last executing test programs: 9.611897173s ago: executing program 3 (id=786): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r6, 0xc048aec8, &(0x7f0000000100)={0x1}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001900010000000000000000001c140000fe005f"], 0x24}}, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb", 0xb8, 0x4040004, 0x0, 0x0) 8.19423815s ago: executing program 2 (id=791): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000680)={0x3}, 0x10) write(r1, &(0x7f0000000040)="1b0000001a005f0214f9f4070009040081000000fd000002000000", 0x1b) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x11, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x7ff, 0x1c, &(0x7f00000001c0)=""/28, 0x40f00, 0x8, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x1, 0x1, 0x9, 0x7}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000280)=[{0x4, 0x2, 0xc, 0x2}, {0x5, 0x4, 0xd, 0x5}, {0x3, 0x3, 0x0, 0x2}, {0x2, 0x3, 0xf, 0x9}, {0x1, 0x5, 0x5, 0x1}, {0x3, 0x4, 0x10}], 0x10, 0x80000000, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, r3, 0x25, 0x0, @void}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 8.118615947s ago: executing program 2 (id=793): r0 = mq_open(&(0x7f00000019c0)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_getsetattr(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'gre0\x00'}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x32}, 0x9c) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r2, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x4) setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000380)=0xffffffffffffffff, 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "00001000", "4e67cb72f328ac2f"}, 0x28) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902"], 0x0) writev(r4, &(0x7f0000000000)=[{&(0x7f0000000240)='-', 0x1200}], 0x1) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xc, 0xa031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0) write$sysctl(r5, &(0x7f0000000180)='4\x00', 0x2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sendto$inet6(r1, &(0x7f00000001c0)="9703bfeabf8d9a7393988e12a46cd2d388a294f2de73cbe908a730f04791c53a454bfe3bf17972bdffb00e14f7684d3cfd328f90d4a918ba3e1e23613f4b03bf11305bd0127ee228693c824b08f8604083d5a233f5a98cd08c9c7fa770a6de193c86a8c2c691ff275c4023e3f5262fce4ea6b44a96c4b25e680ca79e795026b46ee8999c144980c56d60fb7246256d79d4d56fe880961aae22", 0x99, 0x48040, &(0x7f0000000080)={0xa, 0x4e23, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='gi', @ANYRESHEX=r6]) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='ntfs3\x00', 0x0, &(0x7f0000000340)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x28}, 0x9c) 8.015769249s ago: executing program 3 (id=795): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xa, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x2) socket(0x23, 0x0, 0x200) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) get_robust_list(r3, &(0x7f0000000280)=&(0x7f0000000200)={&(0x7f0000000100)={&(0x7f0000000000)}, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)}}, &(0x7f0000000300)=0x18) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x3, 0x3}, 0x1) write$bt_hci(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="115f0ad1427987d3fe717af8de7cd33bebd0e22e29b00870027f14f15f674027979427219d8fa39c99775a73d57da61c4486d217aa7d75aaec3e3a0d199b8c263c53addb869560c401e225852ab6ce9fc250ef003852dcea9238e598d83ace143ba2834f14a49c8a2caef7a59e1bc5365db6b545699609eabe43b9e6b49bee5b38a0def3cdf2ec16f3f3059681529a649f62b193ba24fb173456d8ea846e080950451ee46c4ac006379fb2b13ec05266b6bc66ad569cef0d0e8564b760f358c6ddbec293860d828de51f306a0b51347b635de6515ce7e18fb8be79880dd53030792119d684ead550ed4ca1adfdd05d822c35ab63d33775153aff6044ece097", @ANYRESOCT=r0, @ANYBLOB="ed2dd0b2db737e927dcc9b15804a7bf145dc7cfc09c4fad0d15f5aed31e2b638d1e401d7a2cdf343fe72e951e86a0cbe76ad570d4dcb1b798ac72652e38a5493d38423c0bfe1edcaac88135d384b1cb9e37e9938a11f09a7873782683f14b0953f7357f211af2d254c5136d5dd8e030b", @ANYRESDEC=r2, @ANYBLOB="2a1b40ac47834a4d1f5db388907851fe5eebf89446cb2301f0b1fc96b19b2ae12a915e424ec0e1da41a4026f82115ea9e0c7c831612a1092d8242abaea13a47549bc89a350f62207db13c5bdc6620d5970f785b2ffa963fdf8de529083993afe24395c2934aec337ada67c0036b72c41186bcd133dde0740ffd41fcf000936ee6f2dc023bf0b1d181053248e5e8ce01e17653f8406e8b493550128bff9cde0d42c8b1f0d96"], 0x8) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000000)=0x1, 0x29) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0xce22, 0x0, @mcast2}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0xfffffffffffffec0, 0x0, 0x0, &(0x7f0000001fc0)=""/136, 0xb2}}], 0x1, 0x5, 0x0) ioperm(0x0, 0x44, 0x7) process_mrelease(0xffffffffffffffff, 0x2) syz_emit_ethernet(0x3e, &(0x7f0000000300)=ANY=[], 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) mkdir(&(0x7f0000000040)='./file0\x00', 0x40) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='\x00\x00\x00\x04\x00\x00\x00\x00a\x80\x00\xce\x9d\x19F\x8e\x887\xedd\x98\xb3\xc2YY\xfe\x98\xa4\x7f7.\xfbYb>Z\xc9\xe9)\xc07@Cv', 0xfffffffffffffffe, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 6.483978195s ago: executing program 3 (id=798): ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000000c0)=0x200000) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x500, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 6.229428991s ago: executing program 3 (id=800): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x1a0682) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1f6000000000000000001e0000003c002f802c0003800800010000000000200003800c0004000202aaaaaaaaaaaa060001000000000008000200030000000c0002000202aaaaaaaaaaaa0c00060001000000010000000749b9f3566cf68bb8590fb2c9f1824bddf888c615817aae3a19fb53a015579966d48cdd2bc8e29ba61cebf506172b653b1c"], 0x5c}}, 0x0) (async) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x881, 0x0) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r4, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="1f769a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r4, 0x0, 0x0) (async, rerun: 32) syz_usb_control_io$hid(r4, 0x0, 0x0) (rerun: 32) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000300)=ANY=[@ANYBLOB="0000070000009c45"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$printer(r4, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000540)={0x0, 0x0, 0x2, "c44a"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r4, 0x0, 0x0) (async) ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000001080)=0x2) ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000001100)=0xfffffffc) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x5, 0x0, 0x1, 'queue0\x00'}) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000090a010400000000080000000000000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f200009801c0002"], 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async, rerun: 32) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f"}) (async, rerun: 32) write$sndseq(r0, &(0x7f00000000c0)=[{0x5, 0x0, 0x0, 0x0, @time, {}, {0x0, 0x1}, @result}], 0x1c) 5.742005881s ago: executing program 0 (id=804): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='d', 0x1, 0x0, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, 0x0) io_uring_enter(r2, 0x0, 0xdfd2, 0x1, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r5 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0) sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) 5.581575733s ago: executing program 4 (id=806): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) statx(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x6000, &(0x7f0000000240)) r1 = io_uring_setup(0x1b97, &(0x7f0000000000)) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x94}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r3 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3}}, 0x1c) r4 = accept4$phonet_pipe(r3, &(0x7f00000000c0), &(0x7f0000000140)=0x10, 0x80800) accept4$phonet_pipe(r4, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x80800) mq_open(&(0x7f0000000580)='@\x00\xb1#9j\xbc\xe8v\x1e\xc4@P\x81r&\xff\xa9\x04\xf5\xac\x17\xaa\x06\xcd\x9c\x95\x18\x99N\xe3Wt\xaaU0\xd1\xe5\xfe\xe2\xa6\xdb\x82\x18\n**\x8f\xe3\x1c\xda\xeeMcO\x03!\xafK\xc8=\xc1\xa9\xd2\x96\x99\x8be\x83B\xf8&\xbe\xddg}\x11DyL\x8fs\xaf^\x1cv\x06\xd7(\xbdS\x9c6\xcfZ\xd4xA\xaf\xb4\xc4\x9b\x16\xc8D\xa8~\xb2\xf9T\a\xce\xa5k\xbf }u\x9a\x0e\xe2\xd6\xf3\xdfr\xe2\xc3\xee\"\x0f[\xb0\xb4\xe2\xa8\xe5\xa0\x17\xcf\x13\xf5\a\x12{[\x8auf#k\xcb\xd3\xb7I', 0x80, 0x3, &(0x7f0000000500)={0xb452, 0x0, 0x6, 0xbe7}) r5 = syz_open_dev$sndctrl(&(0x7f0000000c40), 0x1f, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x3}}, 0x1c) r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000400)={r1, 0x0, 0x25, 0x2, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000440)=r6, 0x4) ioctl$TIOCSSOFTCAR(r2, 0x545c, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 4.506382879s ago: executing program 1 (id=807): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$binfmt_script(r5, &(0x7f00000003c0)={'#! ', './bus'}, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, 0x0, 0x0) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb) 3.834081244s ago: executing program 0 (id=808): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000000)=0xa4ffffff, 0x4) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f0000000040)) 3.701285554s ago: executing program 0 (id=809): connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x2e) io_setup(0x5, &(0x7f0000000e80)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x24044040) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(0xffffffffffffffff, 0x0, 0x0) symlinkat(&(0x7f0000000040)='./file0/../file0\x00', r4, &(0x7f0000000140)='./file0\x00') readlinkat(r4, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) r5 = socket(0x10, 0x2, 0x0) r6 = dup2(r5, r5) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r6, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) sendto$inet6(r7, &(0x7f0000000000)="7800000018001f05b9409b0dffff000d0203be040205060506014007430008000f000000fac8388827a685a168d9a4c6040045653600648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902003a03004a32000400160012000a00000000000000000000080756ede4ccbe5880", 0x78, 0x0, 0x0, 0x0) r8 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000001580)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, r8, &(0x7f0000000080)="8c", 0x1}]) 3.657439009s ago: executing program 4 (id=810): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8916, &(0x7f0000000000)={r4}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9", 0x6, 0x4040004, 0x0, 0x0) 3.539930437s ago: executing program 1 (id=811): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000180016801400018010000200ffffffc3"], 0x40}}, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x36) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x1c}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) write$bt_hci(r4, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00010002"], 0x8) 3.46795142s ago: executing program 2 (id=812): socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0x11, &(0x7f0000000140)={0x8, 0x200020000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r1 = memfd_secret(0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) utimensat(r1, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0x2ab5, &(0x7f0000000680)={0x0, 0x0, 0x2000, 0x0, 0xfffffffe}) r4 = socket(0x2b, 0x1, 0x1) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000080)="059f80f3ea7b119fe93daaa7c808d49a", 0x10) close_range(r3, 0xffffffffffffffff, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4001, &(0x7f0000000000), 0x7, 0x0) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffc000/0x1000)=nil) mbind(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f00000001c0)={0x0, 0x0, 0x14, 0x0, 0x19, &(0x7f0000000280)="287cfe5fb74413940acde873e48f49056b09454a367578018af7dcc71e38e0b16354ea59da8f8872a83fd843302e73116dd677432764f8a1ce8ad1629be612caf74c9afe50985bec5cf98772ba1f07453cb8e1a38c7ff3b6b2a6eaa711d312b77ab5a0715b0c3f7e1bf41eb6e00a9decee71bfe9f401f7c2a797a805c81139b7258a45a585515154b32f36a3630dcf3123a31aabac4cfece3ae8abd0f12e87642bc0c0c32491270c22e42fe6cfc7ecc7dec85ca06053a77e0e2108aa51a9f1a98fed0ea123764cdbbe02254795f70693a8f2a03317c280b291f45be2956b64d22dcd13c5eff736cfa35667aa45f9c4a7c79067ec622ad20f5a0d57a9e79030a302de4d6e3756cc9a58f1e86ef1aaf04ab44c541a40b4c6922986cdddae8512819b89f6d77bf8b3eb42b70d5ebbc762f300d93d21aaad3efc5d801be8d6f91ea02cbe2cd44d88d5b23b221f073f8931a7515063907b37e51acdfc0d8f0a17d5a7320961c9c7163173e71158a3740e0d79c7fb32b57e983cb1dd768827e94b6050448787c02fb509527dd1dc172422a39021e7e7ae4859859bdfda183c63ca4dddb2a6b02bd589bce5a45f603afcdb9fb6840d06bf2eca1eebbca1227b6d58aff8d853f9948415837ebd29906fa36b8509905eb02558761a439660be809256dd96445da3ab318dadfb1fdf025d8f02b721795319fc79df94f7a16a1c7fea570da0f79391c47b1da4867846ef87087ff2bd410b07a32d12c78bdafab755e46ab54817d3db8e39dfa07d03fb2ec584ef3c80c58c12d29a6c56ea6ae5c86de7354aae919a90969fbf871620f1a76d9a547f24a536ecbbf91b6587a81060b16bd9435a234faf1ad48fcbefe8b66ff21e531d41b07754973e3f18bb6ac3d877db54bf71ceb2550d44070be5f1b6b9b9555d5dce27bbcbae252856d7dc4f3378fe37ec9bddbbe53847a346e295664cd25c6b108a96934a3cabc9406f8b8f07720d0e93196c247e61cc6d483ae0da5703860b459e6a983dee967bd72a16652e5980dd22ab93d6043577a9cbce73cc03218e618701395e084ff72f5ce7e4caaff38b1767e3e23a163d8ea0ebb7dcd051ec46d71eec695434f118239cb3a881f04030f92881ab4fac2a1a79ee868e00424c4deafd5d3ab807f350ba9232725fdec431e8c16a4dd95102cad03bfa41d18f0e67abdc123ff986f3c171cee123779a8efdcaf78202f3a52311c5b5bd78907e525c5b23f8a6786af0cf9a22f576b5931e7831d4b9caa74fcf90f12b5a727721943e3d48c04b0cd400bb830368660d9f8fb274fe898d54901837fada91fafb56730130de3deb404c61702cbe13dfa3f656e931134293f75d1153dc3c2780e4327b801b885a159fd9fcfa091f26b06902414fe75c8a25f1596da39fce54fcf27d537b246d44927b844c8ffd45aaa88b0967ebdc3e3a"}) r7 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x20002, 0x0, 0x14}, 0x18) getdents(r7, &(0x7f0000000080)=""/240, 0xf0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv6_newaddrlabel={0x38, 0x48, 0x109, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @remote}]}, 0x38}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r8, &(0x7f0000000180)=@abs, 0x6e) 1.875698192s ago: executing program 4 (id=813): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000c80), r0) sendmsg$NFC_CMD_VENDOR(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000d00)={0x14, r1, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000340)) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000003b0007010000000010000000047c00000800000037425d555d280f1cd1f25ac67833b2884442bb894264c471578778e6eb76cd07293e0622b5ebb4d1d3315bb0e4ece57c5e7878d17dd90e04a9d91568a3320165e5c581e20b2d370ae88534293a1a493632ca0315afc40d6728c7daa509759cb8af4f3f91b24356154dc941a5ccdad513a271c1eda87e1a2df3e029c210b61ffd0574dc969d8aa9ec615a618bd4c28c086862394ce3eefc4d", @ANYRES32=0x0, @ANYBLOB], 0x30}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(0xffffffffffffffff, &(0x7f0000000080), 0xc) r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020"]) ioctl$USBDEVFS_GETDRIVER(0xffffffffffffffff, 0x41045508, 0x0) 1.630868947s ago: executing program 3 (id=814): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0x3, &(0x7f0000001740)=ANY=[@ANYRES16=r1], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb3, &(0x7f0000000040)=""/179, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$kcm(0x29, 0x2, 0x0) r8 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r7, 0x89e0, &(0x7f0000000180)={r8, r6}) preadv(r5, &(0x7f00000014c0)=[{&(0x7f0000000340)=""/191, 0xbf}], 0x1, 0x4, 0xfffffffd) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="30003300c0000000ffffffffffff080211000000ffffffffffff"], 0x4c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r10, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r11 = getpid() sched_setscheduler(r11, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r13, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r13, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r12, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) io_uring_setup(0x0, 0x0) sendto$llc(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 1.569291901s ago: executing program 1 (id=815): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffff7feffff7ffd]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x12) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0) 1.436018972s ago: executing program 0 (id=816): mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, 0x0, 0x2, 0x30, 0xffffffffffffffff, 0x0) 1.39073143s ago: executing program 1 (id=817): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/11], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="68000000020601000000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a30000000002000078005000300000000000c0001800800014080ffffff05001400fa00000005000500020000000500010006"], 0x68}}, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0) sendfile(r3, r3, 0x0, 0x2f) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x21}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_256={{0x304}, "f187cc526f6ab7cd", "87216900ad68a35a406169ec4c2b003ade912689fb0000dd00", "3eadedf9", "76e02174f376eaa1"}, 0x38) r4 = socket$kcm(0x10, 0x2, 0x4) getitimer(0x2, &(0x7f00000000c0)) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1-neon)\x00'}, 0x58) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40088a01, &(0x7f0000000000)=0x100) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000180)={r4, 0x1, 0x800, 0x7fff}) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), r3) sendmsg$DEVLINK_CMD_PORT_SPLIT(r5, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="b600000064286cbc76fa71", @ANYRES16=r6, @ANYRESDEC=r6], 0x98}, 0x1, 0x0, 0x0, 0xc000805}, 0x2048814) sendmsg$kcm(r4, &(0x7f0000000240)={0x0, 0xf0ffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r8, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x9}, 0x80, &(0x7f0000000080)=[{&(0x7f00000006c0)}, {&(0x7f0000000280)}], 0x2}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x25dfdbfb, {0xa, 0x40, 0xaa, 0x0, r11}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x40}}, 0x0) 1.332219154s ago: executing program 0 (id=818): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000080)='d', 0x1, 0x0, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, 0x0) io_uring_enter(r2, 0x0, 0xdfd2, 0x1, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r5 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0) sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0) 1.271843541s ago: executing program 2 (id=819): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) (async) r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) (async) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0x0) (async) pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0x0) (async, rerun: 32) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0xfffffffdffffffff) (async, rerun: 32) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYRESDEC=0x0], 0x54}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async, rerun: 32) syz_io_uring_setup(0x1, &(0x7f0000000300)={0x0, 0x4000000}, 0x0, 0x0) (async, rerun: 32) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) (async, rerun: 32) sendto(r4, &(0x7f00000003c0)="ce4b3261f0a17bd615ccf514abe0203f552470ad7ce7ff8dfe238ddedb3fb8acc81f1d2f451a09e14177e4d3a9bdf1c7bcabc473a85006de892156ce86c7202b450a13e141780575d0f025", 0x4b, 0x8890, &(0x7f0000000680)=@l2tp6={0xa, 0x0, 0x10001, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x80) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="4900330080000000ffffffffffff080211000000505050505050000000000000000000000000000001000406000000"], 0x68}}, 0x0) (async, rerun: 32) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000030a01010000000000000000020000050c0002400000000000000001"], 0x5c}}, 0x0) (async) r9 = getpgrp(0x0) r10 = syz_pidfd_open(r9, 0x0) pidfd_send_signal(r10, 0x2c, &(0x7f0000000140)={0x10000, 0x16, 0xd2000000}, 0x4) (async) r11 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 1.235626354s ago: executing program 4 (id=820): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r1, 0x0, 0x0}, 0x20) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r4 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) write(r4, &(0x7f0000000280)="1c0000001a", 0x5) preadv2(r1, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$smc(0x0, r4) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)={0x4c, 0x12, 0x4, 0x70bd25, 0x25dfdbfb, {0x29, 0xa0, 0xff, 0xf, {0x4e21, 0x4e20, [0x0, 0xffffffd4, 0x4, 0x40000], [0xff, 0x0, 0x802, 0x7fffffff], 0x0, [0x6]}, 0x2}}, 0x4c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000000) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0xf0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x1000, 0x2, 0x0, 0x0, {0x0, 0x894, 0x0, 0x7, 0x0, 0x0, 0x1}, 0x6, 0x800, 0x90}}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x25}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}]]}, 0x5c}}, 0x0) 1.09950825s ago: executing program 2 (id=821): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a3000000000240007800c0002800800010cffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = memfd_create(&(0x7f00000004c0)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\x97.A\x84\x1d\xc2\x86\x89{\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\xb7\xbc\xc3\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x00\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0s\xa8\x1f(\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9\x00'/649, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000003680)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @local}, @empty}}}}}}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)) socket$tipc(0x1e, 0x2, 0x0) r3 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='\xbch#harset', 0x0) r4 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000040)=0x1c, 0x80000) ioctl$sock_netdev_private(r4, 0x89f4, &(0x7f00000000c0)="596d81d4f319769a07f8249bc88fa3c7c039eb21db30e2d63f10dc44545177c7d3ea061eea68b6047c5dd2df8f8304adffaadb31a43c45e0bd225d8c2f5cf110ff02e53bea6422cf03c46ccb996c5d1cee58036912b02dee6ebf3d2a21affd7f7aa305297c8ea70e47e4a27deb15") mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20051, r1, 0xce9e1000) ioctl$FS_IOC_RESVSP(r1, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x10ff}) 1.073491165s ago: executing program 1 (id=822): r0 = gettid() r1 = epoll_create1(0x0) epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) close(r1) tkill(r0, 0x7) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r2, 0x29, 0x9, 0x0, &(0x7f0000000040)=0x28) 935.842233ms ago: executing program 4 (id=823): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}}}}) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc0000000000000000000000000000000000000000000000000000000000008107e0b6d0c935bb00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x200, 0x4) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0x40) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x24}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r2, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) 439.675842ms ago: executing program 3 (id=824): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) read(r1, &(0x7f0000000240)=""/179, 0xb3) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_bridge\x00'}, {0x14, 0x1, 'geneve0\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14, 0x10}}, 0xfc}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x16, &(0x7f00000006c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfadfe6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400ef0bd697d135324ce480c2960344de346bd511dea4ff7a07400b2d12dd1a8c4c300aee5f948777085ca142b79dfc3aca5fadaa0532ab0572169f68584ff2ee063bc7e75ecd5cc8973464629ba236e3ff97f6033d0800000000000000cef54a60aff12590a50ef147e3e640193d00263003a4ef412420a070dd0327e47c8c7abb77b4b53874788d7e2e5d554de4713db957afb56d4673f1b904c5a317d3670003000000183fb7d36e173044080034"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffa0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$OBJ_PIN_MAP(0x9, &(0x7f0000000040)=@generic={0x0, r3}, 0x18) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socket$nl_netfilter(0x10, 0x3, 0xc) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) 248.820904ms ago: executing program 4 (id=825): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}}, 0x4000040) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x1000}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x5195c342}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}}, 0x4010) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x2c, 0x17, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000001, 0x10, r1, 0x9d4f000) 58.268824ms ago: executing program 2 (id=826): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9", 0x6, 0x4040004, 0x0, 0x0) (fail_nth: 7) 57.819754ms ago: executing program 0 (id=827): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffff7feffff7ffd]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x12) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0) 0s ago: executing program 1 (id=828): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x0, 0x1}, 0x20) unshare(0x400) fadvise64(r0, 0x0, 0x0, 0x4) kernel console output (not intermixed with test programs): netlink: 28 bytes leftover after parsing attributes in process `syz.2.468'. [ 555.481234][ T8369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.468'. [ 555.569883][ T8371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.467'. [ 556.322821][ T8373] FAULT_INJECTION: forcing a failure. [ 556.322821][ T8373] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 556.336585][ T8373] CPU: 1 UID: 0 PID: 8373 Comm: syz.3.470 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 556.346862][ T8373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 556.356942][ T8373] Call Trace: [ 556.360256][ T8373] [ 556.363206][ T8373] dump_stack_lvl+0x241/0x360 [ 556.367920][ T8373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 556.373142][ T8373] ? __pfx__printk+0x10/0x10 [ 556.377768][ T8373] should_fail_ex+0x3b0/0x4e0 [ 556.382469][ T8373] _copy_from_user+0x2f/0xe0 [ 556.387124][ T8373] move_addr_to_kernel+0x82/0x150 [ 556.392164][ T8373] __sys_sendto+0x29d/0x4f0 [ 556.396686][ T8373] ? __pfx___sys_sendto+0x10/0x10 [ 556.401745][ T8373] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 556.407760][ T8373] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 556.414183][ T8373] __x64_sys_sendto+0xde/0x100 [ 556.418972][ T8373] do_syscall_64+0xf3/0x230 [ 556.423494][ T8373] ? clear_bhb_loop+0x35/0x90 [ 556.428200][ T8373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.434105][ T8373] RIP: 0033:0x7fa490f7def9 [ 556.438529][ T8373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.458160][ T8373] RSP: 002b:00007fa491d6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 556.466588][ T8373] RAX: ffffffffffffffda RBX: 00007fa491135f80 RCX: 00007fa490f7def9 [ 556.474563][ T8373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 556.482540][ T8373] RBP: 00007fa491d6c090 R08: 0000000020000380 R09: 0000000000000010 [ 556.490526][ T8373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 556.498527][ T8373] R13: 0000000000000000 R14: 00007fa491135f80 R15: 00007ffeaf82d598 [ 556.506512][ T8373] [ 556.509550][ C1] vkms_vblank_simulate: vblank timer overrun [ 556.909006][ T8379] FAULT_INJECTION: forcing a failure. [ 556.909006][ T8379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 556.946386][ T8383] netlink: 8 bytes leftover after parsing attributes in process `syz.3.475'. [ 556.982387][ T8381] netlink: 40 bytes leftover after parsing attributes in process `syz.4.472'. [ 556.996496][ T8379] CPU: 0 UID: 0 PID: 8379 Comm: syz.0.473 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 557.006784][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 557.016864][ T8379] Call Trace: [ 557.020171][ T8379] [ 557.023128][ T8379] dump_stack_lvl+0x241/0x360 [ 557.027842][ T8379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 557.033074][ T8379] ? __pfx__printk+0x10/0x10 [ 557.037694][ T8379] ? __pfx_lock_release+0x10/0x10 [ 557.042755][ T8379] should_fail_ex+0x3b0/0x4e0 [ 557.047482][ T8379] _copy_from_user+0x2f/0xe0 [ 557.052127][ T8379] copy_msghdr_from_user+0xae/0x680 [ 557.057361][ T8379] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 557.063217][ T8379] __sys_sendmsg+0x237/0x390 [ 557.067851][ T8379] ? __pfx___sys_sendmsg+0x10/0x10 [ 557.072998][ T8379] ? vfs_write+0x7bf/0xc90 [ 557.077475][ T8379] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 557.083836][ T8379] ? do_syscall_64+0x100/0x230 [ 557.088634][ T8379] ? do_syscall_64+0xb6/0x230 [ 557.093338][ T8379] do_syscall_64+0xf3/0x230 [ 557.097867][ T8379] ? clear_bhb_loop+0x35/0x90 [ 557.102585][ T8379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.108510][ T8379] RIP: 0033:0x7f0ad2d7def9 [ 557.112940][ T8379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.132700][ T8379] RSP: 002b:00007f0ad3b2c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 557.141144][ T8379] RAX: ffffffffffffffda RBX: 00007f0ad2f35f80 RCX: 00007f0ad2d7def9 [ 557.149136][ T8379] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 557.157127][ T8379] RBP: 00007f0ad3b2c090 R08: 0000000000000000 R09: 0000000000000000 [ 557.165149][ T8379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 557.173146][ T8379] R13: 0000000000000000 R14: 00007f0ad2f35f80 R15: 00007fff8c7c8138 [ 557.181160][ T8379] [ 563.001155][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.013635][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.324517][ T943] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 563.332251][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 563.868029][ T8412] fuse: Bad value for 'fd' [ 564.901858][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 564.908267][ T8416] mmap: syz.4.480 (8416) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 564.983433][ T5321] IPVS: starting estimator thread 0... [ 565.513779][ T8422] IPVS: using max 19 ests per chain, 45600 per kthread [ 565.850330][ T8427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.482'. [ 567.848898][ T8446] FAULT_INJECTION: forcing a failure. [ 567.848898][ T8446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.096632][ T8446] CPU: 0 UID: 0 PID: 8446 Comm: syz.0.486 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 568.107030][ T8446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 568.117108][ T8446] Call Trace: [ 568.120403][ T8446] [ 568.123346][ T8446] dump_stack_lvl+0x241/0x360 [ 568.128053][ T8446] ? __pfx_dump_stack_lvl+0x10/0x10 [ 568.133278][ T8446] ? __pfx__printk+0x10/0x10 [ 568.137906][ T8446] ? __pfx_lock_release+0x10/0x10 [ 568.142977][ T8446] should_fail_ex+0x3b0/0x4e0 [ 568.147688][ T8446] _copy_from_user+0x2f/0xe0 [ 568.152302][ T8446] copy_msghdr_from_user+0xae/0x680 [ 568.157534][ T8446] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 568.163381][ T8446] __sys_sendmsg+0x237/0x390 [ 568.168004][ T8446] ? __pfx___sys_sendmsg+0x10/0x10 [ 568.173141][ T8446] ? vfs_write+0x7bf/0xc90 [ 568.177615][ T8446] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 568.183974][ T8446] ? do_syscall_64+0x100/0x230 [ 568.188853][ T8446] ? do_syscall_64+0xb6/0x230 [ 568.193570][ T8446] do_syscall_64+0xf3/0x230 [ 568.198149][ T8446] ? clear_bhb_loop+0x35/0x90 [ 568.202850][ T8446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.208763][ T8446] RIP: 0033:0x7f0ad2d7def9 [ 568.213191][ T8446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.232814][ T8446] RSP: 002b:00007f0ad3b2c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.241259][ T8446] RAX: ffffffffffffffda RBX: 00007f0ad2f35f80 RCX: 00007f0ad2d7def9 [ 568.249280][ T8446] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 568.257264][ T8446] RBP: 00007f0ad3b2c090 R08: 0000000000000000 R09: 0000000000000000 [ 568.265253][ T8446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.273254][ T8446] R13: 0000000000000000 R14: 00007f0ad2f35f80 R15: 00007fff8c7c8138 [ 568.281261][ T8446] [ 570.113576][ T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 570.451569][ T25] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 570.543701][ T25] usb 2-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xE1, changing to 0x81 [ 570.626191][ T25] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14129, setting to 64 [ 570.679603][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 570.698071][ T25] usb 2-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 570.719852][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 570.729166][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 570.738412][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 570.759668][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 570.767242][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 570.777376][ T25] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 570.840514][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.138819][ T1056] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.282016][ T8475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.494'. [ 571.585537][ T8455] netlink: 144 bytes leftover after parsing attributes in process `syz.1.491'. [ 572.068305][ T25] ath6kl: Failed to submit usb control message: -110 [ 572.106392][ T25] ath6kl: unable to send the bmi data to the device: -110 [ 572.114461][ T25] ath6kl: Unable to send get target info: -110 [ 572.159930][ T25] ath6kl: Failed to init ath6kl core: -110 [ 572.223601][ T25] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -110 [ 572.302716][ T8474] 9pnet: Could not find request transport: 0x000000000000000c [ 572.401047][ T8] usb 2-1: USB disconnect, device number 7 [ 572.407798][ T1056] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.503598][ T5220] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 572.586578][ T1056] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.721986][ T8488] FAULT_INJECTION: forcing a failure. [ 572.721986][ T8488] name failslab, interval 1, probability 0, space 0, times 0 [ 572.736140][ T8488] CPU: 1 UID: 0 PID: 8488 Comm: syz.4.498 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 572.746423][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 572.756510][ T8488] Call Trace: [ 572.759842][ T8488] [ 572.762801][ T8488] dump_stack_lvl+0x241/0x360 [ 572.767529][ T8488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 572.772827][ T8488] ? __wake_up_klogd+0xcc/0x110 [ 572.777730][ T8488] ? dump_stack+0x9/0x20 [ 572.782025][ T8488] should_fail_ex+0x3b0/0x4e0 [ 572.786750][ T8488] ? security_sb_alloc+0x45/0x320 [ 572.791818][ T8488] should_failslab+0xac/0x100 [ 572.796545][ T8488] ? security_sb_alloc+0x45/0x320 [ 572.801608][ T8488] __kmalloc_noprof+0xd8/0x400 [ 572.806406][ T8488] security_sb_alloc+0x45/0x320 [ 572.811278][ T8488] alloc_super+0x229/0x9d0 [ 572.815720][ T8488] ? __pfx_test_keyed_super+0x10/0x10 [ 572.821133][ T8488] sget_fc+0x34c/0x9c0 [ 572.825250][ T8488] ? __pfx_set_anon_super_fc+0x10/0x10 [ 572.830722][ T8488] ? __pfx_rpc_fill_super+0x10/0x10 [ 572.835944][ T8488] get_tree_keyed+0x5c/0x170 [ 572.840556][ T8488] vfs_get_tree+0x90/0x2b0 [ 572.844994][ T8488] vfs_cmd_create+0xa0/0x1f0 [ 572.849602][ T8488] ? __se_sys_fsconfig+0xa15/0xf70 [ 572.854734][ T8488] __se_sys_fsconfig+0xa1f/0xf70 [ 572.859694][ T8488] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 572.865166][ T8488] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 572.871165][ T8488] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 572.877517][ T8488] ? do_syscall_64+0x100/0x230 [ 572.882306][ T8488] ? __x64_sys_fsconfig+0x20/0xc0 [ 572.887348][ T8488] do_syscall_64+0xf3/0x230 [ 572.891870][ T8488] ? clear_bhb_loop+0x35/0x90 [ 572.896571][ T8488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.902483][ T8488] RIP: 0033:0x7efeab77def9 [ 572.906917][ T8488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.926539][ T8488] RSP: 002b:00007efeac516038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 572.934971][ T8488] RAX: ffffffffffffffda RBX: 00007efeab936130 RCX: 00007efeab77def9 [ 572.942949][ T8488] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 572.950927][ T8488] RBP: 00007efeac516090 R08: 0000000000000000 R09: 0000000000000000 [ 572.958908][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 572.966887][ T8488] R13: 0000000000000000 R14: 00007efeab936130 R15: 00007ffea5700288 [ 572.974879][ T8488] [ 572.993786][ T5220] usb 1-1: Using ep0 maxpacket: 16 [ 573.359949][ T54] Bluetooth: hci0: command tx timeout [ 573.430398][ T5220] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 573.486230][ T5220] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 573.538830][ T5220] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.585026][ T5220] usb 1-1: config 0 descriptor?? [ 573.597068][ T1056] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.018848][ T8479] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (46336) [ 574.063591][ T8479] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 574.299217][ T1056] bridge_slave_1: left allmulticast mode [ 574.314553][ T1056] bridge_slave_1: left promiscuous mode [ 574.320445][ T1056] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.400521][ T8509] FAULT_INJECTION: forcing a failure. [ 574.400521][ T8509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 574.416132][ T8509] CPU: 1 UID: 0 PID: 8509 Comm: syz.3.503 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 574.426431][ T8509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 574.436520][ T8509] Call Trace: [ 574.439820][ T8509] [ 574.442772][ T8509] dump_stack_lvl+0x241/0x360 [ 574.447490][ T8509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 574.452695][ T8509] ? __pfx__printk+0x10/0x10 [ 574.457287][ T8509] ? snprintf+0xda/0x120 [ 574.461528][ T8509] should_fail_ex+0x3b0/0x4e0 [ 574.466216][ T8509] _copy_to_user+0x2f/0xb0 [ 574.470634][ T8509] simple_read_from_buffer+0xca/0x150 [ 574.476013][ T8509] proc_fail_nth_read+0x1e9/0x250 [ 574.481061][ T8509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.486605][ T8509] ? rw_verify_area+0x55e/0x6f0 [ 574.491449][ T8509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.497126][ T8509] vfs_read+0x201/0xbc0 [ 574.501348][ T8509] ? __pfx_lock_release+0x10/0x10 [ 574.506430][ T8509] ? __pfx_vfs_read+0x10/0x10 [ 574.511121][ T8509] ? __fget_files+0x3f3/0x470 [ 574.515871][ T8509] ? __fdget_pos+0x24e/0x320 [ 574.520502][ T8509] ksys_read+0x1a0/0x2c0 [ 574.524770][ T8509] ? __pfx_ksys_read+0x10/0x10 [ 574.529588][ T8509] ? do_syscall_64+0x100/0x230 [ 574.534402][ T8509] ? do_syscall_64+0xb6/0x230 [ 574.539104][ T8509] do_syscall_64+0xf3/0x230 [ 574.543653][ T8509] ? clear_bhb_loop+0x35/0x90 [ 574.548347][ T8509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.554260][ T8509] RIP: 0033:0x7fa490f7c93c [ 574.558688][ T8509] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 574.578302][ T8509] RSP: 002b:00007fa491d6c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 574.586726][ T8509] RAX: ffffffffffffffda RBX: 00007fa491135f80 RCX: 00007fa490f7c93c [ 574.594705][ T8509] RDX: 000000000000000f RSI: 00007fa491d6c0a0 RDI: 0000000000000003 [ 574.602693][ T8509] RBP: 00007fa491d6c090 R08: 0000000000000000 R09: 0000000000000010 [ 574.610666][ T8509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.618638][ T8509] R13: 0000000000000000 R14: 00007fa491135f80 R15: 00007ffeaf82d598 [ 574.626622][ T8509] [ 574.844973][ T1056] bridge_slave_0: left allmulticast mode [ 574.903787][ T1056] bridge_slave_0: left promiscuous mode [ 574.909620][ T1056] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.845351][ T5224] Bluetooth: hci3: command 0x0406 tx timeout [ 575.851494][ T54] Bluetooth: hci0: command tx timeout [ 575.918493][ T8479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 576.115824][ T8479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 576.164876][ T8479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 576.216319][ T8479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 576.298572][ T5220] usbhid 1-1:0.0: can't add hid device: -71 [ 576.305050][ T5220] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 576.411041][ T5220] usb 1-1: USB disconnect, device number 14 [ 576.506079][ T8530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.506'. [ 577.733558][ T8543] FAULT_INJECTION: forcing a failure. [ 577.733558][ T8543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.746780][ T8543] CPU: 0 UID: 0 PID: 8543 Comm: syz.1.508 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 577.757021][ T8543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 577.767085][ T8543] Call Trace: [ 577.770398][ T8543] [ 577.773328][ T8543] dump_stack_lvl+0x241/0x360 [ 577.778047][ T8543] ? __pfx_dump_stack_lvl+0x10/0x10 [ 577.783259][ T8543] ? __pfx__printk+0x10/0x10 [ 577.787881][ T8543] ? snprintf+0xda/0x120 [ 577.792126][ T8543] should_fail_ex+0x3b0/0x4e0 [ 577.796810][ T8543] _copy_to_user+0x2f/0xb0 [ 577.801248][ T8543] simple_read_from_buffer+0xca/0x150 [ 577.806653][ T8543] proc_fail_nth_read+0x1e9/0x250 [ 577.811683][ T8543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 577.817245][ T8543] ? rw_verify_area+0x55e/0x6f0 [ 577.822153][ T8543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 577.827870][ T8543] vfs_read+0x201/0xbc0 [ 577.832035][ T8543] ? __pfx_lock_release+0x10/0x10 [ 577.837093][ T8543] ? __pfx_vfs_read+0x10/0x10 [ 577.841795][ T8543] ? __fget_files+0x3f3/0x470 [ 577.846490][ T8543] ? __fdget_pos+0x24e/0x320 [ 577.851093][ T8543] ksys_read+0x1a0/0x2c0 [ 577.855349][ T8543] ? __pfx_ksys_read+0x10/0x10 [ 577.860130][ T8543] ? do_syscall_64+0x100/0x230 [ 577.864913][ T8543] ? do_syscall_64+0xb6/0x230 [ 577.869601][ T8543] do_syscall_64+0xf3/0x230 [ 577.874135][ T8543] ? clear_bhb_loop+0x35/0x90 [ 577.878849][ T8543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.884772][ T8543] RIP: 0033:0x7f89d9d7c93c [ 577.889200][ T8543] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 577.908899][ T8543] RSP: 002b:00007f89daab0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 577.917326][ T8543] RAX: ffffffffffffffda RBX: 00007f89d9f36058 RCX: 00007f89d9d7c93c [ 577.925403][ T8543] RDX: 000000000000000f RSI: 00007f89daab00a0 RDI: 0000000000000006 [ 577.933395][ T8543] RBP: 00007f89daab0090 R08: 0000000000000000 R09: 0000000000000010 [ 577.941492][ T8543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 577.949470][ T8543] R13: 0000000000000000 R14: 00007f89d9f36058 R15: 00007ffd4c1082a8 [ 577.957458][ T8543] [ 577.965369][ T54] Bluetooth: hci0: command tx timeout [ 578.104401][ T5220] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 578.732111][ T5220] usb 1-1: Using ep0 maxpacket: 32 [ 578.778419][ T5220] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 578.808885][ T5679] IPVS: starting estimator thread 0... [ 578.846368][ T5220] usb 1-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00 [ 578.928795][ T5220] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.953735][ T8549] IPVS: using max 25 ests per chain, 60000 per kthread [ 579.029608][ T5220] usb 1-1: config 0 descriptor?? [ 579.383954][ T1056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.429111][ T1056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.479128][ T1056] bond0 (unregistering): Released all slaves [ 579.529461][ T8537] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 579.539389][ T8520] netlink: 24 bytes leftover after parsing attributes in process `syz.3.504'. [ 579.614284][ T5220] usbhid 1-1:0.0: can't add hid device: -71 [ 579.777812][ T8466] chnl_net:caif_netlink_parms(): no params data found [ 579.811047][ T29] audit: type=1326 audit(1726610747.627:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 580.005807][ T5220] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 580.025974][ T54] Bluetooth: hci0: command tx timeout [ 585.137175][ T5220] usb 1-1: USB disconnect, device number 15 [ 585.193543][ T29] audit: type=1326 audit(1726610747.627:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 585.483507][ T29] audit: type=1326 audit(1726610747.627:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 585.634710][ T29] audit: type=1326 audit(1726610747.627:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 586.071329][ T29] audit: type=1326 audit(1726610747.627:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 586.743908][ T54] Bluetooth: hci3: unexpected event for opcode 0x202d [ 586.803778][ T29] audit: type=1326 audit(1726610747.627:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 586.921191][ T29] audit: type=1326 audit(1726610747.627:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 586.992039][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 587.010959][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 587.011727][ T8577] FAULT_INJECTION: forcing a failure. [ 587.011727][ T8577] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 587.036455][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 587.056186][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 587.064403][ T29] audit: type=1326 audit(1726610747.627:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 587.085969][ T29] audit: type=1326 audit(1726610747.637:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 587.107600][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 587.117700][ T8577] CPU: 0 UID: 0 PID: 8577 Comm: syz.1.516 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 587.127975][ T8577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 587.138055][ T8577] Call Trace: [ 587.141345][ T8577] [ 587.144332][ T8577] dump_stack_lvl+0x241/0x360 [ 587.149037][ T8577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 587.154245][ T8577] ? __pfx__printk+0x10/0x10 [ 587.158849][ T8577] ? smack_log+0x123/0x540 [ 587.163268][ T8577] ? __pfx_lock_release+0x10/0x10 [ 587.168307][ T8577] should_fail_ex+0x3b0/0x4e0 [ 587.172997][ T8577] _copy_from_user+0x2f/0xe0 [ 587.177605][ T8577] sw_sync_ioctl+0x20d/0x1060 [ 587.182302][ T8577] ? smack_file_ioctl+0x2f7/0x3a0 [ 587.187326][ T8577] ? __pfx_smack_file_ioctl+0x10/0x10 [ 587.192701][ T8577] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 587.197828][ T8577] ? __fget_files+0x3f3/0x470 [ 587.202513][ T8577] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 587.207639][ T8577] __se_sys_ioctl+0xf9/0x170 [ 587.212236][ T8577] do_syscall_64+0xf3/0x230 [ 587.216757][ T8577] ? clear_bhb_loop+0x35/0x90 [ 587.221461][ T8577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.227373][ T8577] RIP: 0033:0x7f89d9d7def9 [ 587.231810][ T8577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.251436][ T8577] RSP: 002b:00007f89daad1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 587.259861][ T8577] RAX: ffffffffffffffda RBX: 00007f89d9f35f80 RCX: 00007f89d9d7def9 [ 587.267843][ T8577] RDX: 00000000200002c0 RSI: 00000000c0105702 RDI: 0000000000000003 [ 587.275833][ T8577] RBP: 00007f89daad1090 R08: 0000000000000000 R09: 0000000000000000 [ 587.283817][ T8577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 587.291813][ T8577] R13: 0000000000000000 R14: 00007f89d9f35f80 R15: 00007ffd4c1082a8 [ 587.299826][ T8577] [ 587.309710][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 587.376074][ T29] audit: type=1326 audit(1726610747.637:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 587.516852][ T29] audit: type=1326 audit(1726610747.637:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8552 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d9d7def9 code=0x7ffc0000 [ 588.833927][ T5267] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 589.533933][ T54] Bluetooth: hci1: command tx timeout [ 589.676244][ T5267] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 589.701743][ T8466] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.709787][ T5267] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.717998][ T8466] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.737399][ T8466] bridge_slave_0: entered allmulticast mode [ 589.764616][ T5267] usb 1-1: config 0 descriptor?? [ 589.779415][ T8466] bridge_slave_0: entered promiscuous mode [ 589.845553][ T8466] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.879706][ T8466] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.895512][ T8606] FAULT_INJECTION: forcing a failure. [ 589.895512][ T8606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.917676][ T8466] bridge_slave_1: entered allmulticast mode [ 589.929212][ T8466] bridge_slave_1: entered promiscuous mode [ 589.943527][ T8606] CPU: 1 UID: 0 PID: 8606 Comm: syz.1.520 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 589.953801][ T8606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 589.963876][ T8606] Call Trace: [ 589.967168][ T8606] [ 589.970118][ T8606] dump_stack_lvl+0x241/0x360 [ 589.974847][ T8606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 589.980084][ T8606] ? __pfx__printk+0x10/0x10 [ 589.984714][ T8606] ? __pfx_lock_release+0x10/0x10 [ 589.989794][ T8606] should_fail_ex+0x3b0/0x4e0 [ 589.994505][ T8606] _copy_from_iter+0x1ed/0x1d60 [ 589.999382][ T8606] ? __virt_addr_valid+0x183/0x530 [ 590.004522][ T8606] ? __pfx_lock_release+0x10/0x10 [ 590.009580][ T8606] ? __alloc_skb+0x28f/0x440 [ 590.014193][ T8606] ? __pfx__copy_from_iter+0x10/0x10 [ 590.019483][ T8606] ? __virt_addr_valid+0x183/0x530 [ 590.024599][ T8606] ? __virt_addr_valid+0x183/0x530 [ 590.029721][ T8606] ? __virt_addr_valid+0x45f/0x530 [ 590.034845][ T8606] ? __check_object_size+0x49c/0x900 [ 590.040151][ T8606] netlink_sendmsg+0x73d/0xcb0 [ 590.044941][ T8606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.050241][ T8606] ? _parse_integer_limit+0x1b5/0x200 [ 590.055636][ T8606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.060934][ T8606] __sock_sendmsg+0x221/0x270 [ 590.065670][ T8606] sock_write_iter+0x2d7/0x3f0 [ 590.070445][ T8606] ? __pfx_sock_write_iter+0x10/0x10 [ 590.075754][ T8606] do_iter_readv_writev+0x608/0x890 [ 590.080964][ T8606] ? mark_lock+0x9a/0x360 [ 590.085348][ T8606] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 590.091077][ T8606] ? bpf_lsm_file_permission+0x9/0x10 [ 590.096461][ T8606] ? security_file_permission+0x74/0x280 [ 590.102102][ T8606] ? rw_verify_area+0x1c3/0x6f0 [ 590.106972][ T8606] vfs_writev+0x376/0xba0 [ 590.111344][ T8606] ? __pfx_vfs_writev+0x10/0x10 [ 590.116263][ T8606] ? vfs_write+0x7bf/0xc90 [ 590.120742][ T8606] ? __fdget_pos+0x19a/0x320 [ 590.125353][ T8606] do_writev+0x1b1/0x350 [ 590.129614][ T8606] ? __pfx_do_writev+0x10/0x10 [ 590.134390][ T8606] ? do_syscall_64+0x100/0x230 [ 590.139167][ T8606] ? do_syscall_64+0xb6/0x230 [ 590.143866][ T8606] do_syscall_64+0xf3/0x230 [ 590.148381][ T8606] ? clear_bhb_loop+0x35/0x90 [ 590.153070][ T8606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.158984][ T8606] RIP: 0033:0x7f89d9d7def9 [ 590.163408][ T8606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.183021][ T8606] RSP: 002b:00007f89daad1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 590.191455][ T8606] RAX: ffffffffffffffda RBX: 00007f89d9f35f80 RCX: 00007f89d9d7def9 [ 590.199435][ T8606] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000004 [ 590.207457][ T8606] RBP: 00007f89daad1090 R08: 0000000000000000 R09: 0000000000000000 [ 590.215449][ T8606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 590.223432][ T8606] R13: 0000000000000000 R14: 00007f89d9f35f80 R15: 00007ffd4c1082a8 [ 590.231432][ T8606] [ 590.659469][ T8613] evm: overlay not supported [ 590.678767][ T8466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 590.978670][ T8466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.077797][ T1056] hsr_slave_0: left promiscuous mode [ 591.098902][ T1056] hsr_slave_1: left promiscuous mode [ 591.123694][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 591.173197][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 591.214878][ T1056] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 591.254189][ T1056] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 591.432063][ T1056] veth1_macvtap: left promiscuous mode [ 591.473206][ T1056] veth0_macvtap: left promiscuous mode [ 591.491130][ T1056] veth1_vlan: left promiscuous mode [ 591.504866][ T1056] veth0_vlan: left promiscuous mode [ 591.614249][ T5231] Bluetooth: hci1: command tx timeout [ 592.336268][ T5267] pegasus 1-1:0.0: can't reset MAC [ 592.341676][ T5267] pegasus 1-1:0.0: probe with driver pegasus failed with error -5 [ 592.517725][ T5267] usb 1-1: USB disconnect, device number 16 [ 592.736668][ T1056] team0 (unregistering): Port device team_slave_1 removed [ 592.797390][ T1056] team0 (unregistering): Port device team_slave_0 removed [ 592.924912][ T5267] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 593.084084][ T5267] usb 1-1: Using ep0 maxpacket: 16 [ 593.091077][ T5267] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 593.103205][ T5267] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 593.113179][ T5267] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 593.126290][ T5267] usb 1-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 593.136539][ T5267] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.149099][ T5267] usb 1-1: config 0 descriptor?? [ 593.602643][ T8466] team0: Port device team_slave_0 added [ 593.625987][ T8466] team0: Port device team_slave_1 added [ 593.696465][ T5231] Bluetooth: hci1: command tx timeout [ 593.771850][ T5267] wacom 0003:056A:0084.000C: hidraw0: USB HID v0.00 Device [HID 056a:0084] on usb-dummy_hcd.0-1/input0 [ 594.553728][ T5267] usb 1-1: USB disconnect, device number 17 [ 594.614397][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 594.621397][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 594.657923][ T8466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 594.691813][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 594.698940][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 594.772412][ T8466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 594.982462][ T8466] hsr_slave_0: entered promiscuous mode [ 595.006901][ T8466] hsr_slave_1: entered promiscuous mode [ 595.073258][ T8466] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 595.091976][ T8466] Cannot create hsr debugfs directory [ 595.257653][ T8572] chnl_net:caif_netlink_parms(): no params data found [ 595.397734][ T8647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.529'. [ 595.773857][ T5231] Bluetooth: hci1: command tx timeout [ 596.432560][ T8653] syz.0.530 uses obsolete (PF_INET,SOCK_PACKET) [ 596.573599][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 596.605441][ T8572] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.622875][ T8572] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.630657][ T8572] bridge_slave_0: entered allmulticast mode [ 596.654854][ T8572] bridge_slave_0: entered promiscuous mode [ 596.779410][ T8572] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.783534][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 596.795098][ T8572] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.802331][ T8572] bridge_slave_1: entered allmulticast mode [ 596.817541][ T8] usb 2-1: New USB device found, idVendor=0572, idProduct=cb07, bcdDevice=f6.19 [ 596.827420][ T8667] netlink: 24 bytes leftover after parsing attributes in process `syz.3.532'. [ 596.831493][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.837449][ T8572] bridge_slave_1: entered promiscuous mode [ 596.845260][ T8] usb 2-1: Product: syz [ 596.855068][ T8] usb 2-1: Manufacturer: syz [ 596.859808][ T8] usb 2-1: SerialNumber: syz [ 596.871009][ T8] usb 2-1: config 0 descriptor?? [ 596.882176][ T8667] netlink: 56 bytes leftover after parsing attributes in process `syz.3.532'. [ 596.923655][ T8667] netlink: 'syz.3.532': attribute type 10 has an invalid length. [ 596.987009][ T8572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.027071][ T8572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.100969][ T8655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 597.136312][ T8655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 597.155005][ T8] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 597.189055][ T8] usb 2-1: USB disconnect, device number 8 [ 597.302614][ T8572] team0: Port device team_slave_0 added [ 597.315180][ T8572] team0: Port device team_slave_1 added [ 597.383564][ T5220] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 597.404814][ T8572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.411801][ T8572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.413606][ T5351] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 597.440423][ T8572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.466885][ T8572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.489629][ T8572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.539226][ T8572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.543600][ T5220] usb 4-1: Using ep0 maxpacket: 32 [ 597.565094][ T5220] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.593731][ T5220] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 597.610584][ T5220] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 597.643489][ T5351] usb 1-1: Using ep0 maxpacket: 8 [ 597.653546][ T5220] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.665936][ T5351] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 597.676360][ T5351] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.691412][ T5351] usb 1-1: Product: syz [ 597.697138][ T5220] usb 4-1: config 0 descriptor?? [ 597.709312][ T8572] hsr_slave_0: entered promiscuous mode [ 597.734910][ T5351] usb 1-1: Manufacturer: syz [ 597.739610][ T5351] usb 1-1: SerialNumber: syz [ 597.750745][ T8572] hsr_slave_1: entered promiscuous mode [ 597.772887][ T5351] usb 1-1: config 0 descriptor?? [ 597.773696][ T8572] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 597.816564][ T8572] Cannot create hsr debugfs directory [ 597.834450][ T8679] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 597.877987][ T8466] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 597.935742][ T8466] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 597.961233][ T8466] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 598.002890][ T5351] dvb_usb_rtl28xxu 1-1:0.0: chip type detection failed -71 [ 598.020742][ T5351] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 598.046151][ T8466] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 598.054127][ T5351] usb 1-1: USB disconnect, device number 18 [ 598.361345][ T8691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.538'. [ 599.337210][ T8572] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.519599][ T8572] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.665773][ T8572] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.714864][ T8466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 599.801125][ T8572] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.852657][ T8466] 8021q: adding VLAN 0 to HW filter on device team0 [ 599.905946][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.913142][ T5895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 599.977700][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.984900][ T5895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.205553][ T5220] usbhid 4-1:0.0: can't add hid device: -71 [ 600.246518][ T5220] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 600.303885][ T5220] usb 4-1: USB disconnect, device number 8 [ 600.328789][ T8723] syz.0.543: attempt to access beyond end of device [ 600.328789][ T8723] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 600.376903][ T8723] gfs2: error -5 reading superblock [ 600.413976][ T8572] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 600.458744][ T8572] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 600.501888][ T8572] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 600.625479][ T8572] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 600.736900][ T5231] Bluetooth: hci4: command 0x0406 tx timeout [ 600.744399][ T8736] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 601.011841][ T8743] FAULT_INJECTION: forcing a failure. [ 601.011841][ T8743] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.070124][ T8743] CPU: 1 UID: 0 PID: 8743 Comm: syz.0.545 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 601.080555][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 601.090623][ T8743] Call Trace: [ 601.093900][ T8743] [ 601.096837][ T8743] dump_stack_lvl+0x241/0x360 [ 601.101520][ T8743] ? __pfx_dump_stack_lvl+0x10/0x10 [ 601.106718][ T8743] ? __pfx__printk+0x10/0x10 [ 601.111319][ T8743] ? __pfx_lock_release+0x10/0x10 [ 601.116391][ T8743] should_fail_ex+0x3b0/0x4e0 [ 601.121102][ T8743] _copy_from_iter+0x1ed/0x1d60 [ 601.125973][ T8743] ? __virt_addr_valid+0x183/0x530 [ 601.131102][ T8743] ? __pfx_lock_release+0x10/0x10 [ 601.136140][ T8743] ? __alloc_skb+0x28f/0x440 [ 601.140735][ T8743] ? __pfx__copy_from_iter+0x10/0x10 [ 601.146047][ T8743] ? __virt_addr_valid+0x183/0x530 [ 601.151154][ T8743] ? __virt_addr_valid+0x183/0x530 [ 601.156258][ T8743] ? __virt_addr_valid+0x45f/0x530 [ 601.161368][ T8743] ? __check_object_size+0x49c/0x900 [ 601.166682][ T8743] netlink_sendmsg+0x73d/0xcb0 [ 601.171491][ T8743] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.176811][ T8743] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.182131][ T8743] __sock_sendmsg+0x221/0x270 [ 601.186834][ T8743] ____sys_sendmsg+0x52a/0x7e0 [ 601.191623][ T8743] ? __pfx_____sys_sendmsg+0x10/0x10 [ 601.196946][ T8743] __sys_sendmsg+0x2aa/0x390 [ 601.201543][ T8743] ? __pfx___sys_sendmsg+0x10/0x10 [ 601.206654][ T8743] ? vfs_write+0x7bf/0xc90 [ 601.211096][ T8743] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 601.217470][ T8743] ? do_syscall_64+0x100/0x230 [ 601.222258][ T8743] ? do_syscall_64+0xb6/0x230 [ 601.226947][ T8743] do_syscall_64+0xf3/0x230 [ 601.231455][ T8743] ? clear_bhb_loop+0x35/0x90 [ 601.236143][ T8743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.242044][ T8743] RIP: 0033:0x7f0ad2d7def9 [ 601.246464][ T8743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.266124][ T8743] RSP: 002b:00007f0ad3b2c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 601.274564][ T8743] RAX: ffffffffffffffda RBX: 00007f0ad2f35f80 RCX: 00007f0ad2d7def9 [ 601.282578][ T8743] RDX: 0000000000004054 RSI: 00000000200002c0 RDI: 0000000000000003 [ 601.290563][ T8743] RBP: 00007f0ad3b2c090 R08: 0000000000000000 R09: 0000000000000000 [ 601.298543][ T8743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.306525][ T8743] R13: 0000000000000000 R14: 00007f0ad2f35f80 R15: 00007fff8c7c8138 [ 601.314504][ T8743] [ 601.337139][ T8572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 601.583169][ T8466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.652772][ T8572] 8021q: adding VLAN 0 to HW filter on device team0 [ 601.766735][ T6186] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.774024][ T6186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 601.811426][ T8750] FAULT_INJECTION: forcing a failure. [ 601.811426][ T8750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.850657][ T6186] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.858016][ T6186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 601.866270][ T8750] CPU: 1 UID: 0 PID: 8750 Comm: syz.0.546 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 601.876566][ T8750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 601.886648][ T8750] Call Trace: [ 601.889952][ T8750] [ 601.892902][ T8750] dump_stack_lvl+0x241/0x360 [ 601.897620][ T8750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 601.902857][ T8750] ? __pfx__printk+0x10/0x10 [ 601.907487][ T8750] ? snprintf+0xda/0x120 [ 601.911762][ T8750] should_fail_ex+0x3b0/0x4e0 [ 601.916485][ T8750] _copy_to_user+0x2f/0xb0 [ 601.920933][ T8750] simple_read_from_buffer+0xca/0x150 [ 601.926335][ T8750] proc_fail_nth_read+0x1e9/0x250 [ 601.931392][ T8750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.936960][ T8750] ? rw_verify_area+0x55e/0x6f0 [ 601.941851][ T8750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.947396][ T8750] vfs_read+0x201/0xbc0 [ 601.951553][ T8750] ? __pfx_lock_release+0x10/0x10 [ 601.956596][ T8750] ? __pfx_vfs_read+0x10/0x10 [ 601.961290][ T8750] ? __fget_files+0x3f3/0x470 [ 601.965993][ T8750] ? __fdget_pos+0x24e/0x320 [ 601.970592][ T8750] ksys_read+0x1a0/0x2c0 [ 601.974849][ T8750] ? __pfx_ksys_read+0x10/0x10 [ 601.979620][ T8750] ? do_syscall_64+0x100/0x230 [ 601.984397][ T8750] ? do_syscall_64+0xb6/0x230 [ 601.989086][ T8750] do_syscall_64+0xf3/0x230 [ 601.993604][ T8750] ? clear_bhb_loop+0x35/0x90 [ 601.998310][ T8750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.004209][ T8750] RIP: 0033:0x7f0ad2d7c93c [ 602.008628][ T8750] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 602.028243][ T8750] RSP: 002b:00007f0ad3b2c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 602.036664][ T8750] RAX: ffffffffffffffda RBX: 00007f0ad2f35f80 RCX: 00007f0ad2d7c93c [ 602.044636][ T8750] RDX: 000000000000000f RSI: 00007f0ad3b2c0a0 RDI: 0000000000000005 [ 602.052619][ T8750] RBP: 00007f0ad3b2c090 R08: 0000000000000000 R09: 0000000000000000 [ 602.060588][ T8750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 602.068560][ T8750] R13: 0000000000000000 R14: 00007f0ad2f35f80 R15: 00007fff8c7c8138 [ 602.076546][ T8750] [ 602.107028][ T8572] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 602.176518][ T8572] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 602.263442][ T8466] veth0_vlan: entered promiscuous mode [ 602.386467][ T8466] veth1_vlan: entered promiscuous mode [ 602.556915][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.547'. [ 603.446098][ T8466] veth0_macvtap: entered promiscuous mode [ 603.489278][ T8466] veth1_macvtap: entered promiscuous mode [ 603.570658][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.592459][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.633103][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.657960][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.691531][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.705413][ T8765] netlink: 24 bytes leftover after parsing attributes in process `syz.0.548'. [ 603.712454][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.732393][ T8765] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 603.796488][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.813140][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.843469][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.869868][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.887668][ T8765] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 603.895555][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.906629][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.931525][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.952646][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.973287][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.014008][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.035402][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.087746][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.118650][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.151624][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.176535][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.209908][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.248951][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.280251][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.301848][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.325526][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.367328][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 604.378248][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 604.393932][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.127772][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.178561][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.222007][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.232965][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.248404][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.264171][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.275806][ T8787] FAULT_INJECTION: forcing a failure. [ 605.275806][ T8787] name failslab, interval 1, probability 0, space 0, times 0 [ 605.285012][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.313558][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.333827][ T8787] CPU: 0 UID: 0 PID: 8787 Comm: syz.1.551 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 605.334433][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.344104][ T8787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 605.344125][ T8787] Call Trace: [ 605.344136][ T8787] [ 605.344147][ T8787] dump_stack_lvl+0x241/0x360 [ 605.344189][ T8787] ? __pfx_dump_stack_lvl+0x10/0x10 [ 605.344220][ T8787] ? __pfx__printk+0x10/0x10 [ 605.344252][ T8787] ? __kmalloc_node_noprof+0xb7/0x440 [ 605.344282][ T8787] ? __pfx___might_resched+0x10/0x10 [ 605.383420][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.384881][ T8787] should_fail_ex+0x3b0/0x4e0 [ 605.400639][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.405997][ T8787] should_failslab+0xac/0x100 [ 605.406046][ T8787] __kmalloc_node_noprof+0xdf/0x440 [ 605.406068][ T8787] ? __kvmalloc_node_noprof+0x72/0x190 [ 605.406095][ T8787] ? is_bpf_text_address+0x26/0x2a0 [ 605.421140][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.425235][ T8787] __kvmalloc_node_noprof+0x72/0x190 [ 605.425276][ T8787] bpf_test_run_xdp_live+0x21d/0x2160 [ 605.425310][ T8787] ? arch_stack_walk+0xfd/0x150 [ 605.425345][ T8787] ? stack_trace_save+0x118/0x1d0 [ 605.441528][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.451594][ T8787] ? __lock_acquire+0x1384/0x2050 [ 605.451643][ T8787] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 605.451675][ T8787] ? mark_lock+0x9a/0x360 [ 605.451751][ T8787] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 605.473749][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.482138][ T8787] ? __might_fault+0xaa/0x120 [ 605.482173][ T8787] ? __might_fault+0xc6/0x120 [ 605.490843][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.492975][ T8787] ? _copy_from_user+0xa6/0xe0 [ 605.497975][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 605.503185][ T8787] ? bpf_test_init+0x15a/0x180 [ 605.514386][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.518296][ T8787] ? xdp_convert_md_to_buff+0x5b/0x330 [ 605.525375][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 605.533121][ T8787] bpf_prog_test_run_xdp+0x805/0x11e0 [ 605.573799][ T8763] netlink: 'syz.0.548': attribute type 10 has an invalid length. [ 605.575479][ T8787] ? __pfx_lock_release+0x10/0x10 [ 605.593841][ T8787] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 605.596010][ T8763] team0: Device ipvlan1 failed to register rx_handler [ 605.599657][ T8787] ? __fget_files+0x29/0x470 [ 605.611110][ T8787] ? fput+0x1a8/0x230 [ 605.615221][ T8787] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 605.621073][ T8787] bpf_prog_test_run+0x334/0x3b0 [ 605.626052][ T8787] __sys_bpf+0x48d/0x810 [ 605.630327][ T8787] ? __pfx___sys_bpf+0x10/0x10 [ 605.635137][ T8787] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.641156][ T8787] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.647519][ T8787] ? do_syscall_64+0x100/0x230 [ 605.652323][ T8787] __x64_sys_bpf+0x7c/0x90 [ 605.656783][ T8787] do_syscall_64+0xf3/0x230 [ 605.661311][ T8787] ? clear_bhb_loop+0x35/0x90 [ 605.666039][ T8787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.671967][ T8787] RIP: 0033:0x7f89d9d7def9 [ 605.676418][ T8787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.696053][ T8787] RSP: 002b:00007f89daad1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 605.704513][ T8787] RAX: ffffffffffffffda RBX: 00007f89d9f35f80 RCX: 00007f89d9d7def9 [ 605.712502][ T8787] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 605.720493][ T8787] RBP: 00007f89daad1090 R08: 0000000000000000 R09: 0000000000000000 [ 605.728498][ T8787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 605.736486][ T8787] R13: 0000000000000000 R14: 00007f89d9f35f80 R15: 00007ffd4c1082a8 [ 605.744499][ T8787] [ 605.892674][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 605.963467][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.000223][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.043503][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.094288][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.132250][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.145317][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.165246][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.213493][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.262489][ T8807] netlink: 40 bytes leftover after parsing attributes in process `syz.1.554'. [ 606.278059][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.316747][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.335693][ T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 606.353536][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.383421][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.415807][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.437461][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.476958][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.505783][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.523745][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 606.532839][ T25] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 606.541453][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.553460][ T25] usb 1-1: config 0 has no interface number 0 [ 606.566777][ T25] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 606.584939][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.613545][ T25] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 606.627466][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.645541][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.654052][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.665648][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.676650][ T25] usb 1-1: config 0 descriptor?? [ 606.691106][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.743051][ T25] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 606.759204][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.786639][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.803271][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.813831][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.826577][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.837026][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.859513][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.870237][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.905782][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.924418][ T8803] ntfs3: Unknown parameter 'gi0x000000000000000a' [ 606.931119][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.945916][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.972813][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.997956][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.028574][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 607.071220][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.095477][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 607.142654][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.176918][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 607.191020][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.201479][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 607.221975][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.232841][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 607.244525][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.257730][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 607.323048][ T8466] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.332211][ T8466] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.341001][ T8466] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.352281][ T8466] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.434201][ T8572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 607.528082][ T8825] FAULT_INJECTION: forcing a failure. [ 607.528082][ T8825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 607.567937][ T8825] CPU: 0 UID: 0 PID: 8825 Comm: syz.1.555 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 607.578239][ T8825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 607.588323][ T8825] Call Trace: [ 607.591629][ T8825] [ 607.594593][ T8825] dump_stack_lvl+0x241/0x360 [ 607.599311][ T8825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 607.604550][ T8825] ? __pfx__printk+0x10/0x10 [ 607.609192][ T8825] ? snprintf+0xda/0x120 [ 607.609420][ T6186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.613445][ T8825] should_fail_ex+0x3b0/0x4e0 [ 607.613513][ T8825] _copy_to_user+0x2f/0xb0 [ 607.613543][ T8825] simple_read_from_buffer+0xca/0x150 [ 607.613581][ T8825] proc_fail_nth_read+0x1e9/0x250 [ 607.613606][ T8825] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 607.613632][ T8825] ? rw_verify_area+0x55e/0x6f0 [ 607.613653][ T8825] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 607.613676][ T8825] vfs_read+0x201/0xbc0 [ 607.613696][ T8825] ? __pfx_lock_release+0x10/0x10 [ 607.613726][ T8825] ? fput+0x1a8/0x230 [ 607.613778][ T8825] ? __pfx_vfs_read+0x10/0x10 [ 607.613807][ T8825] ? __fget_files+0x3f3/0x470 [ 607.613843][ T8825] ? __fdget_pos+0x24e/0x320 [ 607.613873][ T8825] ksys_read+0x1a0/0x2c0 [ 607.613901][ T8825] ? __pfx_ksys_read+0x10/0x10 [ 607.613924][ T8825] ? do_syscall_64+0x100/0x230 [ 607.613958][ T8825] ? do_syscall_64+0xb6/0x230 [ 607.613990][ T8825] do_syscall_64+0xf3/0x230 [ 607.614020][ T8825] ? clear_bhb_loop+0x35/0x90 [ 607.614052][ T8825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.614077][ T8825] RIP: 0033:0x7f89d9d7c93c [ 607.614099][ T8825] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 607.614119][ T8825] RSP: 002b:00007f89daad1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 607.614145][ T8825] RAX: ffffffffffffffda RBX: 00007f89d9f35f80 RCX: 00007f89d9d7c93c [ 607.614169][ T8825] RDX: 000000000000000f RSI: 00007f89daad10a0 RDI: 0000000000000004 [ 607.614185][ T8825] RBP: 00007f89daad1090 R08: 0000000000000000 R09: 0000000000000000 [ 607.614200][ T8825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 607.614215][ T8825] R13: 0000000000000000 R14: 00007f89d9f35f80 R15: 00007ffd4c1082a8 [ 607.614247][ T8825] [ 607.741208][ T6186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.940909][ T5679] usb 1-1: USB disconnect, device number 19 [ 607.950557][ T5679] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected [ 608.013970][ T4195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.021922][ T4195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.174041][ T5359] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 609.275727][ T5359] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 609.293697][ T5359] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.323309][ T5359] usb 2-1: config 0 descriptor?? [ 609.332774][ T8572] veth0_vlan: entered promiscuous mode [ 609.397950][ T8572] veth1_vlan: entered promiscuous mode [ 609.454899][ T8572] veth0_macvtap: entered promiscuous mode [ 609.492071][ T8572] veth1_macvtap: entered promiscuous mode [ 609.709470][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.814370][ T8854] netlink: 8 bytes leftover after parsing attributes in process `syz.2.560'. [ 610.049242][ T25] IPVS: starting estimator thread 0... [ 610.057021][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.067468][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 610.093657][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.143511][ T8857] IPVS: using max 19 ests per chain, 45600 per kthread [ 610.151508][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.394769][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.438906][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.460443][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.482167][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.493825][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.544257][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.606855][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.632582][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.652963][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.663208][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.677162][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.687463][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.698796][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.709201][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.725478][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.735937][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.746963][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.757232][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.768006][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.779810][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.790931][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.801243][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.817327][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.827778][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.838685][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.848956][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.860939][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.871536][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.882547][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.893873][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.904953][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.925191][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.936589][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.947145][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.958073][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.968496][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.979447][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.990015][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 612.000946][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.012295][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 612.030147][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.040681][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 612.051752][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.176664][ T8572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 612.328699][ T5359] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 612.363590][ T5359] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 612.387833][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.404435][ T5359] asix 2-1:0.0: probe with driver asix failed with error -71 [ 612.419101][ T5359] usb 2-1: USB disconnect, device number 9 [ 612.431925][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.442245][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.454869][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.464810][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.475540][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.487020][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.503077][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.513079][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.541654][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.554663][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.712316][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.722893][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.746060][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.756503][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.768749][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.780228][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.794323][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.805385][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.961931][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.972945][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 612.985670][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 612.997223][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.012320][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.022757][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.033961][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.049222][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.060705][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.072490][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.087061][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.097894][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.152695][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.298756][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.371815][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.404854][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.425743][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.455707][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.476776][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.503626][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.523494][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.543590][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.566530][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.576746][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.588349][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.598543][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.609850][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.620049][ T8572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.631128][ T8572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.674287][ T8572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 613.700138][ T8883] netlink: 28 bytes leftover after parsing attributes in process `syz.3.565'. [ 613.710774][ T8883] netlink: 28 bytes leftover after parsing attributes in process `syz.3.565'. [ 613.720874][ T8883] netlink: 'syz.3.565': attribute type 6 has an invalid length. [ 613.900353][ T8572] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.923854][ T8572] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.923923][ T8572] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.923952][ T8572] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.977537][ T8893] netlink: 64 bytes leftover after parsing attributes in process `syz.2.567'. [ 614.145188][ T8895] FAULT_INJECTION: forcing a failure. [ 614.145188][ T8895] name failslab, interval 1, probability 0, space 0, times 0 [ 614.145255][ T8895] CPU: 0 UID: 0 PID: 8895 Comm: syz.1.569 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 614.145283][ T8895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 614.145299][ T8895] Call Trace: [ 614.145308][ T8895] [ 614.145319][ T8895] dump_stack_lvl+0x241/0x360 [ 614.145361][ T8895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 614.145396][ T8895] ? __pfx__printk+0x10/0x10 [ 614.145449][ T8895] should_fail_ex+0x3b0/0x4e0 [ 614.145495][ T8895] should_failslab+0xac/0x100 [ 614.145529][ T8895] ? __alloc_skb+0x1c3/0x440 [ 614.145562][ T8895] kmem_cache_alloc_node_noprof+0x71/0x320 [ 614.145594][ T8895] __alloc_skb+0x1c3/0x440 [ 614.145629][ T8895] ? trace_contention_end+0x3c/0x120 [ 614.145659][ T8895] ? __pfx___alloc_skb+0x10/0x10 [ 614.145696][ T8895] ? __local_bh_enable_ip+0x168/0x200 [ 614.145725][ T8895] ? hci_sock_sendmsg+0x617/0x11c0 [ 614.145756][ T8895] ? lockdep_hardirqs_on+0x99/0x150 [ 614.145790][ T8895] hci_mgmt_cmd+0x1c1/0x11d0 [ 614.145838][ T8895] hci_sock_sendmsg+0x7b8/0x11c0 [ 614.145869][ T8895] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 614.145910][ T8895] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 614.145953][ T8895] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 614.145991][ T8895] __sock_sendmsg+0x221/0x270 [ 614.146017][ T8895] sock_write_iter+0x2d7/0x3f0 [ 614.146042][ T8895] ? __pfx_sock_write_iter+0x10/0x10 [ 614.146076][ T8895] ? bpf_lsm_file_permission+0x9/0x10 [ 614.146098][ T8895] ? security_file_permission+0x74/0x280 [ 614.146128][ T8895] vfs_write+0xa6d/0xc90 [ 614.146152][ T8895] ? __pfx_sock_write_iter+0x10/0x10 [ 614.146176][ T8895] ? __pfx_vfs_write+0x10/0x10 [ 614.146212][ T8895] ? __fdget_pos+0x19a/0x320 [ 614.146258][ T8895] ksys_write+0x1a0/0x2c0 [ 614.146285][ T8895] ? __pfx_ksys_write+0x10/0x10 [ 614.146308][ T8895] ? do_syscall_64+0x100/0x230 [ 614.146340][ T8895] ? do_syscall_64+0xb6/0x230 [ 614.146372][ T8895] do_syscall_64+0xf3/0x230 [ 614.146401][ T8895] ? clear_bhb_loop+0x35/0x90 [ 614.146431][ T8895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.146461][ T8895] RIP: 0033:0x7f89d9d7def9 [ 614.146480][ T8895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.146498][ T8895] RSP: 002b:00007f89daad1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 614.146523][ T8895] RAX: ffffffffffffffda RBX: 00007f89d9f35f80 RCX: 00007f89d9d7def9 [ 614.146540][ T8895] RDX: 0000000000000008 RSI: 00000000200005c0 RDI: 0000000000000004 [ 614.146554][ T8895] RBP: 00007f89daad1090 R08: 0000000000000000 R09: 0000000000000000 [ 614.146569][ T8895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.146583][ T8895] R13: 0000000000000000 R14: 00007f89d9f35f80 R15: 00007ffd4c1082a8 [ 614.146613][ T8895] [ 614.151841][ T8895] Bluetooth: MGMT ver 1.23 [ 614.209537][ T7663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.209562][ T7663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.264706][ T8898] capability: warning: `syz.0.570' uses 32-bit capabilities (legacy support in use) [ 614.311804][ T8898] netlink: 4 bytes leftover after parsing attributes in process `syz.0.570'. [ 614.348226][ T2987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.348250][ T2987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 615.631701][ T25] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 615.787844][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.787880][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.787914][ T25] usb 4-1: New USB device found, idVendor=05ac, idProduct=027c, bcdDevice= 0.00 [ 615.787940][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.790973][ T25] usb 4-1: config 0 descriptor?? [ 616.130666][ T5676] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 617.319975][ T5676] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 617.320013][ T5676] usb 2-1: can't read configurations, error -61 [ 617.454196][ T5676] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 618.483680][ T5676] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 618.524659][ T5676] usb 2-1: can't read configurations, error -61 [ 618.547629][ T25] usbhid 4-1:0.0: can't add hid device: -71 [ 618.553853][ T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 618.563938][ T5676] usb usb2-port1: attempt power cycle [ 618.594968][ T25] usb 4-1: USB disconnect, device number 9 [ 618.781113][ T8939] bridge0: port 3(vlan2) entered blocking state [ 618.825405][ T8939] bridge0: port 3(vlan2) entered disabled state [ 618.839632][ T8939] vlan2: entered allmulticast mode [ 619.000847][ T8949] overlayfs: missing 'lowerdir' [ 619.078833][ T8939] vlan2: left allmulticast mode [ 620.679537][ T8964] sctp: [Deprecated]: syz.0.588 (pid 8964) Use of int in maxseg socket option. [ 620.679537][ T8964] Use struct sctp_assoc_value instead [ 620.844741][ T8973] FAULT_INJECTION: forcing a failure. [ 620.844741][ T8973] name failslab, interval 1, probability 0, space 0, times 0 [ 620.886304][ T8973] CPU: 0 UID: 0 PID: 8973 Comm: syz.2.590 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 620.896614][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 620.906707][ T8973] Call Trace: [ 620.910043][ T8973] [ 620.913003][ T8973] dump_stack_lvl+0x241/0x360 [ 620.917717][ T8973] ? __pfx_dump_stack_lvl+0x10/0x10 [ 620.922953][ T8973] ? __pfx__printk+0x10/0x10 [ 620.927577][ T8973] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 620.933059][ T8973] ? __pfx___might_resched+0x10/0x10 [ 620.938352][ T8973] ? lockdep_init_map_type+0xa1/0x910 [ 620.943743][ T8973] should_fail_ex+0x3b0/0x4e0 [ 620.948431][ T8973] should_failslab+0xac/0x100 [ 620.953122][ T8973] ? __kthread_create_on_node+0xee/0x3c0 [ 620.958764][ T8973] __kmalloc_cache_noprof+0x6c/0x2c0 [ 620.964049][ T8973] ? __init_swait_queue_head+0xae/0x150 [ 620.969603][ T8973] ? __pfx_psi_rtpoll_worker+0x10/0x10 [ 620.975076][ T8973] __kthread_create_on_node+0xee/0x3c0 [ 620.980574][ T8973] ? __pfx___kthread_create_on_node+0x10/0x10 [ 620.986661][ T8973] ? trace_contention_end+0x3c/0x120 [ 620.991962][ T8973] ? __mutex_lock+0x2ef/0xd70 [ 620.996646][ T8973] ? __pfx_psi_rtpoll_worker+0x10/0x10 [ 621.002129][ T8973] kthread_create_on_node+0xde/0x130 [ 621.007426][ T8973] ? __pfx_kthread_create_on_node+0x10/0x10 [ 621.013347][ T8973] ? __kasan_kmalloc+0x98/0xb0 [ 621.018123][ T8973] ? psi_trigger_create+0x384/0xd80 [ 621.023334][ T8973] psi_trigger_create+0x84c/0xd80 [ 621.028385][ T8973] ? __pfx_psi_trigger_create+0x10/0x10 [ 621.033950][ T8973] ? percpu_ref_put+0x18b/0x250 [ 621.038808][ T8973] ? pressure_write+0x1ea/0x510 [ 621.043670][ T8973] pressure_write+0x36b/0x510 [ 621.048355][ T8973] ? __pfx_cgroup_io_pressure_write+0x10/0x10 [ 621.054433][ T8973] cgroup_file_write+0x2ce/0x6d0 [ 621.059374][ T8973] ? kernfs_fop_write_iter+0x1ea/0x500 [ 621.064881][ T8973] ? __pfx_cgroup_file_write+0x10/0x10 [ 621.070354][ T8973] ? __virt_addr_valid+0x183/0x530 [ 621.075485][ T8973] ? __pfx_cgroup_file_write+0x10/0x10 [ 621.080947][ T8973] kernfs_fop_write_iter+0x3a0/0x500 [ 621.086246][ T8973] vfs_write+0xa6d/0xc90 [ 621.090502][ T8973] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 621.096321][ T8973] ? __pfx_vfs_write+0x10/0x10 [ 621.101094][ T8973] ? __fdget_pos+0x24e/0x320 [ 621.105697][ T8973] ksys_write+0x1a0/0x2c0 [ 621.110046][ T8973] ? __pfx_ksys_write+0x10/0x10 [ 621.114908][ T8973] ? do_syscall_64+0x100/0x230 [ 621.119687][ T8973] ? do_syscall_64+0xb6/0x230 [ 621.124370][ T8973] do_syscall_64+0xf3/0x230 [ 621.128877][ T8973] ? clear_bhb_loop+0x35/0x90 [ 621.133570][ T8973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.139478][ T8973] RIP: 0033:0x7efd2ef7def9 [ 621.143898][ T8973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.163591][ T8973] RSP: 002b:00007efd2fd5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 621.172094][ T8973] RAX: ffffffffffffffda RBX: 00007efd2f135f80 RCX: 00007efd2ef7def9 [ 621.180065][ T8973] RDX: 000000000000002f RSI: 0000000020000340 RDI: 0000000000000004 [ 621.188056][ T8973] RBP: 00007efd2fd5c090 R08: 0000000000000000 R09: 0000000000000000 [ 621.196035][ T8973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.204092][ T8973] R13: 0000000000000000 R14: 00007efd2f135f80 R15: 00007ffc9740bf68 [ 621.212078][ T8973] [ 621.812541][ T8988] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.704334][ T8988] bridge_slave_1: left allmulticast mode [ 622.709999][ T8988] bridge_slave_1: left promiscuous mode [ 622.715825][ T8988] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.373874][ T5270] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 623.574087][ T5270] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 623.583795][ T5270] usb 4-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 623.597619][ T5270] usb 4-1: Manufacturer: syz [ 623.642324][ T5270] usb 4-1: config 0 descriptor?? [ 624.029471][ T9004] syz.3.602[9004] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 624.029586][ T9004] syz.3.602[9004] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 624.267819][ T9004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 624.303596][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.323957][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.709844][ T9004] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 624.739830][ T5270] gs_usb 4-1:0.0: Couldn't send data format (err=-110) [ 624.784199][ T5270] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -110 [ 624.959269][ T9023] IPv6: NLM_F_REPLACE set, but no existing node found! [ 625.009806][ T5270] usb 4-1: USB disconnect, device number 10 [ 625.062697][ T9045] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 625.634053][ T5676] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 626.356347][ T5676] usb 3-1: device descriptor read/64, error -71 [ 626.388657][ T9063] libceph: resolve '400' (ret=-3): failed [ 626.512825][ T9073] netlink: 28 bytes leftover after parsing attributes in process `syz.3.620'. [ 626.522562][ T9073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.620'. [ 626.624919][ T5676] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 626.825108][ T5676] usb 3-1: device descriptor read/64, error -71 [ 626.953742][ T5676] usb usb3-port1: attempt power cycle [ 627.122196][ T9089] FAULT_INJECTION: forcing a failure. [ 627.122196][ T9089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 627.221094][ T9089] CPU: 0 UID: 0 PID: 9089 Comm: syz.4.626 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 627.231398][ T9089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 627.241662][ T9089] Call Trace: [ 627.244950][ T9089] [ 627.247884][ T9089] dump_stack_lvl+0x241/0x360 [ 627.252572][ T9089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 627.257796][ T9089] ? __pfx__printk+0x10/0x10 [ 627.262394][ T9089] ? __pfx_lock_release+0x10/0x10 [ 627.267440][ T9089] should_fail_ex+0x3b0/0x4e0 [ 627.272126][ T9089] _copy_from_iter+0x1ed/0x1d60 [ 627.277030][ T9089] ? __virt_addr_valid+0x183/0x530 [ 627.282143][ T9089] ? skb_set_owner_w+0x238/0x3e0 [ 627.287084][ T9089] ? __pfx_lock_release+0x10/0x10 [ 627.292121][ T9089] ? __pfx__copy_from_iter+0x10/0x10 [ 627.297416][ T9089] ? __virt_addr_valid+0x183/0x530 [ 627.302540][ T9089] ? __virt_addr_valid+0x183/0x530 [ 627.307649][ T9089] ? __virt_addr_valid+0x45f/0x530 [ 627.312769][ T9089] ? __phys_addr_symbol+0x2f/0x70 [ 627.317793][ T9089] ? __check_object_size+0x49c/0x900 [ 627.323100][ T9089] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 627.328832][ T9089] skb_copy_datagram_from_iter+0xf2/0x6a0 [ 627.334561][ T9089] ? skb_put+0x114/0x1f0 [ 627.338810][ T9089] tun_get_user+0xec3/0x47e0 [ 627.343415][ T9089] ? __lock_acquire+0x1384/0x2050 [ 627.348451][ T9089] ? __pfx_tun_get_user+0x10/0x10 [ 627.353539][ T9089] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 627.359010][ T9089] ? tun_get+0x1e/0x2f0 [ 627.363173][ T9089] ? __pfx_lock_release+0x10/0x10 [ 627.368213][ T9089] ? tun_get+0x1e/0x2f0 [ 627.372376][ T9089] ? tun_get+0x27d/0x2f0 [ 627.376642][ T9089] tun_chr_write_iter+0x10d/0x1f0 [ 627.381698][ T9089] vfs_write+0xa6d/0xc90 [ 627.385968][ T9089] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 627.391538][ T9089] ? __pfx_vfs_write+0x10/0x10 [ 627.396312][ T9089] ? __fdget_pos+0x19a/0x320 [ 627.400906][ T9089] ksys_write+0x1a0/0x2c0 [ 627.405246][ T9089] ? __pfx_ksys_write+0x10/0x10 [ 627.410107][ T9089] ? do_syscall_64+0x100/0x230 [ 627.414894][ T9089] ? do_syscall_64+0xb6/0x230 [ 627.419589][ T9089] do_syscall_64+0xf3/0x230 [ 627.424115][ T9089] ? clear_bhb_loop+0x35/0x90 [ 627.428801][ T9089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.434703][ T9089] RIP: 0033:0x7f513af7c9df [ 627.439120][ T9089] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 627.458733][ T9089] RSP: 002b:00007f513bdbe000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 627.467158][ T9089] RAX: ffffffffffffffda RBX: 00007f513b135f80 RCX: 00007f513af7c9df [ 627.475139][ T9089] RDX: 0000000000001378 RSI: 0000000000000000 RDI: 00000000000000c8 [ 627.483143][ T9089] RBP: 00007f513bdbe090 R08: 0000000000000000 R09: 0000000000000000 [ 627.491130][ T9089] R10: 0000000000001378 R11: 0000000000000293 R12: 0000000000000001 [ 627.499121][ T9089] R13: 0000000000000001 R14: 00007f513b135f80 R15: 00007ffe32813258 [ 627.507117][ T9089] [ 627.774580][ T9090] 9pnet_fd: Insufficient options for proto=fd [ 627.783797][ T5676] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 627.964384][ T9090] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 627.986319][ T5676] usb 3-1: device descriptor read/8, error -71 [ 631.507898][ T5676] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 631.798938][ T5676] usb 3-1: device descriptor read/8, error -71 [ 631.953450][ T5676] usb usb3-port1: unable to enumerate USB device [ 632.541149][ T5270] IPVS: starting estimator thread 0... [ 632.933508][ T9125] IPVS: using max 20 ests per chain, 48000 per kthread [ 632.994190][ T5267] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 633.894889][ T5267] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 633.906587][ T5267] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 633.942568][ T5267] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 633.972246][ T5267] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 633.983928][ T5267] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.011244][ T5267] usb 1-1: config 0 descriptor?? [ 635.029137][ T5267] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0 [ 635.077353][ T5267] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 635.114105][ T5267] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 635.351903][ T9161] netlink: 8 bytes leftover after parsing attributes in process `syz.4.644'. [ 635.473588][ T9168] binder: BINDER_SET_CONTEXT_MGR already set [ 635.499830][ T9168] binder: 9166:9168 ioctl 4018620d 20000040 returned -16 [ 635.648484][ T5676] usb 1-1: USB disconnect, device number 20 [ 635.655510][ T9175] netlink: 20 bytes leftover after parsing attributes in process `syz.4.647'. [ 635.796505][ T9180] netlink: 68 bytes leftover after parsing attributes in process `syz.4.649'. [ 636.043583][ T5270] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 636.163629][ T5676] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 636.213668][ T5270] usb 5-1: Using ep0 maxpacket: 8 [ 636.227376][ T5270] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 636.255402][ T5270] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 636.285130][ T5270] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.617298][ T5270] usb 5-1: config 0 descriptor?? [ 636.795863][ T5270] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 636.959645][ T5231] Bluetooth: hci2: command 0x0406 tx timeout [ 637.037304][ T5676] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 637.055302][ T5676] usb 1-1: config 0 has no interface number 0 [ 637.061494][ T5676] usb 1-1: config 0 interface 133 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 637.102049][ T9195] fuse: Bad value for 'fd' [ 637.123384][ T5676] usb 1-1: config 0 interface 133 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023 [ 637.146044][ T9195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.654'. [ 637.196406][ T5676] usb 1-1: New USB device found, idVendor=203e, idProduct=8888, bcdDevice=a8.71 [ 637.229984][ T5676] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.258889][ T5676] usb 1-1: Product: syz [ 637.272284][ T5676] usb 1-1: Manufacturer: syz [ 637.290525][ T5676] usb 1-1: SerialNumber: syz [ 637.318962][ T5676] usb 1-1: config 0 descriptor?? [ 637.487258][ T9178] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 637.495815][ T9178] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 637.505808][ T5676] usb-storage 1-1:0.133: USB Mass Storage device detected [ 638.332662][ T5270] gspca_vc032x: reg_r err -110 [ 638.508082][ T5270] vc032x 5-1:0.0: probe with driver vc032x failed with error -110 [ 638.545095][ T5270] usb 5-1: USB disconnect, device number 8 [ 639.031014][ T9216] overlay: Unknown parameter 'uid>00000000000000000000' [ 639.413625][ T9037] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 639.645170][ T9037] usb 2-1: Using ep0 maxpacket: 16 [ 639.735919][ T9037] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 639.819066][ T9037] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.861940][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 639.861958][ T29] audit: type=1326 audit(1726610807.787:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9215 comm="syz.3.660" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa490f7def9 code=0x0 [ 639.914623][ T9037] usb 2-1: config 0 descriptor?? [ 640.019912][ T5270] usb 1-1: USB disconnect, device number 21 [ 640.070567][ T9037] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 640.603618][ T9037] gspca_sonixj: reg_w1 err -110 [ 640.608735][ T9037] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 640.728878][ T9234] sctp: [Deprecated]: syz.0.665 (pid 9234) Use of int in max_burst socket option. [ 640.728878][ T9234] Use struct sctp_assoc_value instead [ 641.351369][ T9240] netlink: 'syz.0.667': attribute type 1 has an invalid length. [ 642.086531][ T9240] bond1: entered promiscuous mode [ 642.177385][ T9257] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 642.258679][ T9257] bond1: (slave netdevsim0): Enslaving as an active interface with a down link [ 642.528261][ T9039] usb 2-1: USB disconnect, device number 13 [ 647.921519][ T9276] 9pnet: Could not find request transport: fdno=0x000000000000000b [ 648.241735][ T9293] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'. [ 651.703607][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.0.678'. [ 653.384553][ T9329] FAULT_INJECTION: forcing a failure. [ 653.384553][ T9329] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.472790][ T9329] CPU: 0 UID: 0 PID: 9329 Comm: syz.2.690 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 653.483088][ T9329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 653.493218][ T9329] Call Trace: [ 653.496527][ T9329] [ 653.499474][ T9329] dump_stack_lvl+0x241/0x360 [ 653.504259][ T9329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 653.509493][ T9329] ? __pfx__printk+0x10/0x10 [ 653.514101][ T9329] ? __pfx_lock_release+0x10/0x10 [ 653.519244][ T9329] ? __lock_acquire+0x1384/0x2050 [ 653.524288][ T9329] should_fail_ex+0x3b0/0x4e0 [ 653.528977][ T9329] _copy_from_user+0x2f/0xe0 [ 653.533571][ T9329] kstrtouint_from_user+0xc6/0x190 [ 653.538694][ T9329] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 653.544519][ T9329] ? __pfx_lock_acquire+0x10/0x10 [ 653.549607][ T9329] proc_fail_nth_write+0xaa/0x2d0 [ 653.554645][ T9329] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 653.560586][ T9329] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 653.566259][ T9329] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 653.571903][ T9329] vfs_write+0x29c/0xc90 [ 653.576165][ T9329] ? __pfx_vfs_write+0x10/0x10 [ 653.580940][ T9329] ? __fget_files+0x3f3/0x470 [ 653.585641][ T9329] ? __fdget_pos+0x24e/0x320 [ 653.590249][ T9329] ksys_write+0x1a0/0x2c0 [ 653.594599][ T9329] ? __pfx_ksys_write+0x10/0x10 [ 653.599467][ T9329] ? do_syscall_64+0x100/0x230 [ 653.604263][ T9329] ? do_syscall_64+0xb6/0x230 [ 653.608978][ T9329] do_syscall_64+0xf3/0x230 [ 653.613508][ T9329] ? clear_bhb_loop+0x35/0x90 [ 653.618211][ T9329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.624120][ T9329] RIP: 0033:0x7efd2ef7c9df [ 653.628544][ T9329] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 653.648165][ T9329] RSP: 002b:00007efd2fd5c030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 653.656592][ T9329] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efd2ef7c9df [ 653.664578][ T9329] RDX: 0000000000000001 RSI: 00007efd2fd5c0a0 RDI: 0000000000000003 [ 653.672551][ T9329] RBP: 00007efd2fd5c090 R08: 0000000000000000 R09: 0000000000000000 [ 653.680537][ T9329] R10: 0000000000001378 R11: 0000000000000293 R12: 0000000000000001 [ 653.688518][ T9329] R13: 0000000000000001 R14: 00007efd2f135f80 R15: 00007ffc9740bf68 [ 653.696510][ T9329] [ 654.745296][ T9347] 9pnet_fd: Insufficient options for proto=fd [ 655.141169][ T9361] input: syz0 as /devices/virtual/input/input10 [ 655.413575][ T9037] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 656.285097][ T9037] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 656.315676][ T9037] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 656.353584][ T9037] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 656.403396][ T9037] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 656.439878][ T9037] usb 1-1: SerialNumber: syz [ 656.967006][ T9381] netlink: 24 bytes leftover after parsing attributes in process `syz.2.707'. [ 657.146714][ T9381] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 657.291827][ T9037] usb 1-1: 0:2 : does not exist [ 657.311997][ T9037] usb 1-1: unit 5: unexpected type 0x0d [ 657.425568][ T9037] usb 1-1: USB disconnect, device number 22 [ 657.433619][ T9039] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 657.464968][ T9394] block nbd4: shutting down sockets [ 657.522007][ T9299] udevd[9299]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 657.547269][ T5679] hid-generic 0000:0000:0000.000E: item fetching failed at offset 11/13 [ 657.568026][ T5679] hid-generic 0000:0000:0000.000E: probe with driver hid-generic failed with error -22 [ 657.615841][ T9039] usb 4-1: not running at top speed; connect to a high speed hub [ 657.638799][ T9039] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 657.664826][ T9039] usb 4-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 657.675820][ T9039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.694064][ T9039] usb 4-1: Product: syz [ 657.698559][ T9039] usb 4-1: SerialNumber: syz [ 657.721208][ T9039] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 657.928683][ T9039] usb 4-1: USB disconnect, device number 11 [ 657.941696][ T9411] kAFS: unable to lookup cell '' [ 658.330476][ T9420] FAULT_INJECTION: forcing a failure. [ 658.330476][ T9420] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 658.363706][ T9420] CPU: 1 UID: 0 PID: 9420 Comm: syz.2.719 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 658.374026][ T9420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 658.384098][ T9420] Call Trace: [ 658.387415][ T9420] [ 658.390372][ T9420] dump_stack_lvl+0x241/0x360 [ 658.395086][ T9420] ? __pfx_dump_stack_lvl+0x10/0x10 [ 658.400328][ T9420] ? __pfx__printk+0x10/0x10 [ 658.404970][ T9420] ? snprintf+0xda/0x120 [ 658.409248][ T9420] should_fail_ex+0x3b0/0x4e0 [ 658.413956][ T9420] _copy_to_user+0x2f/0xb0 [ 658.418386][ T9420] simple_read_from_buffer+0xca/0x150 [ 658.423780][ T9420] proc_fail_nth_read+0x1e9/0x250 [ 658.428827][ T9420] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.434379][ T9420] ? rw_verify_area+0x55e/0x6f0 [ 658.439229][ T9420] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.444798][ T9420] vfs_read+0x201/0xbc0 [ 658.448979][ T9420] ? __pfx_lock_release+0x10/0x10 [ 658.454022][ T9420] ? __pfx_vfs_read+0x10/0x10 [ 658.458745][ T9420] ? __fget_files+0x3f3/0x470 [ 658.463430][ T9420] ? __fdget_pos+0x24e/0x320 [ 658.468025][ T9420] ksys_read+0x1a0/0x2c0 [ 658.472279][ T9420] ? __pfx_ksys_read+0x10/0x10 [ 658.477078][ T9420] ? do_syscall_64+0x100/0x230 [ 658.481884][ T9420] ? do_syscall_64+0xb6/0x230 [ 658.486580][ T9420] do_syscall_64+0xf3/0x230 [ 658.491138][ T9420] ? clear_bhb_loop+0x35/0x90 [ 658.495832][ T9420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.501736][ T9420] RIP: 0033:0x7efd2ef7c93c [ 658.506149][ T9420] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 658.525769][ T9420] RSP: 002b:00007efd2fd5c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 658.534197][ T9420] RAX: ffffffffffffffda RBX: 00007efd2f135f80 RCX: 00007efd2ef7c93c [ 658.542167][ T9420] RDX: 000000000000000f RSI: 00007efd2fd5c0a0 RDI: 0000000000000005 [ 658.550140][ T9420] RBP: 00007efd2fd5c090 R08: 0000000000000000 R09: 0000000000000000 [ 658.558121][ T9420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.566105][ T9420] R13: 0000000000000000 R14: 00007efd2f135f80 R15: 00007ffc9740bf68 [ 658.574095][ T9420] [ 658.827917][ T9428] FAULT_INJECTION: forcing a failure. [ 658.827917][ T9428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 658.880880][ T9428] CPU: 1 UID: 0 PID: 9428 Comm: syz.3.722 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 658.891167][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 658.901256][ T9428] Call Trace: [ 658.904596][ T9428] [ 658.907559][ T9428] dump_stack_lvl+0x241/0x360 [ 658.912285][ T9428] ? __pfx_dump_stack_lvl+0x10/0x10 [ 658.917527][ T9428] ? __pfx__printk+0x10/0x10 [ 658.922151][ T9428] ? snprintf+0xda/0x120 [ 658.926445][ T9428] should_fail_ex+0x3b0/0x4e0 [ 658.931170][ T9428] _copy_to_user+0x2f/0xb0 [ 658.935631][ T9428] simple_read_from_buffer+0xca/0x150 [ 658.941056][ T9428] proc_fail_nth_read+0x1e9/0x250 [ 658.946110][ T9428] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.951687][ T9428] ? rw_verify_area+0x55e/0x6f0 [ 658.956563][ T9428] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.962143][ T9428] vfs_read+0x201/0xbc0 [ 658.966354][ T9428] ? __pfx_lock_release+0x10/0x10 [ 658.971432][ T9428] ? __pfx_vfs_read+0x10/0x10 [ 658.976140][ T9428] ? up_write+0x1a9/0x590 [ 658.980500][ T9428] ? __fget_files+0x3f3/0x470 [ 658.985218][ T9428] ? __fdget_pos+0x24e/0x320 [ 658.989848][ T9428] ksys_read+0x1a0/0x2c0 [ 658.994118][ T9428] ? __pfx_ksys_read+0x10/0x10 [ 658.998907][ T9428] ? do_syscall_64+0x100/0x230 [ 659.003735][ T9428] ? do_syscall_64+0xb6/0x230 [ 659.008453][ T9428] do_syscall_64+0xf3/0x230 [ 659.013022][ T9428] ? clear_bhb_loop+0x35/0x90 [ 659.017856][ T9428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.023784][ T9428] RIP: 0033:0x7fa490f7c93c [ 659.028228][ T9428] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 659.047874][ T9428] RSP: 002b:00007fa491d6c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 659.056337][ T9428] RAX: ffffffffffffffda RBX: 00007fa491135f80 RCX: 00007fa490f7c93c [ 659.064377][ T9428] RDX: 000000000000000f RSI: 00007fa491d6c0a0 RDI: 0000000000000003 [ 659.072454][ T9428] RBP: 00007fa491d6c090 R08: 0000000000000000 R09: 0000000000000000 [ 659.080453][ T9428] R10: 0000000000000030 R11: 0000000000000246 R12: 0000000000000001 [ 659.088452][ T9428] R13: 0000000000000001 R14: 00007fa491135f80 R15: 00007ffeaf82d598 [ 659.096484][ T9428] [ 661.042867][ T9472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.735'. [ 662.872833][ T9486] FAULT_INJECTION: forcing a failure. [ 662.872833][ T9486] name failslab, interval 1, probability 0, space 0, times 0 [ 662.903438][ T9486] CPU: 0 UID: 0 PID: 9486 Comm: syz.4.740 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 662.913825][ T9486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 662.923915][ T9486] Call Trace: [ 662.927218][ T9486] [ 662.930173][ T9486] dump_stack_lvl+0x241/0x360 [ 662.934903][ T9486] ? __pfx_dump_stack_lvl+0x10/0x10 [ 662.940148][ T9486] ? __pfx__printk+0x10/0x10 [ 662.944772][ T9486] ? ref_tracker_alloc+0x332/0x490 [ 662.949988][ T9486] should_fail_ex+0x3b0/0x4e0 [ 662.954717][ T9486] ? skb_clone+0x20c/0x390 [ 662.959186][ T9486] should_failslab+0xac/0x100 [ 662.963913][ T9486] ? skb_clone+0x20c/0x390 [ 662.968349][ T9486] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 662.973750][ T9486] skb_clone+0x20c/0x390 [ 662.978077][ T9486] __netlink_deliver_tap+0x3cc/0x7c0 [ 662.983421][ T9486] ? netlink_deliver_tap+0x2e/0x1b0 [ 662.988654][ T9486] netlink_deliver_tap+0x19d/0x1b0 [ 662.993816][ T9486] netlink_dump+0x851/0xd80 [ 662.998367][ T9486] ? __pfx_netlink_dump+0x10/0x10 [ 663.003454][ T9486] __netlink_dump_start+0x5a2/0x790 [ 663.008702][ T9486] xsk_diag_handler_dump+0x1dc/0x270 [ 663.014030][ T9486] ? __pfx_xsk_diag_handler_dump+0x10/0x10 [ 663.019876][ T9486] ? __pfx_xsk_diag_dump+0x10/0x10 [ 663.025031][ T9486] ? sock_diag_lock_handler+0x19/0x280 [ 663.027818][ T9039] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 663.030531][ T9486] ? __pfx_xsk_diag_handler_dump+0x10/0x10 [ 663.043892][ T9486] sock_diag_rcv_msg+0x3dc/0x5f0 [ 663.048867][ T9486] netlink_rcv_skb+0x1e3/0x430 [ 663.053658][ T9486] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 663.059170][ T9486] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 663.064505][ T9486] ? netlink_deliver_tap+0x2e/0x1b0 [ 663.069739][ T9486] netlink_unicast+0x7f6/0x990 [ 663.074565][ T9486] ? __pfx_netlink_unicast+0x10/0x10 [ 663.079930][ T9486] ? __virt_addr_valid+0x183/0x530 [ 663.085078][ T9486] ? __check_object_size+0x49c/0x900 [ 663.090408][ T9486] netlink_sendmsg+0x8e4/0xcb0 [ 663.095222][ T9486] ? __pfx_netlink_sendmsg+0x10/0x10 [ 663.100550][ T9486] ? _parse_integer_limit+0x1b5/0x200 [ 663.106000][ T9486] ? __pfx_netlink_sendmsg+0x10/0x10 [ 663.111319][ T9486] __sock_sendmsg+0x221/0x270 [ 663.116035][ T9486] sock_write_iter+0x2d7/0x3f0 [ 663.120833][ T9486] ? __pfx_sock_write_iter+0x10/0x10 [ 663.126168][ T9486] do_iter_readv_writev+0x608/0x890 [ 663.131398][ T9486] ? mark_lock+0x9a/0x360 [ 663.135779][ T9486] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 663.141542][ T9486] ? bpf_lsm_file_permission+0x9/0x10 [ 663.146942][ T9486] ? security_file_permission+0x74/0x280 [ 663.152609][ T9486] ? rw_verify_area+0x1c3/0x6f0 [ 663.157492][ T9486] vfs_writev+0x376/0xba0 [ 663.161869][ T9486] ? __pfx_vfs_writev+0x10/0x10 [ 663.166758][ T9486] ? vfs_write+0x7bf/0xc90 [ 663.171224][ T9486] ? __fdget_pos+0x19a/0x320 [ 663.175858][ T9486] do_writev+0x1b1/0x350 [ 663.180158][ T9486] ? __pfx_do_writev+0x10/0x10 [ 663.184963][ T9486] ? do_syscall_64+0x100/0x230 [ 663.189782][ T9486] ? do_syscall_64+0xb6/0x230 [ 663.194513][ T9486] do_syscall_64+0xf3/0x230 [ 663.199078][ T9486] ? clear_bhb_loop+0x35/0x90 [ 663.203798][ T9486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.209815][ T9486] RIP: 0033:0x7f513af7def9 [ 663.214264][ T9486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.233906][ T9486] RSP: 002b:00007f513bdbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 663.242382][ T9486] RAX: ffffffffffffffda RBX: 00007f513b135f80 RCX: 00007f513af7def9 [ 663.250391][ T9486] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000004 [ 663.258389][ T9486] RBP: 00007f513bdbe090 R08: 0000000000000000 R09: 0000000000000000 [ 663.266371][ T9486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.274353][ T9486] R13: 0000000000000000 R14: 00007f513b135f80 R15: 00007ffe32813258 [ 663.282345][ T9486] [ 663.305038][ T9039] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 663.330081][ T9039] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.381326][ T9039] usb 1-1: config 0 descriptor?? [ 663.401709][ T9499] FAULT_INJECTION: forcing a failure. [ 663.401709][ T9499] name failslab, interval 1, probability 0, space 0, times 0 [ 663.453614][ T9499] CPU: 0 UID: 0 PID: 9499 Comm: syz.2.744 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 663.464002][ T9499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 663.474102][ T9499] Call Trace: [ 663.474580][ T9502] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 663.477385][ T9499] [ 663.491822][ T9499] dump_stack_lvl+0x241/0x360 [ 663.496545][ T9499] ? __pfx_dump_stack_lvl+0x10/0x10 [ 663.501796][ T9499] ? __pfx__printk+0x10/0x10 [ 663.506416][ T9499] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 663.511891][ T9499] ? __pfx___might_resched+0x10/0x10 [ 663.517195][ T9499] should_fail_ex+0x3b0/0x4e0 [ 663.521912][ T9499] should_failslab+0xac/0x100 [ 663.526622][ T9499] ? __sta_info_destroy_part2+0x2f7/0x450 [ 663.532399][ T9499] __kmalloc_cache_noprof+0x6c/0x2c0 [ 663.537695][ T9499] __sta_info_destroy_part2+0x2f7/0x450 [ 663.543280][ T9499] __sta_info_flush+0x5d0/0x700 [ 663.548267][ T9499] ? __local_bh_enable_ip+0x168/0x200 [ 663.553660][ T9499] ? __pfx___sta_info_flush+0x10/0x10 [ 663.559079][ T9499] ieee80211_ibss_disconnect+0x2c5/0x7c0 [ 663.564721][ T9499] ieee80211_ibss_leave+0x25/0x140 [ 663.569874][ T9499] cfg80211_leave_ibss+0x1ef/0x430 [ 663.574996][ T9499] ? rcu_is_watching+0x15/0xb0 [ 663.579779][ T9499] cfg80211_change_iface+0x4e5/0xf30 [ 663.585087][ T9499] nl80211_set_interface+0x5b5/0x830 [ 663.590390][ T9499] ? __pfx_nl80211_set_interface+0x10/0x10 [ 663.596229][ T9499] genl_rcv_msg+0xb14/0xec0 [ 663.600733][ T9499] ? mark_lock+0x9a/0x360 [ 663.605112][ T9499] ? __pfx_genl_rcv_msg+0x10/0x10 [ 663.610167][ T9499] ? __pfx_lock_acquire+0x10/0x10 [ 663.615204][ T9499] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 663.620583][ T9499] ? __pfx_nl80211_set_interface+0x10/0x10 [ 663.626398][ T9499] ? __pfx_nl80211_post_doit+0x10/0x10 [ 663.631881][ T9499] ? __pfx___might_resched+0x10/0x10 [ 663.637228][ T9499] netlink_rcv_skb+0x1e3/0x430 [ 663.642009][ T9499] ? __pfx_genl_rcv_msg+0x10/0x10 [ 663.647059][ T9499] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 663.652381][ T9499] ? __netlink_deliver_tap+0x77e/0x7c0 [ 663.657856][ T9499] genl_rcv+0x28/0x40 [ 663.661836][ T9499] netlink_unicast+0x7f6/0x990 [ 663.666609][ T9499] ? __pfx_netlink_unicast+0x10/0x10 [ 663.671988][ T9499] ? __virt_addr_valid+0x183/0x530 [ 663.677109][ T9499] ? __check_object_size+0x49c/0x900 [ 663.682428][ T9499] netlink_sendmsg+0x8e4/0xcb0 [ 663.687215][ T9499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 663.692524][ T9499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 663.697850][ T9499] __sock_sendmsg+0x221/0x270 [ 663.702553][ T9499] ____sys_sendmsg+0x52a/0x7e0 [ 663.707341][ T9499] ? __pfx_____sys_sendmsg+0x10/0x10 [ 663.712695][ T9499] __sys_sendmsg+0x2aa/0x390 [ 663.717296][ T9499] ? __pfx___sys_sendmsg+0x10/0x10 [ 663.722417][ T9499] ? vfs_write+0x7bf/0xc90 [ 663.726863][ T9499] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 663.733219][ T9499] ? do_syscall_64+0x100/0x230 [ 663.737998][ T9499] ? do_syscall_64+0xb6/0x230 [ 663.742685][ T9499] do_syscall_64+0xf3/0x230 [ 663.747208][ T9499] ? clear_bhb_loop+0x35/0x90 [ 663.751921][ T9499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.757817][ T9499] RIP: 0033:0x7efd2ef7def9 [ 663.762230][ T9499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.781853][ T9499] RSP: 002b:00007efd2fd5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 663.790462][ T9499] RAX: ffffffffffffffda RBX: 00007efd2f135f80 RCX: 00007efd2ef7def9 [ 663.798450][ T9499] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 663.806419][ T9499] RBP: 00007efd2fd5c090 R08: 0000000000000000 R09: 0000000000000000 [ 663.814389][ T9499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.822356][ T9499] R13: 0000000000000000 R14: 00007efd2f135f80 R15: 00007ffc9740bf68 [ 663.830338][ T9499] [ 664.074494][ T9298] usb 1-1: USB disconnect, device number 23 [ 666.466544][ T9547] sp0: Synchronizing with TNC [ 666.566329][ T9552] netlink: 28 bytes leftover after parsing attributes in process `syz.1.760'. [ 666.583627][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.760'. [ 666.653731][ T9298] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 666.661371][ T5679] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 666.673461][ T9554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.761'. [ 666.865557][ T5679] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 666.883393][ T5679] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 666.914583][ T5679] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 666.936659][ T5679] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.938819][ T9561] FAULT_INJECTION: forcing a failure. [ 666.938819][ T9561] name failslab, interval 1, probability 0, space 0, times 0 [ 666.961037][ T5679] usb 4-1: config 0 descriptor?? [ 666.967336][ T9561] CPU: 0 UID: 0 PID: 9561 Comm: syz.4.764 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 666.977613][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 666.987697][ T9561] Call Trace: [ 666.990998][ T9561] [ 666.993948][ T9561] dump_stack_lvl+0x241/0x360 [ 666.998656][ T9561] ? __pfx_dump_stack_lvl+0x10/0x10 [ 667.003883][ T9561] ? __pfx__printk+0x10/0x10 [ 667.008503][ T9561] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 667.014108][ T9561] ? __pfx___might_resched+0x10/0x10 [ 667.019439][ T9561] should_fail_ex+0x3b0/0x4e0 [ 667.024156][ T9561] ? vm_area_alloc+0x24/0x1d0 [ 667.028862][ T9561] should_failslab+0xac/0x100 [ 667.033569][ T9561] ? vm_area_alloc+0x24/0x1d0 [ 667.038277][ T9561] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 667.043673][ T9561] ? mas_find+0x950/0xbb0 [ 667.048067][ T9561] vm_area_alloc+0x24/0x1d0 [ 667.052596][ T9561] mmap_region+0xc3a/0x2080 [ 667.057124][ T9561] ? mark_lock+0x9a/0x360 [ 667.061502][ T9561] ? __pfx_mmap_region+0x10/0x10 [ 667.066471][ T9561] ? thp_get_unmapped_area_vmflags+0x1bf/0x380 [ 667.072661][ T9561] ? thp_get_unmapped_area_vmflags+0x341/0x380 [ 667.078875][ T9561] ? cap_mmap_addr+0x163/0x2c0 [ 667.083674][ T9561] ? security_mmap_addr+0x6f/0x250 [ 667.088820][ T9561] ? __get_unmapped_area+0x2ed/0x350 [ 667.094138][ T9561] do_mmap+0x8f0/0x1000 [ 667.098339][ T9561] ? __pfx_do_mmap+0x10/0x10 [ 667.102962][ T9561] ? __pfx_down_write_killable+0x10/0x10 [ 667.108635][ T9561] ? __pfx_lock_acquire+0x10/0x10 [ 667.113702][ T9561] vm_mmap_pgoff+0x1dd/0x3d0 [ 667.118328][ T9561] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 667.123469][ T9561] ? __fget_files+0x29/0x470 [ 667.128093][ T9561] ? __fget_files+0x3f3/0x470 [ 667.132797][ T9561] ? __fget_files+0x29/0x470 [ 667.137430][ T9561] ksys_mmap_pgoff+0x4eb/0x720 [ 667.142236][ T9561] ? __x64_sys_mmap+0x7f/0x140 [ 667.147044][ T9561] do_syscall_64+0xf3/0x230 [ 667.151586][ T9561] ? clear_bhb_loop+0x35/0x90 [ 667.156291][ T9561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.162212][ T9561] RIP: 0033:0x7f513af7def9 [ 667.166659][ T9561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.186286][ T9561] RSP: 002b:00007f513bdbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 667.194730][ T9561] RAX: ffffffffffffffda RBX: 00007f513b135f80 RCX: 00007f513af7def9 [ 667.202762][ T9561] RDX: 0000000001000007 RSI: 0000000000b36000 RDI: 0000000020000000 [ 667.210766][ T9561] RBP: 00007f513bdbe090 R08: 0000000000000004 R09: 0000000000000000 [ 667.219073][ T9561] R10: 0000000000038011 R11: 0000000000000246 R12: 0000000000000001 [ 667.227078][ T9561] R13: 0000000000000000 R14: 00007f513b135f80 R15: 00007ffe32813258 [ 667.235106][ T9561] [ 668.591155][ T5679] steelseries 0003:1038:12B6.000F: unbalanced delimiter at end of report description [ 668.627788][ T5679] steelseries 0003:1038:12B6.000F: probe with driver steelseries failed with error -22 [ 668.805969][ T9036] usb 4-1: USB disconnect, device number 12 [ 669.564053][ T9596] FAULT_INJECTION: forcing a failure. [ 669.564053][ T9596] name failslab, interval 1, probability 0, space 0, times 0 [ 669.627961][ T9596] CPU: 1 UID: 0 PID: 9596 Comm: syz.3.775 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 669.638259][ T9596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 669.648344][ T9596] Call Trace: [ 669.651735][ T9596] [ 669.654697][ T9596] dump_stack_lvl+0x241/0x360 [ 669.659435][ T9596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 669.664673][ T9596] ? __pfx__printk+0x10/0x10 [ 669.669303][ T9596] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 669.675320][ T9596] ? __pfx___might_resched+0x10/0x10 [ 669.680648][ T9596] should_fail_ex+0x3b0/0x4e0 [ 669.685370][ T9596] should_failslab+0xac/0x100 [ 669.690093][ T9596] ? __alloc_skb+0x1c3/0x440 [ 669.694732][ T9596] kmem_cache_alloc_node_noprof+0x71/0x320 [ 669.700593][ T9596] __alloc_skb+0x1c3/0x440 [ 669.705055][ T9596] ? __pfx___alloc_skb+0x10/0x10 [ 669.710060][ T9596] ? netlink_ack_tlv_len+0x6e/0x200 [ 669.715307][ T9596] netlink_ack+0x13f/0xa30 [ 669.719774][ T9596] ? __pfx_lock_acquire+0x10/0x10 [ 669.724867][ T9596] ? __pfx_ip_vs_genl_set_cmd+0x10/0x10 [ 669.730471][ T9596] netlink_rcv_skb+0x262/0x430 [ 669.735280][ T9596] ? __pfx_genl_rcv_msg+0x10/0x10 [ 669.740344][ T9596] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 669.745671][ T9596] ? __netlink_deliver_tap+0x77e/0x7c0 [ 669.751147][ T9596] genl_rcv+0x28/0x40 [ 669.755125][ T9596] netlink_unicast+0x7f6/0x990 [ 669.759896][ T9596] ? __pfx_netlink_unicast+0x10/0x10 [ 669.765178][ T9596] ? __virt_addr_valid+0x183/0x530 [ 669.770299][ T9596] ? __check_object_size+0x49c/0x900 [ 669.775614][ T9596] netlink_sendmsg+0x8e4/0xcb0 [ 669.780392][ T9596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 669.785699][ T9596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 669.790996][ T9596] __sock_sendmsg+0x221/0x270 [ 669.795681][ T9596] ____sys_sendmsg+0x52a/0x7e0 [ 669.800466][ T9596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 669.805783][ T9596] __sys_sendmsg+0x2aa/0x390 [ 669.810389][ T9596] ? __pfx___sys_sendmsg+0x10/0x10 [ 669.815509][ T9596] ? vfs_write+0x7bf/0xc90 [ 669.819948][ T9596] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 669.826279][ T9596] ? do_syscall_64+0x100/0x230 [ 669.831047][ T9596] ? do_syscall_64+0xb6/0x230 [ 669.835727][ T9596] do_syscall_64+0xf3/0x230 [ 669.840234][ T9596] ? clear_bhb_loop+0x35/0x90 [ 669.844913][ T9596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.850820][ T9596] RIP: 0033:0x7fa490f7def9 [ 669.855241][ T9596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.874867][ T9596] RSP: 002b:00007fa491d6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 669.883329][ T9596] RAX: ffffffffffffffda RBX: 00007fa491135f80 RCX: 00007fa490f7def9 [ 669.891311][ T9596] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 669.899275][ T9596] RBP: 00007fa491d6c090 R08: 0000000000000000 R09: 0000000000000000 [ 669.907245][ T9596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 669.915217][ T9596] R13: 0000000000000000 R14: 00007fa491135f80 R15: 00007ffeaf82d598 [ 669.923198][ T9596] [ 670.246035][ T9612] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ÿÿÿÿ [ 670.830180][ T9629] netlink: 'syz.3.785': attribute type 10 has an invalid length. [ 670.846242][ T9629] team0: Device ipvlan1 failed to register rx_handler [ 670.895052][ T9629] netlink: 24 bytes leftover after parsing attributes in process `syz.3.785'. [ 670.936379][ T9629] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 670.956575][ T9630] netlink: 8 bytes leftover after parsing attributes in process `syz.1.784'. [ 671.232785][ T9636] netlink: 8 bytes leftover after parsing attributes in process `syz.3.786'. [ 673.123490][ T9036] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 674.110585][ T9036] usb 3-1: config 0 has no interfaces? [ 674.134383][ T9036] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 674.153462][ T9036] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.161488][ T9036] usb 3-1: Product: syz [ 674.223468][ T9036] usb 3-1: Manufacturer: syz [ 674.228128][ T9036] usb 3-1: SerialNumber: syz [ 674.274425][ T9680] netlink: 'syz.1.797': attribute type 10 has an invalid length. [ 674.315654][ T9680] team0: Device ipvlan1 failed to register rx_handler [ 674.337494][ T9681] netlink: 24 bytes leftover after parsing attributes in process `syz.1.797'. [ 674.362579][ T9036] usb 3-1: config 0 descriptor?? [ 674.452839][ T9681] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 675.075882][ T5267] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 675.267995][ T5267] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 676.225077][ T5267] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.284941][ T5267] usb 4-1: config 0 descriptor?? [ 676.995839][ T9039] usb 3-1: USB disconnect, device number 16 [ 677.266938][ T5267] usb 4-1: Cannot set autoneg [ 677.271837][ T5267] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 678.728529][ T9733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.811'. [ 678.752865][ T5267] usb 4-1: USB disconnect, device number 13 [ 679.148326][ T9736] netlink: 'syz.4.813': attribute type 10 has an invalid length. [ 679.185432][ T9736] team0: Device ipvlan1 failed to register rx_handler [ 679.331826][ T9736] netlink: 24 bytes leftover after parsing attributes in process `syz.4.813'. [ 679.354767][ T9736] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 680.871186][ T9781] FAULT_INJECTION: forcing a failure. [ 680.871186][ T9781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 680.871269][ T9781] [ 680.871275][ T9781] ====================================================== [ 680.871282][ T9781] WARNING: possible circular locking dependency detected [ 680.871291][ T9781] 6.11.0-syzkaller-04557-g2f27fce67173 #0 Not tainted [ 680.871301][ T9781] ------------------------------------------------------ [ 680.871308][ T9781] syz.2.826/9781 is trying to acquire lock: [ 680.871317][ T9781] ffffffff8e6140d8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x20/0xa0 [ 680.871368][ T9781] [ 680.871368][ T9781] but task is already holding lock: [ 680.871373][ T9781] ffff8880b893e718 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 680.871409][ T9781] [ 680.871409][ T9781] which lock already depends on the new lock. [ 680.871409][ T9781] [ 680.871413][ T9781] [ 680.871413][ T9781] the existing dependency chain (in reverse order) is: [ 680.871418][ T9781] [ 680.871418][ T9781] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 680.871437][ T9781] lock_acquire+0x1ed/0x550 [ 680.871457][ T9781] _raw_spin_lock_nested+0x31/0x40 [ 680.871475][ T9781] raw_spin_rq_lock_nested+0x2a/0x140 [ 680.871493][ T9781] task_fork_fair+0x61/0x1e0 [ 680.871513][ T9781] sched_cgroup_fork+0x37c/0x410 [ 680.871525][ T9781] copy_process+0x2217/0x3dc0 [ 680.871544][ T9781] kernel_clone+0x223/0x880 [ 680.871563][ T9781] user_mode_thread+0x132/0x1a0 [ 680.871583][ T9781] rest_init+0x23/0x300 [ 680.871595][ T9781] start_kernel+0x47f/0x500 [ 680.871611][ T9781] x86_64_start_reservations+0x2a/0x30 [ 680.871631][ T9781] x86_64_start_kernel+0x9f/0xa0 [ 680.871649][ T9781] common_startup_64+0x13e/0x147 [ 680.871665][ T9781] [ 680.871665][ T9781] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 680.871683][ T9781] lock_acquire+0x1ed/0x550 [ 680.871701][ T9781] _raw_spin_lock_irqsave+0xd5/0x120 [ 680.871716][ T9781] try_to_wake_up+0xb0/0x1470 [ 680.871737][ T9781] up+0x72/0x90 [ 680.871754][ T9781] __console_unlock+0x123/0x1f0 [ 680.871770][ T9781] console_unlock+0x18f/0x3b0 [ 680.871784][ T9781] vprintk_emit+0x730/0xa10 [ 680.871797][ T9781] _printk+0xd5/0x120 [ 680.871814][ T9781] bt_warn+0x127/0x180 [ 680.871829][ T9781] hci_cmd_complete_evt+0x3ef/0x8b0 [ 680.871844][ T9781] hci_event_packet+0xa55/0x1540 [ 680.871856][ T9781] hci_rx_work+0x3e8/0xca0 [ 680.871870][ T9781] process_scheduled_works+0xa2c/0x1830 [ 680.871888][ T9781] worker_thread+0x870/0xd30 [ 680.871906][ T9781] kthread+0x2f0/0x390 [ 680.871918][ T9781] ret_from_fork+0x4b/0x80 [ 680.871937][ T9781] ret_from_fork_asm+0x1a/0x30 [ 680.871957][ T9781] [ 680.871957][ T9781] -> #0 ((console_sem).lock){-...}-{2:2}: [ 680.871975][ T9781] validate_chain+0x18ef/0x5920 [ 680.871989][ T9781] __lock_acquire+0x1384/0x2050 [ 680.872007][ T9781] lock_acquire+0x1ed/0x550 [ 680.872025][ T9781] _raw_spin_lock_irqsave+0xd5/0x120 [ 680.872040][ T9781] down_trylock+0x20/0xa0 [ 680.872059][ T9781] __down_trylock_console_sem+0x109/0x250 [ 680.872081][ T9781] vprintk_emit+0x3d7/0xa10 [ 680.872094][ T9781] _printk+0xd5/0x120 [ 680.872110][ T9781] should_fail_ex+0x391/0x4e0 [ 680.872129][ T9781] strncpy_from_user+0x36/0x2e0 [ 680.872146][ T9781] strncpy_from_user_nofault+0x71/0x140 [ 680.872162][ T9781] bpf_probe_read_user_str+0x2a/0x70 [ 680.872176][ T9781] bpf_prog_bc7c5c6b9645592f+0x3d/0x3f [ 680.872187][ T9781] bpf_trace_run4+0x334/0x590 [ 680.872205][ T9781] __traceiter_sched_switch+0x98/0xd0 [ 680.872220][ T9781] __schedule+0x253f/0x4a10 [ 680.872235][ T9781] preempt_schedule_irq+0xfb/0x1c0 [ 680.872251][ T9781] irqentry_exit+0x5e/0x90 [ 680.872268][ T9781] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 680.872286][ T9781] __kasan_check_read+0x0/0x20 [ 680.872302][ T9781] __zone_watermark_ok+0x94/0x400 [ 680.872320][ T9781] zone_watermark_fast+0x170/0x240 [ 680.872338][ T9781] get_page_from_freelist+0x4ee/0x2f10 [ 680.872357][ T9781] __alloc_pages_noprof+0x256/0x6c0 [ 680.872376][ T9781] alloc_pages_mpol_noprof+0x3e8/0x680 [ 680.872396][ T9781] skb_page_frag_refill+0x158/0x2f0 [ 680.872410][ T9781] mptcp_sendmsg+0x94b/0x1b10 [ 680.872429][ T9781] __sock_sendmsg+0x1a6/0x270 [ 680.872444][ T9781] __sys_sendto+0x398/0x4f0 [ 680.872462][ T9781] __x64_sys_sendto+0xde/0x100 [ 680.872480][ T9781] do_syscall_64+0xf3/0x230 [ 680.872499][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.872515][ T9781] [ 680.872515][ T9781] other info that might help us debug this: [ 680.872515][ T9781] [ 680.872520][ T9781] Chain exists of: [ 680.872520][ T9781] (console_sem).lock --> &p->pi_lock --> &rq->__lock [ 680.872520][ T9781] [ 680.872542][ T9781] Possible unsafe locking scenario: [ 680.872542][ T9781] [ 680.872546][ T9781] CPU0 CPU1 [ 680.872550][ T9781] ---- ---- [ 680.872554][ T9781] lock(&rq->__lock); [ 680.872563][ T9781] lock(&p->pi_lock); [ 680.872573][ T9781] lock(&rq->__lock); [ 680.872583][ T9781] lock((console_sem).lock); [ 680.872592][ T9781] [ 680.872592][ T9781] *** DEADLOCK *** [ 680.872592][ T9781] [ 680.872595][ T9781] 3 locks held by syz.2.826/9781: [ 680.872604][ T9781] #0: ffff88804e1c3258 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x153/0x1b10 [ 680.872641][ T9781] #1: ffff8880b893e718 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 680.872678][ T9781] #2: ffffffff8e738a60 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x244/0x590 [ 680.872715][ T9781] [ 680.872715][ T9781] stack backtrace: [ 680.872721][ T9781] CPU: 1 UID: 0 PID: 9781 Comm: syz.2.826 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 680.872737][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 680.872746][ T9781] Call Trace: [ 680.872751][ T9781] [ 680.872758][ T9781] dump_stack_lvl+0x241/0x360 [ 680.872779][ T9781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 680.872800][ T9781] ? __pfx__printk+0x10/0x10 [ 680.872823][ T9781] print_circular_bug+0x13a/0x1b0 [ 680.872840][ T9781] check_noncircular+0x36a/0x4a0 [ 680.872856][ T9781] ? __pfx_check_noncircular+0x10/0x10 [ 680.872872][ T9781] ? lockdep_lock+0x123/0x2b0 [ 680.872895][ T9781] validate_chain+0x18ef/0x5920 [ 680.872917][ T9781] ? __pfx_validate_chain+0x10/0x10 [ 680.872931][ T9781] ? __pfx_prb_first_seq+0x10/0x10 [ 680.872950][ T9781] ? this_cpu_in_panic+0x4f/0x80 [ 680.872963][ T9781] ? _prb_read_valid+0xa39/0xac0 [ 680.872982][ T9781] ? mark_lock+0x9a/0x360 [ 680.873005][ T9781] __lock_acquire+0x1384/0x2050 [ 680.873030][ T9781] lock_acquire+0x1ed/0x550 [ 680.873050][ T9781] ? down_trylock+0x20/0xa0 [ 680.873074][ T9781] ? __pfx_desc_update_last_finalized+0x10/0x10 [ 680.873090][ T9781] ? __pfx_lock_acquire+0x10/0x10 [ 680.873110][ T9781] ? rcu_is_watching+0x15/0xb0 [ 680.873126][ T9781] ? vprintk_store+0xd3e/0x1160 [ 680.873145][ T9781] _raw_spin_lock_irqsave+0xd5/0x120 [ 680.873161][ T9781] ? down_trylock+0x20/0xa0 [ 680.873181][ T9781] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 680.873197][ T9781] ? llist_add_batch+0x143/0x270 [ 680.873222][ T9781] down_trylock+0x20/0xa0 [ 680.873243][ T9781] __down_trylock_console_sem+0x109/0x250 [ 680.873260][ T9781] ? _printk+0xd5/0x120 [ 680.873278][ T9781] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 680.873304][ T9781] ? this_cpu_in_panic+0x4f/0x80 [ 680.873318][ T9781] ? is_printk_legacy_deferred+0x43/0x50 [ 680.873339][ T9781] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 680.873357][ T9781] vprintk_emit+0x3d7/0xa10 [ 680.873372][ T9781] ? __pfx_vprintk_emit+0x10/0x10 [ 680.873394][ T9781] _printk+0xd5/0x120 [ 680.873413][ T9781] ? __pfx__printk+0x10/0x10 [ 680.873436][ T9781] should_fail_ex+0x391/0x4e0 [ 680.873457][ T9781] strncpy_from_user+0x36/0x2e0 [ 680.873477][ T9781] strncpy_from_user_nofault+0x71/0x140 [ 680.873495][ T9781] bpf_probe_read_user_str+0x2a/0x70 [ 680.873510][ T9781] ? bpf_trace_run4+0x244/0x590 [ 680.873528][ T9781] bpf_prog_bc7c5c6b9645592f+0x3d/0x3f [ 680.873540][ T9781] bpf_trace_run4+0x334/0x590 [ 680.873559][ T9781] ? rcu_read_lock_sched_held+0x8d/0x130 [ 680.873574][ T9781] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 680.873590][ T9781] ? __pfx_bpf_trace_run4+0x10/0x10 [ 680.873611][ T9781] ? __pfx_probe_sched_switch+0x10/0x10 [ 680.873632][ T9781] ? tracing_record_taskinfo_sched_switch+0x7b/0x390 [ 680.873652][ T9781] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 680.873667][ T9781] __traceiter_sched_switch+0x98/0xd0 [ 680.873683][ T9781] __schedule+0x253f/0x4a10 [ 680.873707][ T9781] ? __pfx___schedule+0x10/0x10 [ 680.873724][ T9781] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 680.873748][ T9781] ? preempt_schedule_irq+0xf0/0x1c0 [ 680.873767][ T9781] preempt_schedule_irq+0xfb/0x1c0 [ 680.873784][ T9781] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 680.873807][ T9781] irqentry_exit+0x5e/0x90 [ 680.873825][ T9781] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 680.873843][ T9781] RIP: 0010:__kasan_check_read+0x0/0x20 [ 680.873861][ T9781] Code: 8d 4c 89 fe e8 e1 bd b9 09 31 db eb d0 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 89 f6 48 8b 0c 24 31 d2 e9 6f e6 ff ff 66 2e 0f 1f 84 [ 680.873874][ T9781] RSP: 0018:ffffc900167475b0 EFLAGS: 00000246 [ 680.873886][ T9781] RAX: 1ffff11027fff5d5 RBX: 0000000000000901 RCX: dffffc0000000000 [ 680.873897][ T9781] RDX: ffff88813fffae80 RSI: 0000000000000008 RDI: ffff88813fffb550 [ 680.873908][ T9781] RBP: 0000000000000003 R08: 0000000000000901 R09: 0000000000000003 [ 680.873917][ T9781] R10: dffffc0000000000 R11: ffffed1027fff6a1 R12: 0000000000000007 [ 680.873928][ T9781] R13: ffff88813fffb550 R14: 0000000000000003 R15: 0000000000000003 [ 680.873943][ T9781] __zone_watermark_ok+0x94/0x400 [ 680.873964][ T9781] zone_watermark_fast+0x170/0x240 [ 680.873985][ T9781] get_page_from_freelist+0x4ee/0x2f10 [ 680.874013][ T9781] ? __pfx___schedule+0x10/0x10 [ 680.874033][ T9781] ? prepare_alloc_pages+0x369/0x5d0 [ 680.874056][ T9781] __alloc_pages_noprof+0x256/0x6c0 [ 680.874084][ T9781] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 680.874107][ T9781] ? irqentry_exit+0x63/0x90 [ 680.874129][ T9781] alloc_pages_mpol_noprof+0x3e8/0x680 [ 680.874152][ T9781] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 680.874174][ T9781] ? mptcp_sendmsg+0x153/0x1b10 [ 680.874193][ T9781] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 680.874213][ T9781] ? alloc_pages_noprof+0xef/0x170 [ 680.874235][ T9781] skb_page_frag_refill+0x158/0x2f0 [ 680.874251][ T9781] mptcp_sendmsg+0x94b/0x1b10 [ 680.874279][ T9781] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 680.874298][ T9781] ? sock_rps_record_flow+0x1a/0x400 [ 680.874317][ T9781] ? inet_sendmsg+0x330/0x390 [ 680.874336][ T9781] __sock_sendmsg+0x1a6/0x270 [ 680.874354][ T9781] __sys_sendto+0x398/0x4f0 [ 680.874375][ T9781] ? __pfx___sys_sendto+0x10/0x10 [ 680.874403][ T9781] ? lockdep_hardirqs_on+0x99/0x150 [ 680.874426][ T9781] __x64_sys_sendto+0xde/0x100 [ 680.874448][ T9781] do_syscall_64+0xf3/0x230 [ 680.874467][ T9781] ? clear_bhb_loop+0x35/0x90 [ 680.874486][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.874503][ T9781] RIP: 0033:0x7efd2ef7def9 [ 680.874514][ T9781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 680.874526][ T9781] RSP: 002b:00007efd2fd1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 680.874540][ T9781] RAX: ffffffffffffffda RBX: 00007efd2f136130 RCX: 00007efd2ef7def9 [ 680.874551][ T9781] RDX: 0000000000000006 RSI: 0000000020000100 RDI: 0000000000000003 [ 680.874560][ T9781] RBP: 00007efd2fd1a090 R08: 0000000000000000 R09: 0000000000000000 [ 680.874569][ T9781] R10: 0000000004040004 R11: 0000000000000246 R12: 0000000000000001 [ 680.874578][ T9781] R13: 0000000000000000 R14: 00007efd2f136130 R15: 00007ffc9740bf68 [ 680.874594][ T9781] [ 682.026943][ T9781] CPU: 1 UID: 0 PID: 9781 Comm: syz.2.826 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 682.037259][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 682.047309][ T9781] Call Trace: [ 682.050573][ T9781] [ 682.053500][ T9781] dump_stack_lvl+0x241/0x360 [ 682.058175][ T9781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 682.063358][ T9781] ? __pfx__printk+0x10/0x10 [ 682.067950][ T9781] should_fail_ex+0x3b0/0x4e0 [ 682.072636][ T9781] strncpy_from_user+0x36/0x2e0 [ 682.077475][ T9781] strncpy_from_user_nofault+0x71/0x140 [ 682.083009][ T9781] bpf_probe_read_user_str+0x2a/0x70 [ 682.088278][ T9781] ? bpf_trace_run4+0x244/0x590 [ 682.093115][ T9781] bpf_prog_bc7c5c6b9645592f+0x3d/0x3f [ 682.098575][ T9781] bpf_trace_run4+0x334/0x590 [ 682.103243][ T9781] ? rcu_read_lock_sched_held+0x8d/0x130 [ 682.108860][ T9781] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 682.114911][ T9781] ? __pfx_bpf_trace_run4+0x10/0x10 [ 682.120101][ T9781] ? __pfx_probe_sched_switch+0x10/0x10 [ 682.125639][ T9781] ? tracing_record_taskinfo_sched_switch+0x7b/0x390 [ 682.132307][ T9781] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 682.138354][ T9781] __traceiter_sched_switch+0x98/0xd0 [ 682.143724][ T9781] __schedule+0x253f/0x4a10 [ 682.148230][ T9781] ? __pfx___schedule+0x10/0x10 [ 682.153070][ T9781] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 682.159046][ T9781] ? preempt_schedule_irq+0xf0/0x1c0 [ 682.164316][ T9781] preempt_schedule_irq+0xfb/0x1c0 [ 682.169412][ T9781] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 682.175123][ T9781] irqentry_exit+0x5e/0x90 [ 682.179545][ T9781] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 682.184999][ T9781] RIP: 0010:__kasan_check_read+0x0/0x20 [ 682.190542][ T9781] Code: 8d 4c 89 fe e8 e1 bd b9 09 31 db eb d0 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 89 f6 48 8b 0c 24 31 d2 e9 6f e6 ff ff 66 2e 0f 1f 84 [ 682.210132][ T9781] RSP: 0018:ffffc900167475b0 EFLAGS: 00000246 [ 682.216193][ T9781] RAX: 1ffff11027fff5d5 RBX: 0000000000000901 RCX: dffffc0000000000 [ 682.224149][ T9781] RDX: ffff88813fffae80 RSI: 0000000000000008 RDI: ffff88813fffb550 [ 682.232111][ T9781] RBP: 0000000000000003 R08: 0000000000000901 R09: 0000000000000003 [ 682.240066][ T9781] R10: dffffc0000000000 R11: ffffed1027fff6a1 R12: 0000000000000007 [ 682.248025][ T9781] R13: ffff88813fffb550 R14: 0000000000000003 R15: 0000000000000003 [ 682.256003][ T9781] __zone_watermark_ok+0x94/0x400 [ 682.261017][ T9781] zone_watermark_fast+0x170/0x240 [ 682.266120][ T9781] get_page_from_freelist+0x4ee/0x2f10 [ 682.271581][ T9781] ? __pfx___schedule+0x10/0x10 [ 682.276422][ T9781] ? prepare_alloc_pages+0x369/0x5d0 [ 682.281693][ T9781] __alloc_pages_noprof+0x256/0x6c0 [ 682.286882][ T9781] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 682.292606][ T9781] ? irqentry_exit+0x63/0x90 [ 682.297183][ T9781] alloc_pages_mpol_noprof+0x3e8/0x680 [ 682.302631][ T9781] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 682.308597][ T9781] ? mptcp_sendmsg+0x153/0x1b10 [ 682.313435][ T9781] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 682.319138][ T9781] ? alloc_pages_noprof+0xef/0x170 [ 682.324237][ T9781] skb_page_frag_refill+0x158/0x2f0 [ 682.329418][ T9781] mptcp_sendmsg+0x94b/0x1b10 [ 682.334088][ T9781] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 682.339186][ T9781] ? sock_rps_record_flow+0x1a/0x400 [ 682.344470][ T9781] ? inet_sendmsg+0x330/0x390 [ 682.349135][ T9781] __sock_sendmsg+0x1a6/0x270 [ 682.353813][ T9781] __sys_sendto+0x398/0x4f0 [ 682.358309][ T9781] ? __pfx___sys_sendto+0x10/0x10 [ 682.363348][ T9781] ? lockdep_hardirqs_on+0x99/0x150 [ 682.368549][ T9781] __x64_sys_sendto+0xde/0x100 [ 682.373306][ T9781] do_syscall_64+0xf3/0x230 [ 682.377797][ T9781] ? clear_bhb_loop+0x35/0x90 [ 682.382464][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.388345][ T9781] RIP: 0033:0x7efd2ef7def9 [ 682.392743][ T9781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.412336][ T9781] RSP: 002b:00007efd2fd1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 682.420753][ T9781] RAX: ffffffffffffffda RBX: 00007efd2f136130 RCX: 00007efd2ef7def9 [ 682.428710][ T9781] RDX: 0000000000000006 RSI: 0000000020000100 RDI: 0000000000000003 [ 682.436664][ T9781] RBP: 00007efd2fd1a090 R08: 0000000000000000 R09: 0000000000000000 [ 682.444619][ T9781] R10: 0000000004040004 R11: 0000000000000246 R12: 0000000000000001 [ 682.452574][ T9781] R13: 0000000000000000 R14: 00007efd2f136130 R15: 00007ffc9740bf68 [ 682.460534][ T9781] [ 685.696690][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.703006][ T1269] ieee802154 phy1 wpan1: encryption failed: -22