00007f3cebe96090 R08: 0000000000000000 R09: 0000000000000000 [ 820.802855][T14056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 820.802867][T14056] R13: 0000000000000000 R14: 00007f3ceb1b5fa0 R15: 00007ffe226c6508 [ 820.802900][T14056] [ 821.125367][T13893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 821.149053][T13893] 8021q: adding VLAN 0 to HW filter on device team0 [ 821.210524][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 821.217725][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 821.323408][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 821.330672][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 821.397356][T13757] veth0_vlan: entered promiscuous mode [ 926.548417][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 926.555460][ C0] rcu: 1-...!: (1 GPs behind) idle=1ef4/1/0x4000000000000000 softirq=83106/83114 fqs=1 [ 926.566480][ C0] rcu: (detected by 0, t=10502 jiffies, g=70125, q=574 ncpus=2) [ 926.574237][ C0] Sending NMI from CPU 0 to CPUs 1: [ 926.574275][ C1] NMI backtrace for cpu 1 [ 926.574293][ C1] CPU: 1 UID: 0 PID: 14059 Comm: syz.1.1861 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 926.574314][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 926.574325][ C1] RIP: 0010:__lock_acquire+0xab8/0xd20 [ 926.574356][ C1] Code: 48 8b 3c 24 48 83 78 40 00 0f 84 7d 01 00 00 4c 89 fe 8b 54 24 08 4c 89 e9 e8 24 38 00 00 45 31 e4 85 c0 74 3b 41 f6 47 22 10 <75> 2e 48 8b 1c 24 4c 89 ab e0 0a 00 00 8b 83 e8 0a 00 00 ff c0 89 [ 926.574372][ C1] RSP: 0018:ffffc90000a08b50 EFLAGS: 00000046 [ 926.574388][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 3ebeaaa0d4a43000 [ 926.574400][ C1] RDX: 0000000000000001 RSI: ffff88802f4c6518 RDI: ffff88802f4c5a00 [ 926.574411][ C1] RBP: ffff88802f4c64f0 R08: 0000000000000000 R09: 0000000000080000 [ 926.574423][ C1] R10: 0000000000000000 R11: ffffffff8970f578 R12: 0000000000000000 [ 926.574434][ C1] R13: 0ac0d5affe09d4ff R14: 0000000000004008 R15: ffff88802f4c6518 [ 926.574446][ C1] FS: 00007fc3b88d46c0(0000) GS:ffff8881261f6000(0000) knlGS:0000000000000000 [ 926.574461][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 926.574473][ C1] CR2: 000020000001f000 CR3: 000000006dcd4000 CR4: 00000000003526f0 [ 926.574489][ C1] Call Trace: [ 926.574503][ C1] [ 926.574515][ C1] ? advance_sched+0x9f8/0xc90 [ 926.574538][ C1] lock_acquire+0x120/0x360 [ 926.574559][ C1] ? advance_sched+0x9f8/0xc90 [ 926.574583][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 926.574600][ C1] ? advance_sched+0x9f8/0xc90 [ 926.574621][ C1] advance_sched+0xa14/0xc90 [ 926.574641][ C1] ? advance_sched+0x9f8/0xc90 [ 926.574668][ C1] ? __pfx_advance_sched+0x10/0x10 [ 926.574688][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 926.574723][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 926.574747][ C1] ? read_tsc+0x9/0x20 [ 926.574776][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 926.574813][ C1] __sysvec_apic_timer_interrupt+0x108/0x410 [ 926.574836][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 926.574857][ C1] [ 926.574863][ C1] [ 926.574869][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 926.574887][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 [ 926.574907][ C1] Code: 74 05 e8 6b 74 75 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 63 f6 3e f6 65 8b 05 cc a5 20 07 85 c0 74 40 48 c7 04 24 0e 36 [ 926.574921][ C1] RSP: 0018:ffffc90003e9fb80 EFLAGS: 00000206 [ 926.574935][ C1] RAX: 3ebeaaa0d4a43000 RBX: 0000000000000a02 RCX: 3ebeaaa0d4a43000 [ 926.574947][ C1] RDX: 0000000000000007 RSI: ffffffff8d73ac7a RDI: 0000000000000001 [ 926.574958][ C1] RBP: ffffc90003e9fc10 R08: ffffffff8f7e0977 R09: 1ffffffff1efc12e [ 926.574970][ C1] R10: dffffc0000000000 R11: fffffbfff1efc12f R12: dffffc0000000000 [ 926.574983][ C1] R13: ffff8880b88276c0 R14: ffff8880b88276c0 R15: 1ffff920007d3f70 [ 926.575006][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 926.575024][ C1] ? read_tsc+0x9/0x20 [ 926.575053][ C1] clock_was_set+0x63b/0x7c0 [ 926.575081][ C1] ? __pfx_clock_was_set+0x10/0x10 [ 926.575101][ C1] ? do_settimeofday64+0x2d1/0x5e0 [ 926.575121][ C1] ? timekeeping_update_from_shadow+0x2b1/0x350 [ 926.575141][ C1] do_settimeofday64+0x2ec/0x5e0 [ 926.575162][ C1] ? __pfx_do_settimeofday64+0x10/0x10 [ 926.575179][ C1] ? ni6501_cnt_insn_write+0xa5/0x150 [ 926.575200][ C1] ? do_sys_settimeofday64+0x163/0x260 [ 926.575222][ C1] __x64_sys_clock_settime+0x229/0x280 [ 926.575243][ C1] ? __pfx___se_sys_futex+0x10/0x10 [ 926.575260][ C1] ? __pfx___x64_sys_clock_settime+0x10/0x10 [ 926.575282][ C1] ? do_syscall_64+0xba/0x210 [ 926.575307][ C1] do_syscall_64+0xf6/0x210 [ 926.575328][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 926.575345][ C1] ? clear_bhb_loop+0x60/0xb0 [ 926.575363][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.575379][ C1] RIP: 0033:0x7fc3b798e969 [ 926.575395][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 926.575409][ C1] RSP: 002b:00007fc3b88d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 [ 926.575425][ C1] RAX: ffffffffffffffda RBX: 00007fc3b7bb5fa0 RCX: 00007fc3b798e969 [ 926.575438][ C1] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000 [ 926.575448][ C1] RBP: 00007fc3b7a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 926.575459][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 926.575469][ C1] R13: 0000000000000000 R14: 00007fc3b7bb5fa0 R15: 00007fff24ea6d08 [ 926.575488][ C1] [ 926.576267][ C0] rcu: rcu_preempt kthread starved for 10334 jiffies! g70125 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 927.043623][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 927.053612][ C0] rcu: RCU grace-period kthread stack dump: [ 927.059514][ C0] task:rcu_preempt state:R running task stack:27080 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 927.073045][ C0] Call Trace: [ 927.076340][ C0] [ 927.079305][ C0] __schedule+0x168f/0x4c70 [ 927.083846][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 927.089076][ C0] ? schedule+0x165/0x360 [ 927.093434][ C0] ? __pfx___schedule+0x10/0x10 [ 927.098326][ C0] ? schedule+0x91/0x360 [ 927.102595][ C0] schedule+0x165/0x360 [ 927.106779][ C0] schedule_timeout+0x12b/0x270 [ 927.111651][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 927.117043][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 927.122967][ C0] ? __pfx_process_timeout+0x10/0x10 [ 927.128281][ C0] ? prepare_to_swait_event+0x341/0x380 [ 927.133859][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 927.138754][ C0] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 927.144677][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 927.149995][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 927.155220][ C0] ? finish_swait+0xcd/0x1f0 [ 927.159849][ C0] rcu_gp_kthread+0x99/0x390 [ 927.164471][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 927.169702][ C0] ? __kthread_parkme+0x7b/0x200 [ 927.174662][ C0] ? __kthread_parkme+0x1a1/0x200 [ 927.179722][ C0] kthread+0x711/0x8a0 [ 927.183818][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 927.189057][ C0] ? __pfx_kthread+0x10/0x10 [ 927.193671][ C0] ? __pfx_kthread+0x10/0x10 [ 927.198291][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 927.203508][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 927.208733][ C0] ? __pfx_kthread+0x10/0x10 [ 927.213345][ C0] ret_from_fork+0x4b/0x80 [ 927.217786][ C0] ? __pfx_kthread+0x10/0x10 [ 927.222400][ C0] ret_from_fork_asm+0x1a/0x30 [ 927.227220][ C0] [ 927.230255][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 927.236598][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 927.248245][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 927.258319][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 927.264062][ C0] Code: 43 d4 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 9f 18 00 f3 0f 1e fa fb f4 18 d4 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 927.283696][ C0] RSP: 0018:ffffffff8dc07d80 EFLAGS: 000002c6 [ 927.289787][ C0] RAX: 4eb5ab5e94f4ce00 RBX: ffffffff81977028 RCX: 4eb5ab5e94f4ce00 [ 927.297780][ C0] RDX: 0000000000000001 RSI: ffffffff8d73ac7a RDI: ffffffff8bc12080 [ 927.305770][ C0] RBP: ffffffff8dc07ec0 R08: ffff8880b8832b5b R09: 1ffff1101710656b [ 927.313770][ C0] R10: dffffc0000000000 R11: ffffed101710656c R12: ffffffff8f7e0970 [ 927.321759][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a48 [ 927.329749][ C0] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 927.338703][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 927.345305][ C0] CR2: 000000110c3ee775 CR3: 0000000062a7a000 CR4: 00000000003526f0 [ 927.353298][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 927.361291][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 927.369282][ C0] Call Trace: [ 927.372579][ C0] [ 927.375525][ C0] default_idle+0x13/0x20 [ 927.379884][ C0] default_idle_call+0x74/0xb0 [ 927.384684][ C0] do_idle+0x1e8/0x510 [ 927.388792][ C0] ? __pfx_do_idle+0x10/0x10 [ 927.393433][ C0] cpu_startup_entry+0x44/0x60 [ 927.398232][ C0] rest_init+0x2de/0x300 [ 927.402503][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 927.408082][ C0] start_kernel+0x470/0x4f0 [ 927.412616][ C0] x86_64_start_reservations+0x2a/0x30 [ 927.418110][ C0] x86_64_start_kernel+0x66/0x70 [ 927.423074][ C0] common_startup_64+0x13e/0x147 [ 927.428057][ C0]