last executing test programs: 7.891263574s ago: executing program 2 (id=2222): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x8, 0x80000000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001a900)=""/102392, 0x18ff8) dup(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x6, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x8000) fallocate(0xffffffffffffffff, 0x3, 0x5000000, 0x8000c62) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r6, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000440)={0x28, 0x0, 0x2711, @local}, 0x10) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000040)={0xb000000c}) 7.668159894s ago: executing program 1 (id=2226): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) close(r0) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0) shutdown(r1, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r2, 0x0, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0xd8, 0xa0, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee5233188", 0x0, 0x8000}, 0x50) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r3, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r4, 0x800448d4, &(0x7f0000000400)) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r5, 0x400448cb, 0x0) 6.640948435s ago: executing program 0 (id=2229): socket$kcm(0x29, 0x2, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x45885, 0x80, 0x2, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) userfaultfd(0x80001) r3 = socket$netlink(0x10, 0x3, 0xb) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000000)=0x5, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x8}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0xc, 0x0, 0x9, 0x466, 0xffffffffffffffff}, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 6.452236793s ago: executing program 4 (id=2231): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4805d) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x10, 0x0, &(0x7f00000000c0)=[@clear_death], 0x0, 0x0, 0x0}) 5.353687624s ago: executing program 4 (id=2233): socket$inet_udp(0x2, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 5.266283259s ago: executing program 0 (id=2234): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in=@remote, 0x4e20, 0x0, 0x0, 0x0, 0x2, 0x20}, {}, {}, 0x1, 0xffffffff, 0x1}}, 0xb8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000080)=r4}, 0x20) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x20, 0x1, 0x70bd27, 0x0, {0xa, 0x20, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x4}, [@FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0xfe}}]}}}]}, 0x48}}, 0x0) 4.523667528s ago: executing program 2 (id=2237): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x304000, 0x800, 0x0, 0x3}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 4.3942541s ago: executing program 1 (id=2239): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) preadv(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1, 0xfffffffc, 0x104) r2 = dup(0xffffffffffffffff) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000011c0)={@cgroup, r1, 0x9, 0x3010, 0x0, @value=r2}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r2, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000100)=[0x0], &(0x7f0000000240)=[0x0, 0x0], 0x0, 0xe6, &(0x7f00000003c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0x27, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@cgroup, r0, 0x31, 0xe, 0xffffffffffffffff, @void, @value=r0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) r4 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TCSETS2(r4, 0x402c542b, 0x0) ioctl$TIOCL_PASTESEL(r4, 0x541c, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f00000001c0)=@nullb, &(0x7f0000000280)='./bus\x00', &(0x7f0000000000)='omfs\x00', 0x8004, 0x0) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 4.34666742s ago: executing program 3 (id=2240): r0 = syz_io_uring_setup(0x2402, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 4.032361998s ago: executing program 2 (id=2241): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x503, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r1}, @IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_PROTOCOL={0x5, 0x7, 0x2}]}}}]}, 0x48}}, 0x0) 3.917431557s ago: executing program 3 (id=2242): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$loop(0x0, 0x81, 0x2a82) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e) r1 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffe, 0x0, 0x0) 3.568281426s ago: executing program 2 (id=2243): io_uring_setup(0x246d, 0x0) io_uring_setup(0x2a5a, &(0x7f0000000600)={0x0, 0x52c4, 0x4000, 0xfffffffb, 0x51}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs$namespace(0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0xa, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_getscheduler(0xffffffffffffffff) syz_emit_ethernet(0x2a, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff}, 0x80) r4 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0xffffffff) pwrite64(0xffffffffffffffff, &(0x7f0000000000)="db1033f8c89ad399bc10ed501da24e64794d6e8abdfb003284ee187f8946c39cc107407e2fb719fc4d1af5e249af71885b4945f5b133", 0x36, 0x1caf) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x106, 0x9}}, 0x20) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) 3.203794078s ago: executing program 4 (id=2244): io_setup(0x1, &(0x7f0000000bc0)=0x0) io_pgetevents(r0, 0xfffffffffffffbff, 0x0, 0x0, 0x0, 0x0) 2.105520446s ago: executing program 3 (id=2245): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2.042690937s ago: executing program 2 (id=2246): openat$dir(0xffffffffffffff9c, 0x0, 0xea, 0x0) 1.940839729s ago: executing program 1 (id=2247): ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r1, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000000c0)="4435c61bc9a1f1ed51c7b06188c682bd59fde0261c9bc2b1f66724ea0287fb6effd2c318abfa442135afa8ca2b68dacbb4a1aa65f9c177dc50967e99edcce6e8900d450fcd9980371cd431b9c1ad0766a9cb142c1ac79715905c856c9e549753967a92c7024ac039", 0xffffffffffffff1d, 0x850, 0x0, 0x0) syz_emit_ethernet(0x2097, &(0x7f0000002c40)=ANY=[@ANYBLOB], 0x0) 1.922413038s ago: executing program 2 (id=2248): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x8, 0x80000000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001a900)=""/102392, 0x18ff8) dup(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x6, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x8000) fallocate(0xffffffffffffffff, 0x3, 0x5000000, 0x8000c62) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r6, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000440)={0x28, 0x0, 0x2711, @local}, 0x10) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000040)={0xb000000c}) 1.856895612s ago: executing program 0 (id=2249): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800) 1.8278876s ago: executing program 4 (id=2250): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000140), 0x4) 1.765334554s ago: executing program 1 (id=2251): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000008c0)=@security={'security\x00', 0xe, 0x4, 0x398, 0xffffffff, 0x310, 0x310, 0xd0, 0xffffffff, 0xffffffff, 0x448, 0x448, 0x448, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x1, 0x1}}}, {{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xff, 0x0, 0x0, 0xff], [0xeddd5912779aeb7, 0xffffffff, 0xff, 0xffffff00], 'ip6gretap0\x00', 'pimreg0\x00', {}, {0xff}, 0x0, 0xfa, 0x4, 0x41}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@local, [0xff, 0x0, 0xffffffff, 0xffffffff], 0x4e23, 0x4e21, 0x4e23, 0x4e24, 0xffffffff, 0x9, 0x6, 0x3, 0x2}}}, {{@ipv6={@private2, @remote, [0xff, 0xff, 0x0, 0x3211a5cfd605cfeb], [0xff000000, 0xffffffff, 0xff, 0xffffff00], 'tunl0\x00', 'veth1_to_batadv\x00', {}, {}, 0x11, 0x0, 0x1, 0x20}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x1, 0xaa, {0x8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 1.739471101s ago: executing program 4 (id=2252): sched_setscheduler(0x0, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x2000000, 0x0, 'queue1\x00'}) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{}, 'syz0\x00', 0x52}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x72, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f00000000c0)=0x5) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.727904737s ago: executing program 0 (id=2253): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) lgetxattr(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) socket$inet6(0xa, 0x2, 0x3a) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000300)='neigh_update\x00', r1}, 0x10) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}, 0x0, {0x2, 0xfffd, @multicast1}, 'veth0\x00'}) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5e}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4}, {0x0, 0xe}}}, 0xb8}}, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, 0x0, 0x0) setfsgid(0xee01) faccessat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) 1.669358385s ago: executing program 3 (id=2254): syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000600)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000580)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x5, 0x2a3288, 0x6257a}) syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000845, 0x0, 0x0) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000040)={0x18, r1}) 1.540313538s ago: executing program 1 (id=2255): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000)=0x0) timer_settime(r2, 0x1, &(0x7f0000000380)={{0x77359400}}, &(0x7f00000003c0)) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r3, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x15, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa8}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300), 0xa02, 0x0) link(0x0, 0x0) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r4, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0xc}, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7847, 0x1c}}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000840}, 0x40800) connect$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) 1.09063756s ago: executing program 0 (id=2256): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/asound/timers\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2024) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r5, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xe0}}, 0x20000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000001440)={'ip6erspan0\x00', 0x2}) 1.012880991s ago: executing program 3 (id=2257): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xe7a8, 0x80, 0x7ffe, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r4 = eventfd2(0xff, 0x80001) io_uring_register$IORING_REGISTER_EVENTFD(r1, 0x4, &(0x7f0000000300)=r4, 0x1) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r1, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) 228.154485ms ago: executing program 1 (id=2258): openat$dir(0xffffffffffffff9c, 0x0, 0xea, 0x0) 119.037131ms ago: executing program 0 (id=2259): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x8003) lseek(0xffffffffffffffff, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$dsp(0xffffffffffffffff, &(0x7f0000002000), 0x0) getdents64(0xffffffffffffffff, 0x0, 0xfffffffffffffd27) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)={'some', 0x20, 0x8001, 0x20, 0x8000}, 0x2f) socket$packet(0x11, 0x2, 0x300) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = socket(0x11, 0x80a, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000001900)={{0x0, 0x0, 0x80, {0x6000, 0x6000}}, "cd119ecb949aa232493a2daabd20eb8d0e0ed6a96082289a545618e00515c49f05db8b4edd6f06a01013ac7b108782f891d7ccca684250b1bf93cc178927eedcb8a4d9b81ef5e20273d3c88b4c9163d12af006a9cacd4b3a9cdbd48deec9a320bb3c6b7dae54f9c30ed8790a8eb23ec6bbcf2a0ef8b39c23e7f7d263eff5483234de3e83512564b8a510e64a5a0cbd634408099a64ea051d557fa18c8ef6ed70bba32b15e1baf802b1bab90dd391188acda55734696e0fdc68c76ed66201b00f311c87aaf25a684493544214f10010da3a7acc47bced11d4f1d53e0c276036d9b2047e7b7e38789c9c6559cb71c4dba007631c82cddd92cb5b1b3b620c03cb7bc93d5730c0d6bf5df82eb642dfc44a2d7737daa35e55ef7f4c0de0e2372c05cad755479cb27c9442323e5b6a0769731d2b668a9642293bc5736c2475f89ffa95c5da9dd7f46289ac69eef2895578fc09576717afc0f8726930036ab65459c2d389bc8e47283acea8bf83822060d697b206dfd120c3807a76f7f66ac6135f709267b6c1971763a8b72b471ff88ab85f29d7d21316540e74ac65b629b55a58ea4ad0d3ea384be76f3a792f6d109febfbbed5547f8d8a660044b42dc834d25f28fa0d6922009563cc348a020b085a9fadbc66be281dddb5ea501a9e8186b0d729fbcb2d500c5805b0f1e181af2a8073ad412c59b0cc5aa4343075bceb564247e6c786a0aa15efbdb2a58a0fca8c2dc66da2f8a18feab4d6f843b91b73e08bc52256122937d2ef6975727419897b6f0f853f75c9db24f09c74c0b6f60db56ede16102a313e782381125c66a366843e939de4fe0d4a0a80ad16ca2456f4ce013e8bca1bf633ab49632abba45dad27d640e6d0e15f65efca50d423ffd764883525759d8e912eae8fc9218b8aa4717a4d9557016a348029d96815674bf75fa91f789518cdb08b310c3610e8802d417546be29143bd67cb50597210b154ebd5bd9420bb6fa41d12ee2832a0e1c2d3756e61126e3c938781bb33187b32c5d65fafda2d2e29ba5417a43416e8f6001e8dc926e3a6e04d5c7b5f65d220571830e3e216de369e4576f918753a7e6eb2ecabfe85bd2b36cddd51384ff991a6cf8e52c8dddd69fbf7f4c81441d1b8c98fb3065e19b9f5cd1df71f4bf013d6648b325b1dca6e83843f444595c6938102510c27e79497e1d7447b40c56b64d6d77a2067388090e6722553d0ae13f0b0ef9db98d3924b6c0301f59a920139e276c9843fe553db0bbe2628fb186c5f9206615a416cf2a842a103192770d8cb8f94f7af196a19482b1ddc080b758c63147f553e81b4211c82ed7fe5604b297e9f40ebeae396cf0991b2d1ca1ea4efd440e08f986e1e3171f51296cc6295ae5cf9210587f44bb656a48d998acf8f7e5be9b2fb4b55f0b35dcba9b5aebc9588b7eed34689b642347db90a41ee0d139c66979c34df93ad291c2bb9bd64e5f9f887975b14b3639c1f1055df1d8fde6a775033231d780040cc3b9a3c5ee89c29372f6d362a1982e03d0a966b8921ebc9fa6ff21fe7f8dda5248ae81491f4c09ffe9199aecc116705c65f1004be1e5ca3c9085bd77d422f333af5ac0609b13ff1e1da83c5296dbb2399b4a27f2d39c789fb76ab578f5300aff4d91b8087014debb4e01f49fd6e0faf4a08b86cd342914af2ea27f6375e3358fdb72c292a26138c22a22d38d54a0c82f3ade69ee3b390aaae543a449e9912bad7b6d9731137bae9f5c4f83fb7f320a343a70e84a3c47bf25ed0e884c5770141e00e580ec21ab4a8f794c235aa5af475684875995a40e0c8cb99a06e0188fffd005d91f5e1bda412aabe72adeaf23a6df035d326fa8f93c77c2396b4894b0a49ae46f41f1795aa919cff0460808373fee29e1d35e29f62df6ba6bfcd3712f5154f77789b4051d7e1271d7464a2f636fe1208f4cc6b018648f3a57784dd96d04f6098137de29332e1a26223c8cf636fbd1010956c855533840ffc661bc159d29dbe3910735e9e2e878a38dcf40ab505dd55dc125f75cc5ba954edf1445abfed89f9c8252cb3874ee8013f589f993ed1bb610b1f4e7f6831f4cc2eb027146e1d9ece60b1e8937e4591e391cb03c8de7e6695e274009c0c4f274988cb599af95f134c8549129dca3553bdee64df33dfe11b8a0c2b3517cd8f400b0b1318732b0f1691eb36f47ebb8c09466bda8b59e51fce06921063c0006193e7ea9e014559106cdfe54769f35d24422476449b3b7d96c0a052d48daae62529ec85b1ffabd573265bae48d3e39e35eb97597a0657ee5529920882b9894e647348bfb9a94336a3601b3ec1b23150fa7ecf8b008b384033f05fb677310dc0fdaa32d6864041d0a33bf8aa4cf354227f6bb47c339135433a10a755a49a94496728f77c58c4ece85a2a673df1a353366b593aee9bbd55c1c4b3e90acde34b102a17f15c17d6e1c8710bb10e112800bf5a12ce4ff3d994d092b75370dfde215b0740088fe85b57c88d7240b063fb02e9f8040868d1c8c8a9a9a91b04f21c542f15283ee5e49c3d6637dfd3b635565b2a5ab2e33944e9627fae03c3788919a80f653a5e80af79246c9ff684e005219b7aea5657df2956f566fd5414ed6aeb2e6e4f83120cfa0a123dbf77cff96196a85e8f1cbeafbb5b5aa04adc6fd048a313c466018537c77b8f56eb558724fd64772e610f31ba6ca49b7da49395ee65bc41c41877a165408ad7428ae23653d58fc6b7519aa9363606c3b4cf86da15e02f93b702ea11734a6aa42b58898720f0e5eb6c2b8f456be1faba22e76d325b0a5da4d97e5fffb27378542610244cfd87af777df1cc7a1425e7395185821b467a977e3344690f356bb433676d51f064e33d7d4fe39179e483f2105da6e34f5210d8c75d934cf1f9ad2c87b533a2724131a5a3a217166896847dda0f2199eaf205b5be8d1f26e093605857801e7d6374601d98eda149cc29847857a2d334d8f9e0a12eeba233de2238c350557949d95d0007b664c20d7177ec2deaf4584983fb2e7863379f9a28d2c82e876ab6dcc7a6c5c65e9fcead6d60c32160ae25f2e89787bd64d9c148f9d0bcb2fdacea8379dd58581966063cede6017b076e032b340ae17f75ebe13e205a36e2dc37db2a3523e8c4cdc8a39a438c79a159f955ea920ada7a334fdf734efe1524315e8202abf40e3bad9f584dea003eabb8871670dac42e9570752823a3005566b7dd8c7d2d6839cfbafe9ef8e542c7a1f86d7714a694fe7887e578da0ed1a86fda6a870d2140f6630e33b6cd3b8cb703ed4b691dac40257db6cdba08737f6d66464c1bd3a7fc1b0674189fed76d46df528e93771ed425382799f2da9d8b485dc41e51513e53bf4e28a26efaa9cb0ea016df9ff954ecc795436cb8c01f25613299421d32c00b9518aa3bde982d46dbb2bae366d795451bf6ed6c4da2c2e1cd9e78d00a4aad2edb922384e2f19272327b119fa00fe71e3c987c768ea1848e8f113b9c6e6d32496a089de04089feedbb6908327134bfb7dc6fc8834ca28d20b0708f8444fdc0e906e51a8945e112ebaa3b1a2d5f118f110b05000c616fab32b8a16ed426a4cc3b053f44cc20fd15ad907191a866467930d98cc86bce8b06b2fad6bcd50f7ff34977ae9e4b374bd46efcc6392c2d8ba692b9d9b3d8d93b680ae040b2afd70b51a34f09cfba89a341d9966a7b7ccce371922939939b881af23e189a05c963a27d5d180d0d25c31a78d5ba69539e7c96565f614bc3f1e73e0a44adc72b6a19b72d67f721df74ee2f49877d3ee39b6babd1e056e1017c2e4ca1635c612abccb3d1eeb56f575b770da656b394318a60357da3b28fe70dda820e3c60e777079343da5c71eb7feb8a755b903416db08121069ce520f04c07e9f3171b6093efa3904dbf1c144259c56e23788952d68b71e363874964dd32a6add58e2ea6da05d8c586bf64969c9b6060204e1b4a69185f16d9f57a530c8e02d012f2c90bce450f6b1998a7cd1659529562c3ce5d10665223b89090e11ae39c426c2bc5b14fdc114c483ae77674b3a95da7db6bf5abd93406e4b7948c9601123cb3d3573ff1e85444afba053f14e97d8b166f2ea83810ed3aae1bcd34a07b54a37407836cb8100c1f4eaa55c5922f0f6ebae6d5b4dcabd20be47b2fbfd28ebb257567405de1a3b548962ba390be328b7b05a9e832aeffce33ea1134138e8f78921e55bdb8fd5179f741bb898951a0dfd851ebf27615470062892a6d5c6214b778b68b2a35eabfddb3e102320ddb2c2aa01749f2de2b77568b3592cb12f1ae977831054627cba695bc809252db986215a83047b099c869b5e8aca4fbfd03032a11f4bedd2c860586bc49235f72e0fcde9cdef0ae2213f0c6441ad1751795a9a6052283844eeca4bb5ff4a197760ba4398d6557d5f0db6d3b32db5945ec7681151908da840d548fffd8d32fbcc3d152320f426173d8d1aa4e9abdd093820770a80881c969f5550d205d2df7837bd2fba29087d2f44995d43d87b5e1643f797af83ad6c5d726677c72ed5d87ba298f8d086e674efdbac95e6098ba2844dd3459ca966d33c27248685370a137393120b452830af410271c9bce004da11cc54d53880de29689b9918f60b78ff1218f2bd702d6c23e086929861b8995c169230f475a67418a965408d842939a20e9b098b92f61edac4e994071b9ed96cbcb414c661a368c0656281a319df38e63b3a3fbbbaa8fdaf8004aed07268d493e544fbef8d6d1b3ea614211c79103f326f5b7615b17c98dbbd65ada5e982ed73e0674b8a2420f0b93fea006a422c1e24fffd287e6f145671424fd25a396d9ce4d72c951e43245020b6d321dd105683365adb9eb5a161adc50168a6bb720e8fdbee8ae5f6f4e1ecc4d944425b72085c29d57e8f322c8a01632cb72ffab836794e214402a91b9cc31ce8eff931d930052bf6759b6b1d4d1058bdbfa832593018c7e7be9bc7567c68a8e50d84728ab1cbaa366bef44cc242e4b84b6655738b4532afa0f40de70c784e128bea0ceecea1a5396227559ac2500129bd4553c70c2ca4de347840014b3dc79b554bfaba690b9920451cf21c4e7c228e7c6b7f1a94271dfbc025c8a334511af53dfafacabb078f8b3c2f7bd9a8fe1ba6b88cc96842c696be39f76608d348dec3d3a201601b18c13a099ee6ce4a8256cc3db709bc9cdf66ee4cf2e5a208e6044430aaf2ac6feffd2dc063b620710145a03d7132d4251039b87d3353816f38ae50af032f2707258a8534e44288fca366924e6fa150ea0bdf1889de6a183bc18a9a302ff2ff74668751b5e5a25ca0fc2db5975099e1b850e0e6416eda6eca66aa7f813107b372c0f90fea5ed55f15ef998ed7f6bc74a050fe2ee2d029fc779908bbdeb2e2d850d8dcfcc93071164573b73bcd55487d8788d9fa16967120312f83c3abf5ada737bd53ee1f552c92944621e7b271d7c8cab6aca5f592707a2a2102ac481dfaefd224183f7afc0ccb8a069f135e6771064440d8e8ae4b76c630ea78a1fab1650bfbece7807ec2a0857ab0e51d6d1413cb5da1e48c7b5604f104d698acf447f8a7b02b432a8238be9021d3ee048f2da22939a91e516d7f6c9cf224fbb6f25f38c3e818473f7fee9e6b5aece484ab7951b745ee539109ed868497f84765324503c412dc4bcefb01c55b6da2e5af9755c399d942b3fa1b07c9e4a1b3079af7b531af49fbb68e902cc8e07996c6c0f9fce8289c607fe1ae49ce137dd23d2dc2fdaddd0a72fe5607e5f2f2ac8dcbd43ede5e664ff5cae13cf3d22", "2362b6072eb7dda483153dd5855f146bb6fce2f2b40a8b43bdfc7cbda84592ed472bff99a72d5856a0364e9df32bd1ed95e02ad91763504d3c92388d30933c8191b0d5b563fb7f98a4b0003e63916421435f75e887128a0bb2c08bed3ebb3324c4a5957de8cc6e6c229a97d72436d2765151873628ccece1713404aebe2f13cc92bff79e85d30b9345a70e959059b1ddba433bbb78b8a7ec67126d5e761b439b0b826ace96cd017186d3fe0bbd116eeb4752c4c01a0a389ba88c1d0b3ce4161e7264a9a023379d660746dd1384ae5e753451c2a8956cf83a433c1f3ae281917e765c42913ff5e16f5b4c5f0d2bac6e4647b8d645e97d8e98b7834720e3ec427280bf431cdd2dcc74780c6ef508327103cd996c5422b3c6ec089902e3c12cc9bb64c90c5e29e01a1c4262e9d2af073e2adac796c7e4ad3d3a45ce38ee656dbc5dab800e585f25f0201acf9a4af187ceb03e67045d8ddc881e390e181241768aa15b03ba4f5b03e8c9eca8125416831e52a0ecc3120a943639cb7bc19e79c747fd3ad23135334b0d70d920f5d0665f98050179370803cae19a1d295e7bf99f003cfd665a8b7b368720f4543c76b521299471ddc4a68370ec49383c344e1c0b7af9ba8bd14e3c1cbe6b43cc17070d5a23f666643fcc33bdc8827ddf3ca6e3a7fe19e459454ee616f06c31422605f09150d9c92df15d069dda1b7ffa25c856aa30e49a6c09138716424a8768a09cd6bd1a9d6cf61c7cb971580b1629890c402362eab348ec8649c26f2fd60a6591eb5a9835ca03988fe7f0e8183726fecb098c2a11070aa274978bdd239bc42d67182e4a79a09866f5bc5e829f33e90cbcf819faf213f46e32156a800c3476e39d7156e1409d3ef56e5ae746a6c56866bb9aa870667e9f856b4062ebd76f1a19b5c94bb4dcdd64ab499884984a0312ae2563a3e12ab5d72e9a038262854b1d68c10d5ec0439b724ee19e06413ae07f417b32e946ee3a075bad73f2dd0ee4cf135985ee81cb4b41c1fa1b28fd2f9f487ad6362126b5b65e03c59f3f510d298b75ccff9484b85d2015bd078e03587e9fa09c20332c5b5c34fb872b070e61ee7e06e3d9c59677365e2d231dbfb2ebd7a573dd81ecdb8c0216973fb456d75f51f43c0dbb9e99973c75f081f341fcb26bf54548137dd90e910c94d784c96044659633297877d372c9de4f8cf2252494a7e3e411545aa1cb38e4b4442288d3faaca2df14ee691dc88c7f4891e5db5788a5375aa5c93a11460aa99c1f4f75038808af3a15c2d9d34a2d15676a187e9d31a6a8087f2386a85f5decbc0b6f89a4b2199d5ca0ac32531f91b935bb778ca19b93642faa3797ff1b4755c1aae586cf2ee3f3d458fe503ce6dafe196542aa2ba98aa56e8d20ccecbc9e7c77f5452999d6509419e135cf26282fed67068f80da6e3787076e6b00d0811fb7ab91f48faff7adbb1556be4ac89e3921db7ff81751479d23cc22ef54bf510308ad693fdc2af6b8efac8137a4e342f141e2cafd7cd9543e8e9a20b4b9b87ef181c4d798e3ad2ef591fb35d96357a33b826a9b755ee4df3e8a5e8ad4a85b6dded3f2d6a23570acfd477fbace6ef80dc154606eb57a94ea2335af20385154d01078069153550a2d930bc845006170dc49a238840f388d3aaf077b44a2edeadb55d08afff5f6a139f5d40f21ae6dff49f8c4e17869f128d89c265955baa725671400eb4a26f798d5127702a00019d89c5a3cc41c912b2d94964aaf6e006eb6bb865f695ac72d819bc3a45b38d8d5a9c9204ac50f7ade739de9ffba7c8516f9db005d886b88f206268ca04914cc2c446cf46e99499736ca9077ee364840053802a595ce4e71d5263517b07c5111701f0a93c402c8923d0cca3e33c5e2a25d599aa0f406810a4e8a02e0b45a9ab43972159e073fcc669b3c2cce962e1c6805bfb3d7370a96a283c0d35e446d37506b2092cc0bf6109655204851702400a7aafbfa24589314c58cdae6de60436bbed1e9904601faf9d350087522d854dcc2d97001e9de7abc4d6f7cf2d0e231f3bb755fb4baa45c7c241a8b481cd9e5637c4f39382dad0803013decd47b7c3b48bfd86fb1e65c92d1257d803e0c6c1cccdb125fe245f65b139195b43644d15f7248d4b9e4d0edca82d8655e2743cc237fbe813506b6dd5534981f908c3a46a067afd9368b95351900f72a8e998abb4a81abcb488bc1b6197ed06664ad844b4735987deb1300bffa10f89d7eb0db853d9c1efd2dbe870aba48f12b135d5f5714fbb2c986898807fb9602e5bcc28ae722c69a85ba92cd4998335c1692e9e7e3eded6630a3f9d5b2b602aef3cb5df62a675c8b0fbc239a797435ecc14bd837fdf25ba48aecec3b062390919ee118747980f724774fda120bd892dd817ffd071e0d2d3f197cab84547af01b324fbb7d2e6d069c17e33d87ac7bffb195c688909b94b3d2745dfa8c8e1bbd7e9527100a2a9c739a14a97f2aedeee6262faa134ad5b11c2e4befa9857e7a6b4b1fd0643dbf16015f32af0fb45aecbf78799e54fb53edd1edbeca2dcb9756bf26c1f82cb3949b5a0ed5404a8c80803ff790ffa0118d5c4b9a8468a2c885d2aaaafdfbfbf733ba48a34e3872736a19c23e7a39425436bd1671c7c74d084c1a352664c8fd5c1ad49912aba587e611728488080b4862d4fbeff2dff2af006793306926a60ad81e2b2df29f33498ea30028d8d428e20e737c78cdab1a4fe89d410772f98c890bfce095b9fe258de142882ede1ca1c1cdcf133530978ceee151d83f2e19ad4d93363a7633fecd54e38eeb1d73dc06ad00ea66bd71bcaab0497dbc1254d2dd17f9b49c3b5dcd6e815320a2e14a587b05714d965b4483a5ef8024e6c2362ea5cdeb9eb174f69e4dd888003bc8dbc811a0466fb3d277bfe769b310d711da03c2ba2de1b7692126f6f8dad39b57fc139673a8eedd5b327e8727a71e52a5bd77ce0b0c2e59385dfa66ad99239964405f3340cc57a6021c5d3308603decf2279da27d0e78b67c97a7ce7d2b5d81b354b7f10343fc81847248373abcff116aae16a29604ac55a7bb3b6ab3651ae56497cdd42a551f53c4abdeb3340988b4f9c6568503684c109a76fa69a15aa3e633328656ebe020f8925e3f87ad94ddd88a139bde2ca9ef96aebbeb295a3779843455c10395318023a1a6d7f7a3069a9199103f39fdd86747f2cc2ddf4529beb3a9d39fab1415eb1041c54abaaa8877b034802c71f07ff145bad2945db7fb59b7c443b52cadebf9cbf08e734ad22d02f056fb2a848fcfb4754fe95bfd6e162f0f88a7a08c5256c1948ade7e208386f6911aec2323a09e4561776fdbfeb114960478d5688b19e1be4a87844ca3ec2c148fe58310c37100e3590535cc6ce7634dfd656bc5f19ed1fc49a33a62d49915811ca7744de4a598df578f5ab392c3bb3c3f08faaeb7b42361f7ef2b23dd323937c4906193c8cc5e1067f613e351269e234af273ff99da3a256282623d4872ee74d80c98fb83b306b5ba0a3e04c66ebe076160931fe44000a4df898ead9a2ac1cbaaee5bfbcbdbb35cae1641da20854607c2696e3921487055e0159ee77dc8e36bc526a25f28b711f680ca40ead79cec10a68f5022ee3ebf922776525e823f09d398e5ddf102bfe3266ffeef5cc72d60181f633201d8847a3671e60b940b46ecd241645b84b88507f3fdf2574c0074a329d7dc72682994ee34a0a6fa15cb7ed6fb583ba77b3576b792334126d2252cec67dc6aad95b10ae0b3b5d0c41c3620f83a5ed7682e801f7f89666ac9305aaf6db1d819ba0ac18c93753a890de1da3ae20de2fc80c9b9c4e27d9955ea92d17656d29c05f095d395240413845446ecb1638b15728f157ca752f0a2fa2930bb74d06f282dc48affc7af87392c52763e836ed072107736b5e9ed564c9ac4f9610044a72f41bb2f2621fa062159f4f40e2a0efb0189c0f33d899480f056100888d86bc99ff8adf84b09d70989df0ac8986b79c49bb92b2e4e972e5541e2627cb9bab88e08eda6e086334007c716d5e7ffcec7f1b230a26cfeb1ecc1293e14ebd935059f7b14030699ce711834c23c12f788ec545d5808e358a98634ef723a58cdc7d88dbf9cf0d32821708283c1b470a4532edcbed795312481be56029e2cc28b4c4f08c30578f481d6e1141344e9eab3e0a5ffcbc53ddeab5fd2f5ecaa650c93eed0e686b7640be29b822d051da28d7efd8be5b71f15b306d3787d0a4950c12d4ffe60f0813881b34ea49c94dc5cfdcad1f5ed179c7aa82f97a6071693e0e539fac0add86cbe2fead94ae54678bea12c9a38093891d484fc853162fd343d451aac4e59ed748859cd78aff7025294597a774d43d637f431ab51be9113c8e3d1365673db252fd90f6f4f3c0ddecf90fca77a86637c63e971bb3a90ee1d08f0f66c46d58a5b206ac4b46e07ccd7c72592b3bca0cac61e742cbdaac5f2e275ad14aee39892e4ae7af722183cadaa42d1bd97d69a71729d8ef3930c48df81721d7c9d046c4e40f0d96eb69eb72f3c0d333708771f916c1e8a317a88c9de076b91e95e57097ddb3e2d67739994729be7bf318b69ea28212e339a829a2db56e2befc7b96b65685065b4c6bee7862d4ecf6586e1258a5c3859afb8a033d70a075d0cb6ac3782cd06d2a63b35c30ce1912475ba1f1b08a3aa593678f3cd56e43a300a8f18826cd40f2826a719208945e6527b29f67e3863cb7d8a0501206951f22b834fcd4ae775719ac1f3f85bd8f8be663e2254a526e5eb9c658ff85ca688a8a2c8f1fdec21b5a438931092b640b24812fdfe217b41d7131b14a84e49eff823e7cfae6b1e863fc37316c03695b44ed1ec3d458027a7334c0fddc98e506e7d900cbe8a785064a35f187d1527d3130ff557591d4a65f61e7ee35dd720a260e06e51f80c6c0e179aa570242300eba1fea1447d88714bab67d5e4228610f9cd84e4d63f8df863f7a9c512025bbcf21cb077239b941ae8472340e597d8487c3d88cc7a91f1d3312e4d62b04e308e8147ea4ef047c09752364e9343b1519b07b8f98bf63008a9f0028e5b0e65191376fa5b02dcbd898da36824f324dc2d7b929d938e3613a879f5de28e404fe3e53a5bcfd2e4f294d20c237ff11eb42f18a9e62ef8c9e4c771c1552ff52a9cb50684341ec016644f58b35f55a4678bc8f95c4193ee7855717ab6fd42f4b9c74e221fd41f14bb7414a25b8625c77b7a4c211f527c816b5be749cf302cc63251f4c19cb5e4c4d20096505feb3e106488a394fb8c13118e64ec6631fef523ee9a71146276f37a893e4abc90dd8ddb81a9ce1cec5dd84744e582c6b0add8f1650db449f4ca777c6b694d66393d469465305956804d29e23959f39998736871319534d76ffac7a96ffb29a68f2c29a6bede2c8b958604e55dfd9a617a1cf128cc0ab24eb307954e04b28bb72931823bd8ea9e8b3412c6987f2a477f5f20cb889a8eb9a1401bfec63f3bdf5ce0352178194bc9f712bafc35b3b05d685a3903dd2b82777b4977ff31401596c9324b8fd598922bf1ebf277b1c0cf65d77f80904826d20d5b01e09ff9062ae4e95e3d2a0add6a275028a4f331dce070e940d2dd3f739aa9c1deaede52e55d81219c3d9ee69c8b418a8bf5406ef1611065127b3571999591cf0906a094316e56f41a4f7036d5391f65b351f931f78414fca504d9c50cfdad2778214af71b194d853133e299ef3196a950dca378485400c26c8363482c4682d697c14c8f67db2e99e90a5b56b70f073f0d6e01acb8e0c1ea87f"}) 57.071548ms ago: executing program 4 (id=2260): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in=@remote, 0x4e20, 0x0, 0x0, 0x0, 0x2, 0x20}, {}, {}, 0x1, 0xffffffff, 0x1}}, 0xb8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000080)=r4}, 0x20) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x20, 0x1, 0x70bd27, 0x0, {0xa, 0x20, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x4}, [@FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0xfe}}]}}}]}, 0x48}}, 0x0) 0s ago: executing program 3 (id=2261): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x40000000, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x98, 0x1114}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, 0x0, 0xac}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040805}, 0x20044090) kernel console output (not intermixed with test programs): hanges committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 241.973933][ T8870] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1015'. [ 242.550702][ T8883] support for the xor transformation has been removed. [ 242.559192][ T8883] input: syz1 as /devices/virtual/input/input17 [ 244.419371][ T30] audit: type=1400 audit(1749921083.871:366): avc: denied { ioctl } for pid=8896 comm="syz.3.1026" path="socket:[18277]" dev="sockfs" ino=18277 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 244.437916][ T8900] syzkaller0: entered promiscuous mode [ 244.449580][ T8900] syzkaller0: entered allmulticast mode [ 244.457347][ T8906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1026'. [ 244.501040][ T30] audit: type=1400 audit(1749921083.921:367): avc: denied { write } for pid=8896 comm="syz.3.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 244.518706][ T8913] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input18 [ 244.523325][ T30] audit: type=1400 audit(1749921083.971:368): avc: denied { ioctl } for pid=8896 comm="syz.3.1026" path="socket:[18291]" dev="sockfs" ino=18291 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 244.556657][ C1] vkms_vblank_simulate: vblank timer overrun [ 244.566197][ T30] audit: type=1400 audit(1749921083.981:369): avc: denied { shutdown } for pid=8896 comm="syz.3.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 244.585737][ C1] vkms_vblank_simulate: vblank timer overrun [ 244.596104][ T30] audit: type=1400 audit(1749921083.981:370): avc: denied { write } for pid=8915 comm="syz.1.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 245.033600][ T30] audit: type=1400 audit(1749921084.501:371): avc: denied { recv } for pid=8922 comm="syz.2.1034" saddr=10.128.0.169 src=30006 daddr=10.128.10.25 dest=39234 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 245.058890][ C1] vkms_vblank_simulate: vblank timer overrun [ 245.080266][ T30] audit: type=1400 audit(1749921084.541:372): avc: denied { read } for pid=8926 comm="syz.1.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 245.729299][ T8941] nbd2: detected capacity change from 0 to 63 [ 245.741352][ T8944] block nbd2: NBD_DISCONNECT [ 245.755809][ T8944] block nbd2: Disconnected due to user request. [ 245.776799][ T8944] block nbd2: shutting down sockets [ 245.783042][ T30] audit: type=1400 audit(1749921085.251:373): avc: denied { map } for pid=8937 comm="syz.2.1041" path="socket:[19120]" dev="sockfs" ino=19120 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 245.806838][ C1] vkms_vblank_simulate: vblank timer overrun [ 245.811963][ C0] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.822327][ C0] Buffer I/O error on dev nbd2, logical block 0, async page read [ 245.830170][ C0] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.839215][ C0] Buffer I/O error on dev nbd2, logical block 1, async page read [ 245.846978][ C0] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.856052][ C0] Buffer I/O error on dev nbd2, logical block 2, async page read [ 245.863839][ C0] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.872913][ C0] Buffer I/O error on dev nbd2, logical block 3, async page read [ 245.891350][ T6071] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.906499][ T6071] Buffer I/O error on dev nbd2, logical block 0, async page read [ 245.917357][ T6071] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.932368][ T6071] Buffer I/O error on dev nbd2, logical block 1, async page read [ 245.945056][ T6071] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.956942][ T6071] Buffer I/O error on dev nbd2, logical block 2, async page read [ 245.984875][ T6071] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.994807][ T6071] Buffer I/O error on dev nbd2, logical block 3, async page read [ 246.002789][ T6071] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 246.011946][ T6071] Buffer I/O error on dev nbd2, logical block 0, async page read [ 246.019895][ T6071] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 246.102885][ T6071] Buffer I/O error on dev nbd2, logical block 1, async page read [ 246.122022][ T6071] ldm_validate_partition_table(): Disk read failed. [ 246.134644][ T6071] Dev nbd2: unable to read RDB block 0 [ 246.143266][ T6071] nbd2: unable to read partition table [ 246.161333][ T6071] ldm_validate_partition_table(): Disk read failed. [ 246.170626][ T6071] Dev nbd2: unable to read RDB block 0 [ 246.181407][ T6071] nbd2: unable to read partition table [ 249.346726][ T8989] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1059'. [ 249.681935][ T30] audit: type=1400 audit(1749921089.151:374): avc: denied { listen } for pid=8996 comm="syz.1.1063" lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 249.769371][ T8995] support for the xor transformation has been removed. [ 249.777811][ T8995] input: syz1 as /devices/virtual/input/input19 [ 250.052583][ T9010] IPVS: persistence engine module ip_vs_pe_ not found [ 251.195009][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1080'. [ 251.317653][ T5140] Bluetooth: hci4: link tx timeout [ 251.325086][ T5140] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 251.834290][ T30] audit: type=1400 audit(1749921091.301:375): avc: denied { bind } for pid=9073 comm="syz.0.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 252.130054][ T5824] Bluetooth: hci4: link tx timeout [ 252.135304][ T5824] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 252.143464][ T5824] Bluetooth: hci4: link tx timeout [ 252.148738][ T5824] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 252.713691][ T9107] Cannot find del_set index 0 as target [ 252.828123][ T5824] Bluetooth: hci4: link tx timeout [ 252.833338][ T5824] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 253.398330][ T5824] Bluetooth: hci4: command 0x0405 tx timeout [ 254.544136][ T30] audit: type=1400 audit(1749921094.011:376): avc: denied { accept } for pid=9157 comm="syz.2.1122" lport=51782 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 255.699466][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 259.772082][ T30] audit: type=1400 audit(1749921099.241:377): avc: denied { bind } for pid=9274 comm="syz.3.1167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 260.129736][ T9298] support for the xor transformation has been removed. [ 260.140467][ T9298] input: syz1 as /devices/virtual/input/input20 [ 260.664119][ T9311] syz.1.1179: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 260.688704][ T9311] CPU: 1 UID: 0 PID: 9311 Comm: syz.1.1179 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 260.688736][ T9311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.688749][ T9311] Call Trace: [ 260.688755][ T9311] [ 260.688763][ T9311] dump_stack_lvl+0x16c/0x1f0 [ 260.688797][ T9311] warn_alloc+0x248/0x3a0 [ 260.688822][ T9311] ? __pfx_warn_alloc+0x10/0x10 [ 260.688844][ T9311] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 260.688870][ T9311] ? stack_depot_save_flags+0x3e0/0xa40 [ 260.688903][ T9311] ? kasan_save_stack+0x42/0x60 [ 260.688924][ T9311] ? kasan_save_stack+0x33/0x60 [ 260.688945][ T9311] ? kasan_save_track+0x14/0x30 [ 260.688967][ T9311] ? xskq_create+0x52/0x1d0 [ 260.688990][ T9311] ? xsk_setsockopt+0x640/0x840 [ 260.689011][ T9311] ? do_sock_setsockopt+0x224/0x470 [ 260.689031][ T9311] ? xskq_create+0xfb/0x1d0 [ 260.689055][ T9311] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 260.689084][ T9311] ? xskq_create+0xfb/0x1d0 [ 260.689114][ T9311] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 260.689143][ T9311] ? xskq_create+0xfb/0x1d0 [ 260.689166][ T9311] vmalloc_user_noprof+0x9e/0xe0 [ 260.689185][ T9311] ? xskq_create+0xfb/0x1d0 [ 260.689210][ T9311] xskq_create+0xfb/0x1d0 [ 260.689237][ T9311] xsk_setsockopt+0x640/0x840 [ 260.689259][ T9311] ? __pfx_xsk_setsockopt+0x10/0x10 [ 260.689279][ T9311] ? __lock_acquire+0x622/0x1c90 [ 260.689312][ T9311] ? selinux_socket_setsockopt+0x6a/0x80 [ 260.689337][ T9311] ? __pfx_xsk_setsockopt+0x10/0x10 [ 260.689358][ T9311] do_sock_setsockopt+0x224/0x470 [ 260.689376][ T9311] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 260.689418][ T9311] __sys_setsockopt+0x1a0/0x230 [ 260.689450][ T9311] __x64_sys_setsockopt+0xbd/0x160 [ 260.689474][ T9311] ? do_syscall_64+0x91/0x4c0 [ 260.689502][ T9311] ? lockdep_hardirqs_on+0x7c/0x110 [ 260.689529][ T9311] do_syscall_64+0xcd/0x4c0 [ 260.689561][ T9311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.689580][ T9311] RIP: 0033:0x7f514a18e929 [ 260.689595][ T9311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.689612][ T9311] RSP: 002b:00007f514afc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 260.689630][ T9311] RAX: ffffffffffffffda RBX: 00007f514a3b5fa0 RCX: 00007f514a18e929 [ 260.689642][ T9311] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 260.689652][ T9311] RBP: 00007f514a210b39 R08: 0000000000000004 R09: 0000000000000000 [ 260.689662][ T9311] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.689673][ T9311] R13: 0000000000000000 R14: 00007f514a3b5fa0 R15: 00007ffc0b474ff8 [ 260.689701][ T9311] [ 260.689726][ T9311] Mem-Info: [ 261.036086][ T9313] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 261.042882][ T9311] active_anon:14093 inactive_anon:0 isolated_anon:0 [ 261.042882][ T9311] active_file:20426 inactive_file:40871 isolated_file:0 [ 261.042882][ T9311] unevictable:768 dirty:133 writeback:25 [ 261.042882][ T9311] slab_reclaimable:7010 slab_unreclaimable:107175 [ 261.042882][ T9311] mapped:33174 shmem:4575 pagetables:1427 [ 261.042882][ T9311] sec_pagetables:0 bounce:0 [ 261.042882][ T9311] kernel_misc_reclaimable:0 [ 261.042882][ T9311] free:1273588 free_pcp:33182 free_cma:0 [ 261.128816][ T9311] Node 0 active_anon:57072kB inactive_anon:0kB active_file:81704kB inactive_file:163280kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121296kB dirty:528kB writeback:100kB shmem:17364kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12536kB pagetables:5592kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 261.256809][ T9311] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 261.345204][ T9311] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 261.407722][ T30] audit: type=1800 audit(1749921100.871:378): pid=9316 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1181" name="cgroup.controllers" dev="tmpfs" ino=1292 res=0 errno=0 [ 261.440207][ T9311] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 261.446151][ T9311] Node 0 DMA32 free:1179984kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:56740kB inactive_anon:0kB active_file:85800kB inactive_file:161960kB unevictable:1536kB writepending:560kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:108216kB local_pcp:75408kB free_cma:0kB [ 261.481540][ T9326] 8021q: VLANs not supported on ip_vti0 [ 261.485593][ T30] audit: type=1400 audit(1749921100.871:379): avc: denied { read write } for pid=9323 comm="syz.0.1185" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 261.522550][ T30] audit: type=1400 audit(1749921100.871:380): avc: denied { open } for pid=9323 comm="syz.0.1185" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 261.562779][ T9311] lowmem_reserve[]: 0 0 1 1 1 [ 261.573892][ T9311] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 261.605952][ T30] audit: type=1400 audit(1749921100.901:381): avc: denied { map } for pid=9323 comm="syz.0.1185" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 261.618139][ T9311] lowmem_reserve[]: 0 0 0 0 0 [ 261.672427][ T9311] Node 1 Normal free:3903080kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:16320kB local_pcp:6176kB free_cma:0kB [ 261.724928][ T9311] lowmem_reserve[]: 0 0 0 0 0 [ 261.739760][ T9311] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 261.773948][ T9311] Node 0 DMA32: 275*4kB (UM) 246*8kB (UME) 593*16kB (UME) 1058*32kB (UME) 503*64kB (UME) 153*128kB (UME) 67*256kB (UME) 8*512kB (UME) 14*1024kB (UME) 8*2048kB (M) 253*4096kB (UM) = 1186444kB [ 261.805276][ T9311] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 261.821723][ T9311] Node 1 Normal: 204*4kB (UME) 47*8kB (UME) 40*16kB (UME) 130*32kB (UME) 36*64kB (UME) 8*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3903080kB [ 261.968081][ T9311] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 261.977911][ T9311] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 261.988725][ T9311] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 261.999590][ T9311] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 262.009225][ T9311] 68372 total pagecache pages [ 262.014128][ T9311] 0 pages in swap cache [ 262.018477][ T9311] Free swap = 124996kB [ 262.023159][ T9311] Total swap = 124996kB [ 262.027581][ T9311] 2097051 pages RAM [ 262.031676][ T9311] 0 pages HighMem/MovableOnly [ 262.036351][ T9311] 429917 pages reserved [ 262.040619][ T9311] 0 pages cma reserved [ 263.098140][ T5140] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 263.728552][ T9371] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1201'. [ 263.737468][ T9371] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1201'. [ 263.759090][ T9371] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1201'. [ 264.599500][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1206'. [ 266.821077][ T9426] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 269.307475][ T5140] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 273.190864][ T30] audit: type=1400 audit(1749921112.651:382): avc: denied { ioctl } for pid=9510 comm="syz.2.1256" path="/dev/rtc0" dev="devtmpfs" ino=922 ioctlcmd=0x7008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 277.482589][ T30] audit: type=1400 audit(1749921116.951:383): avc: denied { read } for pid=9561 comm="syz.1.1271" name="video7" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 277.519832][ T30] audit: type=1400 audit(1749921116.951:384): avc: denied { open } for pid=9561 comm="syz.1.1271" path="/dev/video7" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 277.549251][ T30] audit: type=1400 audit(1749921116.951:385): avc: denied { ioctl } for pid=9561 comm="syz.1.1271" path="/dev/video7" dev="devtmpfs" ino=950 ioctlcmd=0x560b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 282.077770][ T9673] binder: 9671:9673 ioctl c0306201 200000000540 returned -14 [ 282.167078][ T9675] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1304'. [ 282.179638][ T9675] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9675 comm=syz.2.1304 [ 283.652748][ T9693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1300'. [ 284.250038][ T30] audit: type=1400 audit(2000000002.190:386): avc: denied { write } for pid=9696 comm="syz.4.1310" name="video7" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 284.949933][ T9721] warn_alloc: 1 callbacks suppressed [ 284.949951][ T9721] syz.2.1316: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 284.984383][ T9721] CPU: 1 UID: 0 PID: 9721 Comm: syz.2.1316 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 284.984415][ T9721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 284.984427][ T9721] Call Trace: [ 284.984434][ T9721] [ 284.984442][ T9721] dump_stack_lvl+0x16c/0x1f0 [ 284.984474][ T9721] warn_alloc+0x248/0x3a0 [ 284.984502][ T9721] ? __pfx_warn_alloc+0x10/0x10 [ 284.984525][ T9721] ? __pfx_stack_trace_save+0x10/0x10 [ 284.984549][ T9721] ? stack_depot_save_flags+0x28/0xa40 [ 284.984587][ T9721] ? kasan_save_stack+0x42/0x60 [ 284.984608][ T9721] ? kasan_save_stack+0x33/0x60 [ 284.984627][ T9721] ? kasan_save_track+0x14/0x30 [ 284.984648][ T9721] ? xskq_create+0x52/0x1d0 [ 284.984669][ T9721] ? xsk_setsockopt+0x640/0x840 [ 284.984689][ T9721] ? do_sock_setsockopt+0x224/0x470 [ 284.984709][ T9721] ? xskq_create+0xfb/0x1d0 [ 284.984733][ T9721] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 284.984763][ T9721] ? xskq_create+0xfb/0x1d0 [ 284.984793][ T9721] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 284.984822][ T9721] ? xskq_create+0xfb/0x1d0 [ 284.984847][ T9721] vmalloc_user_noprof+0x9e/0xe0 [ 284.984867][ T9721] ? xskq_create+0xfb/0x1d0 [ 284.984891][ T9721] xskq_create+0xfb/0x1d0 [ 284.984917][ T9721] xsk_setsockopt+0x640/0x840 [ 284.984941][ T9721] ? __pfx_xsk_setsockopt+0x10/0x10 [ 284.984961][ T9721] ? __lock_acquire+0x622/0x1c90 [ 284.984996][ T9721] ? selinux_socket_setsockopt+0x6a/0x80 [ 284.985022][ T9721] ? __pfx_xsk_setsockopt+0x10/0x10 [ 284.985045][ T9721] do_sock_setsockopt+0x224/0x470 [ 284.985064][ T9721] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 284.985099][ T9721] __sys_setsockopt+0x1a0/0x230 [ 284.985129][ T9721] __x64_sys_setsockopt+0xbd/0x160 [ 284.985154][ T9721] ? do_syscall_64+0x91/0x4c0 [ 284.985181][ T9721] ? lockdep_hardirqs_on+0x7c/0x110 [ 284.985207][ T9721] do_syscall_64+0xcd/0x4c0 [ 284.985237][ T9721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.985255][ T9721] RIP: 0033:0x7f7b0ed8e929 [ 284.985271][ T9721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.985289][ T9721] RSP: 002b:00007f7b0fbb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 284.985307][ T9721] RAX: ffffffffffffffda RBX: 00007f7b0efb6160 RCX: 00007f7b0ed8e929 [ 284.985319][ T9721] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 284.985329][ T9721] RBP: 00007f7b0ee10b39 R08: 0000000000000004 R09: 0000000000000000 [ 284.985341][ T9721] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.985352][ T9721] R13: 0000000000000000 R14: 00007f7b0efb6160 R15: 00007ffd985445a8 [ 284.985377][ T9721] [ 284.985384][ T9721] Mem-Info: [ 285.076046][ T9725] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1315'. [ 285.127678][ T9711] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9711 comm=syz.1.1315 [ 285.205252][ T9721] active_anon:11078 inactive_anon:0 isolated_anon:0 [ 285.205252][ T9721] active_file:20426 inactive_file:40882 isolated_file:0 [ 285.205252][ T9721] unevictable:768 dirty:275 writeback:0 [ 285.205252][ T9721] slab_reclaimable:7173 slab_unreclaimable:107626 [ 285.205252][ T9721] mapped:30238 shmem:1351 pagetables:1546 [ 285.205252][ T9721] sec_pagetables:0 bounce:0 [ 285.205252][ T9721] kernel_misc_reclaimable:0 [ 285.205252][ T9721] free:1284728 free_pcp:24065 free_cma:0 [ 285.675881][ T9721] Node 0 active_anon:67588kB inactive_anon:0kB active_file:81704kB inactive_file:163324kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:148148kB dirty:1136kB writeback:0kB shmem:26720kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12992kB pagetables:6116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 285.777898][ T9721] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 285.882074][ T9721] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 285.967033][ T9721] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 285.984614][ T9721] Node 0 DMA32 free:1220936kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:67672kB inactive_anon:0kB active_file:81704kB inactive_file:162000kB unevictable:1536kB writepending:1132kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:56160kB local_pcp:30920kB free_cma:0kB [ 286.148254][ T9721] lowmem_reserve[]: 0 0 1 1 1 [ 286.245536][ T9721] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 286.292963][ T9721] lowmem_reserve[]: 0 0 0 0 0 [ 286.297715][ T9721] Node 1 Normal free:3903592kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15812kB local_pcp:10148kB free_cma:0kB [ 286.336155][ T9713] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 286.345062][ T9721] lowmem_reserve[]: 0 0 0 0 0 [ 286.380660][ T9721] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 286.472835][ T9721] Node 0 DMA32: 1104*4kB (UM) 1327*8kB (UME) 785*16kB (UME) 838*32kB (UME) 511*64kB (UME) 175*128kB (UME) 119*256kB (UME) 46*512kB (UME) 17*1024kB (UME) 7*2048kB (M) 250*4096kB (UM) = 1219272kB [ 286.541318][ T9721] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 286.611777][ T9721] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 146*32kB (UME) 38*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3903852kB [ 286.641089][ T9721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 286.651087][ T9721] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 286.660596][ T9721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 286.670406][ T9721] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 286.680074][ T9721] 68404 total pagecache pages [ 286.684758][ T9721] 0 pages in swap cache [ 286.689260][ T9721] Free swap = 124996kB [ 286.693414][ T9721] Total swap = 124996kB [ 286.697571][ T9721] 2097051 pages RAM [ 286.739513][ T9721] 0 pages HighMem/MovableOnly [ 286.744231][ T9721] 429917 pages reserved [ 286.788207][ T9721] 0 pages cma reserved [ 288.114351][ T9786] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1334'. [ 288.179620][ T9786] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9786 comm=syz.4.1334 [ 291.301229][ T9819] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 296.259625][ T30] audit: type=1400 audit(2000000014.180:387): avc: denied { egress } for pid=9908 comm="syz.2.1368" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 296.287775][ T30] audit: type=1400 audit(2000000014.180:388): avc: denied { sendto } for pid=9908 comm="syz.2.1368" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 296.861085][ T9920] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1374'. [ 296.878048][ T30] audit: type=1400 audit(2000000014.810:389): avc: denied { wake_alarm } for pid=9917 comm="syz.3.1375" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 296.947284][ T9924] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9924 comm=syz.0.1374 [ 297.630157][ T9935] 8021q: VLANs not supported on ip_vti0 [ 299.627632][ T9977] 8021q: VLANs not supported on ip_vti0 [ 299.721136][ T9977] vlan2: entered promiscuous mode [ 299.748140][ T9977] veth1: entered promiscuous mode [ 301.011128][ T30] audit: type=1400 audit(2000000018.960:390): avc: denied { read write } for pid=10005 comm="syz.4.1409" name="raw-gadget" dev="devtmpfs" ino=821 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 301.340099][ T30] audit: type=1400 audit(2000000018.960:391): avc: denied { open } for pid=10005 comm="syz.4.1409" path="/dev/raw-gadget" dev="devtmpfs" ino=821 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 301.411566][ T30] audit: type=1400 audit(2000000018.990:392): avc: denied { ioctl } for pid=10005 comm="syz.4.1409" path="/dev/raw-gadget" dev="devtmpfs" ino=821 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 301.469478][ T5886] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 301.758103][ T5886] usb 5-1: Using ep0 maxpacket: 32 [ 301.764788][ T5886] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 301.788236][ T5886] usb 5-1: config 0 has no interface number 0 [ 301.832457][ T5886] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 301.853174][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.883466][ T5886] usb 5-1: Product: syz [ 301.887646][ T5886] usb 5-1: Manufacturer: syz [ 301.919493][ T5886] usb 5-1: SerialNumber: syz [ 301.942341][ T5886] usb 5-1: config 0 descriptor?? [ 301.999729][ T5886] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 302.035360][ T5886] usb 5-1: selecting invalid altsetting 1 [ 302.049817][ T5886] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 302.089424][ T5886] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 302.112314][ T5886] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 302.131558][ T5886] usb 5-1: media controller created [ 302.172774][ T30] audit: type=1400 audit(2000000020.130:393): avc: denied { append } for pid=10005 comm="syz.4.1409" name="i2c-1" dev="devtmpfs" ino=2937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 303.068733][ T30] audit: type=1400 audit(2000000020.240:394): avc: denied { mount } for pid=10049 comm="syz.0.1424" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 303.258268][T10008] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 303.481217][ T30] audit: type=1400 audit(2000000020.250:395): avc: denied { mounton } for pid=10049 comm="syz.0.1424" path="/271/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 303.490557][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 303.504213][ T30] audit: type=1400 audit(2000000020.270:396): avc: denied { mount } for pid=10049 comm="syz.0.1424" name="/" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 303.999151][ T5886] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 304.002158][ T30] audit: type=1400 audit(2000000021.950:397): avc: denied { unmount } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 304.064222][ T5886] zl10353_read_register: readreg error (reg=127, ret==-71) [ 304.093156][ T5886] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 304.157659][T10066] netlink: 'syz.0.1428': attribute type 1 has an invalid length. [ 304.298367][ T5886] usb 5-1: USB disconnect, device number 8 [ 305.926419][T10123] support for the xor transformation has been removed. [ 305.959585][T10123] input: syz1 as /devices/virtual/input/input21 [ 308.755925][T10183] netlink: 'syz.0.1471': attribute type 1 has an invalid length. [ 309.800807][T10216] nbd1: detected capacity change from 0 to 63 [ 309.817593][T10219] block nbd1: NBD_DISCONNECT [ 309.848257][T10219] block nbd1: Disconnected due to user request. [ 309.854521][T10219] block nbd1: shutting down sockets [ 310.199042][ C1] blk_print_req_error: 138 callbacks suppressed [ 310.199060][ C1] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.214399][ C1] buffer_io_error: 138 callbacks suppressed [ 310.214408][ C1] Buffer I/O error on dev nbd1, logical block 0, async page read [ 310.228051][ C1] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.237047][ C1] Buffer I/O error on dev nbd1, logical block 1, async page read [ 310.244833][ C1] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.253896][ C1] Buffer I/O error on dev nbd1, logical block 2, async page read [ 310.261680][ C1] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.270718][ C1] Buffer I/O error on dev nbd1, logical block 3, async page read [ 310.283952][ T6071] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.306727][ T6071] Buffer I/O error on dev nbd1, logical block 0, async page read [ 310.334931][ T6071] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.382010][ T6071] Buffer I/O error on dev nbd1, logical block 1, async page read [ 310.396016][ T6071] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.411685][ T6071] Buffer I/O error on dev nbd1, logical block 2, async page read [ 310.422383][ T6071] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.466032][ T6071] Buffer I/O error on dev nbd1, logical block 3, async page read [ 310.492136][ T6071] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.513433][ T6071] Buffer I/O error on dev nbd1, logical block 0, async page read [ 310.554641][ T6071] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.616916][ T6071] Buffer I/O error on dev nbd1, logical block 1, async page read [ 310.668132][ T6071] ldm_validate_partition_table(): Disk read failed. [ 310.676272][ T6071] Dev nbd1: unable to read RDB block 0 [ 310.735618][ T6071] nbd1: unable to read partition table [ 310.793470][ T6071] ldm_validate_partition_table(): Disk read failed. [ 310.801779][ T6071] Dev nbd1: unable to read RDB block 0 [ 310.810007][ T6071] nbd1: unable to read partition table [ 312.754121][T10296] netlink: 'syz.3.1520': attribute type 1 has an invalid length. [ 312.798262][ T30] audit: type=1400 audit(2000000030.730:398): avc: denied { bind } for pid=10287 comm="syz.0.1517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 313.974151][T10318] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1527'. [ 314.963688][T10338] netlink: 'syz.3.1534': attribute type 1 has an invalid length. [ 316.715225][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.046699][T10377] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1551'. [ 319.202551][T10379] support for the xor transformation has been removed. [ 319.210933][T10379] input: syz1 as /devices/virtual/input/input22 [ 320.532706][T10399] syzkaller1: entered promiscuous mode [ 320.540618][T10399] syzkaller1: entered allmulticast mode [ 320.700524][ T30] audit: type=1326 audit(2000000038.660:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10410 comm="syz.4.1562" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5eff58e929 code=0x0 [ 320.956483][T10422] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1567'. [ 321.025240][T10422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10422 comm=syz.3.1567 [ 321.099950][T10427] warn_alloc: 1 callbacks suppressed [ 321.099966][T10427] syz.0.1568: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 321.123247][T10427] CPU: 1 UID: 0 PID: 10427 Comm: syz.0.1568 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 321.123275][T10427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 321.123286][T10427] Call Trace: [ 321.123292][T10427] [ 321.123299][T10427] dump_stack_lvl+0x16c/0x1f0 [ 321.123330][T10427] warn_alloc+0x248/0x3a0 [ 321.123357][T10427] ? __pfx_warn_alloc+0x10/0x10 [ 321.123378][T10427] ? __pfx_stack_trace_save+0x10/0x10 [ 321.123404][T10427] ? stack_depot_save_flags+0x28/0xa40 [ 321.123438][T10427] ? kasan_save_stack+0x42/0x60 [ 321.123459][T10427] ? kasan_save_stack+0x33/0x60 [ 321.123480][T10427] ? kasan_save_track+0x14/0x30 [ 321.123502][T10427] ? xskq_create+0x52/0x1d0 [ 321.123524][T10427] ? xsk_setsockopt+0x640/0x840 [ 321.123544][T10427] ? do_sock_setsockopt+0x224/0x470 [ 321.123565][T10427] ? xskq_create+0xfb/0x1d0 [ 321.123590][T10427] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 321.123622][T10427] ? xskq_create+0xfb/0x1d0 [ 321.123653][T10427] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 321.123684][T10427] ? xskq_create+0xfb/0x1d0 [ 321.123708][T10427] vmalloc_user_noprof+0x9e/0xe0 [ 321.123727][T10427] ? xskq_create+0xfb/0x1d0 [ 321.123752][T10427] xskq_create+0xfb/0x1d0 [ 321.123778][T10427] xsk_setsockopt+0x640/0x840 [ 321.123803][T10427] ? __pfx_xsk_setsockopt+0x10/0x10 [ 321.123823][T10427] ? __lock_acquire+0x622/0x1c90 [ 321.123859][T10427] ? selinux_socket_setsockopt+0x6a/0x80 [ 321.123885][T10427] ? __pfx_xsk_setsockopt+0x10/0x10 [ 321.123908][T10427] do_sock_setsockopt+0x224/0x470 [ 321.123926][T10427] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 321.123965][T10427] __sys_setsockopt+0x1a0/0x230 [ 321.123997][T10427] __x64_sys_setsockopt+0xbd/0x160 [ 321.124021][T10427] ? do_syscall_64+0x91/0x4c0 [ 321.124048][T10427] ? lockdep_hardirqs_on+0x7c/0x110 [ 321.124074][T10427] do_syscall_64+0xcd/0x4c0 [ 321.124104][T10427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.124122][T10427] RIP: 0033:0x7fcb5238e929 [ 321.124138][T10427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.124155][T10427] RSP: 002b:00007fcb5327f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 321.124177][T10427] RAX: ffffffffffffffda RBX: 00007fcb525b5fa0 RCX: 00007fcb5238e929 [ 321.124190][T10427] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 321.124201][T10427] RBP: 00007fcb52410b39 R08: 0000000000000004 R09: 0000000000000000 [ 321.124218][T10427] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 321.124229][T10427] R13: 0000000000000000 R14: 00007fcb525b5fa0 R15: 00007ffe0a32f068 [ 321.124258][T10427] [ 321.124366][T10427] Mem-Info: [ 321.399606][T10427] active_anon:11096 inactive_anon:0 isolated_anon:0 [ 321.399606][T10427] active_file:20426 inactive_file:40905 isolated_file:0 [ 321.399606][T10427] unevictable:768 dirty:159 writeback:0 [ 321.399606][T10427] slab_reclaimable:6978 slab_unreclaimable:107941 [ 321.399606][T10427] mapped:30296 shmem:1363 pagetables:1554 [ 321.399606][T10427] sec_pagetables:0 bounce:0 [ 321.399606][T10427] kernel_misc_reclaimable:0 [ 321.399606][T10427] free:1283930 free_pcp:24298 free_cma:0 [ 321.454661][T10427] Node 0 active_anon:44344kB inactive_anon:0kB active_file:81704kB inactive_file:163412kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121156kB dirty:636kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12660kB pagetables:6008kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 321.536868][T10427] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 321.574208][T10444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1574'. [ 321.609473][T10444] vlan2: entered allmulticast mode [ 321.622067][T10444] dummy0: entered allmulticast mode [ 321.688493][T10427] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 321.737134][T10427] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 321.743227][T10427] Node 0 DMA32 free:1202144kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:55828kB inactive_anon:0kB active_file:81704kB inactive_file:162088kB unevictable:1536kB writepending:636kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:85252kB local_pcp:27740kB free_cma:0kB [ 321.778171][T10427] lowmem_reserve[]: 0 0 1 1 1 [ 322.262339][T10427] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 322.342400][T10427] lowmem_reserve[]: 0 0 0 0 0 [ 322.458256][T10427] Node 1 Normal free:3904876kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14528kB local_pcp:4896kB free_cma:0kB [ 322.812475][ T5887] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 322.856036][T10431] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 322.896556][T10427] lowmem_reserve[]: 0 0 0 0 0 [ 322.911578][T10427] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 322.941002][T10427] Node 0 DMA32: 648*4kB (UME) 467*8kB (UME) 208*16kB (UME) 641*32kB (UME) 494*64kB (UME) 155*128kB (UME) 100*256kB (UME) 59*512kB (UME) 28*1024kB (UME) 9*2048kB (M) 250*4096kB (UM) = 1208536kB [ 322.976634][T10427] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 322.989305][ T5887] usb 2-1: Using ep0 maxpacket: 32 [ 322.998094][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 323.013763][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.025508][T10427] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 164*32kB (UME) 49*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3905132kB [ 323.050687][ T5887] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 323.060642][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.071434][T10427] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 323.084034][ T5887] usb 2-1: config 0 descriptor?? [ 323.097334][T10427] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 323.112454][T10427] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 323.191730][T10427] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 323.201314][T10465] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1581'. [ 323.224039][T10427] 72170 total pagecache pages [ 323.238259][T10427] 0 pages in swap cache [ 323.270413][T10469] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10469 comm=syz.4.1581 [ 323.283508][T10427] Free swap = 124996kB [ 323.287680][T10427] Total swap = 124996kB [ 323.323621][T10427] 2097051 pages RAM [ 323.333013][T10427] 0 pages HighMem/MovableOnly [ 323.359542][T10427] 429917 pages reserved [ 323.370903][T10427] 0 pages cma reserved [ 323.591246][ T5887] ft260 0003:0403:6030.0008: unknown main item tag 0x0 [ 323.924578][ T5887] ft260 0003:0403:6030.0008: chip code: 0000 0000 [ 324.090760][ T5887] ft260 0003:0403:6030.0008: failed to retrieve system status [ 324.116730][ T5887] ft260 0003:0403:6030.0008: probe with driver ft260 failed with error -71 [ 324.742375][ T5887] usb 2-1: USB disconnect, device number 7 [ 325.248713][ T30] audit: type=1400 audit(2000000043.180:400): avc: denied { setattr } for pid=10490 comm="syz.0.1591" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 325.481292][T10507] syz.3.1595: attempt to access beyond end of device [ 325.481292][T10507] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 325.516845][T10507] SQUASHFS error: Failed to read block 0x0: -5 [ 325.523810][T10507] unable to read squashfs_super_block [ 325.731519][ T30] audit: type=1400 audit(2000000043.690:401): avc: denied { read write } for pid=10508 comm="syz.1.1599" name="sg0" dev="devtmpfs" ino=751 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 325.845783][ T30] audit: type=1400 audit(2000000043.690:402): avc: denied { open } for pid=10508 comm="syz.1.1599" path="/dev/sg0" dev="devtmpfs" ino=751 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 327.342117][ T5824] Bluetooth: hci1: command 0x0406 tx timeout [ 328.528080][ T5866] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 328.712971][ T5866] usb 5-1: config 12 has an invalid interface number: 227 but max is 0 [ 328.736240][ T5866] usb 5-1: config 12 has no interface number 0 [ 328.774935][ T5866] usb 5-1: config 12 interface 227 has no altsetting 0 [ 328.814556][ T5866] usb 5-1: New USB device found, idVendor=0582, idProduct=0048, bcdDevice=61.19 [ 328.945017][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.953571][ T5866] usb 5-1: Product: syz [ 328.958106][ T5866] usb 5-1: Manufacturer: syz [ 328.963124][ T5866] usb 5-1: SerialNumber: syz [ 329.205138][ T5866] usb 5-1: USB disconnect, device number 9 [ 329.498424][ T5140] Bluetooth: hci3: command 0x0406 tx timeout [ 330.848913][T10579] nbd4: detected capacity change from 0 to 63 [ 330.855184][T10583] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1613'. [ 331.000398][T10584] block nbd4: NBD_DISCONNECT [ 331.018110][T10584] block nbd4: Disconnected due to user request. [ 331.028051][T10584] block nbd4: shutting down sockets [ 331.088752][ C1] blk_print_req_error: 138 callbacks suppressed [ 331.088764][ C1] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.104054][ C1] buffer_io_error: 138 callbacks suppressed [ 331.104062][ C1] Buffer I/O error on dev nbd4, logical block 0, async page read [ 331.117663][ C1] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.126698][ C1] Buffer I/O error on dev nbd4, logical block 1, async page read [ 331.134516][ C1] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.143572][ C1] Buffer I/O error on dev nbd4, logical block 2, async page read [ 331.151316][ C1] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.160346][ C1] Buffer I/O error on dev nbd4, logical block 3, async page read [ 331.178712][ T6071] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.188296][ T6071] Buffer I/O error on dev nbd4, logical block 0, async page read [ 331.201469][ T6071] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.211050][ T6071] Buffer I/O error on dev nbd4, logical block 1, async page read [ 331.219287][ T6071] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.247919][ T6071] Buffer I/O error on dev nbd4, logical block 2, async page read [ 331.265225][ T6071] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.284797][ T6071] Buffer I/O error on dev nbd4, logical block 3, async page read [ 331.318965][ T6071] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.346958][ T6071] Buffer I/O error on dev nbd4, logical block 0, async page read [ 331.373348][ T6071] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 331.411700][ T6071] Buffer I/O error on dev nbd4, logical block 1, async page read [ 331.449339][ T6071] ldm_validate_partition_table(): Disk read failed. [ 331.473210][ T6071] Dev nbd4: unable to read RDB block 0 [ 331.504784][ T6071] nbd4: unable to read partition table [ 331.558585][ T6071] ldm_validate_partition_table(): Disk read failed. [ 331.595581][ T6071] Dev nbd4: unable to read RDB block 0 [ 331.619071][ T6071] nbd4: unable to read partition table [ 331.938983][ T30] audit: type=1400 audit(2000000049.900:403): avc: denied { ioctl } for pid=10603 comm="syz.2.1634" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 338.692489][T10726] netlink: 'syz.3.1678': attribute type 1 has an invalid length. [ 340.050487][T10757] netlink: 'syz.4.1691': attribute type 1 has an invalid length. [ 340.210552][T10765] process 'syz.4.1694' launched './file0' with NULL argv: empty string added [ 340.364991][ T30] audit: type=1400 audit(2000000058.200:404): avc: denied { execute_no_trans } for pid=10761 comm="syz.4.1694" path="/360/file0" dev="tmpfs" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 340.388622][ C0] vkms_vblank_simulate: vblank timer overrun [ 341.149319][T10790] netlink: 'syz.2.1704': attribute type 1 has an invalid length. [ 341.650693][T10797] syz.2.1706: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 341.679221][T10797] CPU: 1 UID: 0 PID: 10797 Comm: syz.2.1706 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 341.679252][T10797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 341.679265][T10797] Call Trace: [ 341.679272][T10797] [ 341.679279][T10797] dump_stack_lvl+0x16c/0x1f0 [ 341.679314][T10797] warn_alloc+0x248/0x3a0 [ 341.679341][T10797] ? __pfx_warn_alloc+0x10/0x10 [ 341.679363][T10797] ? __pfx_stack_trace_save+0x10/0x10 [ 341.679389][T10797] ? stack_depot_save_flags+0x28/0xa40 [ 341.679421][T10797] ? kasan_save_stack+0x42/0x60 [ 341.679444][T10797] ? kasan_save_stack+0x33/0x60 [ 341.679465][T10797] ? kasan_save_track+0x14/0x30 [ 341.679486][T10797] ? xskq_create+0x52/0x1d0 [ 341.679508][T10797] ? xsk_setsockopt+0x640/0x840 [ 341.679528][T10797] ? do_sock_setsockopt+0x224/0x470 [ 341.679548][T10797] ? xskq_create+0xfb/0x1d0 [ 341.679573][T10797] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 341.679603][T10797] ? xskq_create+0xfb/0x1d0 [ 341.679632][T10797] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 341.679661][T10797] ? xskq_create+0xfb/0x1d0 [ 341.679684][T10797] vmalloc_user_noprof+0x9e/0xe0 [ 341.679703][T10797] ? xskq_create+0xfb/0x1d0 [ 341.679727][T10797] xskq_create+0xfb/0x1d0 [ 341.679752][T10797] xsk_setsockopt+0x640/0x840 [ 341.679777][T10797] ? __pfx_xsk_setsockopt+0x10/0x10 [ 341.679798][T10797] ? __lock_acquire+0x622/0x1c90 [ 341.679832][T10797] ? selinux_socket_setsockopt+0x6a/0x80 [ 341.679858][T10797] ? __pfx_xsk_setsockopt+0x10/0x10 [ 341.679879][T10797] do_sock_setsockopt+0x224/0x470 [ 341.679897][T10797] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 341.679932][T10797] __sys_setsockopt+0x1a0/0x230 [ 341.679962][T10797] __x64_sys_setsockopt+0xbd/0x160 [ 341.679985][T10797] ? do_syscall_64+0x91/0x4c0 [ 341.680012][T10797] ? lockdep_hardirqs_on+0x7c/0x110 [ 341.680037][T10797] do_syscall_64+0xcd/0x4c0 [ 341.680066][T10797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.680085][T10797] RIP: 0033:0x7f7b0ed8e929 [ 341.680099][T10797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.680117][T10797] RSP: 002b:00007f7b0fbf8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 341.680135][T10797] RAX: ffffffffffffffda RBX: 00007f7b0efb5fa0 RCX: 00007f7b0ed8e929 [ 341.680147][T10797] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 341.680158][T10797] RBP: 00007f7b0ee10b39 R08: 0000000000000004 R09: 0000000000000000 [ 341.680169][T10797] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.680180][T10797] R13: 0000000000000000 R14: 00007f7b0efb5fa0 R15: 00007ffd985445a8 [ 341.680213][T10797] [ 341.680220][T10797] Mem-Info: [ 341.956479][T10787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1703'. [ 341.988286][T10797] active_anon:19909 inactive_anon:0 isolated_anon:0 [ 341.988286][T10797] active_file:20426 inactive_file:40912 isolated_file:0 [ 341.988286][T10797] unevictable:768 dirty:224 writeback:0 [ 341.988286][T10797] slab_reclaimable:7249 slab_unreclaimable:108092 [ 341.988286][T10797] mapped:38972 shmem:9962 pagetables:1598 [ 341.988286][T10797] sec_pagetables:0 bounce:0 [ 341.988286][T10797] kernel_misc_reclaimable:0 [ 341.988286][T10797] free:1278130 free_pcp:20713 free_cma:0 [ 342.108072][T10797] Node 0 active_anon:79664kB inactive_anon:0kB active_file:81704kB inactive_file:163444kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:155912kB dirty:896kB writeback:0kB shmem:38336kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12944kB pagetables:6280kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 342.217034][T10797] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 342.288358][T10797] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 342.317192][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.329287][T10797] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 342.335171][T10797] Node 0 DMA32 free:1202460kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:68052kB inactive_anon:0kB active_file:81704kB inactive_file:162120kB unevictable:1536kB writepending:896kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:70920kB local_pcp:30080kB free_cma:0kB [ 342.367483][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.375968][T10797] lowmem_reserve[]: 0 0 1 1 1 [ 342.388368][T10797] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 342.417520][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.454676][T10801] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 342.465780][T10797] lowmem_reserve[]: 0 0 0 0 0 [ 342.472217][T10797] Node 1 Normal free:3905388kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14016kB local_pcp:9376kB free_cma:0kB [ 342.503414][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.530424][T10797] lowmem_reserve[]: 0 0 0 0 0 [ 342.535361][T10797] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 342.560990][T10797] Node 0 DMA32: 1176*4kB (UME) 1140*8kB (UME) 1119*16kB (UME) 520*32kB (UME) 589*64kB (UME) 193*128kB (UME) 92*256kB (UME) 44*512kB (UME) 21*1024kB (UME) 6*2048kB (UM) 248*4096kB (UM) = 1206448kB [ 342.584498][T10797] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 342.626282][T10797] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 166*32kB (UME) 52*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3905388kB [ 342.655013][T10797] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 342.667730][T10797] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 342.677539][T10797] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 342.689638][T10807] block nbd4: NBD_DISCONNECT [ 342.689885][T10797] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 342.705894][T10797] 65567 total pagecache pages [ 342.712901][T10797] 0 pages in swap cache [ 342.717248][T10797] Free swap = 124996kB [ 342.737474][T10797] Total swap = 124996kB [ 342.747144][T10797] 2097051 pages RAM [ 342.761980][T10797] 0 pages HighMem/MovableOnly [ 342.767261][T10797] 429917 pages reserved [ 342.772843][T10797] 0 pages cma reserved [ 342.778201][T10812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1711'. [ 342.973540][T10817] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1714'. [ 343.927427][ T30] audit: type=1400 audit(2000000317.884:405): avc: denied { read write } for pid=10822 comm="syz.3.1715" dev="9p" ino=65538 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 343.966501][ T30] audit: type=1400 audit(2000000317.884:406): avc: denied { open } for pid=10822 comm="syz.3.1715" path="/364/file0" dev="9p" ino=65538 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 343.992430][T10823] netfs: Couldn't get user pages (rc=-14) [ 344.030482][ T30] audit: type=1400 audit(2000000317.914:407): avc: denied { map } for pid=10822 comm="syz.3.1715" path="/364/file0" dev="9p" ino=65538 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 344.088158][ T30] audit: type=1400 audit(2000000318.044:408): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 344.876684][ T30] audit: type=1400 audit(2000000318.834:409): avc: denied { create } for pid=10861 comm="syz.3.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 345.146041][T10842] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 346.518123][ T3849] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 346.948180][ T3849] usb 2-1: Using ep0 maxpacket: 16 [ 347.032330][ T3849] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 347.172936][ T3849] usb 2-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 347.445348][ T3849] usb 2-1: config 0 has no interface number 0 [ 347.538641][ T3849] usb 2-1: too many endpoints for config 0 interface 105 altsetting 50: 211, using maximum allowed: 30 [ 347.657257][ T3849] usb 2-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 211 [ 347.746194][ T3849] usb 2-1: config 0 interface 105 has no altsetting 0 [ 347.821336][ T3849] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 347.862797][ T3849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.900681][ T3849] usb 2-1: Product: syz [ 347.912896][ T3849] usb 2-1: Manufacturer: syz [ 347.932853][ T3849] usb 2-1: SerialNumber: syz [ 348.650633][ T3849] usb 2-1: config 0 descriptor?? [ 349.908614][ T30] audit: type=1400 audit(2000000323.284:410): avc: denied { connect } for pid=10870 comm="syz.1.1733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 350.940466][ T42] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 351.000938][ T3849] usb 2-1: USB disconnect, device number 8 [ 351.189209][ T42] usb 4-1: Using ep0 maxpacket: 32 [ 351.230068][ T5866] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 351.260211][ T42] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 351.294780][ T42] usb 4-1: config 0 has no interface number 0 [ 351.326669][ T42] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 351.392370][ T42] usb 4-1: config 0 interface 85 has no altsetting 0 [ 351.451123][ T42] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 351.621050][ T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.629586][ T42] usb 4-1: Product: syz [ 351.642589][ T5866] usb 3-1: Using ep0 maxpacket: 32 [ 351.650058][ T5866] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 351.651175][ T42] usb 4-1: Manufacturer: syz [ 351.659008][ T5866] usb 3-1: config 0 has no interface number 0 [ 351.663217][ T42] usb 4-1: SerialNumber: syz [ 352.623990][ T30] audit: type=1400 audit(2000000325.764:411): avc: denied { remount } for pid=10956 comm="syz.0.1764" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 352.648550][ T5866] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 352.664072][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.667424][ T42] usb 4-1: config 0 descriptor?? [ 352.751398][ T42] usb 4-1: can't set config #0, error -71 [ 352.890714][ T42] usb 4-1: USB disconnect, device number 11 [ 353.033895][ T5866] usb 3-1: Product: syz [ 353.038157][ T5866] usb 3-1: Manufacturer: syz [ 353.042755][ T5866] usb 3-1: SerialNumber: syz [ 353.082465][ T5866] usb 3-1: config 0 descriptor?? [ 353.095948][ T5866] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 353.363834][ T5866] usb 3-1: selecting invalid altsetting 1 [ 353.370055][ T5866] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 353.386119][T10974] warn_alloc: 1 callbacks suppressed [ 353.386133][T10974] syz.4.1769: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 353.396337][ T5866] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 353.409395][T10974] ,cpuset= [ 353.419510][ T5866] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 353.431501][ T5866] usb 3-1: media controller created [ 353.433696][T10974] / [ 353.450913][ T5866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 353.452155][T10974] ,mems_allowed=0-1 [ 353.476596][T10974] CPU: 0 UID: 0 PID: 10974 Comm: syz.4.1769 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 353.476622][T10974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.476632][T10974] Call Trace: [ 353.476638][T10974] [ 353.476645][T10974] dump_stack_lvl+0x16c/0x1f0 [ 353.476677][T10974] warn_alloc+0x248/0x3a0 [ 353.476703][T10974] ? __pfx_warn_alloc+0x10/0x10 [ 353.476724][T10974] ? __pfx_stack_trace_save+0x10/0x10 [ 353.476746][T10974] ? stack_depot_save_flags+0x28/0xa40 [ 353.476776][T10974] ? kasan_save_stack+0x42/0x60 [ 353.476797][T10974] ? kasan_save_stack+0x33/0x60 [ 353.476817][T10974] ? kasan_save_track+0x14/0x30 [ 353.476837][T10974] ? xskq_create+0x52/0x1d0 [ 353.476858][T10974] ? xsk_setsockopt+0x640/0x840 [ 353.476877][T10974] ? do_sock_setsockopt+0x224/0x470 [ 353.476898][T10974] ? xskq_create+0xfb/0x1d0 [ 353.476920][T10974] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 353.476948][T10974] ? xskq_create+0xfb/0x1d0 [ 353.476976][T10974] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 353.477004][T10974] ? xskq_create+0xfb/0x1d0 [ 353.477026][T10974] vmalloc_user_noprof+0x9e/0xe0 [ 353.477044][T10974] ? xskq_create+0xfb/0x1d0 [ 353.477067][T10974] xskq_create+0xfb/0x1d0 [ 353.477091][T10974] xsk_setsockopt+0x640/0x840 [ 353.477122][T10974] ? __pfx_xsk_setsockopt+0x10/0x10 [ 353.477142][T10974] ? __lock_acquire+0x622/0x1c90 [ 353.477178][T10974] ? selinux_socket_setsockopt+0x6a/0x80 [ 353.477204][T10974] ? __pfx_xsk_setsockopt+0x10/0x10 [ 353.477226][T10974] do_sock_setsockopt+0x224/0x470 [ 353.477245][T10974] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 353.477284][T10974] __sys_setsockopt+0x1a0/0x230 [ 353.477316][T10974] __x64_sys_setsockopt+0xbd/0x160 [ 353.477340][T10974] ? do_syscall_64+0x91/0x4c0 [ 353.477367][T10974] ? lockdep_hardirqs_on+0x7c/0x110 [ 353.477393][T10974] do_syscall_64+0xcd/0x4c0 [ 353.477423][T10974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.477441][T10974] RIP: 0033:0x7f5eff58e929 [ 353.477455][T10974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.477473][T10974] RSP: 002b:00007f5f0044c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 353.477490][T10974] RAX: ffffffffffffffda RBX: 00007f5eff7b5fa0 RCX: 00007f5eff58e929 [ 353.477501][T10974] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 353.477512][T10974] RBP: 00007f5eff610b39 R08: 0000000000000004 R09: 0000000000000000 [ 353.477523][T10974] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.477534][T10974] R13: 0000000000000000 R14: 00007f5eff7b5fa0 R15: 00007ffde2b752f8 [ 353.477562][T10974] [ 353.477580][T10974] Mem-Info: [ 353.806370][ T5866] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 353.821994][ T5866] zl10353_read_register: readreg error (reg=127, ret==-71) [ 353.838685][ T5866] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 353.882223][T10974] active_anon:6843 inactive_anon:0 isolated_anon:0 [ 353.882223][T10974] active_file:20426 inactive_file:40916 isolated_file:0 [ 353.882223][T10974] unevictable:768 dirty:136 writeback:0 [ 353.882223][T10974] slab_reclaimable:7241 slab_unreclaimable:107636 [ 353.882223][T10974] mapped:29473 shmem:1358 pagetables:1415 [ 353.882223][T10974] sec_pagetables:0 bounce:0 [ 353.882223][T10974] kernel_misc_reclaimable:0 [ 353.882223][T10974] free:1297325 free_pcp:15087 free_cma:0 [ 353.937841][T10974] Node 0 active_anon:27372kB inactive_anon:0kB active_file:81704kB inactive_file:163460kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117892kB dirty:544kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12680kB pagetables:5544kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 353.971166][ C0] vkms_vblank_simulate: vblank timer overrun [ 353.981745][ T5866] usb 3-1: USB disconnect, device number 7 [ 353.990582][T10978] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 353.998293][T10974] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 354.037793][T10974] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 354.067789][T10974] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 354.074709][T10974] Node 0 DMA32 free:1269612kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27356kB inactive_anon:0kB active_file:81704kB inactive_file:162136kB unevictable:1536kB writepending:544kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:44352kB local_pcp:25288kB free_cma:0kB [ 354.106970][ C0] vkms_vblank_simulate: vblank timer overrun [ 354.114721][T10974] lowmem_reserve[]: 0 0 1 1 1 [ 354.121204][T10974] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 354.150354][ C0] vkms_vblank_simulate: vblank timer overrun [ 354.157063][T10974] lowmem_reserve[]: 0 0 0 0 0 [ 354.161902][T10974] Node 1 Normal free:3905388kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14016kB local_pcp:4640kB free_cma:0kB [ 354.235901][T10974] lowmem_reserve[]: 0 0 0 0 0 [ 354.241380][T10974] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 354.258215][T10974] Node 0 DMA32: 761*4kB (UME) 2142*8kB (UME) 1415*16kB (UME) 958*32kB (UME) 642*64kB (UME) 206*128kB (UME) 129*256kB (UME) 62*512kB (ME) 33*1024kB (UME) 7*2048kB (UM) 248*4096kB (UM) = 1269636kB [ 354.278054][T10974] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 354.290530][T10974] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 166*32kB (UME) 52*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3905388kB [ 354.293581][T10993] binder: 10992:10993 ioctl 4018620d 0 returned -22 [ 354.309083][T10974] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 354.325841][T10974] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 354.338228][T10974] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 354.359675][T10974] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 354.378331][T10974] 62718 total pagecache pages [ 354.388248][T10974] 0 pages in swap cache [ 354.393158][T10974] Free swap = 124996kB [ 354.397290][T10974] Total swap = 124996kB [ 354.401955][T10974] 2097051 pages RAM [ 354.408071][T10974] 0 pages HighMem/MovableOnly [ 354.413564][T10974] 429917 pages reserved [ 354.424562][T10974] 0 pages cma reserved [ 354.544060][T11000] program syz.4.1777 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 354.560338][ T30] audit: type=1400 audit(2000000328.524:412): avc: denied { write } for pid=10998 comm="syz.4.1777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 356.278223][ T42] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 356.498489][ T42] usb 5-1: config 129 has an invalid interface number: 138 but max is 3 [ 356.601878][ T42] usb 5-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 356.709312][ T42] usb 5-1: config 129 has 2 interfaces, different from the descriptor's value: 4 [ 356.825895][ T42] usb 5-1: config 129 has no interface number 0 [ 356.832943][ T42] usb 5-1: config 129 has no interface number 1 [ 356.841293][ T42] usb 5-1: config 129 interface 138 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 356.855251][ T42] usb 5-1: config 129 interface 2 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 357.023193][ T42] usb 5-1: config 129 interface 138 has no altsetting 0 [ 357.502347][ T42] usb 5-1: config 129 interface 2 has no altsetting 0 [ 357.553918][ T42] usb 5-1: string descriptor 0 read error: -71 [ 357.853141][ T42] usb 5-1: New USB device found, idVendor=045e, idProduct=046e, bcdDevice=95.6f [ 357.882769][T11021] veth0: entered promiscuous mode [ 357.907033][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.909591][T11021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1783'. [ 358.018166][ T42] usb 5-1: can't set config #129, error -71 [ 358.044072][ T42] usb 5-1: USB disconnect, device number 10 [ 358.178061][ T5887] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 359.052637][T11019] veth0: left promiscuous mode [ 359.158077][ T5887] usb 4-1: Using ep0 maxpacket: 32 [ 359.169425][ T5887] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 359.177432][ T5887] usb 4-1: config 0 has no interface number 0 [ 359.189814][ T5887] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 359.199165][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.207157][ T5887] usb 4-1: Product: syz [ 359.234053][ T5887] usb 4-1: Manufacturer: syz [ 359.238903][ T5887] usb 4-1: SerialNumber: syz [ 359.248829][ T5887] usb 4-1: config 0 descriptor?? [ 359.263403][ T5887] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 359.282647][ T5887] usb 4-1: selecting invalid altsetting 1 [ 359.398994][ T5887] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 359.426673][ T5887] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 359.589482][ T5887] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 359.597839][ T5887] usb 4-1: media controller created [ 359.620999][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 359.658371][ T5887] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 359.671615][ T5887] zl10353_read_register: readreg error (reg=127, ret==-71) [ 359.687041][ T5887] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 359.802857][ T5887] usb 4-1: USB disconnect, device number 12 [ 360.900630][ T30] audit: type=1400 audit(2000000334.494:413): avc: denied { recv } for pid=0 comm="swapper/0" saddr=10.128.0.169 src=38492 daddr=10.128.10.25 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 360.988212][ T5887] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 361.263563][T11065] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 361.335602][ T5887] usb 4-1: Using ep0 maxpacket: 32 [ 362.080390][ T5887] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 362.089707][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.097684][ T5887] usb 4-1: Product: syz [ 362.108123][ T5887] usb 4-1: Manufacturer: syz [ 362.112774][ T5887] usb 4-1: SerialNumber: syz [ 362.178881][ T5887] usb 4-1: config 0 descriptor?? [ 362.187147][ T5887] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 363.053915][ T5887] gspca_stk1135: reg_w 0x5 err -71 [ 363.062388][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.078958][ T5887] gspca_stk1135: Sensor write failed [ 363.738243][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.744605][ T5887] gspca_stk1135: Sensor write failed [ 363.749939][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.756266][ T5887] gspca_stk1135: Sensor read failed [ 363.761512][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.788061][ T5887] gspca_stk1135: Sensor read failed [ 363.793266][ T5887] gspca_stk1135: Detected sensor type unknown (0x0) [ 363.803450][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.820788][ T5887] gspca_stk1135: Sensor read failed [ 363.826012][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.838989][T11081] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1804'. [ 363.897284][ T5887] gspca_stk1135: Sensor read failed [ 363.904597][T11083] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11083 comm=syz.0.1804 [ 363.917400][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.927474][ T5887] gspca_stk1135: Sensor write failed [ 363.937589][ T5887] gspca_stk1135: serial bus timeout: status=0x00 [ 363.957763][ T5887] gspca_stk1135: Sensor write failed [ 364.018070][ T5887] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 364.027856][ T5887] usb 4-1: USB disconnect, device number 13 [ 366.448066][ T5886] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 366.458027][ T3849] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 366.598161][ T5886] usb 5-1: Using ep0 maxpacket: 32 [ 366.607638][ T5886] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 366.615869][ T5886] usb 5-1: config 0 has no interface number 0 [ 366.637311][ T5886] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 366.648088][ T3849] usb 1-1: Using ep0 maxpacket: 8 [ 366.655900][ T3849] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 366.669503][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.690446][ T5886] usb 5-1: Product: syz [ 366.694678][ T5886] usb 5-1: Manufacturer: syz [ 366.710779][ T3849] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 366.720027][ T3849] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 366.728282][ T5886] usb 5-1: SerialNumber: syz [ 366.740183][ T5886] usb 5-1: config 0 descriptor?? [ 366.745215][ T3849] usb 1-1: Product: syz [ 366.749467][ T3849] usb 1-1: Manufacturer: syz [ 366.754059][ T3849] usb 1-1: SerialNumber: syz [ 366.763332][ T5886] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 366.774116][ T5886] usb 5-1: selecting invalid altsetting 1 [ 366.780101][ T5886] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 366.791681][ T5886] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 366.802340][ T5886] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 366.810703][ T5886] usb 5-1: media controller created [ 366.832270][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 366.966431][ T5886] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 366.975801][ T5886] zl10353_read_register: readreg error (reg=127, ret==-71) [ 366.984715][ T5886] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 366.985108][ T10] usb 4-1: new low-speed USB device number 14 using dummy_hcd [ 367.135693][ T3849] usb 1-1: palm_os_3_probe - error -110 getting connection information [ 367.150386][ T3849] visor 1-1:1.0: probe with driver visor failed with error -110 [ 367.171495][ T5886] usb 5-1: USB disconnect, device number 11 [ 367.178177][ T10] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 367.197064][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.383833][T11120] lo speed is unknown, defaulting to 1000 [ 367.390201][T11120] lo speed is unknown, defaulting to 1000 [ 367.402281][T11120] lo speed is unknown, defaulting to 1000 [ 367.431059][T11120] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 367.486108][T11120] infiniband sz0: RDMA CMA: cma_listen_on_dev, error -98 [ 367.633495][T11120] lo speed is unknown, defaulting to 1000 [ 367.649483][T11120] lo speed is unknown, defaulting to 1000 [ 367.665274][T11120] lo speed is unknown, defaulting to 1000 [ 367.673473][T11120] lo speed is unknown, defaulting to 1000 [ 367.680071][ T10] usb 4-1: config 0 descriptor?? [ 367.687281][T11120] lo speed is unknown, defaulting to 1000 [ 367.715540][T11123] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1816'. [ 367.769302][T11127] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11127 comm=syz.1.1816 [ 368.290419][ T5866] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 368.473931][ T5866] usb 5-1: config 0 has an invalid interface number: 98 but max is 0 [ 368.510959][ T5866] usb 5-1: config 0 has no interface number 0 [ 368.518016][ T5866] usb 5-1: config 0 interface 98 has no altsetting 0 [ 368.527350][ T5866] usb 5-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24 [ 368.545197][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.568451][ T5866] usb 5-1: Product: syz [ 368.572641][ T5866] usb 5-1: Manufacturer: syz [ 368.594548][ T5866] usb 5-1: SerialNumber: syz [ 368.610462][ T5866] usb 5-1: config 0 descriptor?? [ 368.771712][T11142] support for the xor transformation has been removed. [ 368.827801][T11142] input: syz1 as /devices/virtual/input/input24 [ 368.840469][ T30] audit: type=1400 audit(2000000342.794:414): avc: denied { getopt } for pid=11143 comm="syz.2.1823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 368.922559][ T5866] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II [ 369.831288][ T10] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 369.860561][ T10] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 369.891606][ T10] asix 4-1:0.0: probe with driver asix failed with error -71 [ 369.932188][ T10] usb 4-1: USB disconnect, device number 14 [ 369.990085][ T3849] usb 1-1: USB disconnect, device number 12 [ 370.028760][ T5866] usb 5-1: reset high-speed USB device number 12 using dummy_hcd [ 370.179910][T11155] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1829'. [ 370.234244][T11160] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11160 comm=syz.3.1829 [ 370.433206][ T5866] usb 5-1: failed to restore interface 98 altsetting 4 (error=-71) [ 370.465152][ T5866] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware [ 370.550745][T11167] vlan3: entered promiscuous mode [ 370.555803][T11167] veth1: entered promiscuous mode [ 370.561447][ T5866] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 370.582118][ T5866] usb 5-1: USB disconnect, device number 12 [ 370.594283][ T10] usb 5-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 370.606560][ T10] usb 5-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 370.606558][ T30] audit: type=1400 audit(2000000344.574:415): avc: denied { firmware_load } for pid=10 comm="kworker/0:1" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 370.635776][ T10] kobject: kobject_add_internal failed for firmware (error: -2 parent: 5-1) [ 370.658197][ T10] firmware ueagle-atm!eagleII.fw: fw_load_sysfs_fallback: device_register failed [ 370.678339][ T10] usb 5-1: [UEAGLE-ATM] firmware is not available [ 371.972143][ T30] audit: type=1400 audit(2000000345.934:416): avc: denied { write } for pid=11186 comm="syz.3.1840" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 374.567726][T11221] netlink: 'syz.1.1850': attribute type 1 has an invalid length. [ 374.740518][T11226] syz.1.1852: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 374.758302][T11226] CPU: 1 UID: 0 PID: 11226 Comm: syz.1.1852 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 374.758330][T11226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 374.758342][T11226] Call Trace: [ 374.758354][T11226] [ 374.758362][T11226] dump_stack_lvl+0x16c/0x1f0 [ 374.758395][T11226] warn_alloc+0x248/0x3a0 [ 374.758421][T11226] ? __pfx_warn_alloc+0x10/0x10 [ 374.758443][T11226] ? __pfx_stack_trace_save+0x10/0x10 [ 374.758467][T11226] ? stack_depot_save_flags+0x28/0xa40 [ 374.758499][T11226] ? kasan_save_stack+0x42/0x60 [ 374.758521][T11226] ? kasan_save_stack+0x33/0x60 [ 374.758541][T11226] ? kasan_save_track+0x14/0x30 [ 374.758563][T11226] ? xskq_create+0x52/0x1d0 [ 374.758585][T11226] ? xsk_setsockopt+0x640/0x840 [ 374.758604][T11226] ? do_sock_setsockopt+0x224/0x470 [ 374.758625][T11226] ? xskq_create+0xfb/0x1d0 [ 374.758649][T11226] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 374.758678][T11226] ? xskq_create+0xfb/0x1d0 [ 374.758708][T11226] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 374.758737][T11226] ? xskq_create+0xfb/0x1d0 [ 374.758761][T11226] vmalloc_user_noprof+0x9e/0xe0 [ 374.758780][T11226] ? xskq_create+0xfb/0x1d0 [ 374.758805][T11226] xskq_create+0xfb/0x1d0 [ 374.758831][T11226] xsk_setsockopt+0x640/0x840 [ 374.758855][T11226] ? __pfx_xsk_setsockopt+0x10/0x10 [ 374.758875][T11226] ? __lock_acquire+0x622/0x1c90 [ 374.758909][T11226] ? selinux_socket_setsockopt+0x6a/0x80 [ 374.758935][T11226] ? __pfx_xsk_setsockopt+0x10/0x10 [ 374.758958][T11226] do_sock_setsockopt+0x224/0x470 [ 374.758975][T11226] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 374.759010][T11226] __sys_setsockopt+0x1a0/0x230 [ 374.759040][T11226] __x64_sys_setsockopt+0xbd/0x160 [ 374.759065][T11226] ? do_syscall_64+0x91/0x4c0 [ 374.759090][T11226] ? lockdep_hardirqs_on+0x7c/0x110 [ 374.759116][T11226] do_syscall_64+0xcd/0x4c0 [ 374.759145][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.759163][T11226] RIP: 0033:0x7f514a18e929 [ 374.759179][T11226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.759197][T11226] RSP: 002b:00007f514afc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 374.759215][T11226] RAX: ffffffffffffffda RBX: 00007f514a3b5fa0 RCX: 00007f514a18e929 [ 374.759226][T11226] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 374.759237][T11226] RBP: 00007f514a210b39 R08: 0000000000000004 R09: 0000000000000000 [ 374.759247][T11226] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.759258][T11226] R13: 0000000000000000 R14: 00007f514a3b5fa0 R15: 00007ffc0b474ff8 [ 374.759284][T11226] [ 374.759290][T11226] Mem-Info: [ 375.035298][T11226] active_anon:6939 inactive_anon:0 isolated_anon:0 [ 375.035298][T11226] active_file:20426 inactive_file:40927 isolated_file:0 [ 375.035298][T11226] unevictable:768 dirty:203 writeback:0 [ 375.035298][T11226] slab_reclaimable:7417 slab_unreclaimable:106852 [ 375.035298][T11226] mapped:29466 shmem:1374 pagetables:1433 [ 375.035298][T11226] sec_pagetables:0 bounce:0 [ 375.035298][T11226] kernel_misc_reclaimable:0 [ 375.035298][T11226] free:1278272 free_pcp:34443 free_cma:0 [ 375.080855][T11226] Node 0 active_anon:27756kB inactive_anon:0kB active_file:81704kB inactive_file:163504kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117864kB dirty:812kB writeback:0kB shmem:3960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12484kB pagetables:5616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 375.126109][T11226] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 375.163384][T11226] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 375.228325][T11226] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 375.238687][T11226] Node 0 DMA32 free:1192328kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27640kB inactive_anon:0kB active_file:81704kB inactive_file:162180kB unevictable:1536kB writepending:768kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:123840kB local_pcp:85112kB free_cma:0kB [ 375.271042][ C0] vkms_vblank_simulate: vblank timer overrun [ 375.296934][T11226] lowmem_reserve[]: 0 0 1 1 1 [ 375.304223][T11226] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 375.333465][ C0] vkms_vblank_simulate: vblank timer overrun [ 375.345818][T11226] lowmem_reserve[]: 0 0 0 0 0 [ 375.354770][T11226] Node 1 Normal free:3905388kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14016kB local_pcp:9376kB free_cma:0kB [ 375.385947][ C0] vkms_vblank_simulate: vblank timer overrun [ 375.422646][T11226] lowmem_reserve[]: 0 0 0 0 0 [ 375.452746][T11226] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 375.468255][T11226] Node 0 DMA32: 1734*4kB (UME) 1613*8kB (UME) 975*16kB (UME) 903*32kB (UME) 455*64kB (UME) 99*128kB (UME) 78*256kB (UME) 56*512kB (UME) 24*1024kB (UME) 7*2048kB (UM) 246*4096kB (M) = 1201296kB [ 375.488816][T11226] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 375.510776][T11227] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 375.517235][T11226] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 166*32kB (UME) 52*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3905388kB [ 375.536936][T11226] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 375.549939][T11226] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 375.560084][T11226] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 375.574610][T11226] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 375.585600][T11226] 62885 total pagecache pages [ 375.594832][T11226] 0 pages in swap cache [ 375.634587][T11226] Free swap = 124996kB [ 375.639104][T11226] Total swap = 124996kB [ 375.643377][T11226] 2097051 pages RAM [ 375.647246][T11226] 0 pages HighMem/MovableOnly [ 375.655254][T11226] 429917 pages reserved [ 375.659784][T11226] 0 pages cma reserved [ 377.087498][ T30] audit: type=1400 audit(2000000351.044:417): avc: denied { watch } for pid=11245 comm="syz.4.1861" path="/392" dev="tmpfs" ino=2028 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 377.996204][T11271] netlink: 'syz.1.1862': attribute type 1 has an invalid length. [ 378.141696][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.448674][T11303] support for the xor transformation has been removed. [ 380.456917][T11303] input: syz1 as /devices/virtual/input/input25 [ 381.439038][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 381.640471][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.669976][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.710180][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 381.789525][ T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 381.828067][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.850495][ T10] usb 1-1: config 0 descriptor?? [ 382.264328][ T10] plantronics 0003:047F:FFFF.0009: reserved main item tag 0xe [ 382.271975][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 382.280192][ T10] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 382.290344][ T10] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 382.531227][ T24] usb 1-1: USB disconnect, device number 13 [ 383.991528][T11367] veth0_vlan: entered allmulticast mode [ 384.752647][T11361] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 384.839184][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 385.108669][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 385.292600][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.006292][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.017033][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 386.052441][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.093551][ T24] usb 3-1: config 0 descriptor?? [ 386.966557][ T24] hub 3-1:0.0: USB hub found [ 387.103817][ T24] hub 3-1:0.0: config failed, can't read hub descriptor (err -90) [ 387.313378][T11425] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1925'. [ 387.336223][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 387.345193][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 387.392622][ T24] usb 3-1: USB disconnect, device number 8 [ 389.266306][T11441] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 389.329129][ T5866] lo speed is unknown, defaulting to 1000 [ 389.338170][ T5866] sz0: Port: 1 Link DOWN [ 389.621968][T11457] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1936'. [ 391.786388][T11490] Bluetooth: MGMT ver 1.23 [ 394.745652][T11496] xt_hashlimit: size too large, truncated to 1048576 [ 394.806807][T11499] !: renamed from dummy0 (while UP) [ 400.187933][T11541] support for the xor transformation has been removed. [ 401.492776][ T5866] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 401.729407][ T5866] usb 3-1: config 6 has an invalid interface number: 23 but max is 0 [ 401.791366][ T5866] usb 3-1: config 6 has no interface number 0 [ 401.797474][ T5866] usb 3-1: config 6 interface 23 has no altsetting 0 [ 401.832255][ T5866] usb 3-1: New USB device found, idVendor=0547, idProduct=2235, bcdDevice=58.61 [ 401.848782][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.869570][ T5866] usb 3-1: Product: syz [ 401.873745][ T5866] usb 3-1: Manufacturer: syz [ 402.877432][ T5866] usb 3-1: SerialNumber: syz [ 403.831346][ T5866] usbtest 3-1:6.23: EZ-USB device [ 403.836453][ T5866] usbtest 3-1:6.23: full-speed {control bulk-in bulk-out} tests (+alt) [ 403.859552][ T5866] usb 3-1: USB disconnect, device number 9 [ 405.126460][T11598] @: renamed from vlan0 [ 406.038916][T11603] support for the xor transformation has been removed. [ 406.087522][T11603] input: syz1 as /devices/virtual/input/input26 [ 410.618554][T11661] support for the xor transformation has been removed. [ 410.626312][T11661] input: syz1 as /devices/virtual/input/input27 [ 411.144382][T11672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2002'. [ 411.243010][T11674] netlink: 'syz.3.2003': attribute type 1 has an invalid length. [ 413.220011][ T5824] Bluetooth: hci3: unexpected event for opcode 0x0402 [ 413.763872][T11700] support for the xor transformation has been removed. [ 413.771681][T11700] input: syz1 as /devices/virtual/input/input28 [ 414.148394][T11705] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2015'. [ 415.818393][T11722] program syz.0.2022 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 417.098108][ T5866] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 418.022477][ T5866] usb 1-1: config 129 has an invalid interface number: 138 but max is 3 [ 418.068002][ T5866] usb 1-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 418.100452][ T5866] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 4 [ 418.148069][ T5866] usb 1-1: config 129 has no interface number 0 [ 418.168095][ T5866] usb 1-1: config 129 has no interface number 1 [ 418.188456][ T5866] usb 1-1: config 129 interface 138 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 418.220830][ T5866] usb 1-1: config 129 interface 2 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 418.266430][ T5866] usb 1-1: config 129 interface 138 has no altsetting 0 [ 418.288514][ T5866] usb 1-1: config 129 interface 2 has no altsetting 0 [ 418.401821][ T5866] usb 1-1: New USB device found, idVendor=045e, idProduct=046e, bcdDevice=95.6f [ 418.418064][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.426069][ T5866] usb 1-1: Product: 臮휯킄뇋経荥ሡ嬩緪뾪ー鷔惎孺荄韈梚䤃뷾ⷺ偰䘽Ṽ˟型笻拡쮂쳐깒ㆅ夅㼿觤䝨☕ι猄⺴턙뛰漆ጒ⇧万⑓ꦛ焈뇝玺鱛缌㣑蒯疣۱鉻賴ꊢ븚혽㛬苼눩倕鮊ႆᏝ▛鱧짮ﶭ╴䶦簿绰鶐钬㎆ [ 418.493548][T11735] support for the xor transformation has been removed. [ 418.501803][T11735] input: syz1 as /devices/virtual/input/input29 [ 418.634478][ T5866] usb 1-1: Manufacturer: Ű为脜䔗෥䄖┾鹮༧Ѫせ䅌ຣแꪧ [ 418.643421][ T5866] usb 1-1: SerialNumber: 荾娳뙍镱寥룻勚쓠黜箿蕴瘬첶⳴ः낍燕㵂젆悸乜䪣뜄蘻꣢몹贪ቛ濪戴⾙瘈凈Գ쓼뷞⻔泭Ⴉ鋜뺤詝ᚓ✏溪㯈ⷕ껭෡٠볾렦督幐祖ʱग़⪮ੲ栮㽠闑磎퀼䤬暆蓿踏灈ᯘ鹆쟁儡쐿句쨃몌 [ 418.825607][ T5866] usb 1-1: USB disconnect, device number 14 [ 421.168111][ T30] audit: type=1400 audit(2000000394.034:418): avc: denied { create } for pid=11749 comm="syz.1.2031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 421.191537][ T30] audit: type=1400 audit(2000000394.034:419): avc: denied { setopt } for pid=11749 comm="syz.1.2031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 422.242605][T11765] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2036'. [ 422.316370][T11765] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2036'. [ 422.326892][T11765] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2036'. [ 423.369242][T11779] support for the xor transformation has been removed. [ 423.377400][T11779] input: syz1 as /devices/virtual/input/input30 [ 423.927160][ T5866] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 424.797993][ T30] audit: type=1400 audit(2000000398.704:420): avc: denied { bind } for pid=11792 comm="syz.0.2046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 424.899297][ T30] audit: type=1400 audit(2000000398.744:421): avc: denied { write } for pid=11792 comm="syz.0.2046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 424.919040][ T5866] usb 2-1: Using ep0 maxpacket: 8 [ 425.079994][ T5866] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 425.368587][ T5866] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 425.377912][ T5866] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 425.397485][ T5866] usb 2-1: Product: syz [ 425.411190][ T5866] usb 2-1: Manufacturer: syz [ 425.419746][ T5866] usb 2-1: SerialNumber: syz [ 426.084661][ T5866] usb 2-1: palm_os_3_probe - error -110 getting connection information [ 426.093066][ T5866] visor 2-1:1.0: probe with driver visor failed with error -110 [ 426.229757][T11816] siw: device registration error -23 [ 427.888289][ T5886] usb 2-1: USB disconnect, device number 9 [ 428.189053][T11841] support for the xor transformation has been removed. [ 428.197205][T11841] input: syz1 as /devices/virtual/input/input31 [ 429.993545][T11869] ALSA: mixer_oss: invalid OSS volume 'MON' [ 430.004349][T11869] overlayfs: failed to resolve './file1': -2 [ 430.538283][T11875] nbd3: detected capacity change from 0 to 63 [ 430.568944][T11878] block nbd3: NBD_DISCONNECT [ 430.700990][T11882] overlay: ./bus is not a directory [ 431.184300][T11878] block nbd3: Disconnected due to user request. [ 431.272725][T11878] block nbd3: shutting down sockets [ 432.638818][T11901] support for the xor transformation has been removed. [ 432.647012][T11901] input: syz1 as /devices/virtual/input/input32 [ 433.536775][T11922] program syz.2.2086 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 433.638042][ T5866] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 433.686859][ T5887] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 435.247989][ T3849] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 435.255896][ T5866] usb 2-1: Using ep0 maxpacket: 16 [ 435.289535][ T5887] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 435.338601][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.353012][ T5887] usb 5-1: Product: syz [ 435.358292][ T5887] usb 5-1: Manufacturer: syz [ 435.364062][ T5887] usb 5-1: SerialNumber: syz [ 435.431475][T11923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 435.661786][ T5866] usb 2-1: config 5 has an invalid interface number: 105 but max is 0 [ 435.672140][ T5887] usb 5-1: config 0 descriptor?? [ 435.680214][ T5866] usb 2-1: config 5 has no interface number 0 [ 435.686363][ T5866] usb 2-1: config 5 interface 105 altsetting 4 endpoint 0x8 has an invalid bInterval 154, changing to 11 [ 435.698165][ T5866] usb 2-1: config 5 interface 105 has no altsetting 0 [ 435.705014][ T5866] usb 2-1: New USB device found, idVendor=046d, idProduct=c291, bcdDevice=60.eb [ 436.596187][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.624508][ T3849] usb 3-1: device descriptor read/all, error -71 [ 436.680361][ T5887] usb 5-1: Firmware version (0.0) predates our first public release. [ 436.692849][ T5887] usb 5-1: Please update to version 0.2 or newer [ 436.806797][ T5866] usb 2-1: can't set config #5, error -71 [ 436.868704][ T5887] usb 5-1: USB disconnect, device number 13 [ 436.920721][ T5866] usb 2-1: USB disconnect, device number 10 [ 437.156461][T11956] veth0_vlan: left promiscuous mode [ 437.174436][T11956] veth0_vlan: entered promiscuous mode [ 437.718171][ T5886] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 437.732276][T11966] input: syz0 as /devices/virtual/input/input33 [ 438.240578][T11972] program syz.4.2103 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 438.437990][ T5886] usb 4-1: Using ep0 maxpacket: 16 [ 439.149789][ T5886] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 439.159141][ T5886] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 439.166513][ T5886] usb 4-1: config 0 has no interface number 0 [ 439.274082][ T5886] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 439.298013][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.535611][ T5886] usb 4-1: Product: syz [ 439.542546][ T5886] usb 4-1: Manufacturer: syz [ 439.547233][ T5886] usb 4-1: SerialNumber: syz [ 439.558583][ T5886] usb 4-1: config 0 descriptor?? [ 439.563352][ T5866] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 439.573399][ T5886] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 439.581175][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.596709][ T5886] usb 4-1: No valid video chain found. [ 439.734571][ T5866] usb 5-1: config 129 has an invalid interface number: 138 but max is 3 [ 439.744486][ T5866] usb 5-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 439.759851][ T5866] usb 5-1: config 129 has 2 interfaces, different from the descriptor's value: 4 [ 439.770405][ T5866] usb 5-1: config 129 has no interface number 0 [ 439.776742][ T5866] usb 5-1: config 129 has no interface number 1 [ 439.784013][ T5866] usb 5-1: config 129 interface 138 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 439.799913][ T5866] usb 5-1: config 129 interface 2 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 439.813636][ T5866] usb 5-1: config 129 interface 138 has no altsetting 0 [ 439.822773][ T5866] usb 5-1: config 129 interface 2 has no altsetting 0 [ 439.829790][ T5893] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 439.982009][ T5866] usb 5-1: New USB device found, idVendor=045e, idProduct=046e, bcdDevice=95.6f [ 439.997692][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.007670][ T5866] usb 5-1: Product: 臮휯킄뇋経荥ሡ嬩緪뾪ー鷔惎孺荄韈梚䤃뷾ⷺ偰䘽Ṽ˟型笻拡쮂쳐깒ㆅ夅㼿觤䝨☕ι猄⺴턙뛰漆ጒ⇧万⑓ꦛ焈뇝玺鱛缌㣑蒯疣۱鉻賴ꊢ븚혽㛬苼눩倕鮊ႆᏝ▛鱧짮ﶭ╴䶦簿绰鶐钬㎆ [ 440.509597][ T5866] usb 5-1: Manufacturer: Ű为脜䔗෥䄖┾鹮༧Ѫせ䅌ຣแꪧ [ 440.519309][ T5866] usb 5-1: SerialNumber: 荾娳뙍镱寥룻勚쓠黜箿蕴瘬첶⳴ः낍燕㵂젆悸乜䪣뜄蘻꣢몹贪ቛ濪戴⾙瘈凈Գ쓼뷞⻔泭Ⴉ鋜뺤詝ᚓ✏溪㯈ⷕ껭෡٠볾렦督幐祖ʱग़⪮ੲ栮㽠闑磎퀼䤬暆蓿踏灈ᯘ鹆쟁儡쐿句쨃몌 [ 440.588049][ T5893] usb 2-1: Using ep0 maxpacket: 16 [ 440.614808][ T5893] usb 2-1: config 5 has an invalid interface number: 105 but max is 0 [ 440.627955][ T5893] usb 2-1: config 5 has no interface number 0 [ 440.634099][ T5893] usb 2-1: config 5 interface 105 has no altsetting 0 [ 440.658036][ T5893] usb 2-1: New USB device found, idVendor=046d, idProduct=c291, bcdDevice=60.eb [ 440.667101][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.776953][ T5866] usb 5-1: USB disconnect, device number 14 [ 440.906838][ T5893] usb 2-1: string descriptor 0 read error: -71 [ 440.933753][ T5893] usb 2-1: USB disconnect, device number 11 [ 441.914182][ T24] usb 4-1: USB disconnect, device number 15 [ 442.248858][T12024] syzkaller0: entered allmulticast mode [ 442.272743][T12024] syzkaller0: entered promiscuous mode [ 442.343855][T12024] syzkaller0 (unregistering): left allmulticast mode [ 442.360590][T12024] syzkaller0 (unregistering): left promiscuous mode [ 443.467894][T12058] pim6reg: entered allmulticast mode [ 443.489316][T12061] warn_alloc: 1 callbacks suppressed [ 443.489331][T12061] syz.0.2123: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 443.509648][T12061] CPU: 1 UID: 0 PID: 12061 Comm: syz.0.2123 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 443.509675][T12061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 443.509687][T12061] Call Trace: [ 443.509693][T12061] [ 443.509701][T12061] dump_stack_lvl+0x16c/0x1f0 [ 443.509735][T12061] warn_alloc+0x248/0x3a0 [ 443.509762][T12061] ? __pfx_warn_alloc+0x10/0x10 [ 443.509784][T12061] ? __pfx_stack_trace_save+0x10/0x10 [ 443.509810][T12061] ? stack_depot_save_flags+0x28/0xa40 [ 443.509842][T12061] ? kasan_save_stack+0x42/0x60 [ 443.509865][T12061] ? kasan_save_stack+0x33/0x60 [ 443.509885][T12061] ? kasan_save_track+0x14/0x30 [ 443.509907][T12061] ? xskq_create+0x52/0x1d0 [ 443.509929][T12061] ? xsk_setsockopt+0x640/0x840 [ 443.509949][T12061] ? do_sock_setsockopt+0x224/0x470 [ 443.509969][T12061] ? xskq_create+0xfb/0x1d0 [ 443.509994][T12061] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 443.510023][T12061] ? xskq_create+0xfb/0x1d0 [ 443.510053][T12061] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 443.510083][T12061] ? xskq_create+0xfb/0x1d0 [ 443.510106][T12061] vmalloc_user_noprof+0x9e/0xe0 [ 443.510132][T12061] ? xskq_create+0xfb/0x1d0 [ 443.510157][T12061] xskq_create+0xfb/0x1d0 [ 443.510184][T12061] xsk_setsockopt+0x640/0x840 [ 443.510208][T12061] ? __pfx_xsk_setsockopt+0x10/0x10 [ 443.510229][T12061] ? __lock_acquire+0x622/0x1c90 [ 443.510267][T12061] ? selinux_socket_setsockopt+0x6a/0x80 [ 443.510294][T12061] ? __pfx_xsk_setsockopt+0x10/0x10 [ 443.510318][T12061] do_sock_setsockopt+0x224/0x470 [ 443.510336][T12061] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 443.510374][T12061] __sys_setsockopt+0x1a0/0x230 [ 443.510406][T12061] __x64_sys_setsockopt+0xbd/0x160 [ 443.510430][T12061] ? do_syscall_64+0x91/0x4c0 [ 443.510457][T12061] ? lockdep_hardirqs_on+0x7c/0x110 [ 443.510483][T12061] do_syscall_64+0xcd/0x4c0 [ 443.510513][T12061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.510532][T12061] RIP: 0033:0x7fcb5238e929 [ 443.510547][T12061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.510565][T12061] RSP: 002b:00007fcb5327f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 443.510582][T12061] RAX: ffffffffffffffda RBX: 00007fcb525b5fa0 RCX: 00007fcb5238e929 [ 443.510594][T12061] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 443.510605][T12061] RBP: 00007fcb52410b39 R08: 0000000000000004 R09: 0000000000000000 [ 443.510616][T12061] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 443.510626][T12061] R13: 0000000000000000 R14: 00007fcb525b5fa0 R15: 00007ffe0a32f068 [ 443.510654][T12061] [ 443.510661][T12061] Mem-Info: [ 443.787644][T12061] active_anon:26223 inactive_anon:0 isolated_anon:0 [ 443.787644][T12061] active_file:20426 inactive_file:40961 isolated_file:0 [ 443.787644][T12061] unevictable:768 dirty:211 writeback:0 [ 443.787644][T12061] slab_reclaimable:7516 slab_unreclaimable:108013 [ 443.787644][T12061] mapped:32343 shmem:20524 pagetables:1592 [ 443.787644][T12061] sec_pagetables:0 bounce:0 [ 443.787644][T12061] kernel_misc_reclaimable:0 [ 443.787644][T12061] free:1273866 free_pcp:17946 free_cma:0 [ 444.008256][T12061] Node 0 active_anon:104192kB inactive_anon:0kB active_file:81704kB inactive_file:163640kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:129272kB dirty:844kB writeback:0kB shmem:80160kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12536kB pagetables:5852kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 444.247106][T12061] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 444.360638][T12061] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 444.404918][T12071] netfs: Couldn't get user pages (rc=-14) [ 444.411133][T12064] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 444.433900][T12061] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 444.440342][T12061] Node 0 DMA32 free:1192904kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:80328kB inactive_anon:0kB active_file:81704kB inactive_file:162316kB unevictable:1536kB writepending:848kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:65300kB local_pcp:33084kB free_cma:0kB [ 444.483437][T12061] lowmem_reserve[]: 0 0 1 1 1 [ 444.490815][T12061] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 444.547257][T12061] lowmem_reserve[]: 0 0 0 0 0 [ 444.560452][T12061] Node 1 Normal free:3906412kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12992kB local_pcp:8864kB free_cma:0kB [ 444.620200][T12061] lowmem_reserve[]: 0 0 0 0 0 [ 444.664663][T12061] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 444.678427][ T3849] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 444.683651][T12061] Node 0 DMA32: 927*4kB (UM) 1634*8kB (UME) 1079*16kB (UME) 888*32kB (UME) 786*64kB (UME) 382*128kB (UME) 176*256kB (UME) 84*512kB (UME) 32*1024kB (UME) 8*2048kB (UM) 226*4096kB (UM) = 1224572kB [ 444.713927][T12061] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 444.727907][T12061] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 184*32kB (UME) 57*64kB (UME) 10*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3906412kB [ 444.829281][T12061] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 444.838102][ T3849] usb 5-1: Using ep0 maxpacket: 8 [ 444.838882][T12061] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 444.853300][T12061] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 444.862984][T12061] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 444.869495][ T3849] usb 5-1: config 32 has an invalid interface number: 255 but max is 0 [ 444.888036][T12061] 63839 total pagecache pages [ 444.892848][T12061] 0 pages in swap cache [ 444.906352][T12061] Free swap = 124996kB [ 444.910680][T12081] nbd3: detected capacity change from 0 to 63 [ 444.920137][ T5824] block nbd3: Receive control failed (result -32) [ 444.926903][ T3849] usb 5-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 444.968799][T12061] Total swap = 124996kB [ 444.973025][T12061] 2097051 pages RAM [ 444.985908][ T3849] usb 5-1: config 32 has no interface number 0 [ 444.993859][T12061] 0 pages HighMem/MovableOnly [ 445.015882][T12061] 429917 pages reserved [ 445.026906][ T3849] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 445.042774][T12061] 0 pages cma reserved [ 445.066195][ T3849] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.103229][ T3849] hub 5-1:32.255: bad descriptor, ignoring hub [ 445.109660][ T3849] hub 5-1:32.255: probe with driver hub failed with error -5 [ 445.540646][ T3849] usb 5-1: USB disconnect, device number 15 [ 445.720046][T12102] netfs: Couldn't get user pages (rc=-14) [ 446.158124][ T3849] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 446.746885][T12117] input: syz0 as /devices/virtual/input/input34 [ 446.828031][ T3849] usb 2-1: Using ep0 maxpacket: 16 [ 446.835288][ T3849] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 446.844580][ T3849] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 446.852885][ T3849] usb 2-1: Manufacturer: syz [ 446.859927][ T3849] usb 2-1: config 0 descriptor?? [ 446.988193][T12115] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 447.158851][ T3849] usb 2-1: Cannot retrieve CPort count: 0 [ 447.164930][ T3849] usb 2-1: Cannot retrieve CPort count: -5 [ 447.171135][ T3849] es2_ap_driver 2-1:0.0: probe with driver es2_ap_driver failed with error -5 [ 447.228029][ T42] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 447.657247][ T5893] usb 2-1: USB disconnect, device number 12 [ 447.689650][ T42] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 447.702321][ T42] usb 4-1: config 0 has no interfaces? [ 447.707838][ T42] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 447.717401][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.730305][ T42] usb 4-1: config 0 descriptor?? [ 447.771966][ T30] audit: type=1326 audit(2000000421.734:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12121 comm="syz.4.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eff58e929 code=0x7fc00000 [ 447.921335][T12136] support for the xor transformation has been removed. [ 447.930007][T12136] input: syz1 as /devices/virtual/input/input35 [ 449.936602][ T5893] usb 4-1: USB disconnect, device number 16 [ 450.027116][ T30] audit: type=1400 audit(2000000423.984:423): avc: denied { append } for pid=12168 comm="syz.3.2163" name="event2" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 450.058998][ T5824] Bluetooth: hci3: command 0x0406 tx timeout [ 450.463184][T12163] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 454.111164][T12204] netlink: 'syz.0.2173': attribute type 3 has an invalid length. [ 454.195518][T12204] netlink: 666 bytes leftover after parsing attributes in process `syz.0.2173'. [ 456.398205][ T5140] Bluetooth: hci4: command 0x0405 tx timeout [ 457.624450][ T30] audit: type=1400 audit(2000000431.584:424): avc: denied { sqpoll } for pid=12241 comm="syz.4.2186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 457.805809][ T5824] Bluetooth: hci0: unexpected event for opcode 0x0000 [ 459.193635][ T5824] Bluetooth: hci3: unexpected event for opcode 0x1405 [ 459.370253][T12298] netlink: 'syz.2.2211': attribute type 3 has an invalid length. [ 459.403614][T12298] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2211'. [ 462.659564][ T30] audit: type=1326 audit(2000000436.624:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12320 comm="syz.3.2219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067e78e929 code=0x7fc00000 [ 462.766091][ T5824] Bluetooth: hci3: unexpected event for opcode 0x0002 [ 463.081342][T12343] warn_alloc: 2 callbacks suppressed [ 463.081376][T12343] syz.1.2226: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 463.458090][T12343] CPU: 1 UID: 0 PID: 12343 Comm: syz.1.2226 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 463.458117][T12343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 463.458130][T12343] Call Trace: [ 463.458135][T12343] [ 463.458143][T12343] dump_stack_lvl+0x16c/0x1f0 [ 463.458175][T12343] warn_alloc+0x248/0x3a0 [ 463.458202][T12343] ? __pfx_warn_alloc+0x10/0x10 [ 463.458223][T12343] ? trace_sched_exit_tp+0xde/0x130 [ 463.458251][T12343] ? __schedule+0x1181/0x5de0 [ 463.458284][T12343] ? kasan_save_track+0x14/0x30 [ 463.458306][T12343] ? xskq_create+0x52/0x1d0 [ 463.458333][T12343] ? xskq_create+0xfb/0x1d0 [ 463.458357][T12343] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 463.458386][T12343] ? xskq_create+0xfb/0x1d0 [ 463.458412][T12343] ? irqentry_exit+0x3b/0x90 [ 463.458436][T12343] ? lockdep_hardirqs_on+0x7c/0x110 [ 463.458462][T12343] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 463.458490][T12343] ? xskq_create+0xfb/0x1d0 [ 463.458513][T12343] vmalloc_user_noprof+0x9e/0xe0 [ 463.458532][T12343] ? xskq_create+0xfb/0x1d0 [ 463.458556][T12343] xskq_create+0xfb/0x1d0 [ 463.458581][T12343] xsk_setsockopt+0x640/0x840 [ 463.458604][T12343] ? __pfx_xsk_setsockopt+0x10/0x10 [ 463.458636][T12343] ? selinux_socket_setsockopt+0x6a/0x80 [ 463.458661][T12343] ? __pfx_xsk_setsockopt+0x10/0x10 [ 463.458682][T12343] do_sock_setsockopt+0x224/0x470 [ 463.458701][T12343] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 463.458736][T12343] __sys_setsockopt+0x1a0/0x230 [ 463.458765][T12343] __x64_sys_setsockopt+0xbd/0x160 [ 463.458789][T12343] ? do_syscall_64+0x91/0x4c0 [ 463.458816][T12343] ? lockdep_hardirqs_on+0x7c/0x110 [ 463.458841][T12343] do_syscall_64+0xcd/0x4c0 [ 463.458877][T12343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.458896][T12343] RIP: 0033:0x7f514a18e929 [ 463.458913][T12343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.458932][T12343] RSP: 002b:00007f514afc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 463.458950][T12343] RAX: ffffffffffffffda RBX: 00007f514a3b5fa0 RCX: 00007f514a18e929 [ 463.458962][T12343] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 463.458972][T12343] RBP: 00007f514a210b39 R08: 0000000000000004 R09: 0000000000000000 [ 463.458982][T12343] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.458993][T12343] R13: 0000000000000000 R14: 00007f514a3b5fa0 R15: 00007ffc0b474ff8 [ 463.459017][T12343] [ 463.460042][T12343] Mem-Info: [ 463.768333][T12343] active_anon:8891 inactive_anon:0 isolated_anon:0 [ 463.768333][T12343] active_file:20426 inactive_file:40967 isolated_file:0 [ 463.768333][T12343] unevictable:768 dirty:491 writeback:0 [ 463.768333][T12343] slab_reclaimable:7438 slab_unreclaimable:107708 [ 463.768333][T12343] mapped:31374 shmem:3281 pagetables:1507 [ 463.768333][T12343] sec_pagetables:0 bounce:0 [ 463.768333][T12343] kernel_misc_reclaimable:0 [ 463.768333][T12343] free:1290057 free_pcp:18849 free_cma:0 [ 463.880128][T12345] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 463.911077][T12343] Node 0 active_anon:38664kB inactive_anon:0kB active_file:81704kB inactive_file:163664kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128796kB dirty:1964kB writeback:0kB shmem:14888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12244kB pagetables:5712kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 463.948098][T12343] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 464.002977][T12343] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 464.142788][T12343] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 464.933705][T12343] Node 0 DMA32 free:1241476kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40704kB inactive_anon:0kB active_file:81704kB inactive_file:162340kB unevictable:1536kB writepending:1964kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:56408kB local_pcp:33704kB free_cma:0kB [ 465.021238][T12343] lowmem_reserve[]: 0 0 1 1 1 [ 465.048984][T12362] binder: 12361:12362 ioctl 89f2 0 returned -22 [ 465.066362][T12343] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB [ 465.194220][T12343] lowmem_reserve[]: 0 0 0 0 0 [ 465.204740][T12343] Node 1 Normal free:3906412kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12992kB local_pcp:8864kB free_cma:0kB [ 465.240912][T12343] lowmem_reserve[]: 0 0 0 0 0 [ 465.245647][T12343] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 465.573208][T12343] Node 0 DMA32: 1*4kB (U) 17*8kB (UME) 470*16kB (UME) 1295*32kB (UME) 763*64kB (UME) 238*128kB (UME) 166*256kB (UME) 96*512kB (UME) 36*1024kB (UME) 15*2048kB (UM) 228*4096kB (UM) = 1221516kB [ 465.594343][T12343] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 465.609740][T12343] Node 1 Normal: 205*4kB (UME) 47*8kB (UME) 40*16kB (UME) 184*32kB (UME) 57*64kB (UME) 10*128kB (UME) 4*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3906412kB [ 465.629945][T12343] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 465.640494][T12343] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 465.651513][T12343] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 465.887966][T12343] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 465.923535][T12343] 77624 total pagecache pages [ 465.938024][T12343] 0 pages in swap cache [ 465.942193][T12343] Free swap = 124996kB [ 465.958030][T12343] Total swap = 124996kB [ 465.969471][T12343] 2097051 pages RAM [ 465.973337][T12343] 0 pages HighMem/MovableOnly [ 465.982404][T12343] 429917 pages reserved [ 465.988308][T12343] 0 pages cma reserved [ 466.073812][ T5824] Bluetooth: hci3: unexpected event for opcode 0x0002 [ 467.266050][T12395] veth0_vlan: entered allmulticast mode [ 467.506369][T12395] veth0_vlan: left promiscuous mode [ 467.519305][T12395] veth0_vlan: entered promiscuous mode [ 468.901486][T12417] input: syz0 as /devices/virtual/input/input36 [ 469.293161][ T30] audit: type=1400 audit(2000000443.244:426): avc: denied { append } for pid=12423 comm="syz.1.2255" name="ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 469.613558][ T30] audit: type=1400 audit(2000000443.574:427): avc: denied { read write } for pid=12423 comm="syz.1.2255" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 470.179327][ T30] audit: type=1400 audit(2000000443.574:428): avc: denied { open } for pid=12423 comm="syz.1.2255" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 470.481407][T12437] netlink: 'syz.0.2259': attribute type 10 has an invalid length. [ 470.489925][T12437] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.497216][T12437] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.516329][T12437] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.523472][T12437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.530939][T12437] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.538098][T12437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.577259][T12437] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 470.619481][ T49] ------------[ cut here ]------------ [ 470.625076][ T49] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 470.773732][ T49] WARNING: CPU: 1 PID: 49 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x1ed/0x230 [ 470.783987][ T49] Modules linked in: [ 470.788201][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 470.800256][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 470.810328][ T49] Workqueue: bond0 bond_mii_monitor [ 470.815535][ T49] RIP: 0010:__linkwatch_sync_dev+0x1ed/0x230 [ 470.821571][ T49] Code: 05 ff ff ff e8 34 8b 59 f8 c6 05 49 ec 2d 07 01 90 ba 48 00 00 00 48 c7 c6 c0 90 e3 8c 48 c7 c7 60 90 e3 8c e8 d4 4f 18 f8 90 <0f> 0b 90 90 e9 d6 fe ff ff 48 c7 c7 44 42 a8 90 e8 2e 5b c0 f8 e9 [ 470.841221][ T49] RSP: 0018:ffffc90000ba79f0 EFLAGS: 00010286 [ 470.847290][ T49] RAX: 0000000000000000 RBX: ffff88805963a000 RCX: ffffffff817ae248 [ 470.855343][ T49] RDX: ffff88801b9dc880 RSI: ffffffff817ae255 RDI: 0000000000000001 [ 470.863342][ T49] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 470.871328][ T49] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff92000174f48 [ 470.879325][ T49] R13: ffff88805963acc5 R14: ffffffff8c5910c0 R15: ffffffff899bcdb0 [ 470.887301][ T49] FS: 0000000000000000(0000) GS:ffff888124854000(0000) knlGS:0000000000000000 [ 470.896251][ T49] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 470.902861][ T49] CR2: 00007f514a3b1450 CR3: 000000005f369000 CR4: 00000000003526f0 [ 470.910901][ T49] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 470.918887][ T49] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 470.926855][ T49] Call Trace: [ 470.930162][ T49] [ 470.933094][ T49] ethtool_op_get_link+0x1d/0x70 [ 470.938257][ T49] bond_check_dev_link+0x3fc/0x710 [ 470.943372][ T49] ? __pfx_bond_check_dev_link+0x10/0x10 [ 470.949041][ T49] bond_mii_monitor+0x3c0/0x2dc0 [ 470.954001][ T49] ? __pfx_bond_mii_monitor+0x10/0x10 [ 470.959394][ T49] ? lock_acquire+0x62/0x350 [ 470.963996][ T49] ? preempt_schedule_thunk+0x16/0x30 [ 470.969399][ T49] process_one_work+0x9cc/0x1b70 [ 470.974436][ T49] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 470.980617][ T49] ? __pfx_process_one_work+0x10/0x10 [ 470.985999][ T49] ? assign_work+0x1a0/0x250 [ 470.990613][ T49] worker_thread+0x6c8/0xf10 [ 470.995213][ T49] ? __pfx_worker_thread+0x10/0x10 [ 471.000453][ T49] kthread+0x3c2/0x780 [ 471.004521][ T49] ? __pfx_kthread+0x10/0x10 [ 471.009142][ T49] ? rcu_is_watching+0x12/0xc0 [ 471.013912][ T49] ? __pfx_kthread+0x10/0x10 [ 471.018521][ T49] ret_from_fork+0x5d7/0x6f0 [ 471.023117][ T49] ? __pfx_kthread+0x10/0x10 [ 471.027712][ T49] ret_from_fork_asm+0x1a/0x30 [ 471.032514][ T49] [ 471.035532][ T49] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 471.042806][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 471.054779][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 471.064830][ T49] Workqueue: bond0 bond_mii_monitor [ 471.070035][ T49] Call Trace: [ 471.073309][ T49] [ 471.076234][ T49] dump_stack_lvl+0x3d/0x1f0 [ 471.080833][ T49] panic+0x71c/0x800 [ 471.084733][ T49] ? __pfx_panic+0x10/0x10 [ 471.089154][ T49] ? show_trace_log_lvl+0x29b/0x3e0 [ 471.094368][ T49] ? check_panic_on_warn+0x1f/0xb0 [ 471.099488][ T49] ? __linkwatch_sync_dev+0x1ed/0x230 [ 471.104858][ T49] check_panic_on_warn+0xab/0xb0 [ 471.109802][ T49] __warn+0xf6/0x3c0 [ 471.113703][ T49] ? __linkwatch_sync_dev+0x1ed/0x230 [ 471.119082][ T49] report_bug+0x3c3/0x580 [ 471.123419][ T49] ? __linkwatch_sync_dev+0x1ed/0x230 [ 471.128791][ T49] handle_bug+0x184/0x210 [ 471.133116][ T49] exc_invalid_op+0x17/0x50 [ 471.137616][ T49] asm_exc_invalid_op+0x1a/0x20 [ 471.142463][ T49] RIP: 0010:__linkwatch_sync_dev+0x1ed/0x230 [ 471.148441][ T49] Code: 05 ff ff ff e8 34 8b 59 f8 c6 05 49 ec 2d 07 01 90 ba 48 00 00 00 48 c7 c6 c0 90 e3 8c 48 c7 c7 60 90 e3 8c e8 d4 4f 18 f8 90 <0f> 0b 90 90 e9 d6 fe ff ff 48 c7 c7 44 42 a8 90 e8 2e 5b c0 f8 e9 [ 471.168047][ T49] RSP: 0018:ffffc90000ba79f0 EFLAGS: 00010286 [ 471.174117][ T49] RAX: 0000000000000000 RBX: ffff88805963a000 RCX: ffffffff817ae248 [ 471.182089][ T49] RDX: ffff88801b9dc880 RSI: ffffffff817ae255 RDI: 0000000000000001 [ 471.190054][ T49] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 471.198022][ T49] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff92000174f48 [ 471.205990][ T49] R13: ffff88805963acc5 R14: ffffffff8c5910c0 R15: ffffffff899bcdb0 [ 471.213955][ T49] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 471.219597][ T49] ? __warn_printk+0x198/0x350 [ 471.224366][ T49] ? __warn_printk+0x1a5/0x350 [ 471.229137][ T49] ethtool_op_get_link+0x1d/0x70 [ 471.234077][ T49] bond_check_dev_link+0x3fc/0x710 [ 471.239189][ T49] ? __pfx_bond_check_dev_link+0x10/0x10 [ 471.244832][ T49] bond_mii_monitor+0x3c0/0x2dc0 [ 471.249780][ T49] ? __pfx_bond_mii_monitor+0x10/0x10 [ 471.255595][ T49] ? lock_acquire+0x62/0x350 [ 471.260197][ T49] ? preempt_schedule_thunk+0x16/0x30 [ 471.265577][ T49] process_one_work+0x9cc/0x1b70 [ 471.270519][ T49] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 471.276672][ T49] ? __pfx_process_one_work+0x10/0x10 [ 471.282050][ T49] ? assign_work+0x1a0/0x250 [ 471.286651][ T49] worker_thread+0x6c8/0xf10 [ 471.291252][ T49] ? __pfx_worker_thread+0x10/0x10 [ 471.296360][ T49] kthread+0x3c2/0x780 [ 471.300426][ T49] ? __pfx_kthread+0x10/0x10 [ 471.305014][ T49] ? rcu_is_watching+0x12/0xc0 [ 471.309779][ T49] ? __pfx_kthread+0x10/0x10 [ 471.314369][ T49] ret_from_fork+0x5d7/0x6f0 [ 471.318962][ T49] ? __pfx_kthread+0x10/0x10 [ 471.323547][ T49] ret_from_fork_asm+0x1a/0x30 [ 471.328320][ T49] [ 471.331510][ T49] Kernel Offset: disabled [ 471.335810][ T49] Rebooting in 86400 seconds..