last executing test programs: 2m48.853147527s ago: executing program 3 (id=227): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'veth1_macvtap\x00', 0x2000}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x0, 0x2, 0x6}}}}]}, 0x44}}, 0x0) syz_io_uring_setup(0x2d04, &(0x7f0000000180)={0x0, 0x575c, 0x1, 0x0, 0x168}, &(0x7f0000000280), &(0x7f0000000340)) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x25dfdbfd, {0x1d, 0x1, 0x2}, [@CGW_DST_IF={0x8, 0xa, r6}, @CGW_SRC_IF={0x8, 0x9, r7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x20004000) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="240000001900110027bd7000000000001d01000008", @ANYRES32=0x0, @ANYBLOB='\b\x00\t'], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd24, 0x25dbdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_route={{0xa}, {0x3c, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xa, 0xffff}}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0xffe0, 0xffff}}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0xfff1, 0x3}}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_IIF={0x6}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0xfff1, 0xd}}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x35}]}}]}, 0x6c}}, 0x4804) 2m48.244515464s ago: executing program 3 (id=229): socket(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x24, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x2}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff3, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x2c}}, 0x44080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8000000000000, 0x0, 0x80c0}, 0x8004) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x1000) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) ioctl$TCXONC(0xffffffffffffffff, 0x5608, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0xf3db5839d5726f3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) unshare(0x2c040000) syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 2m47.191161306s ago: executing program 3 (id=230): socket(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x24, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x2}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff3, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x2c}}, 0x44080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8000000000000, 0x0, 0x80c0}, 0x8004) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x1000) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) ioctl$TCXONC(0xffffffffffffffff, 0x5608, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0xf3db5839d5726f3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) unshare(0x2c040000) syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 2m45.800386895s ago: executing program 3 (id=233): gettid() (async) r0 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x3) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x86, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x78, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x19, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x200, 0xd}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x12, [0x5, 0x5, 0x1, 0x78]}, @md5sig={0x13, 0x12, "4d561d7ef6737b6a2efa8f86467f69a2"}, @sack={0x5, 0x1a, [0x5, 0x9, 0x7f, 0x7723, 0x5, 0x1]}]}}}}}}}, 0x0) (async) syz_emit_ethernet(0x86, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x78, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x19, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x200, 0xd}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x12, [0x5, 0x5, 0x1, 0x78]}, @md5sig={0x13, 0x12, "4d561d7ef6737b6a2efa8f86467f69a2"}, @sack={0x5, 0x1a, [0x5, 0x9, 0x7f, 0x7723, 0x5, 0x1]}]}}}}}}}, 0x0) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socket$netlink(0x10, 0x3, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000000)={{r2, r3+10000000}, {0x77359400}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0) 2m42.719884027s ago: executing program 3 (id=243): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0) read$msr(r0, &(0x7f000001b000)=""/102400, 0x19000) rseq(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) r1 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f00000000c0)='asymmetric\x00', 0x0) r2 = request_key(&(0x7f0000000400)='user\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, r1) add_key(0x0, 0x0, 0x0, 0xfffffffffffffdf3, r2) inotify_rm_watch(0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a300000000005000400000000"], 0x60}}, 0x8b2bf675a113bb76) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) writev(r4, &(0x7f0000000440)=[{0x0}], 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'veth0_to_bond\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r7 = geteuid() setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000400)={{{@in=@dev={0xac, 0x14, 0x14, 0x2d}, @in=@dev={0xac, 0x14, 0x14, 0x32}, 0x4e22, 0x9, 0x4e20, 0x0, 0xa, 0x0, 0x20, 0x68, r6, r7}, {0x7b, 0x9, 0x2, 0x8, 0x7f, 0x1, 0x2, 0x3}, {0x6, 0x6, 0x3, 0x7}, 0x145, 0x6e6bbb, 0x1}, {{@in=@broadcast, 0x4d2, 0x3c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x1, 0x2, 0x7, 0x6, 0x4, 0x81}}, 0xe8) 2m41.963318143s ago: executing program 3 (id=244): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r2) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000140)=@arm64_sve={0x60800000001503c5, &(0x7f00000000c0)=0x2}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000000)=0xc) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r4}}, {@cachetag}, {@nodevmap}, {@access_any}, {@cache_loose}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@appraise}, {@pcr={'pcr', 0x3d, 0x21}}], 0x6b}}) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000040)={&(0x7f0000000600)=[{0x5, 0x1000, 0x4f, &(0x7f0000000580)="c29c56a97bdff19f905a66f2dffc75032156eaf35100c7763045294d9f33fb2e4b32040f0e53bc67f2cafb9d28835ee6a11e5718fa25fa964294e50602dcc29c19ef8a3fcc3ed71193b3630117f3a3"}, {0x40, 0x4800, 0x0, 0x0}], 0x2}) 2m26.727250872s ago: executing program 32 (id=244): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r2) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000140)=@arm64_sve={0x60800000001503c5, &(0x7f00000000c0)=0x2}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000000)=0xc) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r4}}, {@cachetag}, {@nodevmap}, {@access_any}, {@cache_loose}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@appraise}, {@pcr={'pcr', 0x3d, 0x21}}], 0x6b}}) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000040)={&(0x7f0000000600)=[{0x5, 0x1000, 0x4f, &(0x7f0000000580)="c29c56a97bdff19f905a66f2dffc75032156eaf35100c7763045294d9f33fb2e4b32040f0e53bc67f2cafb9d28835ee6a11e5718fa25fa964294e50602dcc29c19ef8a3fcc3ed71193b3630117f3a3"}, {0x40, 0x4800, 0x0, 0x0}], 0x2}) 7.939982597s ago: executing program 4 (id=1366): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffc000/0x1000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r0, 0x5) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, 0x0) 7.189988357s ago: executing program 2 (id=1370): r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file3\x00', 0x105042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mprotect(&(0x7f000086f000/0x1000)=nil, 0x1000, 0x9) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c8, &(0x7f0000000100)) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c9, &(0x7f0000000100)) syz_genetlink_get_family_id$batadv(0x0, r0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, 0x0, 0x40000) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000300)='./file3\x00', 0x0, 0x0, &(0x7f0000000380)='acl') bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.645082997s ago: executing program 4 (id=1372): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000580), 0xfe07) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff004) 5.584214199s ago: executing program 2 (id=1373): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f0000000000", 0x15) 5.242207955s ago: executing program 0 (id=1376): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = syz_io_uring_setup(0x88e, 0x0, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000800)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1, {0x2}}) r5 = socket$kcm(0x10, 0x2, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, 0x0, 0x0) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001d0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bbfbffa8499c69ac76dd752d00", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) io_uring_enter(r2, 0x10a1, 0xb0fc, 0x2, 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x10a02, 0x0) 4.919963418s ago: executing program 4 (id=1379): close(0xffffffffffffffff) r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40000) socket$inet6_sctp(0xa, 0x5, 0x84) connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @broadcast}, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x80000) shutdown(0xffffffffffffffff, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) 4.812605249s ago: executing program 5 (id=1380): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffc000/0x1000)=nil) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r1, 0x5) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r6, 0x7af, &(0x7f0000000080)={@hyper, 0x3}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400}) r7 = socket$inet_sctp(0x2, 0x1, 0x84) r8 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000002c0)={0x0, 0x7, 0x30}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, 0x0, &(0x7f0000000180)) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0x8, 0x4) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x144, 0x30, 0x53b, 0x0, 0x25dfdbfd, {0x9}, [{0x130, 0x1, [@m_sample={0x12c, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x1de, 0x9, 0x0, 0xfffffffe, 0x5}}]}, {0xe8, 0x6, "b08260adf1161fbbaca4cf203150bb8641ab3be9c07ae6b4a5960021f548b17bd5f252db6abdd22ef7dde7547421b4078cc7bd1192bfda240fcd7e6ed336283b7c2f75a23c7b01d16138af4bc94070ea11b46379a721c1379726f0857cbbe2fc0f1cc5133f1f89fb09000000000000005dfc0241b2ec5e1064689359a829f94ddf4353dfa3b9a5fc31d78209193c6e4391b2eb3a4777f791b50558f01d7be7fed9368c663c47d21ef8195865495f28c2da456c3eb2ad949908619befff859371b6dbc5a3fa0088acf9ea6c7cadedbf27b6bb1e9f8e66bbd53e8fdc074dac36a021e0cda9"}, {0xc}, {0xc, 0x4, {0x2, 0x1}}}}]}]}, 0x144}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001840)=ANY=[@ANYRESHEX=r8, @ANYRESDEC=r5, @ANYRES8=r7, @ANYBLOB="4c33765bcbc3edf0cd185f468b6fe535bd64eae1493a823a51b9e4102a47dcaf638b28f73b6e96ec6888fcbd56a0bde37ea902b95565161ab3874796063f32567d5e9c12b932dc270c4e411352611d0eb0126f4c058142d6c4d8810d6ea9348bf8f3f5e1", @ANYBLOB="463432da45dfb518135d78b1fdcf236bdfc9c7cdaf519a9c565b6854603e5de9d431e38441236a40275b9e4d97fdf57a18b345c23c499a670c8a20bfb989a11dd0bec4a3e136b3adbf19f2a3976ca7d187d988dcc8774eb51457832c468fdacfa69fd34e1deba89562da0bfbbea338c74e6050a8624b8a09074aecaded6ecf4e6a4144829138d80ed0b98810f42de3b6b92d82a4cdb3b82efacf4c540ff179bda98c7f5f6ee798beb1f0f91b6d5e006bf2b5336d805a6b85bb7c8fbd4c7af5968ff18783dc7e1e6044cf600dd5944ec6b3dfba812dea18b164676b0bde158fd5fe1a7081599085a62ec2e6fd2be9d07edda8fbabca4d5487879ac4a34a986a"], 0x40}}, 0x0) 4.786546959s ago: executing program 1 (id=1381): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000680)=""/76, 0x4c}, {&(0x7f00000047c0)=""/4060, 0xfdc}, {&(0x7f00000037c0)=""/4069, 0xfe5}, {&(0x7f0000000e40)=""/232, 0xe8}, {&(0x7f0000000080)=""/109, 0x6d}], 0x5}, 0x40000100) 4.068103994s ago: executing program 0 (id=1382): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffc000/0x1000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r0, 0x5) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, 0x0) 3.218370606s ago: executing program 1 (id=1383): socket(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x24, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x2}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff3, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x2c}}, 0x44080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8000000000000, 0x0, 0x80c0}, 0x8004) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xffffffffffffffb6) ioctl$TCXONC(0xffffffffffffffff, 0x5608, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0xf3db5839d5726f3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) unshare(0x2c040000) syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 3.217413052s ago: executing program 5 (id=1384): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), r0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r2}, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000001c0)={0x24, r1, 0x926fdb2c68a18847, 0x70bd29, 0x2, {0x6}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40040) 2.979329339s ago: executing program 0 (id=1385): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000027c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xab6, 0x7, 0xc, 0x10, 0x1, 0x3ff, 0x7, 0x8000, 0x6}}}}]}, 0x58}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r6) socket(0x400000000010, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.835948336s ago: executing program 5 (id=1386): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ffffffff00010000010000000c0002000400000000000000100007800c00018008000100", @ANYRES32=r2, @ANYBLOB="0c000500e0"], 0x48}, 0x1, 0x0, 0x0, 0x81}, 0x20000000) 1.957304298s ago: executing program 5 (id=1387): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=@newtfilter={0x7c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x7}, {0x2}, {0xfff1, 0x4}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4c, 0x2, [@TCA_CGROUP_ACT={0x48, 0x1, [@m_bpf={0x44, 0x1d, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x8, 0xfffffffe, 0x0, 0x0, 0xc}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x7c}}, 0x0) 1.935064907s ago: executing program 4 (id=1388): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x4) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) socket$kcm(0x10, 0x3, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002211c0000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 1.924401873s ago: executing program 1 (id=1389): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b9a20fe00000000b6090800000000007b9af0ff00000000bf8610000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYBLOB="0000000000000000b7050000080000001500000076000040bf98000000000000560801000000000085000000bf000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.704701023s ago: executing program 2 (id=1390): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x80, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x54, 0x2, [@TCA_FW_ACT={0x50, 0x4, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x3513, 0x6, 0xffffffffffffffff, 0xb6b9, 0x3}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x24000880) 1.703916303s ago: executing program 0 (id=1391): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000085000000050000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r1}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@generic={0x0, r0}, 0x18) 1.621476817s ago: executing program 1 (id=1392): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100180000000039e30051000000510000000200000000000000040000f6000000000000000001000000070000000200000004000000020000000000000005000000020000000000001205000000060000000100000f010000000200000037dd000002000000d5"], 0x0, 0x6e, 0x0, 0x0, 0x3, 0x10000}, 0x28) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c0009800800020003000000280002"], 0x46}}, 0x4004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x81, 0x0, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x7fffffff}}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x14008004) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.612967992s ago: executing program 5 (id=1393): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=@ipv6_delrule={0x24, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20, 0x0, 0x0, 0x3, 0x0, 0x3, 0x20001}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x4, 0x1}]}, 0x24}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b", @ANYRES32=r0, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 1.609331626s ago: executing program 4 (id=1394): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000680)=""/76, 0x4c}, {&(0x7f00000047c0)=""/4060, 0xfdc}, {&(0x7f00000037c0)=""/4069, 0xfe5}, {&(0x7f0000000e40)=""/232, 0xe8}, {&(0x7f0000000080)=""/109, 0x6d}], 0x5}, 0x40000100) 1.413970821s ago: executing program 0 (id=1395): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffc000/0x1000)=nil) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r1, 0x5) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r6, 0x7af, &(0x7f0000000080)={@hyper, 0x3}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400}) r7 = socket$inet_sctp(0x2, 0x1, 0x84) r8 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000002c0)={0x0, 0x7, 0x30}, &(0x7f00000000c0)=0xc) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, 0x0, &(0x7f0000000180)) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0x8, 0x4) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x144, 0x30, 0x53b, 0x0, 0x25dfdbfd, {0x9}, [{0x130, 0x1, [@m_sample={0x12c, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x1de, 0x9, 0x0, 0xfffffffe, 0x5}}]}, {0xe8, 0x6, "b08260adf1161fbbaca4cf203150bb8641ab3be9c07ae6b4a5960021f548b17bd5f252db6abdd22ef7dde7547421b4078cc7bd1192bfda240fcd7e6ed336283b7c2f75a23c7b01d16138af4bc94070ea11b46379a721c1379726f0857cbbe2fc0f1cc5133f1f89fb09000000000000005dfc0241b2ec5e1064689359a829f94ddf4353dfa3b9a5fc31d78209193c6e4391b2eb3a4777f791b50558f01d7be7fed9368c663c47d21ef8195865495f28c2da456c3eb2ad949908619befff859371b6dbc5a3fa0088acf9ea6c7cadedbf27b6bb1e9f8e66bbd53e8fdc074dac36a021e0cda9"}, {0xc}, {0xc, 0x4, {0x2, 0x1}}}}]}]}, 0x144}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001840)=ANY=[@ANYRESHEX=r8, @ANYRESDEC=r5, @ANYRES8=r7, @ANYBLOB="4c33765bcbc3edf0cd185f468b6fe535bd64eae1493a823a51b9e4102a47dcaf638b28f73b6e96ec6888fcbd56a0bde37ea902b95565161ab3874796063f32567d5e9c12b932dc270c4e411352611d0eb0126f4c058142d6c4d8810d6ea9348bf8f3f5e1", @ANYBLOB="463432da45dfb518135d78b1fdcf236bdfc9c7cdaf519a9c565b6854603e5de9d431e38441236a40275b9e4d97fdf57a18b345c23c499a670c8a20bfb989a11dd0bec4a3e136b3adbf19f2a3976ca7d187d988dcc8774eb51457832c468fdacfa69fd34e1deba89562da0bfbbea338c74e6050a8624b8a09074aecaded6ecf4e6a4144829138d80ed0b98810f42de3b6b92d82a4cdb3b82efacf4c540ff179bda98c7f5f6ee798beb1f0f91b6d5e006bf2b5336d805a6b85bb7c8fbd4c7af5968ff18783dc7e1e6044cf600dd5944ec6b3dfba812dea18b164676b0bde158fd5fe1a7081599085a62ec2e6fd2be9d07edda8fbabca4d5487879ac4a34a986a"], 0x40}}, 0x0) 1.386266333s ago: executing program 1 (id=1396): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffc000/0x1000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r0, 0x5) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, 0x0) 485.189301ms ago: executing program 2 (id=1397): sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000040010000000000000101410000001c"], 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 439.463834ms ago: executing program 1 (id=1398): close(0xffffffffffffffff) r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40000) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @broadcast}, 0x10) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x80000) shutdown(0xffffffffffffffff, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) 363.886511ms ago: executing program 4 (id=1399): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000000)={0x41, 0x0, 0x4002}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) keyctl$clear(0x3, 0xfffffffffffffffc) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdedH\xe5+\xf0', 0xffffffffffffffff) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'dummy0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x5, 0x10}, {0x0, 0xffff}, {0x9}}}, 0x24}}, 0x40080ca) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1b2fd2c5}, @NFTA_HOOK_DEV={0x14, 0x3, 'ip6gre0\x00'}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 349.537336ms ago: executing program 0 (id=1400): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f000000000000000000", 0x19) 317.942253ms ago: executing program 2 (id=1401): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000007000000000000000300000018110000", @ANYRES32=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000200)="449d060721b9e6bb51f2f6f20504", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 105.183902ms ago: executing program 5 (id=1402): connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x5c}}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04", 0xd}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0) 0s ago: executing program 2 (id=1403): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000001500000076000040bf98000000000000560801000000000085000000bf000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) kernel console output (not intermixed with test programs): #0 PREEMPT(full) [ 124.784470][ T6205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.784482][ T6205] Call Trace: [ 124.784490][ T6205] [ 124.784499][ T6205] dump_stack_lvl+0x189/0x250 [ 124.784533][ T6205] ? __pfx____ratelimit+0x10/0x10 [ 124.784560][ T6205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.784588][ T6205] ? __pfx__printk+0x10/0x10 [ 124.784613][ T6205] ? __pfx___might_resched+0x10/0x10 [ 124.784640][ T6205] ? fs_reclaim_acquire+0x7d/0x100 [ 124.784672][ T6205] should_fail_ex+0x414/0x560 [ 124.784700][ T6205] should_failslab+0xa8/0x100 [ 124.784726][ T6205] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 124.784750][ T6205] ? __alloc_skb+0x112/0x2d0 [ 124.784775][ T6205] __alloc_skb+0x112/0x2d0 [ 124.784799][ T6205] netlink_ack+0x146/0xa50 [ 124.784837][ T6205] netlink_rcv_skb+0x28c/0x470 [ 124.784859][ T6205] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 124.784888][ T6205] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 124.784920][ T6205] ? bpf_lsm_capable+0x9/0x20 [ 124.784948][ T6205] ? security_capable+0x7e/0x2e0 [ 124.784983][ T6205] nfnetlink_rcv+0x26a/0x2520 [ 124.785014][ T6205] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 124.785043][ T6205] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 124.785069][ T6205] ? __dev_queue_xmit+0x27e/0x3a70 [ 124.785094][ T6205] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.785123][ T6205] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 124.785150][ T6205] ? __pfx___dev_queue_xmit+0x10/0x10 [ 124.785188][ T6205] ? ref_tracker_free+0x63a/0x7d0 [ 124.785211][ T6205] ? __copy_skb_header+0xa7/0x550 [ 124.785236][ T6205] ? __pfx_ref_tracker_free+0x10/0x10 [ 124.785260][ T6205] ? __skb_clone+0x63/0x7a0 [ 124.785287][ T6205] ? __skb_clone+0x483/0x7a0 [ 124.785317][ T6205] ? skb_clone+0x246/0x3a0 [ 124.785362][ T6205] ? __netlink_deliver_tap+0x807/0x850 [ 124.785390][ T6205] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.785418][ T6205] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.785438][ T6205] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.785465][ T6205] netlink_unicast+0x75b/0x8d0 [ 124.785508][ T6205] netlink_sendmsg+0x805/0xb30 [ 124.785540][ T6205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.785571][ T6205] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 124.785594][ T6205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.785617][ T6205] __sock_sendmsg+0x219/0x270 [ 124.785649][ T6205] ____sys_sendmsg+0x505/0x830 [ 124.785679][ T6205] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.785712][ T6205] ? import_iovec+0x74/0xa0 [ 124.785734][ T6205] ___sys_sendmsg+0x21f/0x2a0 [ 124.785760][ T6205] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.785821][ T6205] ? __fget_files+0x2a/0x420 [ 124.785846][ T6205] ? __fget_files+0x3a0/0x420 [ 124.785883][ T6205] __x64_sys_sendmsg+0x19b/0x260 [ 124.785910][ T6205] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 124.785943][ T6205] ? __pfx_ksys_write+0x10/0x10 [ 124.785963][ T6205] ? rcu_is_watching+0x15/0xb0 [ 124.785997][ T6205] ? do_syscall_64+0xbe/0x3b0 [ 124.786030][ T6205] do_syscall_64+0xfa/0x3b0 [ 124.786057][ T6205] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.786084][ T6205] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.786103][ T6205] ? clear_bhb_loop+0x60/0xb0 [ 124.786127][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.786146][ T6205] RIP: 0033:0x7f4a6758e929 [ 124.786163][ T6205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.786180][ T6205] RSP: 002b:00007f4a68482038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.786201][ T6205] RAX: ffffffffffffffda RBX: 00007f4a677b5fa0 RCX: 00007f4a6758e929 [ 124.786216][ T6205] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000003 [ 124.786229][ T6205] RBP: 00007f4a68482090 R08: 0000000000000000 R09: 0000000000000000 [ 124.786241][ T6205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.786252][ T6205] R13: 0000000000000000 R14: 00007f4a677b5fa0 R15: 00007ffd10cc1138 [ 124.786282][ T6205] [ 125.181601][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.433502][ T6210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.76'. [ 130.213163][ T5150] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 132.821161][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.827953][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.969353][ T6275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.93'. [ 133.003825][ T6268] smc: net device bond0 applied user defined pnetid SYZ2 [ 133.930557][ T6282] ptrace attach of "./syz-executor exec"[6283] was attempted by "./syz-executor exec"[6282] [ 133.972349][ T6282] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 136.966793][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 136.966811][ T30] audit: type=1326 audit(1750931456.715:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6301 comm="syz.0.101" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5567b8e929 code=0x0 [ 137.090944][ T30] audit: type=1326 audit(1750931456.845:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 137.200562][ T30] audit: type=1326 audit(1750931456.845:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 137.259968][ T30] audit: type=1326 audit(1750931456.845:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 137.448752][ T30] audit: type=1326 audit(1750931456.845:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 137.553782][ T30] audit: type=1326 audit(1750931456.845:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 137.647636][ T30] audit: type=1326 audit(1750931456.845:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 137.823145][ T30] audit: type=1326 audit(1750931456.845:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff04bd8e963 code=0x7ffc0000 [ 137.902192][ T30] audit: type=1326 audit(1750931456.845:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff04bd8e963 code=0x7ffc0000 [ 138.017832][ T30] audit: type=1326 audit(1750931456.845:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 140.612120][ T6348] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.111'. [ 140.624303][ T6347] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.111'. [ 141.313267][ T5904] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 142.065752][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.098645][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.151851][ T5904] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 142.184998][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.199076][ T5904] usb 3-1: config 0 descriptor?? [ 142.784718][ T5904] usbhid 3-1:0.0: can't add hid device: -71 [ 142.792011][ T5904] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 142.933385][ T5904] usb 3-1: USB disconnect, device number 8 [ 143.337053][ T6377] netlink: 12 bytes leftover after parsing attributes in process `syz.3.120'. [ 143.996062][ T6382] capability: warning: `syz.3.120' uses 32-bit capabilities (legacy support in use) [ 144.729013][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 144.729029][ T30] audit: type=1326 audit(1750931464.485:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 145.957283][ T30] audit: type=1326 audit(1750931464.485:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.020351][ T30] audit: type=1326 audit(1750931464.485:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.043737][ T30] audit: type=1326 audit(1750931464.525:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.088752][ T30] audit: type=1326 audit(1750931464.525:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f823cb8e963 code=0x7ffc0000 [ 146.115871][ T30] audit: type=1326 audit(1750931464.535:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f823cb8e963 code=0x7ffc0000 [ 146.138439][ T30] audit: type=1326 audit(1750931464.555:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.161376][ T30] audit: type=1326 audit(1750931464.565:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.229045][ T30] audit: type=1326 audit(1750931464.565:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.323109][ T30] audit: type=1326 audit(1750931464.565:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6387 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 146.451953][ T6406] syz.0.127 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 149.429205][ T6437] 9pnet: Could not find request transport: fd0x0000000000000005 [ 150.147292][ T30] audit: type=1326 audit(1750931469.895:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 150.257010][ T30] audit: type=1326 audit(1750931469.895:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 150.416816][ T30] audit: type=1326 audit(1750931469.895:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 150.542446][ T30] audit: type=1326 audit(1750931469.895:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 150.613158][ T6460] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.143'. [ 150.639680][ T6459] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.143'. [ 150.848561][ T30] audit: type=1326 audit(1750931469.905:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 151.033538][ T6461] netlink: 'syz.4.144': attribute type 39 has an invalid length. [ 151.051727][ T30] audit: type=1326 audit(1750931469.905:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 151.098033][ T6464] loop4: detected capacity change from 0 to 63 [ 151.142979][ T5836] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.151045][ T30] audit: type=1326 audit(1750931469.905:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a6758e963 code=0x7ffc0000 [ 151.229223][ T5836] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.233393][ T30] audit: type=1326 audit(1750931469.935:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a6758e963 code=0x7ffc0000 [ 151.276952][ T30] audit: type=1326 audit(1750931469.935:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 151.313425][ T30] audit: type=1326 audit(1750931469.945:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6444 comm="syz.2.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 151.361853][ T5836] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.378990][ T5836] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.392020][ T5836] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.437297][ T6464] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.472659][ T6465] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.534145][ T6461] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.542245][ T6461] Buffer I/O error on dev loop4, logical block 0, async page read [ 151.594423][ T6461] Buffer I/O error on dev loop4, logical block 0, async page read [ 153.063752][ T6483] netlink: 'syz.3.150': attribute type 29 has an invalid length. [ 153.943572][ T6495] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 154.023275][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 154.186700][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.235482][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.246075][ T10] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 154.257862][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.285211][ T10] usb 5-1: config 0 descriptor?? [ 154.472871][ T6503] FAULT_INJECTION: forcing a failure. [ 154.472871][ T6503] name failslab, interval 1, probability 0, space 0, times 0 [ 154.486103][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.0.156 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 154.486138][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.486146][ T6503] Call Trace: [ 154.486157][ T6503] [ 154.486163][ T6503] dump_stack_lvl+0x189/0x250 [ 154.486189][ T6503] ? __pfx____ratelimit+0x10/0x10 [ 154.486210][ T6503] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.486231][ T6503] ? __pfx__printk+0x10/0x10 [ 154.486250][ T6503] ? __pfx___might_resched+0x10/0x10 [ 154.486271][ T6503] ? fs_reclaim_acquire+0x7d/0x100 [ 154.486295][ T6503] should_fail_ex+0x414/0x560 [ 154.486316][ T6503] should_failslab+0xa8/0x100 [ 154.486336][ T6503] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 154.486354][ T6503] ? __alloc_skb+0x112/0x2d0 [ 154.486372][ T6503] __alloc_skb+0x112/0x2d0 [ 154.486390][ T6503] netlink_ack+0x146/0xa50 [ 154.486420][ T6503] netlink_rcv_skb+0x28c/0x470 [ 154.486436][ T6503] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 154.486458][ T6503] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 154.486482][ T6503] ? bpf_lsm_capable+0x9/0x20 [ 154.486503][ T6503] ? security_capable+0x7e/0x2e0 [ 154.486543][ T6503] nfnetlink_rcv+0x26a/0x2520 [ 154.486565][ T6503] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 154.486587][ T6503] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 154.486605][ T6503] ? __dev_queue_xmit+0x27e/0x3a70 [ 154.486624][ T6503] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.486646][ T6503] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 154.486665][ T6503] ? __pfx___dev_queue_xmit+0x10/0x10 [ 154.486693][ T6503] ? ref_tracker_free+0x63a/0x7d0 [ 154.486710][ T6503] ? __copy_skb_header+0xa7/0x550 [ 154.486728][ T6503] ? __pfx_ref_tracker_free+0x10/0x10 [ 154.486746][ T6503] ? __skb_clone+0x63/0x7a0 [ 154.486766][ T6503] ? __skb_clone+0x483/0x7a0 [ 154.486787][ T6503] ? skb_clone+0x246/0x3a0 [ 154.486812][ T6503] ? __netlink_deliver_tap+0x807/0x850 [ 154.486832][ T6503] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.486860][ T6503] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.486880][ T6503] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.486906][ T6503] netlink_unicast+0x75b/0x8d0 [ 154.486936][ T6503] netlink_sendmsg+0x805/0xb30 [ 154.486958][ T6503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.486980][ T6503] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 154.486996][ T6503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.487012][ T6503] __sock_sendmsg+0x219/0x270 [ 154.487035][ T6503] ____sys_sendmsg+0x505/0x830 [ 154.487056][ T6503] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.487079][ T6503] ? import_iovec+0x74/0xa0 [ 154.487095][ T6503] ___sys_sendmsg+0x21f/0x2a0 [ 154.487113][ T6503] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.487161][ T6503] ? __fget_files+0x2a/0x420 [ 154.487178][ T6503] ? __fget_files+0x3a0/0x420 [ 154.487204][ T6503] __x64_sys_sendmsg+0x19b/0x260 [ 154.487222][ T6503] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 154.487246][ T6503] ? __pfx_ksys_write+0x10/0x10 [ 154.487260][ T6503] ? rcu_is_watching+0x15/0xb0 [ 154.487284][ T6503] ? do_syscall_64+0xbe/0x3b0 [ 154.487317][ T6503] do_syscall_64+0xfa/0x3b0 [ 154.487334][ T6503] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.487351][ T6503] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.487363][ T6503] ? clear_bhb_loop+0x60/0xb0 [ 154.487377][ T6503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.487389][ T6503] RIP: 0033:0x7f5567b8e929 [ 154.487400][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.487412][ T6503] RSP: 002b:00007f55689b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 154.487424][ T6503] RAX: ffffffffffffffda RBX: 00007f5567db5fa0 RCX: 00007f5567b8e929 [ 154.487433][ T6503] RDX: 00000000240008c4 RSI: 0000200000000000 RDI: 0000000000000004 [ 154.487441][ T6503] RBP: 00007f55689b3090 R08: 0000000000000000 R09: 0000000000000000 [ 154.487448][ T6503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.487455][ T6503] R13: 0000000000000000 R14: 00007f5567db5fa0 R15: 00007ffd4a78f2d8 [ 154.487474][ T6503] [ 155.095015][ T6485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.103805][ T6485] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.117513][ T6485] afs: Unknown parameter 'dyn-.)º_#^ÔgYVVS6/@$xAiD' [ 155.371513][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 155.380019][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 155.398975][ T10] usb 5-1: USB disconnect, device number 3 [ 155.703183][ T5903] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 155.873835][ T5903] usb 2-1: too many configurations: 173, using maximum allowed: 8 [ 155.906137][ T5903] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 155.935009][ T5903] usb 2-1: can't read configurations, error -61 [ 156.063259][ T5903] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 156.848846][ T5903] usb 2-1: too many configurations: 173, using maximum allowed: 8 [ 156.878346][ T5903] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 156.893166][ T5903] usb 2-1: can't read configurations, error -61 [ 156.900309][ T5903] usb usb2-port1: attempt power cycle [ 157.451139][ T5903] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 157.598294][ T5903] usb 2-1: too many configurations: 173, using maximum allowed: 8 [ 157.783898][ T5903] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 157.878988][ T5903] usb 2-1: can't read configurations, error -61 [ 157.941782][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 157.941798][ T30] audit: type=1326 audit(1750931477.695:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 157.994522][ T30] audit: type=1326 audit(1750931477.695:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 158.017117][ T30] audit: type=1326 audit(1750931477.695:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 158.054141][ T5903] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 158.067620][ T30] audit: type=1326 audit(1750931477.695:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 158.102025][ T5903] usb 2-1: too many configurations: 173, using maximum allowed: 8 [ 158.114136][ T30] audit: type=1326 audit(1750931477.695:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 158.141585][ T5903] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 158.150246][ T5903] usb 2-1: can't read configurations, error -61 [ 158.158832][ T5903] usb usb2-port1: unable to enumerate USB device [ 158.233540][ T30] audit: type=1326 audit(1750931477.695:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 158.306775][ T30] audit: type=1326 audit(1750931477.695:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a6758e963 code=0x7ffc0000 [ 158.543392][ T30] audit: type=1326 audit(1750931477.695:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a6758e963 code=0x7ffc0000 [ 158.749915][ T30] audit: type=1326 audit(1750931477.695:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 158.895536][ T30] audit: type=1326 audit(1750931477.695:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.2.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 160.973096][ T5884] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 161.584138][ T5884] usb 4-1: device descriptor read/64, error -71 [ 161.853424][ T5884] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 162.411387][ T5884] usb 4-1: device descriptor read/64, error -71 [ 162.609232][ T5884] usb usb4-port1: attempt power cycle [ 163.564198][ T5884] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 163.598725][ T5884] usb 4-1: device descriptor read/8, error -71 [ 163.943262][ T5150] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 164.113362][ T5150] usb 3-1: Using ep0 maxpacket: 16 [ 164.141535][ T5150] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 164.183385][ T5150] usb 3-1: config 0 has no interface number 0 [ 164.204567][ T5150] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 164.213858][ T5150] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.221871][ T5150] usb 3-1: Product: syz [ 164.263229][ T5150] usb 3-1: Manufacturer: syz [ 164.267877][ T5150] usb 3-1: SerialNumber: syz [ 164.351229][ T5150] usb 3-1: config 0 descriptor?? [ 164.379484][ T5150] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 164.923107][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 164.923125][ T30] audit: type=1326 audit(1750931484.675:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 165.029045][ T30] audit: type=1326 audit(1750931484.715:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 165.097941][ T30] audit: type=1326 audit(1750931484.725:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 165.192980][ T30] audit: type=1326 audit(1750931484.725:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 165.256428][ T30] audit: type=1326 audit(1750931484.725:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 165.356388][ T30] audit: type=1326 audit(1750931484.725:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff04bd8e963 code=0x7ffc0000 [ 165.443204][ T30] audit: type=1326 audit(1750931484.725:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff04bd8e963 code=0x7ffc0000 [ 165.513141][ T30] audit: type=1326 audit(1750931484.725:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 165.576890][ T5150] gspca_spca1528: reg_w err -71 [ 165.582037][ T5150] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 165.583126][ T30] audit: type=1326 audit(1750931484.725:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 166.042856][ T30] audit: type=1326 audit(1750931484.725:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff04bd8e929 code=0x7ffc0000 [ 166.253391][ T5150] usb 3-1: USB disconnect, device number 9 [ 166.696944][ T6622] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.189'. [ 166.837449][ T6621] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.189'. [ 169.496921][ T6646] @: renamed from vlan0 (while UP) [ 170.163190][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 171.276505][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.288042][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.317888][ T9] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 171.345418][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.369286][ T9] usb 4-1: config 0 descriptor?? [ 171.500008][ T6666] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.201'. [ 171.514568][ T6665] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.201'. [ 172.164159][ T6645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.184124][ T6645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.220943][ T6645] afs: Unknown parameter 'dyn-.)º_#^ÔgYVVS6/@$xAiD' [ 172.601136][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 172.616075][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 172.640050][ T9] usb 4-1: USB disconnect, device number 7 [ 173.935024][ T6684] netlink: 276 bytes leftover after parsing attributes in process `syz.1.206'. [ 173.944175][ T6684] openvswitch: netlink: Flow key attr not present in new flow. [ 174.934950][ T6692] FAULT_INJECTION: forcing a failure. [ 174.934950][ T6692] name failslab, interval 1, probability 0, space 0, times 0 [ 174.949136][ T6692] CPU: 0 UID: 0 PID: 6692 Comm: syz.1.209 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 174.949152][ T6692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.949159][ T6692] Call Trace: [ 174.949164][ T6692] [ 174.949169][ T6692] dump_stack_lvl+0x189/0x250 [ 174.949191][ T6692] ? __pfx____ratelimit+0x10/0x10 [ 174.949210][ T6692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.949228][ T6692] ? __pfx__printk+0x10/0x10 [ 174.949244][ T6692] ? __pfx___might_resched+0x10/0x10 [ 174.949261][ T6692] ? fs_reclaim_acquire+0x7d/0x100 [ 174.949282][ T6692] should_fail_ex+0x414/0x560 [ 174.949300][ T6692] should_failslab+0xa8/0x100 [ 174.949317][ T6692] __kmalloc_noprof+0xcb/0x4f0 [ 174.949331][ T6692] ? iter_file_splice_write+0x1cb/0x1000 [ 174.949350][ T6692] iter_file_splice_write+0x1cb/0x1000 [ 174.949367][ T6692] ? shmem_file_splice_read+0xa63/0xbd0 [ 174.949396][ T6692] ? __pfx_iter_file_splice_write+0x10/0x10 [ 174.949414][ T6692] ? rcu_read_lock_any_held+0xb3/0x120 [ 174.949433][ T6692] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 174.949459][ T6692] ? __pfx_iter_file_splice_write+0x10/0x10 [ 174.949475][ T6692] direct_splice_actor+0x101/0x160 [ 174.949492][ T6692] splice_direct_to_actor+0x5a5/0xcc0 [ 174.949521][ T6692] ? __pfx_direct_splice_actor+0x10/0x10 [ 174.949536][ T6692] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 174.949558][ T6692] do_splice_direct+0x181/0x270 [ 174.949575][ T6692] ? __pfx_do_splice_direct+0x10/0x10 [ 174.949591][ T6692] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 174.949612][ T6692] ? rw_verify_area+0x258/0x650 [ 174.949628][ T6692] do_sendfile+0x4da/0x7e0 [ 174.949645][ T6692] ? __pfx_vfs_write+0x10/0x10 [ 174.949663][ T6692] ? __pfx_do_sendfile+0x10/0x10 [ 174.949680][ T6692] ? __fget_files+0x3a0/0x420 [ 174.949703][ T6692] __se_sys_sendfile64+0x13e/0x190 [ 174.949722][ T6692] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 174.949737][ T6692] ? rcu_is_watching+0x15/0xb0 [ 174.949758][ T6692] ? do_syscall_64+0xbe/0x3b0 [ 174.949779][ T6692] do_syscall_64+0xfa/0x3b0 [ 174.949796][ T6692] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.949813][ T6692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.949825][ T6692] ? clear_bhb_loop+0x60/0xb0 [ 174.949839][ T6692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.949857][ T6692] RIP: 0033:0x7f823cb8e929 [ 174.949868][ T6692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.949878][ T6692] RSP: 002b:00007f823d9e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 174.949891][ T6692] RAX: ffffffffffffffda RBX: 00007f823cdb5fa0 RCX: 00007f823cb8e929 [ 174.949900][ T6692] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 174.949907][ T6692] RBP: 00007f823d9e0090 R08: 0000000000000000 R09: 0000000000000000 [ 174.949914][ T6692] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 174.949921][ T6692] R13: 0000000000000000 R14: 00007f823cdb5fa0 R15: 00007ffd2662ce68 [ 174.949940][ T6692] [ 176.229590][ T6701] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 176.417523][ T6701] netlink: 60 bytes leftover after parsing attributes in process `syz.3.213'. [ 176.469517][ T6707] netlink: 60 bytes leftover after parsing attributes in process `syz.3.213'. [ 176.641699][ T6715] 9pnet_fd: Insufficient options for proto=fd [ 176.796348][ T6721] FAULT_INJECTION: forcing a failure. [ 176.796348][ T6721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.817308][ T6721] CPU: 1 UID: 0 PID: 6721 Comm: syz.2.217 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 176.817333][ T6721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.817343][ T6721] Call Trace: [ 176.817350][ T6721] [ 176.817357][ T6721] dump_stack_lvl+0x189/0x250 [ 176.817386][ T6721] ? __pfx____ratelimit+0x10/0x10 [ 176.817411][ T6721] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.817436][ T6721] ? __pfx__printk+0x10/0x10 [ 176.817459][ T6721] ? __might_fault+0xb0/0x130 [ 176.817490][ T6721] should_fail_ex+0x414/0x560 [ 176.817515][ T6721] _copy_from_user+0x2d/0xb0 [ 176.817532][ T6721] __sys_bpf+0x1ed/0x860 [ 176.817555][ T6721] ? __pfx___sys_bpf+0x10/0x10 [ 176.817588][ T6721] ? ksys_write+0x22a/0x250 [ 176.817609][ T6721] ? __pfx_ksys_write+0x10/0x10 [ 176.817626][ T6721] ? rcu_is_watching+0x15/0xb0 [ 176.817657][ T6721] __x64_sys_bpf+0x7c/0x90 [ 176.817676][ T6721] do_syscall_64+0xfa/0x3b0 [ 176.817700][ T6721] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.817723][ T6721] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.817740][ T6721] ? clear_bhb_loop+0x60/0xb0 [ 176.817761][ T6721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.817777][ T6721] RIP: 0033:0x7f4a6758e929 [ 176.817792][ T6721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.817806][ T6721] RSP: 002b:00007f4a68482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 176.817823][ T6721] RAX: ffffffffffffffda RBX: 00007f4a677b5fa0 RCX: 00007f4a6758e929 [ 176.817835][ T6721] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a [ 176.817845][ T6721] RBP: 00007f4a68482090 R08: 0000000000000000 R09: 0000000000000000 [ 176.817856][ T6721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.817865][ T6721] R13: 0000000000000000 R14: 00007f4a677b5fa0 R15: 00007ffd10cc1138 [ 176.817892][ T6721] [ 176.829899][ T6711] syzkaller1: entered promiscuous mode [ 176.927968][ T5903] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 176.948675][ T6711] syzkaller1: entered allmulticast mode [ 177.123111][ T5150] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 177.165278][ T5903] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 177.176567][ T5903] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 177.189328][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 13155, setting to 64 [ 177.202700][ T5903] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 177.226230][ T5903] usb 4-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 177.244910][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.257482][ T5903] usb 4-1: Product: syz [ 177.265945][ T5903] usb 4-1: Manufacturer: syz [ 177.272629][ T5903] usb 4-1: SerialNumber: syz [ 177.291139][ T5903] usb 4-1: config 0 descriptor?? [ 177.297130][ T5150] usb 1-1: Using ep0 maxpacket: 32 [ 177.310307][ T5150] usb 1-1: unable to get BOS descriptor or descriptor too short [ 177.321714][ T5150] usb 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 177.332530][ T6701] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 177.339819][ T5150] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 177.364543][ T5150] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 177.400432][ T5150] usb 1-1: config 128 has no interface number 0 [ 177.410684][ T5150] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 177.424847][ T5150] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 177.470370][ T5150] usb 1-1: config 128 interface 127 has no altsetting 0 [ 177.482994][ T5150] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 177.498681][ T5150] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.516288][ T5150] usb 1-1: Product: syz [ 177.519429][ T6731] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 177.521697][ T5150] usb 1-1: Manufacturer: syz [ 177.536645][ T5150] usb 1-1: SerialNumber: syz [ 177.645005][ T5903] rc_core: IR keymap rc-imon-rsc not found [ 177.667168][ T5903] Registered IR keymap rc-empty [ 177.697901][ T5903] rc rc0: iMON Station as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 177.911653][ T6723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.103695][ T6723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.142227][ T5903] input: iMON Station as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 178.147712][ T6723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.188846][ T6723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.226098][ T5903] usb 4-1: USB disconnect, device number 8 [ 178.469136][ T5150] usb 1-1: USB disconnect, device number 5 [ 178.792347][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 180.481736][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.227'. [ 183.285231][ T6776] 9pnet_fd: Insufficient options for proto=fd [ 183.713503][ T5903] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 183.953726][ T5903] usb 4-1: Using ep0 maxpacket: 32 [ 184.314366][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.365221][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.394006][ T5903] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 184.409234][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.479245][ T5903] usb 4-1: config 0 descriptor?? [ 185.857483][ T5903] usbhid 4-1:0.0: can't add hid device: -71 [ 185.900712][ T5903] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 186.006729][ T5903] usb 4-1: USB disconnect, device number 9 [ 187.091948][ T6815] @: renamed from vlan0 (while UP) [ 187.407244][ T6833] netlink: 'syz.0.246': attribute type 1 has an invalid length. [ 188.132562][ T6833] 8021q: adding VLAN 0 to HW filter on device bond1 [ 188.252604][ T5884] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 188.351096][ T6836] bond1: (slave gretap1): making interface the new active one [ 188.434148][ T6836] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 188.583087][ T5884] usb 4-1: Using ep0 maxpacket: 8 [ 188.589979][ T5884] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 188.605685][ T5884] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 188.614962][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.622974][ T5884] usb 4-1: Product: syz [ 188.633111][ T5884] usb 4-1: Manufacturer: syz [ 188.637856][ T5884] usb 4-1: SerialNumber: syz [ 189.074488][ T5884] usb 4-1: config 0 descriptor?? [ 189.103417][ T5884] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 189.111510][ T5884] usb 4-1: setting power ON [ 189.142545][ T5884] dvb-usb: bulk message failed: -22 (2/0) [ 189.207761][ T5884] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 189.318343][ T6836] syz.0.246 (6836) used greatest stack depth: 20040 bytes left [ 189.348382][ T5884] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 189.360021][ T5884] usb 4-1: media controller created [ 189.411154][ T6848] dvb-usb: bulk message failed: -22 (3/0) [ 189.443106][ T6848] cxusb: i2c wr: len=79 is too big! [ 189.443106][ T6848] [ 189.449500][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 189.540313][ T5884] usb 4-1: selecting invalid altsetting 6 [ 189.561301][ T5884] usb 4-1: digital interface selection failed (-22) [ 189.588313][ T5884] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 189.640730][ T5884] usb 4-1: setting power OFF [ 189.658860][ T5884] dvb-usb: bulk message failed: -22 (2/0) [ 189.680709][ T5884] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 189.704995][ T5884] (NULL device *): no alternate interface [ 191.081283][ T6863] netlink: 'syz.4.253': attribute type 2 has an invalid length. [ 191.133374][ T6863] netlink: 12 bytes leftover after parsing attributes in process `syz.4.253'. [ 191.423082][ T6870] input: syz1 as /devices/virtual/input/input7 [ 192.052629][ T6878] warning: `syz.0.256' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 192.118298][ T6880] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.256'. [ 193.114435][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 193.421806][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 193.663607][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 193.672977][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.697321][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 193.717395][ T10] usb 1-1: config 248 has an invalid interface number: 51 but max is 0 [ 193.728502][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.738902][ T10] usb 1-1: config 248 has no interface number 0 [ 193.750362][ T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 193.765792][ T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=39.f0 [ 193.777850][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.787880][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.797872][ T10] usb 1-1: Product: syz [ 193.802071][ T10] usb 1-1: Manufacturer: syz [ 193.809795][ T9] usb 5-1: config 0 descriptor?? [ 193.815244][ T10] usb 1-1: SerialNumber: syz [ 194.087124][ T6884] netlink: 12 bytes leftover after parsing attributes in process `syz.0.260'. [ 194.285266][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.295530][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.510537][ T6900] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 194.627806][ T6884] netlink: 28 bytes leftover after parsing attributes in process `syz.0.260'. [ 194.662792][ T6879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.671574][ T6879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.690346][ T6884] 8021q: adding VLAN 0 to HW filter on device bond2 [ 194.718335][ T6879] afs: Unknown parameter 'dyn-.)º_#^ÔgYVVS6/@$xAiD' [ 194.757814][ T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:248.51/input/input8 [ 194.776803][ T5172] bcm5974 1-1:248.51: could not read from device [ 195.230186][ T5172] bcm5974 1-1:248.51: could not read from device [ 195.231554][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 195.244433][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 195.266776][ T10] usb 1-1: USB disconnect, device number 6 [ 195.278837][ T9] usb 5-1: USB disconnect, device number 4 [ 196.225462][ T5903] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 196.696507][ T5903] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 196.722288][ T5903] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 196.768866][ T5903] usb 1-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 196.798731][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.850040][ T5903] usb 1-1: config 0 descriptor?? [ 196.951369][ T6925] FAULT_INJECTION: forcing a failure. [ 196.951369][ T6925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.967680][ T6925] CPU: 1 UID: 0 PID: 6925 Comm: syz.4.269 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 196.967705][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.967716][ T6925] Call Trace: [ 196.967724][ T6925] [ 196.967732][ T6925] dump_stack_lvl+0x189/0x250 [ 196.967775][ T6925] ? __pfx____ratelimit+0x10/0x10 [ 196.967802][ T6925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.967828][ T6925] ? __pfx__printk+0x10/0x10 [ 196.967846][ T6925] ? __might_fault+0xb0/0x130 [ 196.967879][ T6925] should_fail_ex+0x414/0x560 [ 196.967905][ T6925] _copy_from_user+0x2d/0xb0 [ 196.967923][ T6925] __sys_bpf+0x1ed/0x860 [ 196.967947][ T6925] ? __pfx___sys_bpf+0x10/0x10 [ 196.967981][ T6925] ? ksys_write+0x22a/0x250 [ 196.968005][ T6925] ? __pfx_ksys_write+0x10/0x10 [ 196.968023][ T6925] ? rcu_is_watching+0x15/0xb0 [ 196.968057][ T6925] __x64_sys_bpf+0x7c/0x90 [ 196.968077][ T6925] do_syscall_64+0xfa/0x3b0 [ 196.968102][ T6925] ? lockdep_hardirqs_on+0x9c/0x150 [ 196.968126][ T6925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.968144][ T6925] ? clear_bhb_loop+0x60/0xb0 [ 196.968166][ T6925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.968183][ T6925] RIP: 0033:0x7f2e3ef8e929 [ 196.968203][ T6925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.968218][ T6925] RSP: 002b:00007f2e3fdeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 196.968263][ T6925] RAX: ffffffffffffffda RBX: 00007f2e3f1b6160 RCX: 00007f2e3ef8e929 [ 196.968277][ T6925] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 196.968290][ T6925] RBP: 00007f2e3fdeb090 R08: 0000000000000000 R09: 0000000000000000 [ 196.968301][ T6925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.968312][ T6925] R13: 0000000000000000 R14: 00007f2e3f1b6160 R15: 00007fffa6bdb1f8 [ 196.968361][ T6925] [ 197.227790][ T5903] usb 1-1: USB disconnect, device number 7 [ 197.373133][ T5934] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 197.514761][ T5934] usb 3-1: device descriptor read/64, error -71 [ 197.763148][ T5934] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 197.816148][ T6930] syz.0.272: attempt to access beyond end of device [ 197.816148][ T6930] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0 [ 197.831085][ T6930] syz.0.272: attempt to access beyond end of device [ 197.831085][ T6930] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0 [ 197.846539][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 197.858840][ T6930] syz.0.272: attempt to access beyond end of device [ 197.858840][ T6930] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0 [ 197.859967][ T6931] FAULT_INJECTION: forcing a failure. [ 197.859967][ T6931] name failslab, interval 1, probability 0, space 0, times 0 [ 197.872086][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 197.904599][ T6930] syz.0.272: attempt to access beyond end of device [ 197.904599][ T6930] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 197.917626][ T5934] usb 3-1: device descriptor read/64, error -71 [ 197.929552][ T6930] syz.0.272: attempt to access beyond end of device [ 197.929552][ T6930] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 197.933163][ T6931] CPU: 0 UID: 0 PID: 6931 Comm: syz.0.272 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 197.933198][ T6931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.933212][ T6931] Call Trace: [ 197.933221][ T6931] [ 197.933230][ T6931] dump_stack_lvl+0x189/0x250 [ 197.933267][ T6931] ? __pfx____ratelimit+0x10/0x10 [ 197.933299][ T6931] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.933330][ T6931] ? __pfx__printk+0x10/0x10 [ 197.933358][ T6931] ? __pfx___might_resched+0x10/0x10 [ 197.933390][ T6931] ? fs_reclaim_acquire+0x7d/0x100 [ 197.933426][ T6931] should_fail_ex+0x414/0x560 [ 197.933459][ T6931] should_failslab+0xa8/0x100 [ 197.933489][ T6931] __kmalloc_noprof+0xcb/0x4f0 [ 197.933514][ T6931] ? kfree+0x4d/0x440 [ 197.933534][ T6931] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 197.933571][ T6931] tomoyo_realpath_from_path+0xe3/0x5d0 [ 197.933606][ T6931] ? tomoyo_domain+0xda/0x130 [ 197.933645][ T6931] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 197.933672][ T6931] tomoyo_path_number_perm+0x1e8/0x5a0 [ 197.933701][ T6931] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 197.933749][ T6931] ? __lock_acquire+0xab9/0xd20 [ 197.933801][ T6931] ? __fget_files+0x2a/0x420 [ 197.933832][ T6931] ? __fget_files+0x2a/0x420 [ 197.933860][ T6931] ? __fget_files+0x3a0/0x420 [ 197.933887][ T6931] ? __fget_files+0x2a/0x420 [ 197.933922][ T6931] security_file_ioctl+0xcb/0x2d0 [ 197.933954][ T6931] __se_sys_ioctl+0x47/0x170 [ 197.933980][ T6931] do_syscall_64+0xfa/0x3b0 [ 197.934010][ T6931] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.934041][ T6931] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.934087][ T6931] ? clear_bhb_loop+0x60/0xb0 [ 197.934114][ T6931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.934135][ T6931] RIP: 0033:0x7f5567b8e929 [ 197.934155][ T6931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.934173][ T6931] RSP: 002b:00007f5568992038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.934201][ T6931] RAX: ffffffffffffffda RBX: 00007f5567db6080 RCX: 00007f5567b8e929 [ 197.934217][ T6931] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000004 [ 197.934230][ T6931] RBP: 00007f5568992090 R08: 0000000000000000 R09: 0000000000000000 [ 197.934243][ T6931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.934256][ T6931] R13: 0000000000000001 R14: 00007f5567db6080 R15: 00007ffd4a78f2d8 [ 197.934289][ T6931] [ 197.934298][ T6931] ERROR: Out of memory at tomoyo_realpath_from_path. [ 197.943823][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 198.214466][ T5934] usb usb3-port1: attempt power cycle [ 198.223148][ T6930] syz.0.272: attempt to access beyond end of device [ 198.223148][ T6930] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 198.236552][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 198.249939][ T6930] syz.0.272: attempt to access beyond end of device [ 198.249939][ T6930] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 198.265753][ T6930] syz.0.272: attempt to access beyond end of device [ 198.265753][ T6930] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 198.279220][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 198.292097][ T6930] syz.0.272: attempt to access beyond end of device [ 198.292097][ T6930] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 198.305747][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 198.319996][ T6930] syz.0.272: attempt to access beyond end of device [ 198.319996][ T6930] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 198.337560][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 198.349117][ T6930] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 198.359033][ T6930] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 198.968556][ T6946] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 199.290387][ T5934] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 199.324699][ T5934] usb 3-1: device descriptor read/8, error -71 [ 199.548825][ T6948] FAULT_INJECTION: forcing a failure. [ 199.548825][ T6948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.576144][ T6948] CPU: 0 UID: 0 PID: 6948 Comm: syz.0.278 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 199.576174][ T6948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.576186][ T6948] Call Trace: [ 199.576194][ T6948] [ 199.576203][ T6948] dump_stack_lvl+0x189/0x250 [ 199.576238][ T6948] ? __pfx____ratelimit+0x10/0x10 [ 199.576267][ T6948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.576296][ T6948] ? __pfx__printk+0x10/0x10 [ 199.576317][ T6948] ? __might_fault+0xb0/0x130 [ 199.576352][ T6948] should_fail_ex+0x414/0x560 [ 199.576382][ T6948] _copy_from_user+0x2d/0xb0 [ 199.576402][ T6948] __se_sys_mount+0x18a/0x410 [ 199.576436][ T6948] ? __pfx___se_sys_mount+0x10/0x10 [ 199.576460][ T6948] ? rcu_is_watching+0x15/0xb0 [ 199.576495][ T6948] ? do_syscall_64+0xbe/0x3b0 [ 199.576534][ T6948] ? __x64_sys_mount+0x20/0xc0 [ 199.576561][ T6948] do_syscall_64+0xfa/0x3b0 [ 199.576598][ T6948] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.576623][ T6948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.576640][ T6948] ? clear_bhb_loop+0x60/0xb0 [ 199.576663][ T6948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.576680][ T6948] RIP: 0033:0x7f5567b8e929 [ 199.576696][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.576711][ T6948] RSP: 002b:00007f55689b3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 199.576730][ T6948] RAX: ffffffffffffffda RBX: 00007f5567db5fa0 RCX: 00007f5567b8e929 [ 199.576743][ T6948] RDX: 0000200000000040 RSI: 0000200000000240 RDI: 0000000000000000 [ 199.576755][ T6948] RBP: 00007f55689b3090 R08: 0000200000000500 R09: 0000000000000000 [ 199.576767][ T6948] R10: 0000000000208000 R11: 0000000000000246 R12: 0000000000000001 [ 199.576778][ T6948] R13: 0000000000000000 R14: 00007f5567db5fa0 R15: 00007ffd4a78f2d8 [ 199.576806][ T6948] [ 199.781203][ T5934] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 199.824548][ T5934] usb 3-1: device descriptor read/8, error -71 [ 199.943592][ T5934] usb usb3-port1: unable to enumerate USB device [ 202.121125][ T6984] netlink: 186836 bytes leftover after parsing attributes in process `syz.1.289'. [ 202.189919][ T6984] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 202.518338][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 202.518354][ T30] audit: type=1326 audit(1750931522.275:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6987 comm="syz.4.291" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2e3ef8e929 code=0x0 [ 202.543181][ T5150] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 202.602946][ T6989] binder: 6987:6989 ioctl c018620b 0 returned -14 [ 202.733483][ T5150] usb 2-1: Using ep0 maxpacket: 16 [ 202.752782][ T5150] usb 2-1: config 254 has an invalid interface number: 235 but max is 0 [ 202.781583][ T5150] usb 2-1: config 254 has no interface number 0 [ 202.791272][ T5150] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x6 has an invalid bInterval 237, changing to 7 [ 202.811722][ T5150] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x6 has invalid maxpacket 42803, setting to 1024 [ 202.823956][ T5150] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 202.834544][ T5150] usb 2-1: config 254 interface 235 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 202.845068][ T5150] usb 2-1: config 254 interface 235 has no altsetting 0 [ 202.855189][ T5150] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 202.873085][ T5150] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.892709][ T5150] usb 2-1: Product: syz [ 202.905719][ T5150] usb 2-1: Manufacturer: syz [ 202.910547][ T5150] usb 2-1: SerialNumber: syz [ 203.151056][ T30] audit: type=1804 audit(1750931522.895:107): pid=6984 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.289" name="file0" dev="ramfs" ino=11094 res=1 errno=0 [ 203.200800][ T5136] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 203.210214][ T5136] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 203.220684][ T5136] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 203.233696][ T5136] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 203.241680][ T5136] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 203.297526][ T5150] usbtest 2-1:254.235: couldn't get endpoints, -71 [ 203.311244][ T5150] usbtest 2-1:254.235: probe with driver usbtest failed with error -71 [ 203.347099][ T5150] usb 2-1: USB disconnect, device number 8 [ 203.579334][ T5919] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 203.667564][ T6990] chnl_net:caif_netlink_parms(): no params data found [ 203.743765][ T5919] usb 1-1: device descriptor read/64, error -71 [ 203.867420][ T6990] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.895655][ T6990] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.915573][ T6990] bridge_slave_0: entered allmulticast mode [ 203.926213][ T6990] bridge_slave_0: entered promiscuous mode [ 203.936135][ T6990] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.963111][ T6990] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.970359][ T6990] bridge_slave_1: entered allmulticast mode [ 203.986962][ T6990] bridge_slave_1: entered promiscuous mode [ 204.003908][ T5919] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 204.069243][ T6990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.107144][ T6990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.143319][ T5919] usb 1-1: device descriptor read/64, error -71 [ 204.228972][ T6990] team0: Port device team_slave_0 added [ 204.249540][ T6990] team0: Port device team_slave_1 added [ 204.263791][ T5919] usb usb1-port1: attempt power cycle [ 204.562164][ T7012] netlink: 20 bytes leftover after parsing attributes in process `syz.2.297'. [ 204.844307][ T6990] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.863649][ T6990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.890187][ T6990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.921103][ T6990] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.984496][ T6990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.042185][ T6990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.064224][ T5919] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 205.094859][ T5919] usb 1-1: device descriptor read/8, error -71 [ 205.295457][ T5136] Bluetooth: hci5: command tx timeout [ 205.357021][ T5919] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 205.382399][ T6990] hsr_slave_0: entered promiscuous mode [ 205.399837][ T6990] hsr_slave_1: entered promiscuous mode [ 205.415038][ T6990] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 205.423449][ T6990] Cannot create hsr debugfs directory [ 205.914786][ T5919] usb 1-1: device descriptor read/8, error -71 [ 206.665200][ T5919] usb usb1-port1: unable to enumerate USB device [ 206.731448][ T6990] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 206.864881][ T6990] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 206.918538][ T6990] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 207.136175][ T6990] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 207.373156][ T5136] Bluetooth: hci5: command tx timeout [ 207.434664][ T5919] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 207.536318][ T7036] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.301'. [ 207.571943][ T7035] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.301'. [ 207.683262][ T5919] usb 2-1: Using ep0 maxpacket: 8 [ 207.695980][ T5919] usb 2-1: unable to get BOS descriptor or descriptor too short [ 207.727162][ T5919] usb 2-1: config 248 has an invalid interface number: 51 but max is 0 [ 208.083105][ T5919] usb 2-1: config 248 has no interface number 0 [ 208.126816][ T5919] usb 2-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=39.f0 [ 208.172636][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.773092][ T5919] usb 2-1: Product: syz [ 208.777322][ T5919] usb 2-1: Manufacturer: syz [ 208.805843][ T5919] usb 2-1: SerialNumber: syz [ 208.826374][ T6990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.879836][ T6990] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.912902][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.920130][ T5915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.184522][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.191659][ T5915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.446686][ T7034] netlink: 12 bytes leftover after parsing attributes in process `syz.1.303'. [ 209.453226][ T51] Bluetooth: hci5: command tx timeout [ 209.471174][ T5136] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 209.479868][ T5136] Bluetooth: hci3: Injecting HCI hardware error event [ 209.488253][ T51] Bluetooth: hci3: hardware error 0x00 [ 209.701655][ T7059] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 209.838661][ T6990] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.851924][ T7034] netlink: 28 bytes leftover after parsing attributes in process `syz.1.303'. [ 209.912136][ T7034] 8021q: adding VLAN 0 to HW filter on device bond2 [ 210.048163][ T5919] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:248.51/input/input9 [ 210.099736][ T5172] bcm5974 2-1:248.51: could not read from device [ 210.156538][ T5919] usb 2-1: USB disconnect, device number 9 [ 210.172395][ T5172] bcm5974 2-1:248.51: could not read from device [ 210.645281][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.714714][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.853578][ T6990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.173226][ T5810] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 211.348051][ T5810] usb 5-1: Using ep0 maxpacket: 8 [ 211.371400][ T5810] usb 5-1: unable to get BOS descriptor or descriptor too short [ 211.411091][ T5810] usb 5-1: config 0 has no interfaces? [ 211.450008][ T5810] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=40.31 [ 211.486385][ T7100] mmap: syz.1.311 (7100) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 211.492212][ T5810] usb 5-1: New USB device strings: Mfr=0, Product=84, SerialNumber=3 [ 211.533298][ T7060] Bluetooth: hci5: command tx timeout [ 211.545375][ T5810] usb 5-1: Product: syz [ 211.554500][ T5810] usb 5-1: SerialNumber: syz [ 211.613858][ T51] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 211.632691][ T5810] usb 5-1: config 0 descriptor?? [ 211.662426][ T6990] veth0_vlan: entered promiscuous mode [ 211.675234][ T6990] veth1_vlan: entered promiscuous mode [ 211.694553][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 211.701213][ T7060] Bluetooth: hci0: command 0x0406 tx timeout [ 211.707433][ T7060] Bluetooth: hci4: command 0x0406 tx timeout [ 211.714384][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 212.325674][ T5919] usb 5-1: USB disconnect, device number 5 [ 212.472092][ T6990] veth0_macvtap: entered promiscuous mode [ 212.518034][ T6990] veth1_macvtap: entered promiscuous mode [ 212.600783][ T6990] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.666113][ T6990] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.690062][ T6990] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.705691][ T6990] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.715257][ T6990] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.739873][ T6990] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.039049][ T1310] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.064355][ T1310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.140741][ T7122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 213.150863][ T7123] netlink: 'syz.0.319': attribute type 1 has an invalid length. [ 213.171593][ T6838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.172094][ T7123] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 213.186982][ T7123] IPv6: NLM_F_CREATE should be set when creating new route [ 213.190893][ T6838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.222009][ T7123] netlink: 8 bytes leftover after parsing attributes in process `syz.0.319'. [ 213.273327][ T5919] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 213.473959][ T5919] usb 2-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.494895][ T7127] netlink: 20 bytes leftover after parsing attributes in process `syz.0.320'. [ 213.562714][ T5919] usb 2-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 213.716126][ T5919] usb 2-1: config 0 interface 0 has no altsetting 0 [ 213.917232][ T5919] usb 2-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.00 [ 213.926555][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.977627][ T5919] usb 2-1: config 0 descriptor?? [ 214.420961][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 214.745747][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 214.762497][ T10] usb 5-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47 [ 214.778866][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.787118][ T10] usb 5-1: Product: syz [ 214.791338][ T10] usb 5-1: Manufacturer: syz [ 214.796075][ T10] usb 5-1: SerialNumber: syz [ 214.834205][ T10] usb 5-1: config 0 descriptor?? [ 214.872408][ T10] gspca_main: sn9c2028-2.14.0 probing 0c45:800a [ 215.113867][ T10] gspca_sn9c2028: read1 error -32 [ 215.122303][ T10] gspca_sn9c2028: read1 error -32 [ 215.345179][ T7132] netlink: 156 bytes leftover after parsing attributes in process `syz.4.321'. [ 215.364045][ T10] usb 5-1: USB disconnect, device number 6 [ 215.753111][ T5150] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 215.770963][ T5919] usb 2-1: string descriptor 0 read error: -71 [ 215.816155][ T5919] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input10 [ 215.864896][ T5172] bcm5974 2-1:0.0: could not read from device [ 215.942441][ T5919] usb 2-1: USB disconnect, device number 10 [ 215.947728][ T5150] usb 1-1: Using ep0 maxpacket: 8 [ 215.956127][ T5172] bcm5974 2-1:0.0: could not read from device [ 215.978537][ T5150] usb 1-1: unable to get BOS descriptor or descriptor too short [ 215.979572][ T5834] bcm5974 2-1:0.0: could not read from device [ 216.004074][ T5150] usb 1-1: no configurations [ 216.006016][ T7160] syz.5.330 uses obsolete (PF_INET,SOCK_PACKET) [ 216.022251][ T5150] usb 1-1: can't read configurations, error -22 [ 216.038789][ T5172] bcm5974 2-1:0.0: could not read from device [ 216.077676][ T5834] udevd[5834]: Error opening device "/dev/input/event4": No such file or directory [ 216.103149][ T5834] udevd[5834]: Unable to EVIOCGABS device "/dev/input/event4" [ 216.126292][ T5834] udevd[5834]: Unable to EVIOCGABS device "/dev/input/event4" [ 216.135099][ T7158] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 216.143178][ T5834] udevd[5834]: Unable to EVIOCGABS device "/dev/input/event4" [ 216.179023][ T5834] udevd[5834]: Unable to EVIOCGABS device "/dev/input/event4" [ 216.183241][ T5150] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 216.353127][ T5150] usb 1-1: Using ep0 maxpacket: 8 [ 216.360795][ T5150] usb 1-1: unable to get BOS descriptor or descriptor too short [ 216.369026][ T5150] usb 1-1: no configurations [ 216.378894][ T5150] usb 1-1: can't read configurations, error -22 [ 216.393575][ T5150] usb usb1-port1: attempt power cycle [ 216.733180][ T5150] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 216.763723][ T5150] usb 1-1: Using ep0 maxpacket: 8 [ 216.779883][ T5150] usb 1-1: unable to get BOS descriptor or descriptor too short [ 216.794639][ T5150] usb 1-1: no configurations [ 216.822941][ T5150] usb 1-1: can't read configurations, error -22 [ 216.983123][ T5150] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 217.003759][ T5150] usb 1-1: Using ep0 maxpacket: 8 [ 217.011322][ T5150] usb 1-1: unable to get BOS descriptor or descriptor too short [ 217.023111][ T5150] usb 1-1: no configurations [ 217.028362][ T5150] usb 1-1: can't read configurations, error -22 [ 217.046605][ T5150] usb usb1-port1: unable to enumerate USB device [ 218.756550][ T7188] netlink: 32 bytes leftover after parsing attributes in process `syz.4.339'. [ 218.873532][ T5150] IPVS: starting estimator thread 0... [ 218.884611][ T7172] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 219.023296][ T7194] IPVS: using max 27 ests per chain, 64800 per kthread [ 219.153163][ T5950] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 219.373794][ T5950] usb 5-1: Using ep0 maxpacket: 8 [ 219.391621][ T5950] usb 5-1: unable to get BOS descriptor or descriptor too short [ 219.436021][ T5950] usb 5-1: config 248 has an invalid interface number: 51 but max is 0 [ 219.452687][ T5950] usb 5-1: config 248 has no interface number 0 [ 219.472397][ T5950] usb 5-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=39.f0 [ 219.488752][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.498164][ T5950] usb 5-1: Product: syz [ 219.502486][ T5950] usb 5-1: Manufacturer: syz [ 219.507716][ T5950] usb 5-1: SerialNumber: syz [ 219.743825][ T7197] netlink: 12 bytes leftover after parsing attributes in process `syz.4.343'. [ 220.297325][ T7226] netlink: 28 bytes leftover after parsing attributes in process `syz.4.343'. [ 220.567648][ T7226] 8021q: adding VLAN 0 to HW filter on device bond1 [ 220.621512][ T5950] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:248.51/input/input11 [ 220.723452][ T5172] bcm5974 5-1:248.51: could not read from device [ 220.727058][ T5950] usb 5-1: USB disconnect, device number 7 [ 221.006741][ T5172] bcm5974 5-1:248.51: could not read from device [ 223.335238][ T10] usb 1-1: new low-speed USB device number 16 using dummy_hcd [ 224.273266][ T10] usb 1-1: device descriptor read/64, error -71 [ 224.704394][ T10] usb 1-1: new low-speed USB device number 17 using dummy_hcd [ 224.843182][ T10] usb 1-1: device descriptor read/64, error -71 [ 224.984906][ T10] usb usb1-port1: attempt power cycle [ 225.353198][ T10] usb 1-1: new low-speed USB device number 18 using dummy_hcd [ 225.401755][ T10] usb 1-1: device descriptor read/8, error -71 [ 225.903837][ T7292] netlink: 236 bytes leftover after parsing attributes in process `syz.1.364'. [ 225.912916][ T7292] openvswitch: netlink: IP tunnel dst address not specified [ 226.548337][ T7299] netlink: 12 bytes leftover after parsing attributes in process `syz.0.368'. [ 226.726096][ T5919] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 227.144981][ T5919] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 227.188685][ T5919] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 227.200415][ T7302] netlink: 28 bytes leftover after parsing attributes in process `syz.0.368'. [ 227.297116][ T5919] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 227.307953][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.316179][ T5919] usb 6-1: Product: ᡖ㍎♐䃩슭椩ᏼ篠 [ 227.326925][ T5919] usb 6-1: Manufacturer: ⻭늖漸缵厚韞ꇔ彌 [ 227.339836][ T5919] usb 6-1: SerialNumber: Ќ [ 227.593286][ T5810] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 227.597764][ T7316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.373'. [ 227.743909][ T5919] cdc_ncm 6-1:1.0: bind() failure [ 227.875529][ T5919] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 227.893103][ T5919] cdc_ncm 6-1:1.1: bind() failure [ 227.916036][ T5810] usb 5-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 227.920420][ T5919] usb 6-1: USB disconnect, device number 2 [ 228.156833][ T5810] usb 5-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 228.206564][ T5810] usb 5-1: Product: syz [ 228.226217][ T5810] usb 5-1: Manufacturer: syz [ 228.246220][ T5810] usb 5-1: SerialNumber: syz [ 228.285470][ T5810] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 229.391152][ T5810] vp7045: USB control message 'in' went wrong. [ 229.407356][ T5810] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 229.448900][ T5810] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 229.506421][ T5810] usb 5-1: USB disconnect, device number 8 [ 230.996115][ T5810] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 231.175676][ T5136] Bluetooth: hci6: command 0x1003 tx timeout [ 231.182031][ T5821] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 231.264360][ T5810] usb 6-1: Using ep0 maxpacket: 32 [ 231.307088][ T5810] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f [ 231.349109][ T5810] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.398651][ T5810] usb 6-1: config 0 descriptor?? [ 231.638976][ T5810] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 231.660089][ T5810] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 231.697447][ T5810] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 231.711009][ T5810] usb 6-1: media controller created [ 231.753409][ T5919] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 231.775037][ T5810] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 231.861631][ T5810] az6027: usb out operation failed. (-71) [ 231.885492][ T5810] az6027: usb out operation failed. (-71) [ 231.913078][ T5810] stb0899_attach: Driver disabled by Kconfig [ 231.923393][ T5810] az6027: no front-end attached [ 231.923393][ T5810] [ 231.938063][ T5919] usb 5-1: device descriptor read/64, error -71 [ 231.950196][ T5810] az6027: usb out operation failed. (-71) [ 231.967721][ T5810] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 232.015641][ T5810] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input12 [ 232.053642][ T5810] dvb-usb: schedule remote query interval to 400 msecs. [ 232.061790][ T5810] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 232.095590][ T5810] usb 6-1: USB disconnect, device number 3 [ 232.190934][ T5810] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 232.212453][ T5919] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 232.357565][ T5919] usb 5-1: device descriptor read/64, error -71 [ 232.473648][ T5919] usb usb5-port1: attempt power cycle [ 232.843286][ T5919] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 232.896520][ T5919] usb 5-1: device descriptor read/8, error -71 [ 233.153116][ T5919] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 233.214304][ T5919] usb 5-1: device descriptor read/8, error -71 [ 233.222386][ T7419] bond0: entered promiscuous mode [ 233.228591][ T7419] bond_slave_0: entered promiscuous mode [ 233.243352][ T7419] bond_slave_1: entered promiscuous mode [ 233.267791][ T7419] bond0: left promiscuous mode [ 233.273358][ T7419] bond_slave_0: left promiscuous mode [ 233.279161][ T7419] bond_slave_1: left promiscuous mode [ 233.334280][ T5919] usb usb5-port1: unable to enumerate USB device [ 233.697580][ T7433] syzkaller1: entered promiscuous mode [ 233.718083][ T7433] syzkaller1: entered allmulticast mode [ 233.727530][ T7436] netlink: 8 bytes leftover after parsing attributes in process `syz.0.415'. [ 233.859917][ T7440] netlink: 36 bytes leftover after parsing attributes in process `syz.5.417'. [ 233.880758][ T7440] netlink: 16 bytes leftover after parsing attributes in process `syz.5.417'. [ 233.900715][ T7440] netlink: 36 bytes leftover after parsing attributes in process `syz.5.417'. [ 233.912551][ T7440] netlink: 36 bytes leftover after parsing attributes in process `syz.5.417'. [ 233.957193][ T7442] netlink: 92 bytes leftover after parsing attributes in process `syz.1.418'. [ 234.312942][ T7455] vlan2: entered allmulticast mode [ 234.319077][ T7455] bond0: entered allmulticast mode [ 234.324659][ T7455] bond_slave_0: entered allmulticast mode [ 234.330520][ T7455] bond_slave_1: entered allmulticast mode [ 235.081105][ T7477] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 235.387211][ T7468] syzkaller0: entered promiscuous mode [ 235.407460][ T7468] syzkaller0: entered allmulticast mode [ 235.413899][ T7492] netlink: 12 bytes leftover after parsing attributes in process `syz.4.434'. [ 235.501208][ T7492] sch_tbf: burst 5 is lower than device bridge1 mtu (1514) ! [ 237.247716][ T7510] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 237.268393][ T7525] netlink: 96 bytes leftover after parsing attributes in process `syz.5.447'. [ 237.488974][ T7535] netlink: 40 bytes leftover after parsing attributes in process `syz.2.449'. [ 237.807821][ T7550] vlan2: entered promiscuous mode [ 237.827474][ T7550] vlan0: entered promiscuous mode [ 237.832561][ T7550] erspan0: entered promiscuous mode [ 238.041734][ T7558] vlan2: entered promiscuous mode [ 238.116336][ T7558] vlan2: entered allmulticast mode [ 238.134133][ T7558] hsr_slave_1: entered allmulticast mode [ 238.603918][ T7587] netlink: 'syz.4.462': attribute type 39 has an invalid length. [ 238.608062][ T7584] netlink: 'syz.2.464': attribute type 1 has an invalid length. [ 238.632651][ T7589] Bluetooth: MGMT ver 1.23 [ 238.738109][ T7587] veth0_macvtap: left promiscuous mode [ 239.224563][ T7601] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.419282][ T7612] netlink: 24 bytes leftover after parsing attributes in process `syz.0.470'. [ 239.552372][ T7601] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.640896][ T7622] lo speed is unknown, defaulting to 1000 [ 239.713783][ T7601] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.781075][ T7626] netlink: 'syz.5.474': attribute type 1 has an invalid length. [ 239.792893][ T7622] lo speed is unknown, defaulting to 1000 [ 239.808936][ T7626] netlink: 144 bytes leftover after parsing attributes in process `syz.5.474'. [ 239.825930][ T7622] lo speed is unknown, defaulting to 1000 [ 239.865689][ T7626] netlink: 28 bytes leftover after parsing attributes in process `syz.5.474'. [ 239.961688][ T7601] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.232403][ T7601] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.344089][ T7601] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.446846][ T7601] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.727675][ T7601] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.891074][ T7601] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.024441][ T7661] syz.1.481 (7661) used greatest stack depth: 17992 bytes left [ 241.086450][ T7601] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.202685][ T7622] infiniband syz0: set active [ 241.216096][ T5810] lo speed is unknown, defaulting to 1000 [ 241.232634][ T7622] infiniband syz0: added lo [ 241.251594][ T7622] syz0: rxe_create_cq: returned err = -12 [ 241.320445][ T7622] infiniband syz0: Couldn't create ib_mad CQ [ 241.364829][ T7622] infiniband syz0: Couldn't open port 1 [ 241.474803][ T7679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.484'. [ 241.505625][ T7622] RDS/IB: syz0: added [ 241.527493][ T7622] smc: adding ib device syz0 with port count 1 [ 241.555431][ T7622] smc: ib device syz0 port 1 has pnetid [ 241.586334][ T7679] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.615572][ T7679] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.776187][ T5810] lo speed is unknown, defaulting to 1000 [ 241.804478][ T7622] lo speed is unknown, defaulting to 1000 [ 241.932385][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.487'. [ 242.061685][ T7699] xt_SECMARK: unable to map security context 'unconfined' [ 242.119460][ T7698] bridge_slave_0: left allmulticast mode [ 242.145333][ T7698] bridge_slave_0: left promiscuous mode [ 242.157968][ T7698] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.192721][ T7698] bridge_slave_1: left allmulticast mode [ 242.201242][ T7698] bridge_slave_1: left promiscuous mode [ 242.210089][ T7698] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.242704][ T7698] bond0: (slave bond_slave_0): Releasing backup interface [ 242.265386][ T7698] bond0: (slave bond_slave_1): Releasing backup interface [ 242.301053][ T7698] team0: Failed to send options change via netlink (err -105) [ 242.327659][ T7698] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 242.341851][ T7698] team0: Port device team_slave_0 removed [ 242.360141][ T7698] team0: Failed to send options change via netlink (err -105) [ 242.375008][ T7698] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 242.389742][ T7698] team0: Port device team_slave_1 removed [ 242.398092][ T7698] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.410179][ T7698] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.446708][ T7698] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.458512][ T7698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.488455][ T7698] bond2: (slave gretap1): Releasing backup interface [ 242.559878][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.488'. [ 242.585976][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.488'. [ 242.600976][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.488'. [ 242.610271][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.488'. [ 242.624952][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.488'. [ 242.699797][ T7622] lo speed is unknown, defaulting to 1000 [ 243.297555][ T7699] lo speed is unknown, defaulting to 1000 [ 243.852221][ T7622] lo speed is unknown, defaulting to 1000 [ 244.698303][ T7743] netlink: 'syz.2.506': attribute type 1 has an invalid length. [ 244.828945][ T7622] lo speed is unknown, defaulting to 1000 [ 245.205010][ T7752] syzkaller1: entered promiscuous mode [ 245.223796][ T7752] syzkaller1: entered allmulticast mode [ 245.324841][ T7622] lo speed is unknown, defaulting to 1000 [ 245.490886][ T7756] netlink: 'syz.1.511': attribute type 1 has an invalid length. [ 245.513872][ T7756] __nla_validate_parse: 51 callbacks suppressed [ 245.513892][ T7756] netlink: 228 bytes leftover after parsing attributes in process `syz.1.511'. [ 245.768342][ T7622] lo speed is unknown, defaulting to 1000 [ 245.991239][ T7622] lo speed is unknown, defaulting to 1000 [ 246.588236][ T7769] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input13 [ 246.646960][ T7772] netlink: 'syz.2.518': attribute type 1 has an invalid length. [ 246.872947][ T7777] lo speed is unknown, defaulting to 1000 [ 247.401240][ C0] vcan0: j1939_tp_rxtimer: 0xffff888021bf1800: rx timeout, send abort [ 247.411387][ C0] vcan0: j1939_tp_rxtimer: 0xffff888021bf0800: rx timeout, send abort [ 247.419882][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888021bf1800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 247.435054][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888021bf0800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 247.606439][ T7796] netlink: 20 bytes leftover after parsing attributes in process `syz.5.527'. [ 249.060903][ T7837] tipc: Started in network mode [ 249.090437][ T7837] tipc: Node identity 56e9ec117681, cluster identity 4711 [ 249.136265][ T7837] tipc: Enabled bearer , priority 0 [ 249.145824][ T7844] syzkaller0: entered promiscuous mode [ 249.146243][ T7835] lo speed is unknown, defaulting to 1000 [ 249.162643][ T7844] syzkaller0: entered allmulticast mode [ 249.215374][ T7837] tipc: Resetting bearer [ 249.238276][ T7848] netlink: 24 bytes leftover after parsing attributes in process `syz.2.545'. [ 249.301015][ T7836] tipc: Resetting bearer [ 249.420694][ T7836] tipc: Disabling bearer [ 250.208094][ T7881] netlink: 8 bytes leftover after parsing attributes in process `syz.5.558'. [ 250.244247][ T7885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.561'. [ 250.289276][ T7885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.561'. [ 250.423989][ T7882] lo speed is unknown, defaulting to 1000 [ 250.437767][ T5821] Bluetooth: hci5: link tx timeout [ 250.448605][ T5821] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 250.499986][ T7890] netlink: zone id is out of range [ 250.565635][ T7890] netlink: zone id is out of range [ 250.596192][ T7890] netlink: zone id is out of range [ 250.662929][ T7890] netlink: zone id is out of range [ 250.679689][ T7890] netlink: zone id is out of range [ 250.695892][ T7890] netlink: zone id is out of range [ 250.723507][ T7890] netlink: zone id is out of range [ 250.735565][ T7890] netlink: zone id is out of range [ 250.744895][ T7890] netlink: zone id is out of range [ 250.762473][ T7890] netlink: zone id is out of range [ 251.416552][ T7888] lo speed is unknown, defaulting to 1000 [ 251.588845][ T7916] netlink: 'syz.5.573': attribute type 1 has an invalid length. [ 251.600136][ T7916] netlink: 184 bytes leftover after parsing attributes in process `syz.5.573'. [ 251.611717][ T7916] netlink: 'syz.5.573': attribute type 1 has an invalid length. [ 252.223324][ T7933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.581'. [ 252.494090][ T5136] Bluetooth: hci5: command 0x0406 tx timeout [ 253.188659][ T7959] netlink: 'syz.2.593': attribute type 1 has an invalid length. [ 253.263118][ T7959] netlink: 5624 bytes leftover after parsing attributes in process `syz.2.593'. [ 253.681533][ T7969] netlink: 8 bytes leftover after parsing attributes in process `syz.4.597'. [ 253.812099][ T7975] netlink: 16 bytes leftover after parsing attributes in process `syz.2.599'. [ 253.881930][ T7975] batadv0: entered promiscuous mode [ 253.904202][ T7975] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 253.924678][ T7975] batadv0: left promiscuous mode [ 254.247124][ T7990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'. [ 254.291083][ T7995] netlink: 'syz.5.610': attribute type 12 has an invalid length. [ 254.306872][ T7995] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.610'. [ 254.362468][ T8001] netlink: 'syz.0.607': attribute type 10 has an invalid length. [ 254.466347][ T7990] team0 (unregistering): Port device team_slave_0 removed [ 254.484268][ T7990] team0 (unregistering): Port device team_slave_1 removed [ 254.535443][ T8001] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 254.851280][ T8019] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input14 [ 254.900246][ T8023] netlink: 'syz.0.620': attribute type 1 has an invalid length. [ 254.932296][ T8021] lo speed is unknown, defaulting to 1000 [ 255.386870][ T8037] Bluetooth: MGMT ver 1.23 [ 255.507871][ T8041] netlink: 'syz.0.628': attribute type 12 has an invalid length. [ 255.538801][ T8041] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.628'. [ 255.698204][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.713517][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.742187][ T8048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.631'. [ 255.988962][ T8059] netlink: 60 bytes leftover after parsing attributes in process `syz.2.633'. [ 256.021133][ T8051] lo speed is unknown, defaulting to 1000 [ 256.964478][ T8085] netlink: 'syz.4.646': attribute type 1 has an invalid length. [ 257.160143][ T8085] 8021q: adding VLAN 0 to HW filter on device bond2 [ 257.226781][ T8097] __nla_validate_parse: 1 callbacks suppressed [ 257.226798][ T8097] netlink: 24 bytes leftover after parsing attributes in process `syz.1.649'. [ 257.311071][ T8089] bond2: (slave veth3): Enslaving as an active interface with a down link [ 257.335740][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.651'. [ 257.355759][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.651'. [ 257.371508][ T8091] bond2: (slave veth0_to_bond): making interface the new active one [ 257.383341][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.651'. [ 257.388679][ T8091] veth0_to_bond: entered promiscuous mode [ 257.400908][ T8091] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 257.580713][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.0.655'. [ 257.775152][ T8119] netlink: 212316 bytes leftover after parsing attributes in process `syz.0.659'. [ 257.933445][ T8122] digital: digital_start_poll: Unknown protocol [ 257.946231][ T8120] lo speed is unknown, defaulting to 1000 [ 258.617335][ T8155] No such timeout policy "syz0" [ 258.985351][ T8165] netlink: 'syz.0.672': attribute type 1 has an invalid length. [ 259.116623][ T8165] bond4: entered promiscuous mode [ 259.122136][ T8165] 8021q: adding VLAN 0 to HW filter on device bond4 [ 259.292833][ T8167] 8021q: adding VLAN 0 to HW filter on device bond5 [ 259.299495][ T8177] digital: digital_start_poll: Unknown protocol [ 259.314895][ T8167] bond4: (slave bond5): making interface the new active one [ 259.324131][ T8167] bond5: entered promiscuous mode [ 259.330067][ T8167] bond4: (slave bond5): Enslaving as an active interface with an up link [ 259.491413][ T8178] lo speed is unknown, defaulting to 1000 [ 259.493121][ T8179] netlink: 60 bytes leftover after parsing attributes in process `syz.5.675'. [ 260.089539][ T8201] lo speed is unknown, defaulting to 1000 [ 261.021852][ T8244] netlink: 'syz.4.691': attribute type 5 has an invalid length. [ 261.170519][ T8244] bridge_slave_0: left allmulticast mode [ 261.189438][ T8244] bridge_slave_0: left promiscuous mode [ 261.206830][ T8244] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.258692][ T8244] bridge_slave_1: left allmulticast mode [ 261.274844][ T8244] bridge_slave_1: left promiscuous mode [ 261.296599][ T8244] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.322044][ T8244] bond2: (slave veth0_to_bond): Releasing active interface [ 261.340857][ T8244] veth0_to_bond: left promiscuous mode [ 261.373859][ T8244] bond0: (slave bond_slave_0): Releasing backup interface [ 261.410287][ T8244] bond0: (slave bond_slave_1): Releasing backup interface [ 261.457854][ T8257] netlink: 212316 bytes leftover after parsing attributes in process `syz.1.694'. [ 261.459958][ T8244] team0: Port device team_slave_0 removed [ 261.495708][ T8244] team0: Port device team_slave_1 removed [ 261.530887][ T8244] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 261.543250][ T8244] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 261.560584][ T8244] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.582438][ T8244] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.629604][ T8244] bond2: (slave veth3): Releasing active interface [ 261.656663][ T5903] lo speed is unknown, defaulting to 1000 [ 261.702163][ T8265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.696'. [ 261.957309][ T8275] netlink: 12 bytes leftover after parsing attributes in process `syz.4.698'. [ 262.634393][ T8302] __nla_validate_parse: 1 callbacks suppressed [ 262.634411][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.707'. [ 262.740846][ T8304] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input15 [ 262.811466][ T8307] netlink: 'syz.2.708': attribute type 1 has an invalid length. [ 262.878331][ T8313] netlink: 12 bytes leftover after parsing attributes in process `syz.5.711'. [ 263.193632][ T8326] netlink: 'syz.0.716': attribute type 1 has an invalid length. [ 263.208512][ T8326] netlink: 144 bytes leftover after parsing attributes in process `syz.0.716'. [ 263.218691][ T8326] netlink: 28 bytes leftover after parsing attributes in process `syz.0.716'. [ 263.236136][ T8324] lo speed is unknown, defaulting to 1000 [ 263.600656][ T8335] netlink: 'syz.5.720': attribute type 12 has an invalid length. [ 263.617550][ T8335] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.720'. [ 263.733216][ T8330] lo speed is unknown, defaulting to 1000 [ 264.102111][ T8354] netlink: 12 bytes leftover after parsing attributes in process `syz.4.727'. [ 264.359249][ T8359] syzkaller1: entered promiscuous mode [ 264.377190][ T8359] syzkaller1: entered allmulticast mode [ 264.491859][ T8344] lo speed is unknown, defaulting to 1000 [ 264.838879][ T8383] netlink: 12 bytes leftover after parsing attributes in process `syz.4.739'. [ 265.077046][ T8389] netlink: 'syz.2.741': attribute type 1 has an invalid length. [ 265.113171][ T8389] netlink: 144 bytes leftover after parsing attributes in process `syz.2.741'. [ 265.139683][ T8389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.741'. [ 265.474930][ T8392] netlink: 'syz.1.742': attribute type 12 has an invalid length. [ 265.530264][ T8392] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.742'. [ 266.310838][ T8419] net_ratelimit: 6 callbacks suppressed [ 266.310857][ T8419] netlink: zone id is out of range [ 266.335928][ T8419] netlink: zone id is out of range [ 266.350096][ T8419] netlink: zone id is out of range [ 266.410455][ T5821] block nbd0: Receive control failed (result -32) [ 266.520411][ T8419] netlink: set zone limit has 4 unknown bytes [ 266.946262][ T8441] digital: digital_start_poll: Unknown protocol [ 267.039507][ T8445] 8021q: VLANs not supported on nlmon0 [ 267.651440][ T8474] 8021q: VLANs not supported on caif0 [ 267.858867][ T8485] netlink: 'syz.0.785': attribute type 1 has an invalid length. [ 267.876964][ T8485] __nla_validate_parse: 10 callbacks suppressed [ 267.876981][ T8485] netlink: 144 bytes leftover after parsing attributes in process `syz.0.785'. [ 267.927399][ T8485] netlink: 28 bytes leftover after parsing attributes in process `syz.0.785'. [ 268.053890][ T8493] netlink: 24 bytes leftover after parsing attributes in process `syz.2.789'. [ 268.145610][ T8500] netlink: 28 bytes leftover after parsing attributes in process `syz.0.791'. [ 268.424118][ T8507] vlan3: entered promiscuous mode [ 268.451615][ T8507] vlan2: entered promiscuous mode [ 268.482155][ T8507] erspan0: entered promiscuous mode [ 268.514094][ T8512] digital: digital_start_poll: Unknown protocol [ 268.685130][ T8519] netlink: 212296 bytes leftover after parsing attributes in process `syz.5.799'. [ 268.705127][ T8521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.800'. [ 268.803252][ T8521] sch_tbf: burst 5 is lower than device bridge1 mtu (1514) ! [ 268.831885][ T8527] smc: net device bond0 erased user defined pnetid SYZ2 [ 268.889070][ T8530] netlink: 28 bytes leftover after parsing attributes in process `syz.5.804'. [ 270.093638][ T8594] netlink: 16 bytes leftover after parsing attributes in process `syz.1.827'. [ 270.328973][ T8600] lo speed is unknown, defaulting to 1000 [ 270.610148][ T8597] lo speed is unknown, defaulting to 1000 [ 271.068634][ T8630] netlink: 28 bytes leftover after parsing attributes in process `syz.4.830'. [ 271.092051][ T8624] 8021q: VLANs not supported on gre0 [ 272.608642][ T8671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.855'. [ 273.028110][ T8687] netlink: 'syz.0.860': attribute type 1 has an invalid length. [ 273.049752][ T8687] netlink: 144 bytes leftover after parsing attributes in process `syz.0.860'. [ 273.087546][ T8687] netlink: 28 bytes leftover after parsing attributes in process `syz.0.860'. [ 273.538797][ T8702] netlink: zone id is out of range [ 273.639877][ T8702] netlink: set zone limit has 4 unknown bytes [ 273.715128][ T8707] netlink: 16 bytes leftover after parsing attributes in process `syz.2.868'. [ 273.973860][ T8715] lo speed is unknown, defaulting to 1000 [ 274.289967][ T8722] netlink: 'syz.2.874': attribute type 1 has an invalid length. [ 274.297804][ T8722] netlink: 144 bytes leftover after parsing attributes in process `syz.2.874'. [ 274.311411][ T8722] netlink: 28 bytes leftover after parsing attributes in process `syz.2.874'. [ 274.315983][ T8720] 8021q: VLANs not supported on caif0 [ 274.494742][ T8730] netlink: 24 bytes leftover after parsing attributes in process `syz.5.875'. [ 274.545152][ T8735] netlink: 24 bytes leftover after parsing attributes in process `syz.5.875'. [ 274.847575][ T8744] digital: digital_start_poll: Unknown protocol [ 275.256387][ T8759] tipc: Can't bind to reserved service type 0 [ 275.323773][ T8759] bond0: entered promiscuous mode [ 275.332367][ T8759] bond_slave_0: entered promiscuous mode [ 275.339409][ T8759] bond_slave_1: entered promiscuous mode [ 275.350693][ T8764] netlink: 212316 bytes leftover after parsing attributes in process `syz.1.891'. [ 275.374795][ T8759] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 275.402602][ T8759] bond0: left promiscuous mode [ 275.433467][ T8759] bond_slave_0: left promiscuous mode [ 275.460783][ T8759] bond_slave_1: left promiscuous mode [ 275.506448][ T8769] netlink: 180 bytes leftover after parsing attributes in process `syz.4.892'. [ 275.669491][ T8775] netlink: 12 bytes leftover after parsing attributes in process `syz.0.896'. [ 276.586124][ T8811] tipc: Started in network mode [ 276.591317][ T8811] tipc: Node identity 8ee89f56737e, cluster identity 4711 [ 276.600420][ T8811] tipc: Enabled bearer , priority 0 [ 276.654546][ T8815] syzkaller0: entered promiscuous mode [ 276.696159][ T8815] syzkaller0: entered allmulticast mode [ 276.745989][ T8811] tipc: Resetting bearer [ 276.767962][ T8809] tipc: Resetting bearer [ 276.855202][ T8809] tipc: Disabling bearer [ 277.065140][ T8835] digital: digital_start_poll: Unknown protocol [ 277.995155][ T8876] netlink: 'syz.4.940': attribute type 1 has an invalid length. [ 278.129897][ T8880] netlink: 'syz.2.942': attribute type 1 has an invalid length. [ 278.227615][ T8880] 8021q: adding VLAN 0 to HW filter on device bond2 [ 278.235141][ T8886] __nla_validate_parse: 7 callbacks suppressed [ 278.235157][ T8886] netlink: 16 bytes leftover after parsing attributes in process `syz.5.941'. [ 278.340985][ T8887] bond2: (slave veth3): Enslaving as an active interface with a down link [ 278.359467][ T8880] vlan5: entered allmulticast mode [ 278.375615][ T8880] veth1: entered allmulticast mode [ 278.390498][ T8880] veth1: entered promiscuous mode [ 278.402193][ T8880] veth1: left promiscuous mode [ 278.416081][ T8880] bond2: (slave vlan5): making interface the new active one [ 278.429246][ T8880] veth1: entered promiscuous mode [ 278.440119][ T8880] vlan5: entered promiscuous mode [ 278.450779][ T8880] bond2: (slave vlan5): Enslaving as an active interface with an up link [ 278.610301][ T8905] netlink: zone id is out of range [ 278.718157][ T8905] netlink: set zone limit has 4 unknown bytes [ 278.833721][ T8911] netlink: 'syz.4.954': attribute type 1 has an invalid length. [ 278.858939][ T8911] netlink: 144 bytes leftover after parsing attributes in process `syz.4.954'. [ 278.879241][ T8911] netlink: 28 bytes leftover after parsing attributes in process `syz.4.954'. [ 280.032803][ T8961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.976'. [ 280.141569][ T8966] 8021q: VLANs not supported on caif0 [ 280.178378][ T8969] netlink: 'syz.5.980': attribute type 1 has an invalid length. [ 280.288005][ T8969] 8021q: adding VLAN 0 to HW filter on device bond1 [ 280.379592][ T8974] bond1: (slave veth3): Enslaving as an active interface with a down link [ 280.421505][ T8969] vlan3: entered allmulticast mode [ 280.426994][ T8969] veth1: entered allmulticast mode [ 280.434818][ T8969] veth1: entered promiscuous mode [ 280.442220][ T8969] veth1: left promiscuous mode [ 280.478800][ T8969] bond1: (slave vlan3): making interface the new active one [ 280.490399][ T8969] veth1: entered promiscuous mode [ 280.502393][ T8969] vlan3: entered promiscuous mode [ 280.532242][ T8969] bond1: (slave vlan3): Enslaving as an active interface with an up link [ 280.564725][ T8986] lo speed is unknown, defaulting to 1000 [ 281.207733][ T9003] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input16 [ 281.374708][ T9011] 8021q: VLANs not supported on caif0 [ 281.531451][ T9017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.995'. [ 281.845370][ T9024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.999'. [ 282.927656][ T9046] 8021q: VLANs not supported on caif0 [ 283.096316][ T9052] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1009'. [ 283.360035][ T9062] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1013'. [ 283.386960][ T9064] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1015'. [ 283.396701][ T9064] nbd: must specify at least one socket [ 283.419332][ T9062] batadv0: entered promiscuous mode [ 283.427388][ T9062] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 283.436770][ T9062] batadv0: left promiscuous mode [ 283.761507][ T9076] 8021q: VLANs not supported on caif0 [ 283.817594][ T9078] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1021'. [ 284.086956][ T9088] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1026'. [ 284.103517][ T9088] nbd: must specify at least one socket [ 284.825342][ T9096] @: renamed from vlan0 (while UP) [ 285.076422][ T9116] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1035'. [ 285.168373][ T9123] netlink: 'syz.4.1038': attribute type 1 has an invalid length. [ 285.216171][ T9123] 8021q: adding VLAN 0 to HW filter on device bond3 [ 285.276709][ T9123] vlan0: entered allmulticast mode [ 285.281857][ T9123] veth1: entered allmulticast mode [ 285.341763][ T9123] bond3: (slave vlan0): making interface the new active one [ 285.389374][ T9134] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1041'. [ 285.397641][ T9123] bond3: (slave vlan0): Enslaving as an active interface with an up link [ 285.420278][ T9136] netlink: zone id is out of range [ 285.491820][ T9136] netlink: set zone limit has 4 unknown bytes [ 286.241087][ T30] audit: type=1326 audit(1750931605.985:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.266933][ T30] audit: type=1326 audit(1750931605.995:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.289403][ T30] audit: type=1326 audit(1750931605.995:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.367334][ T30] audit: type=1326 audit(1750931605.995:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.427926][ T30] audit: type=1326 audit(1750931605.995:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.450003][ T30] audit: type=1326 audit(1750931606.025:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.532571][ T9154] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1050'. [ 286.547950][ T30] audit: type=1326 audit(1750931606.075:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a6758e963 code=0x7ffc0000 [ 286.606561][ T30] audit: type=1326 audit(1750931606.075:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a6758e963 code=0x7ffc0000 [ 286.628337][ T30] audit: type=1326 audit(1750931606.075:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.650127][ T30] audit: type=1326 audit(1750931606.075:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.2.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a6758e929 code=0x7ffc0000 [ 286.865293][ T9168] netlink: 'syz.4.1055': attribute type 1 has an invalid length. [ 286.951706][ T9168] 8021q: adding VLAN 0 to HW filter on device bond4 [ 287.730955][ T9188] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1061'. [ 288.627306][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1066'. [ 290.565183][ T6085] vlan5: left promiscuous mode [ 290.759406][ T9241] @: renamed from vlan0 (while UP) [ 290.944918][ T9244] netlink: zone id is out of range [ 291.092675][ T9244] netlink: set zone limit has 4 unknown bytes [ 291.410542][ T9251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1081'. [ 291.534205][ T9249] syzkaller1: entered promiscuous mode [ 291.539733][ T9249] syzkaller1: entered allmulticast mode [ 292.168567][ T9266] netlink: 'syz.0.1087': attribute type 1 has an invalid length. [ 292.186305][ T9266] netlink: 184 bytes leftover after parsing attributes in process `syz.0.1087'. [ 292.207970][ T9266] netlink: 'syz.0.1087': attribute type 1 has an invalid length. [ 292.336138][ T9269] syzkaller0: entered promiscuous mode [ 292.371698][ T9269] syzkaller0: entered allmulticast mode [ 293.277901][ T9288] netlink: zone id is out of range [ 293.291100][ T9288] netlink: zone id is out of range [ 293.295623][ T9286] netlink: 'syz.1.1093': attribute type 29 has an invalid length. [ 293.308631][ T9288] netlink: zone id is out of range [ 293.394110][ T6085] vlan3: left promiscuous mode [ 293.498736][ T9288] netlink: set zone limit has 4 unknown bytes [ 293.926715][ T9300] syzkaller1: entered promiscuous mode [ 293.934629][ T9300] syzkaller1: entered allmulticast mode [ 293.937994][ T9298] netlink: 'syz.5.1100': attribute type 1 has an invalid length. [ 293.950335][ T9298] netlink: 184 bytes leftover after parsing attributes in process `syz.5.1100'. [ 293.960100][ T9298] netlink: 'syz.5.1100': attribute type 1 has an invalid length. [ 294.197121][ T9305] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1101'. [ 294.344061][ T9305] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1101'. [ 294.732453][ T9309] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1102'. [ 295.343231][ T9317] netlink: 'syz.5.1105': attribute type 1 has an invalid length. [ 296.646222][ T9333] lo speed is unknown, defaulting to 1000 [ 296.794515][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 296.794535][ T30] audit: type=1326 audit(1750931616.555:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 296.798270][ T9339] syzkaller1: entered promiscuous mode [ 296.835416][ T30] audit: type=1326 audit(1750931616.595:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 296.889972][ T9339] syzkaller1: entered allmulticast mode [ 296.938403][ T30] audit: type=1326 audit(1750931616.595:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 296.978256][ T30] audit: type=1326 audit(1750931616.595:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 297.015873][ T30] audit: type=1326 audit(1750931616.595:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 297.043672][ T30] audit: type=1326 audit(1750931616.615:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 297.073764][ T30] audit: type=1326 audit(1750931616.615:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f142a18e963 code=0x7ffc0000 [ 297.097562][ T30] audit: type=1326 audit(1750931616.615:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f142a18e963 code=0x7ffc0000 [ 297.119773][ T30] audit: type=1326 audit(1750931616.615:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 297.141999][ T30] audit: type=1326 audit(1750931616.615:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.5.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f142a18e929 code=0x7ffc0000 [ 297.210483][ T9344] netlink: 'syz.0.1114': attribute type 1 has an invalid length. [ 297.226819][ T9344] netlink: 184 bytes leftover after parsing attributes in process `syz.0.1114'. [ 297.256368][ T9344] netlink: 'syz.0.1114': attribute type 1 has an invalid length. [ 298.092398][ T9367] netlink: 14204 bytes leftover after parsing attributes in process `syz.2.1124'. [ 298.788760][ T9371] syzkaller1: entered promiscuous mode [ 298.814678][ T9371] syzkaller1: entered allmulticast mode [ 298.920627][ T9382] lo speed is unknown, defaulting to 1000 [ 298.938576][ T9385] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1129'. [ 299.263057][ T9389] sch_tbf: burst 5 is lower than device bridge2 mtu (1514) ! [ 299.281547][ T9398] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1131'. [ 299.364762][ T9394] lo speed is unknown, defaulting to 1000 [ 299.730983][ T9413] netlink: 'syz.4.1138': attribute type 4 has an invalid length. [ 299.772869][ T9413] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.1138'. [ 300.650897][ T9420] syzkaller1: entered promiscuous mode [ 300.665634][ T9420] syzkaller1: entered allmulticast mode [ 300.795884][ T9424] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1142'. [ 301.069648][ T9430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1144'. [ 301.812198][ T9435] syzkaller0: entered promiscuous mode [ 301.838155][ T9435] syzkaller0: entered allmulticast mode [ 301.906533][ T9448] netlink: 'syz.4.1150': attribute type 1 has an invalid length. [ 301.981802][ T9450] netlink: 'syz.2.1152': attribute type 4 has an invalid length. [ 302.052081][ T9450] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.1152'. [ 302.182265][ T9448] 8021q: adding VLAN 0 to HW filter on device bond5 [ 302.335259][ T9464] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1156'. [ 302.490046][ T9460] syzkaller1: entered promiscuous mode [ 302.503204][ T9460] syzkaller1: entered allmulticast mode [ 302.830515][ T9482] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1164'. [ 302.883812][ T9487] netlink: 'syz.4.1167': attribute type 1 has an invalid length. [ 302.982759][ T9487] 8021q: adding VLAN 0 to HW filter on device bond6 [ 303.136035][ T9496] netlink: 'syz.0.1170': attribute type 4 has an invalid length. [ 303.223320][ T9496] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.1170'. [ 303.790011][ T9510] syzkaller1: entered promiscuous mode [ 303.800091][ T9510] syzkaller1: entered allmulticast mode [ 304.953301][ T9527] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1181'. [ 307.982146][ T9581] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1198'. [ 308.390691][ T9595] lo speed is unknown, defaulting to 1000 [ 308.680155][ T9601] syzkaller1: entered promiscuous mode [ 308.689813][ T9601] syzkaller1: entered allmulticast mode [ 308.922210][ T9613] netlink: 'syz.1.1212': attribute type 29 has an invalid length. [ 309.730558][ T9619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1215'. [ 310.466067][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 310.466107][ T30] audit: type=1326 audit(1750931630.215:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9625 comm="syz.0.1216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5567b8e929 code=0x7ffc0000 [ 310.593834][ T9634] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1218'. [ 310.618378][ T30] audit: type=1326 audit(1750931630.225:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9625 comm="syz.0.1216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5567b8e929 code=0x7ffc0000 [ 311.431410][ T9645] syzkaller1: entered promiscuous mode [ 311.441119][ T9645] syzkaller1: entered allmulticast mode [ 314.439242][ T9691] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1238'. [ 315.586321][ T9711] netlink: 'syz.5.1248': attribute type 1 has an invalid length. [ 315.743925][ T9707] lo speed is unknown, defaulting to 1000 [ 315.750040][ T9711] netlink: 184 bytes leftover after parsing attributes in process `syz.5.1248'. [ 315.777413][ T9711] netlink: 'syz.5.1248': attribute type 1 has an invalid length. [ 316.571339][ T9718] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1249'. [ 317.140221][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.146852][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.960644][ T9748] netlink: 'syz.0.1261': attribute type 1 has an invalid length. [ 318.040723][ T9748] netlink: 184 bytes leftover after parsing attributes in process `syz.0.1261'. [ 318.050966][ T9748] netlink: 'syz.0.1261': attribute type 1 has an invalid length. [ 320.061431][ T9783] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1269'. [ 320.366063][ T9790] netlink: 'syz.5.1273': attribute type 1 has an invalid length. [ 320.377390][ T9790] netlink: 184 bytes leftover after parsing attributes in process `syz.5.1273'. [ 320.388961][ T9790] netlink: 'syz.5.1273': attribute type 1 has an invalid length. [ 322.283539][ T9812] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1282'. [ 322.378767][ T9817] lo speed is unknown, defaulting to 1000 [ 322.672225][ T9822] netlink: 'syz.4.1286': attribute type 1 has an invalid length. [ 322.705747][ T9822] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1286'. [ 322.727797][ T9822] netlink: 'syz.4.1286': attribute type 1 has an invalid length. [ 323.927245][ T9833] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1289'. [ 323.969265][ T9835] tipc: Started in network mode [ 323.982304][ T9835] tipc: Node identity 4e8282a8d57a, cluster identity 4711 [ 323.997465][ T9835] tipc: Enabled bearer , priority 0 [ 324.011504][ T9835] tipc: Resetting bearer [ 324.087438][ T9834] tipc: Disabling bearer [ 324.347640][ T9841] lo speed is unknown, defaulting to 1000 [ 324.477891][ T9856] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1297'. [ 324.673127][ T5934] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 324.903422][ T5934] usb 6-1: Using ep0 maxpacket: 8 [ 325.018911][ T5934] usb 6-1: unable to get BOS descriptor or descriptor too short [ 325.103544][ T5934] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 325.133465][ T5934] usb 6-1: can't read configurations, error -61 [ 325.284708][ T5934] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 325.443062][ T5934] usb 6-1: Using ep0 maxpacket: 8 [ 325.468913][ T5934] usb 6-1: unable to get BOS descriptor or descriptor too short [ 325.496401][ T5934] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 325.504718][ T5934] usb 6-1: can't read configurations, error -61 [ 325.521222][ T5934] usb usb6-port1: attempt power cycle [ 326.383174][ T5934] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 326.438135][ T5934] usb 6-1: Using ep0 maxpacket: 8 [ 326.482335][ T5934] usb 6-1: unable to get BOS descriptor or descriptor too short [ 326.540484][ T5934] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 326.643265][ T5934] usb 6-1: can't read configurations, error -61 [ 326.998788][ T5934] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 327.084152][ T5934] usb 6-1: Using ep0 maxpacket: 8 [ 327.104309][ T5934] usb 6-1: unable to get BOS descriptor or descriptor too short [ 327.145518][ T5934] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 327.156309][ T5934] usb 6-1: can't read configurations, error -61 [ 327.184634][ T5934] usb usb6-port1: unable to enumerate USB device [ 327.844825][ T9887] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1304'. [ 328.210476][ T9892] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1305'. [ 328.241285][ T9889] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1305'. [ 328.939458][ T9900] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1309'. [ 329.190706][ T9904] lo speed is unknown, defaulting to 1000 [ 329.634187][ T9911] netlink: 'syz.4.1314': attribute type 1 has an invalid length. [ 329.655622][ T9911] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1314'. [ 329.702233][ T9911] netlink: 'syz.4.1314': attribute type 1 has an invalid length. [ 330.221437][ T9915] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1315'. [ 330.832693][ T9922] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1316'. [ 330.842896][ T9922] openvswitch: netlink: IP tunnel dst address not specified [ 331.948686][ T9931] netlink: 14220 bytes leftover after parsing attributes in process `syz.4.1320'. [ 332.206609][ T30] audit: type=1326 audit(1750931651.955:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 332.325752][ T30] audit: type=1326 audit(1750931651.955:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 332.353465][ T9942] netlink: 'syz.5.1325': attribute type 1 has an invalid length. [ 332.371650][ T9942] netlink: 184 bytes leftover after parsing attributes in process `syz.5.1325'. [ 332.381580][ T9942] netlink: 'syz.5.1325': attribute type 1 has an invalid length. [ 332.389827][ T30] audit: type=1326 audit(1750931651.955:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 332.412783][ T30] audit: type=1326 audit(1750931651.955:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 332.437041][ T30] audit: type=1326 audit(1750931651.955:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 333.542112][ T30] audit: type=1326 audit(1750931651.965:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 333.578457][ T9954] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1329'. [ 333.589748][ T30] audit: type=1326 audit(1750931651.965:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f823cb8e963 code=0x7ffc0000 [ 333.749773][ T30] audit: type=1326 audit(1750931651.965:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f823cb8e963 code=0x7ffc0000 [ 334.069856][ T30] audit: type=1326 audit(1750931651.965:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 334.177032][ T30] audit: type=1326 audit(1750931651.965:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9932 comm="syz.1.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823cb8e929 code=0x7ffc0000 [ 334.409659][ T9965] lo speed is unknown, defaulting to 1000 [ 335.017339][ T9979] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1338'. [ 335.089466][ T9979] batadv0: entered promiscuous mode [ 335.138964][ T9979] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 335.258648][ T9984] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1340'. [ 338.163100][ T5150] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 338.237287][T10017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1351'. [ 338.363189][ T5150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.391469][ T5150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.448962][ T5150] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 338.493185][ T5150] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.512233][ T5150] usb 6-1: config 0 descriptor?? [ 339.621179][T10009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 339.630322][T10009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.647583][T10009] afs: Unknown parameter 'dyn-.)º_#^ÔgYVVS6/@$xAiD' [ 339.874804][T10036] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1357'. [ 340.344812][ T5150] usbhid 6-1:0.0: can't add hid device: -71 [ 340.375783][ T5150] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 340.414381][ T5150] usb 6-1: USB disconnect, device number 8 [ 342.281705][T10064] tipc: Enabling of bearer rejected, failed to enable media [ 343.886058][T10087] lo speed is unknown, defaulting to 1000 [ 344.013538][T10100] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1377'. [ 344.334322][T10105] netlink: 'syz.0.1376': attribute type 29 has an invalid length. [ 346.021715][T10119] digital: digital_start_poll: Unknown protocol [ 346.176515][T10124] tipc: Enabling of bearer rejected, failed to enable media [ 347.318026][T10147] 8021q: VLANs not supported on nlmon0 [ 347.565120][T10154] netlink: 'syz.1.1392': attribute type 1 has an invalid length. [ 347.572916][T10154] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1392'. [ 347.592740][T10154] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1392'. [ 347.602906][T10156] netlink: 'syz.5.1393': attribute type 4 has an invalid length. [ 347.610739][T10156] netlink: 11120 bytes leftover after parsing attributes in process `syz.5.1393'. [ 349.133308][ T31] INFO: task kworker/0:4:5884 blocked for more than 143 seconds. [ 349.171359][ T31] Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 [ 349.209891][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 349.249567][ T31] task:kworker/0:4 state:D stack:21176 pid:5884 tgid:5884 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 349.275484][ T31] Workqueue: usb_hub_wq hub_event [ 349.281260][ T31] Call Trace: [ 349.290415][ T31] [ 349.295505][ T31] __schedule+0x16a2/0x4cb0 [ 349.300390][ T31] ? schedule+0x165/0x360 [ 349.305871][ T31] ? __pfx___schedule+0x10/0x10 [ 349.311271][ T31] ? schedule+0x91/0x360 [ 349.316475][ T31] schedule+0x165/0x360 [ 349.320911][ T31] schedule_timeout+0x9a/0x270 [ 349.326854][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 349.332570][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 349.341587][ T31] ? wait_for_completion+0x267/0x5d0 [ 349.349054][ T31] wait_for_completion+0x2bf/0x5d0 [ 349.358179][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 349.366121][ T31] i2c_del_adapter+0x581/0x6e0 [ 349.371170][ T31] ? __pfx_i2c_del_adapter+0x10/0x10 [ 349.380183][ T31] ? rcu_is_watching+0x15/0xb0 [ 349.386740][ T31] ? dvb_usb_adapter_exit+0xd7/0x240 [ 349.392326][ T31] dvb_usb_i2c_exit+0x64/0xb0 [ 349.397818][ T31] dvb_usb_device_exit+0x1be/0x350 [ 349.403458][ T31] ? __pfx_dvb_usb_device_exit+0x10/0x10 [ 349.409337][ T31] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 349.416840][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 349.422256][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 349.428991][ T31] cxusb_probe+0x603/0x700 [ 349.433950][ T31] ? __pfx_cxusb_probe+0x10/0x10 [ 349.439141][ T31] ? __pm_runtime_set_status+0x785/0xa50 [ 349.445434][ T31] usb_probe_interface+0x641/0xbc0 [ 349.450849][ T31] ? __pfx_usb_probe_interface+0x10/0x10 [ 349.457124][ T31] really_probe+0x26a/0x9a0 [ 349.461931][ T31] __driver_probe_device+0x18c/0x2f0 [ 349.468041][ T31] driver_probe_device+0x4f/0x430 [ 349.473631][ T31] __device_attach_driver+0x2ce/0x530 [ 349.479267][ T31] bus_for_each_drv+0x251/0x2e0 [ 349.484903][ T31] ? __pfx___device_attach_driver+0x10/0x10 [ 349.491026][ T31] ? __pfx_bus_for_each_drv+0x10/0x10 [ 349.497182][ T31] __device_attach+0x2b8/0x400 [ 349.502214][ T31] ? __pfx___device_attach+0x10/0x10 [ 349.508332][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 349.514110][ T31] bus_probe_device+0x185/0x260 [ 349.519231][ T31] device_add+0x7b6/0xb50 [ 349.529454][ T31] usb_set_configuration+0x1a87/0x20e0 [ 349.535753][ T31] usb_generic_driver_probe+0x8d/0x150 [ 349.541456][ T31] usb_probe_device+0x1c1/0x390 [ 349.548054][ T31] ? __pfx_usb_probe_device+0x10/0x10 [ 349.553921][ T31] really_probe+0x26a/0x9a0 [ 349.558637][ T31] __driver_probe_device+0x18c/0x2f0 [ 349.564589][ T31] driver_probe_device+0x4f/0x430 [ 349.569820][ T31] __device_attach_driver+0x2ce/0x530 [ 349.575903][ T31] bus_for_each_drv+0x251/0x2e0 [ 349.580998][ T31] ? __pfx___device_attach_driver+0x10/0x10 [ 349.587796][ T31] ? __pfx_bus_for_each_drv+0x10/0x10 [ 349.593730][ T31] __device_attach+0x2b8/0x400 [ 349.598779][ T31] ? __pfx___device_attach+0x10/0x10 [ 349.604667][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 349.610167][ T31] bus_probe_device+0x185/0x260 [ 349.617087][ T31] device_add+0x7b6/0xb50 [ 349.621648][ T31] usb_new_device+0xa39/0x16c0 [ 349.626820][ T31] ? __pfx_usb_new_device+0x10/0x10 [ 349.632146][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 349.638129][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 349.643826][ T31] hub_event+0x2941/0x4a00 [ 349.648756][ T31] ? __pfx_hub_event+0x10/0x10 [ 349.654132][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 349.660058][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 349.665867][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 349.671704][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 349.677998][ T31] process_scheduled_works+0xade/0x17b0 [ 349.684097][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 349.690376][ T31] worker_thread+0x8a0/0xda0 [ 349.695677][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 349.702130][ T31] ? __kthread_parkme+0x7b/0x200 [ 349.707267][ T31] kthread+0x70e/0x8a0 [ 349.711471][ T31] ? __pfx_worker_thread+0x10/0x10 [ 349.716756][ T31] ? __pfx_kthread+0x10/0x10 [ 349.721430][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 349.726839][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 349.732134][ T31] ? __pfx_kthread+0x10/0x10 [ 349.737092][ T31] ret_from_fork+0x3fc/0x770 [ 349.741845][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 349.747166][ T31] ? __switch_to_asm+0x39/0x70 [ 349.752017][ T31] ? __switch_to_asm+0x33/0x70 [ 349.757034][ T31] ? __pfx_kthread+0x10/0x10 [ 349.761722][ T31] ret_from_fork_asm+0x1a/0x30 [ 349.766768][ T31] [ 349.770126][ T31] [ 349.770126][ T31] Showing all locks held in the system: [ 349.779880][ T31] 3 locks held by kworker/u8:0/12: [ 349.785202][ T31] 1 lock held by khungtaskd/31: [ 349.790133][ T31] #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 349.800376][ T31] 2 locks held by kworker/u8:2/36: [ 349.805635][ T31] 5 locks held by kworker/u8:3/49: [ 349.810825][ T31] #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 349.822113][ T31] #1: ffffc90000b97bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 349.833025][ T31] #2: ffffffff8f4f1050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 349.842657][ T31] #3: ffffffff8f4fdc48 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890 [ 349.853365][ T31] #4: ffffffff8e144978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 349.864873][ T31] 2 locks held by getty/5581: [ 349.869638][ T31] #0: ffff8880314860a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 349.879756][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 349.890204][ T31] 4 locks held by udevd/5836: [ 349.895003][ T31] #0: ffff88807a703540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 349.904146][ T31] #1: ffff888035729088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 349.913938][ T31] #2: ffff88805e6a22d8 (kn->active#18){.+.+}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 349.923779][ T31] #3: ffff8880207f8198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 [ 349.934012][ T31] 5 locks held by kworker/0:4/5884: [ 349.939288][ T31] #0: ffff8881442c9148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 349.951083][ T31] #1: ffffc9000450fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 349.963315][ T31] #2: ffff888144b02198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 349.972503][ T31] #3: ffff8880207f8198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 349.982227][ T31] #4: ffff88807f53b160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 349.991895][ T31] 6 locks held by syz.0.1400/10173: [ 349.997311][ T31] #0: ffffffff8f4f1050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 350.007062][ T31] #1: ffffffff8f262850 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x19a/0x270 [ 350.017090][ T31] #2: ffffffff8f262a10 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1d2/0x270 [ 350.027587][ T31] #3: ffff888056af4f60 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0xee/0x5c0 [ 350.038777][ T31] #4: ffff888056af5258 (&rxe->usdev_lock){+.+.}-{4:4}, at: rxe_query_port+0x7e/0x3b0 [ 350.048930][ T31] #5: ffffffff8f4fdc48 (rtnl_mutex){+.+.}-{4:4}, at: ib_get_eth_speed+0x151/0x7b0 [ 350.058705][ T31] 4 locks held by syz.5.1402/10180: [ 350.064047][ T31] #0: ffff888042f8ca08 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 350.074735][ T31] #1: ffffffff8f562270 ((netlink_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x54/0x90 [ 350.086443][ T31] #2: ffff88803536b0d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nft_rcv_nl_event+0x116/0x640 [ 350.097244][ T31] #3: ffffffff8e144978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 [ 350.108699][ T31] [ 350.111158][ T31] ============================================= [ 350.111158][ T31] [ 350.119957][ T31] NMI backtrace for cpu 1 [ 350.119974][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 350.119998][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.120010][ T31] Call Trace: [ 350.120018][ T31] [ 350.120027][ T31] dump_stack_lvl+0x189/0x250 [ 350.120063][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.120092][ T31] ? __pfx__printk+0x10/0x10 [ 350.120125][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 350.120154][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 350.120175][ T31] ? irqentry_exit+0x74/0x90 [ 350.120202][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.120240][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 350.120267][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 350.120294][ T31] watchdog+0xfee/0x1030 [ 350.120320][ T31] ? watchdog+0x1de/0x1030 [ 350.120354][ T31] kthread+0x70e/0x8a0 [ 350.120379][ T31] ? __pfx_watchdog+0x10/0x10 [ 350.120409][ T31] ? __pfx_kthread+0x10/0x10 [ 350.120432][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 350.120456][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.120481][ T31] ? __pfx_kthread+0x10/0x10 [ 350.120503][ T31] ret_from_fork+0x3fc/0x770 [ 350.120531][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 350.120564][ T31] ? __switch_to_asm+0x39/0x70 [ 350.120591][ T31] ? __switch_to_asm+0x33/0x70 [ 350.120607][ T31] ? __pfx_kthread+0x10/0x10 [ 350.120626][ T31] ret_from_fork_asm+0x1a/0x30 [ 350.120660][ T31] [ 350.120667][ T31] Sending NMI from CPU 1 to CPUs 0: [ 350.125188][T10173] lo speed is unknown, defaulting to 1000 [ 350.137330][ C0] NMI backtrace for cpu 0 [ 350.137346][ C0] CPU: 0 UID: 0 PID: 10173 Comm: syz.0.1400 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 350.137366][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.137376][ C0] RIP: 0010:unwind_next_frame+0x5/0x2390 [ 350.137405][ C0] Code: e1 07 80 c1 03 38 c1 7c 92 48 89 df e8 c4 19 af 00 eb 88 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 81 ec 98 00 00 00 49 89 fe 48 bd 00 [ 350.137420][ C0] RSP: 0018:ffffc900000077b8 EFLAGS: 00000202 [ 350.137435][ C0] RAX: 0000000000000001 RBX: ffffc90000007880 RCX: 8efcc99cbdefe400 [ 350.137448][ C0] RDX: dffffc0000000000 RSI: ffffffff8183d258 RDI: ffffc900000077c8 [ 350.137461][ C0] RBP: ffffc90000007850 R08: ffffc90000007890 R09: 0000000000000019 [ 350.137472][ C0] R10: ffffc90000007818 R11: ffffffff81ace5b0 R12: ffff888033105a00 [ 350.137485][ C0] R13: 0000000000000000 R14: ffffffff81ace5b0 R15: ffffc900000077c8 [ 350.137496][ C0] FS: 00007f55689b36c0(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000 [ 350.137511][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 350.137523][ C0] CR2: 000000110c46e791 CR3: 000000002fad6000 CR4: 00000000003526f0 [ 350.137537][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 350.137547][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 350.137558][ C0] Call Trace: [ 350.137564][ C0] [ 350.137571][ C0] arch_stack_walk+0x11c/0x150 [ 350.137599][ C0] ? __x64_sys_unshare+0x38/0x50 [ 350.137619][ C0] stack_trace_save+0x9c/0xe0 [ 350.137645][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 350.137667][ C0] ? __lock_acquire+0xab9/0xd20 [ 350.137687][ C0] kasan_save_track+0x3e/0x80 [ 350.137704][ C0] ? kasan_save_track+0x3e/0x80 [ 350.137720][ C0] ? kasan_save_free_info+0x46/0x50 [ 350.137743][ C0] ? __kasan_slab_free+0x62/0x70 [ 350.137759][ C0] ? kfree+0x18e/0x440 [ 350.137775][ C0] ? in6_dev_finish_destroy_rcu+0x62/0xa0 [ 350.137799][ C0] ? rcu_core+0xca8/0x1710 [ 350.137819][ C0] ? handle_softirqs+0x286/0x870 [ 350.137840][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 350.137860][ C0] ? irq_exit_rcu+0x9/0x30 [ 350.137881][ C0] ? sysvec_apic_timer_interrupt+0xa6/0xc0 [ 350.137902][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 350.137919][ C0] ? vprintk_emit+0x58f/0x7a0 [ 350.137941][ C0] ? _printk+0xcf/0x120 [ 350.137955][ C0] ? ib_get_eth_speed+0x43f/0x7b0 [ 350.137974][ C0] ? rxe_query_port+0x93/0x3b0 [ 350.137996][ C0] ? ib_query_port+0x16d/0x830 [ 350.138014][ C0] ? ib_setup_port_attrs+0x24e/0x2070 [ 350.138038][ C0] ? add_one_compat_dev+0x3d6/0x5c0 [ 350.138059][ C0] ? rdma_dev_init_net+0x1dd/0x270 [ 350.138079][ C0] ? ops_init+0x35c/0x5c0 [ 350.138095][ C0] ? setup_net+0x219/0x4b0 [ 350.138108][ C0] ? copy_net_ns+0x31b/0x4d0 [ 350.138121][ C0] ? create_new_namespaces+0x3f3/0x720 [ 350.138141][ C0] ? unshare_nsproxy_namespaces+0x11c/0x170 [ 350.138163][ C0] ? ksys_unshare+0x4c8/0x8c0 [ 350.138177][ C0] ? __x64_sys_unshare+0x38/0x50 [ 350.138213][ C0] kasan_save_free_info+0x46/0x50 [ 350.138236][ C0] __kasan_slab_free+0x62/0x70 [ 350.138254][ C0] ? in6_dev_finish_destroy_rcu+0x62/0xa0 [ 350.138277][ C0] kfree+0x18e/0x440 [ 350.138300][ C0] ? __pfx_in6_dev_finish_destroy_rcu+0x10/0x10 [ 350.138325][ C0] ? rcu_core+0xc34/0x1710 [ 350.138346][ C0] in6_dev_finish_destroy_rcu+0x62/0xa0 [ 350.138371][ C0] rcu_core+0xca8/0x1710 [ 350.138403][ C0] ? __pfx_rcu_core+0x10/0x10 [ 350.138430][ C0] ? sched_balance_domains+0x121/0x9e0 [ 350.138454][ C0] ? sched_balance_domains+0x8be/0x9e0 [ 350.138479][ C0] ? sched_balance_domains+0x121/0x9e0 [ 350.138505][ C0] handle_softirqs+0x286/0x870 [ 350.138529][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 350.138565][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 350.138589][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 350.138607][ C0] __irq_exit_rcu+0xca/0x1f0 [ 350.138627][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 350.138659][ C0] irq_exit_rcu+0x9/0x30 [ 350.138678][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 350.138697][ C0] [ 350.138702][ C0] [ 350.138709][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 350.138724][ C0] RIP: 0010:vprintk_emit+0x58f/0x7a0 [ 350.138747][ C0] Code: 85 32 01 00 00 e8 91 62 1f 00 41 89 df 4d 85 f6 48 8b 1c 24 75 07 e8 80 62 1f 00 eb 06 e8 79 62 1f 00 fb 48 c7 c7 e0 30 13 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 b9 36 [ 350.138759][ C0] RSP: 0018:ffffc900033b73e0 EFLAGS: 00000287 [ 350.138772][ C0] RAX: ffffffff81a0e9a7 RBX: ffffffff81a0e864 RCX: 0000000000080000 [ 350.138783][ C0] RDX: ffffc90004ca2000 RSI: 00000000000387d6 RDI: ffffffff8e1330e0 [ 350.138793][ C0] RBP: ffffc900033b74f0 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e [ 350.138805][ C0] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: dffffc0000000000 [ 350.138816][ C0] R13: 1ffff92000676e80 R14: 0000000000000200 R15: 0000000000000027 [ 350.138829][ C0] ? vprintk_emit+0x444/0x7a0 [ 350.138869][ C0] ? vprintk_emit+0x587/0x7a0 [ 350.138896][ C0] ? vprintk_emit+0x444/0x7a0 [ 350.138921][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 350.138944][ C0] ? rcu_is_watching+0x15/0xb0 [ 350.138970][ C0] ? __mutex_lock+0xa6d/0xe80 [ 350.139001][ C0] _printk+0xcf/0x120 [ 350.139015][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 350.139041][ C0] ? __pfx__printk+0x10/0x10 [ 350.139059][ C0] ? mutex_is_locked+0x17/0x50 [ 350.139082][ C0] ? rtnl_is_locked+0x15/0x20 [ 350.139100][ C0] ? __ethtool_get_link_ksettings+0xe7/0x190 [ 350.139124][ C0] ib_get_eth_speed+0x43f/0x7b0 [ 350.139144][ C0] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 350.139170][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 350.139188][ C0] ? rxe_query_port+0x6b/0x3b0 [ 350.139215][ C0] rxe_query_port+0x93/0x3b0 [ 350.139241][ C0] ib_query_port+0x16d/0x830 [ 350.139264][ C0] ib_setup_port_attrs+0x24e/0x2070 [ 350.139293][ C0] ? rcu_is_watching+0x15/0xb0 [ 350.139322][ C0] ? device_add+0x9bb/0xb50 [ 350.139340][ C0] ? __pfx_ib_setup_port_attrs+0x10/0x10 [ 350.139366][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 350.139382][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 350.139418][ C0] ? device_add+0x70b/0xb50 [ 350.139436][ C0] add_one_compat_dev+0x3d6/0x5c0 [ 350.139461][ C0] rdma_dev_init_net+0x1dd/0x270 [ 350.139484][ C0] ? __pfx_rdma_dev_init_net+0x10/0x10 [ 350.139512][ C0] ops_init+0x35c/0x5c0 [ 350.139534][ C0] setup_net+0x219/0x4b0 [ 350.139550][ C0] ? __pfx_setup_net+0x10/0x10 [ 350.139566][ C0] ? copy_net_ns+0x304/0x4d0 [ 350.139581][ C0] ? down_read_killable+0x1d1/0x350 [ 350.139599][ C0] copy_net_ns+0x31b/0x4d0 [ 350.139616][ C0] create_new_namespaces+0x3f3/0x720 [ 350.139652][ C0] ? security_capable+0x7e/0x2e0 [ 350.139680][ C0] unshare_nsproxy_namespaces+0x11c/0x170 [ 350.139705][ C0] ksys_unshare+0x4c8/0x8c0 [ 350.139724][ C0] ? __pfx_ksys_unshare+0x10/0x10 [ 350.139748][ C0] __x64_sys_unshare+0x38/0x50 [ 350.139764][ C0] do_syscall_64+0xfa/0x3b0 [ 350.139788][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.139810][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.139825][ C0] ? clear_bhb_loop+0x60/0xb0 [ 350.139844][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.139860][ C0] RIP: 0033:0x7f5567b8e929 [ 350.139874][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.139888][ C0] RSP: 002b:00007f55689b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 350.139904][ C0] RAX: ffffffffffffffda RBX: 00007f5567db5fa0 RCX: 00007f5567b8e929 [ 350.139916][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000 [ 350.139926][ C0] RBP: 00007f5567c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 350.139936][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.139946][ C0] R13: 0000000000000001 R14: 00007f5567db5fa0 R15: 00007ffd4a78f2d8 [ 350.139967][ C0] [ 350.141481][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 350.141513][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 350.141550][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.141562][ T31] Call Trace: [ 350.141571][ T31] [ 350.141581][ T31] dump_stack_lvl+0x99/0x250 [ 350.141635][ T31] ? __asan_memcpy+0x40/0x70 [ 350.141658][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.141694][ T31] ? __pfx__printk+0x10/0x10 [ 350.141732][ T31] panic+0x2db/0x790 [ 350.141770][ T31] ? __pfx_panic+0x10/0x10 [ 350.141802][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 350.141839][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 350.141867][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 350.141904][ T31] watchdog+0x102d/0x1030 [ 350.141934][ T31] ? watchdog+0x1de/0x1030 [ 350.141972][ T31] kthread+0x70e/0x8a0 [ 350.141999][ T31] ? __pfx_watchdog+0x10/0x10 [ 350.142025][ T31] ? __pfx_kthread+0x10/0x10 [ 350.142050][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 350.142080][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.142108][ T31] ? __pfx_kthread+0x10/0x10 [ 350.142134][ T31] ret_from_fork+0x3fc/0x770 [ 350.142166][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 350.142202][ T31] ? __switch_to_asm+0x39/0x70 [ 350.142224][ T31] ? __switch_to_asm+0x33/0x70 [ 350.142243][ T31] ? __pfx_kthread+0x10/0x10 [ 350.142269][ T31] ret_from_fork_asm+0x1a/0x30 [ 350.142308][ T31] [ 350.150600][ T31] Kernel Offset: disabled