last executing test programs: 3m11.642855406s ago: executing program 2 (id=202): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9d85}, &(0x7f0000000440)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x100440, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="f80000000103000000000000000000000a0000020c000200fffffffc000000082c001380060002400002000006000240000300000600014088a8000006000240ff56000006000240000100000c000200000000000000000983000a002fb1280108ef5825185ddc185adee731cb9f4fb6f1f0922afd2ee6d717dfe126260656c66335bab0c15956bc953c0baf3f56942082227dacdf2cccaca9e98727c262dc59c2ce85c20cae01aece341ad6f38997b62a33504ad6e2887284a200000c001305e12ea14088a8000028000b8008000840000000081c001980080001001202000008000200fc0e0000080002001000000008000340000070cf"], 0xf8}, 0x1, 0x0, 0x0, 0x4008811}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000001940)={0x4, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0x2, 0xee, &(0x7f0000000680)=""/238}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = socket(0x200000100000011, 0x803, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000340)=0x1) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) write$binfmt_aout(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="90030ec29ad0d72204000e210806000108000604000180b572da3e9647000000ae513569487147"], 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='fdb_delete\x00', r6}, 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 2m45.279567659s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a6850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) modify_ldt$write(0x1, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 2m28.5063586s ago: executing program 2 (id=202): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9d85}, &(0x7f0000000440)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x100440, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="f80000000103000000000000000000000a0000020c000200fffffffc000000082c001380060002400002000006000240000300000600014088a8000006000240ff56000006000240000100000c000200000000000000000983000a002fb1280108ef5825185ddc185adee731cb9f4fb6f1f0922afd2ee6d717dfe126260656c66335bab0c15956bc953c0baf3f56942082227dacdf2cccaca9e98727c262dc59c2ce85c20cae01aece341ad6f38997b62a33504ad6e2887284a200000c001305e12ea14088a8000028000b8008000840000000081c001980080001001202000008000200fc0e0000080002001000000008000340000070cf"], 0xf8}, 0x1, 0x0, 0x0, 0x4008811}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000001940)={0x4, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0x2, 0xee, &(0x7f0000000680)=""/238}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = socket(0x200000100000011, 0x803, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000340)=0x1) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) write$binfmt_aout(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="90030ec29ad0d72204000e210806000108000604000180b572da3e9647000000ae513569487147"], 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='fdb_delete\x00', r6}, 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 2m10.386219837s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a6850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) modify_ldt$write(0x1, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 1m53.802019313s ago: executing program 2 (id=202): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9d85}, &(0x7f0000000440)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x100440, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="f80000000103000000000000000000000a0000020c000200fffffffc000000082c001380060002400002000006000240000300000600014088a8000006000240ff56000006000240000100000c000200000000000000000983000a002fb1280108ef5825185ddc185adee731cb9f4fb6f1f0922afd2ee6d717dfe126260656c66335bab0c15956bc953c0baf3f56942082227dacdf2cccaca9e98727c262dc59c2ce85c20cae01aece341ad6f38997b62a33504ad6e2887284a200000c001305e12ea14088a8000028000b8008000840000000081c001980080001001202000008000200fc0e0000080002001000000008000340000070cf"], 0xf8}, 0x1, 0x0, 0x0, 0x4008811}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000001940)={0x4, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0x2, 0xee, &(0x7f0000000680)=""/238}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = socket(0x200000100000011, 0x803, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000340)=0x1) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) write$binfmt_aout(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="90030ec29ad0d72204000e210806000108000604000180b572da3e9647000000ae513569487147"], 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='fdb_delete\x00', r6}, 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 1m20.020822139s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a6850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) modify_ldt$write(0x1, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 1m15.983445352s ago: executing program 2 (id=202): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9d85}, &(0x7f0000000440)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x100440, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="f80000000103000000000000000000000a0000020c000200fffffffc000000082c001380060002400002000006000240000300000600014088a8000006000240ff56000006000240000100000c000200000000000000000983000a002fb1280108ef5825185ddc185adee731cb9f4fb6f1f0922afd2ee6d717dfe126260656c66335bab0c15956bc953c0baf3f56942082227dacdf2cccaca9e98727c262dc59c2ce85c20cae01aece341ad6f38997b62a33504ad6e2887284a200000c001305e12ea14088a8000028000b8008000840000000081c001980080001001202000008000200fc0e0000080002001000000008000340000070cf"], 0xf8}, 0x1, 0x0, 0x0, 0x4008811}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000001940)={0x4, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0x2, 0xee, &(0x7f0000000680)=""/238}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = socket(0x200000100000011, 0x803, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000340)=0x1) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) write$binfmt_aout(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="90030ec29ad0d72204000e210806000108000604000180b572da3e9647000000ae513569487147"], 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='fdb_delete\x00', r6}, 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 45.424738034s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a6850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) modify_ldt$write(0x1, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 44.288033092s ago: executing program 2 (id=202): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9d85}, &(0x7f0000000440)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x100440, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="f80000000103000000000000000000000a0000020c000200fffffffc000000082c001380060002400002000006000240000300000600014088a8000006000240ff56000006000240000100000c000200000000000000000983000a002fb1280108ef5825185ddc185adee731cb9f4fb6f1f0922afd2ee6d717dfe126260656c66335bab0c15956bc953c0baf3f56942082227dacdf2cccaca9e98727c262dc59c2ce85c20cae01aece341ad6f38997b62a33504ad6e2887284a200000c001305e12ea14088a8000028000b8008000840000000081c001980080001001202000008000200fc0e0000080002001000000008000340000070cf"], 0xf8}, 0x1, 0x0, 0x0, 0x4008811}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000001940)={0x4, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0x2, 0xee, &(0x7f0000000680)=""/238}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = socket(0x200000100000011, 0x803, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000340)=0x1) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) write$binfmt_aout(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="90030ec29ad0d72204000e210806000108000604000180b572da3e9647000000ae513569487147"], 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='fdb_delete\x00', r6}, 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 31.810423263s ago: executing program 3 (id=1041): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000008c0)=@ipv6_delrule={0x1c, 0x21, 0x1}, 0x1c}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=@ipv6_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5}]}, 0x24}}, 0x0) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000300)={r1, &(0x7f0000000240), 0x0}, 0x20) 31.433778425s ago: executing program 3 (id=1043): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r3, r2, 0x7, 0x0, 0x0, @void, @value}, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r4, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r4, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0) 31.319674174s ago: executing program 3 (id=1047): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(&(0x7f0000000780), 0x0, 0x0, 0x0, 0xffffffffffffffff) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000040)) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r3, 0x80605414, &(0x7f0000000300)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) openat$binder_debug(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000640)=ANY=[], 0x10}], 0x1}, 0x0) mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz1:', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x4000, &(0x7f0000000240)={[{}]}) prlimit64(r0, 0x3, &(0x7f0000000100)={0x30000, 0x7f6}, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x38}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x50}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x4, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 30.139374198s ago: executing program 3 (id=1048): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x4, 0x6, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 29.220234532s ago: executing program 3 (id=1052): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20040, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xc0}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05"], 0x0) syz_usb_control_io$uac1(r2, &(0x7f0000000280)={0x14, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003040000002203"]}, 0x0) unshare(0x20040600) r3 = openat$vmci(0xffffff9c, &(0x7f0000000200), 0x2, 0x0) ppoll(&(0x7f0000000240)=[{r3}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000b40)={0x2c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0047609e97b5a07660884a364ba7ae2fd0628980a7ab90c83c2d7eea64f71b867c4f816382c743e019e984bf84065b349b257f810e58ed3e7b"], 0x0, 0x0, 0x0}, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x319, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/mdstat\x00', 0x0, 0x0) r6 = dup(r5) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}}) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) clock_settime(0x0, &(0x7f00000000c0)={0x0, 0x3938700}) syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x0, "aa"}]}}, 0x0}, 0x0) 21.433254321s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a6850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) modify_ldt$write(0x1, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 20.955202226s ago: executing program 2 (id=202): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9d85}, &(0x7f0000000440)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x100440, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="f80000000103000000000000000000000a0000020c000200fffffffc000000082c001380060002400002000006000240000300000600014088a8000006000240ff56000006000240000100000c000200000000000000000983000a002fb1280108ef5825185ddc185adee731cb9f4fb6f1f0922afd2ee6d717dfe126260656c66335bab0c15956bc953c0baf3f56942082227dacdf2cccaca9e98727c262dc59c2ce85c20cae01aece341ad6f38997b62a33504ad6e2887284a200000c001305e12ea14088a8000028000b8008000840000000081c001980080001001202000008000200fc0e0000080002001000000008000340000070cf"], 0xf8}, 0x1, 0x0, 0x0, 0x4008811}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000001940)={0x4, 0x0, [{0x2, 0xbd, &(0x7f00000005c0)=""/189}, {0x2, 0xee, &(0x7f0000000680)=""/238}, {0xf000, 0xe4, &(0x7f0000000780)=""/228}, {0x0, 0x0, 0x0}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = socket(0x200000100000011, 0x803, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000340)=0x1) bind$packet(r7, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) write$binfmt_aout(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="90030ec29ad0d72204000e210806000108000604000180b572da3e9647000000ae513569487147"], 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='fdb_delete\x00', r6}, 0x10) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 5.785706569s ago: executing program 0 (id=1114): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) capset(0x0, &(0x7f0000000280)) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1802000000000000000000000000000000000000000000009500000000000000080000000000000040bc4789aa14b77f4b0c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9f, 0x9f, 0x3, [@int={0x9, 0x0, 0x0, 0x1, 0x0, 0x33, 0x0, 0x65, 0x1}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xc, 0x2}, {0xa, 0x5}, {0xd, 0x3}]}, @datasec={0x4, 0x1, 0x0, 0xf, 0x3, [{0x5, 0x101, 0x8}], "00da67"}, @var={0x7, 0x0, 0x0, 0xe, 0x1}, @fwd={0x9}, @var={0xa, 0x0, 0x0, 0xe, 0x2, 0x1}, @ptr={0xd, 0x0, 0x0, 0x2, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x1}}]}, {0x0, [0x5f]}}, &(0x7f0000000640)=""/72, 0xbb, 0x48, 0x0, 0x3, 0x0, @void, @value}, 0x28) r4 = socket(0x1e, 0x4, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x6, &(0x7f0000000780)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc020000000000fcc486ed9e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300", @ANYRESHEX=r5, @ANYBLOB="26fc0eba706263fe895ed8dab56e16f839b6537356c8eb065c"], &(0x7f0000000040)='GPL\x00', 0x5, 0xc9, &(0x7f0000000300)=""/201, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, r3, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r7) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x50}}, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r8 = inotify_init1(0x0) fcntl$setown(r8, 0x8, 0xffffffffffffffff) fcntl$getownex(r8, 0x10, &(0x7f0000000140)={0x0, 0x0}) r10 = syz_open_procfs(r9, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r10, 0x40305839, &(0x7f0000000240)=0x28084) 4.709666446s ago: executing program 0 (id=1116): prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x80000004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x40a25000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) clock_gettime(0x4, &(0x7f0000000300)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000001c0)='i2c_write\x00', r3, 0x0, 0x7fffffffffffffff}, 0x18) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffffa, r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) clock_gettime(0x3, &(0x7f0000000000)) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x3) r7 = socket(0x1e, 0x4, 0x0) connect$tipc(r7, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) 4.113661346s ago: executing program 1 (id=1117): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000300)={0x1, 0x4000, 0x8, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x0, 0x0, 0x0, r2}) r3 = socket$inet(0xa, 0x801, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x468, 0x308, 0x0, 0x308, 0x308, 0x220, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x308}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6, 0x0, 0x48}, 0x0, 0x98, 0xc8, 0x0, {}, [@common=@unspec=@state={{0x28}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x9, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r3, @ANYRES16=0x0, @ANYRESHEX=r0, @ANYRES32=r2, @ANYRES32=r1, @ANYRESDEC, @ANYRES8=r2], &(0x7f0000000000)='GPL\x00', 0x200008, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0xa, &(0x7f0000000300)={0x9}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000500)) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000580)) r4 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = getpid() sched_setscheduler(r7, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000140)="00c2", 0x2, 0xfffffffffffffffd) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='1', 0x1) 3.168705544s ago: executing program 1 (id=1118): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r3, r2, 0x7, 0x0, 0x0, @void, @value}, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r4, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r4, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0) 3.024500304s ago: executing program 1 (id=1119): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x20c00, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000300)={0x48, 0x2, r3}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000180)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0xa, r4, 0x0, r5}) 2.694378356s ago: executing program 1 (id=1120): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000012000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080003"], 0x28}}, 0x0) (fail_nth: 5) 2.553909006s ago: executing program 0 (id=1121): mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x80}]}) syz_open_dev$ttys(0xc, 0x2, 0x1) r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 2.077449923s ago: executing program 0 (id=1122): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00', r0}, 0x10) r1 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x3a) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000002d40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}}], 0x1, 0x0, 0x0) 1.928787738s ago: executing program 0 (id=1123): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x40a25000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000005000000850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10) poll(0x0, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r6}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r7, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @host, 0x0, 0x0, 0x7}) 1.873618285s ago: executing program 1 (id=1124): socket$rds(0x15, 0x5, 0x0) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000004000000060000000500000000100000", @ANYRES32, @ANYBLOB="000000000000000000000000000000f85fcf", @ANYRES64=r1, @ANYRES32], 0x48) 1.586860962s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a6850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) modify_ldt$write(0x1, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 825.508µs ago: executing program 0 (id=1125): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0xffff0f00}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x0, 0x0, 0x6, 0x0, 0x2}]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) read(r3, &(0x7f00000001c0)=""/4096, 0x1000) ioctl$UFFDIO_COPY(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000adb000/0x2000)=nil, &(0x7f0000fee000/0x11000)=nil, 0x2000}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) readahead(r1, 0x7, 0x2f) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000010) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x44, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @broadcast}]}, 0x44}}, 0x0) 478.472µs ago: executing program 1 (id=1126): r0 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080)=0xff, 0x4) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000180)=""/105, 0x69) bind$tipc(r1, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x1, {0x0, 0x1, 0x2}}, 0x10) unshare(0x22020600) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, 0x0, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1800000011140102000000001000000008004b"], 0x18}}, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000980)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000c5000000030000004c0001800d0001007564703a73797a310000000038000400200001000a00000000100000ff0500000000000000000000000000010000000014"], 0x60}}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="020300020e0000002abd70000000000005000600000000000a00000000000000ff010000000000000000000000000001000000000000000002000100000004d50000ed000000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000824260a4e71c2a10a2bc00c74b9c57e650e648654717a68e2ec61c23be4a3d9ba77e0f48db55e4a8c8b460b33e749b789a45a642ed5b7cb879b5b66867502a9fc4a878840d7ae9b2a1b4667ecede718cafbd319a016ed66540cb7a781631cc3f7165b37f8bc7825d961a48f5238a5ffb49d287f1448408cc6d1d6d879f185732905bba2b2e51c3f8adc0f775c1041a62fda6e9269fdfffbb9e4214a0e948df8d6c02d95e6718e75ca92a5266692bb7c6f0874dc227974f06c9e9962ebc1587d5252c358451bfb6fce1cc2006436d9f121dc588e15ebd09398c51820f57282c0b181a3cfefe1ec52a240e4502ee40ffe08b14d23fb5b9948995388c9ff198f1c925d8f54ac2c00e9ec9ed429d079233e65d404028fd06c17d7dfd73af669070217abb34efe4f91f1f184a36e6874cde86ed4764ca13b37049b1a664e78169c22a09691b0a3a66fad51561546d5dc596d876c4d167e84ea222d365be5eecdefcc43cc5a0a0f24395feac816e72a269d568b1506f04095b168c4ea0953ac182bb7ff6a74c455688003eae1c"], 0x70}, 0x1, 0x7}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) fgetxattr(r2, &(0x7f0000000040)=@known='trusted.overlay.nlink\x00', &(0x7f00000000c0)=""/62, 0x3e) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000)=0x5, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="80000fdc2208a1ce", 0x8, 0x0, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r8, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @mcast2}, 0x1c) close(r8) recvmmsg(r0, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 0s ago: executing program 3 (id=1076): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) fcntl$dupfd(r1, 0x0, r1) syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pread64(r2, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1, 0x7fffffff, 0xaa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) getpid() process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000440)=""/57, 0x39}, {&(0x7f0000000380)=""/155, 0x9b}], 0x2, &(0x7f0000000740)=[{&(0x7f00000007c0)=""/107, 0x6b}, {&(0x7f0000000480)=""/120, 0x78}, {&(0x7f0000000500)=""/162, 0xa2}, {&(0x7f0000002b00)=""/4112, 0x1010}, {&(0x7f0000000640)=""/112, 0x70}, {&(0x7f00000006c0)=""/116, 0x74}, {&(0x7f00000005c0)=""/31, 0x1f}], 0x7, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000200)={0x0, 0x1, 0x0, 0xfffffffffffffffd}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(0x0, 0x0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000000)={0x0, r4, 0x0, 0x2}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001040)=ANY=[@ANYBLOB="b702000026000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d250721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b2c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b82ceaeaae9b1713b5fb3832ee68e2b53d44bd84bf6770157e96bbb96b5e1f165c87e7a9a7d53c281d88ebb175a4dbb82130e6870980e47913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bff000000000000000000000000000000000000000000000079aaf19bd1e18f582aac5b83d76bd50eee7c16dfdf09b5783defef3bfa7297512fdcdad18bcf2455bc80394d8f34e2ef84f33038f4b6ef516d7baa99f24f2f100fc46aec"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0x4a, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88caffff0000000000", 0x0, 0x400000ff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): 0: entered promiscuous mode [ 458.093408][T10460] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 458.126046][T10642] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.133140][T10642] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.152236][T10642] bridge_slave_1: entered allmulticast mode [ 458.164049][T10642] bridge_slave_1: entered promiscuous mode [ 458.193431][T10460] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 458.219056][T10460] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 458.295585][T10460] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 458.340422][T10642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 458.409811][T10642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 458.456024][ T4610] Bluetooth: hci5: command tx timeout [ 458.542210][T10642] team0: Port device team_slave_0 added [ 458.564882][T10642] team0: Port device team_slave_1 added [ 458.618487][T10326] veth0_vlan: entered promiscuous mode [ 458.650263][T10326] veth1_vlan: entered promiscuous mode [ 458.664964][ T1131] bridge_slave_1: left allmulticast mode [ 458.676633][ T1131] bridge_slave_1: left promiscuous mode [ 458.682996][T10700] FAULT_INJECTION: forcing a failure. [ 458.682996][T10700] name failslab, interval 1, probability 0, space 0, times 0 [ 458.698416][ T1131] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.707922][ T1131] bridge_slave_0: left allmulticast mode [ 458.713610][ T1131] bridge_slave_0: left promiscuous mode [ 458.723233][ T1131] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.730841][T10700] CPU: 1 UID: 0 PID: 10700 Comm: syz.1.930 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 458.741235][T10700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 458.751335][T10700] Call Trace: [ 458.754628][T10700] [ 458.757572][T10700] dump_stack_lvl+0x241/0x360 [ 458.762275][T10700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 458.767492][T10700] ? __pfx__printk+0x10/0x10 [ 458.772101][T10700] ? __kmalloc_node_noprof+0xb7/0x440 [ 458.777488][T10700] ? __pfx___might_resched+0x10/0x10 [ 458.782800][T10700] should_fail_ex+0x3b0/0x4e0 [ 458.787501][T10700] should_failslab+0xac/0x100 [ 458.792199][T10700] __kmalloc_node_noprof+0xdf/0x440 [ 458.797410][T10700] ? __kvmalloc_node_noprof+0x72/0x190 [ 458.802886][T10700] __kvmalloc_node_noprof+0x72/0x190 [ 458.808189][T10700] bpf_test_run_xdp_live+0x290/0x2160 [ 458.813585][T10700] ? arch_stack_walk+0xfd/0x150 [ 458.818460][T10700] ? stack_trace_save+0x118/0x1d0 [ 458.823501][T10700] ? __lock_acquire+0x1384/0x2050 [ 458.828550][T10700] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 458.834374][T10700] ? mark_lock+0x9a/0x360 [ 458.838780][T10700] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 458.844706][T10700] ? __might_fault+0xaa/0x120 [ 458.849410][T10700] ? __might_fault+0xc6/0x120 [ 458.854115][T10700] ? _copy_from_user+0xa6/0xe0 [ 458.858995][T10700] ? bpf_test_init+0x15a/0x180 [ 458.863782][T10700] ? xdp_convert_md_to_buff+0x5b/0x330 [ 458.869267][T10700] bpf_prog_test_run_xdp+0x805/0x11e0 [ 458.874662][T10700] ? __pfx_lock_release+0x10/0x10 [ 458.879726][T10700] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 458.885553][T10700] ? __fget_files+0x29/0x470 [ 458.890167][T10700] ? fput+0x1a8/0x230 [ 458.894165][T10700] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 458.899993][T10700] bpf_prog_test_run+0x334/0x3b0 [ 458.904952][T10700] __sys_bpf+0x48d/0x810 [ 458.909215][T10700] ? __pfx___sys_bpf+0x10/0x10 [ 458.914003][T10700] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 458.920001][T10700] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 458.926344][T10700] ? do_syscall_64+0x100/0x230 [ 458.931136][T10700] __x64_sys_bpf+0x7c/0x90 [ 458.935569][T10700] do_syscall_64+0xf3/0x230 [ 458.940092][T10700] ? clear_bhb_loop+0x35/0x90 [ 458.944787][T10700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.950695][T10700] RIP: 0033:0x7fe2f0d7def9 [ 458.955125][T10700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.974746][T10700] RSP: 002b:00007fe2f1b56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 458.983198][T10700] RAX: ffffffffffffffda RBX: 00007fe2f0f35f80 RCX: 00007fe2f0d7def9 [ 458.991182][T10700] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a [ 458.999182][T10700] RBP: 00007fe2f1b56090 R08: 0000000000000000 R09: 0000000000000000 [ 459.007182][T10700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.015198][T10700] R13: 0000000000000000 R14: 00007fe2f0f35f80 R15: 00007ffef7fa6008 [ 459.023220][T10700] [ 459.724721][ T1131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 459.743146][ T1131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 459.755333][ T1131] bond0 (unregistering): Released all slaves [ 459.765988][ T943] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 459.804665][T10642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 459.812193][T10642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.846425][T10642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 459.881175][T10642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 459.888845][T10642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.916092][ T943] usb 2-1: Using ep0 maxpacket: 8 [ 459.922209][T10642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.924816][ T943] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 459.966160][ T943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.986210][ T943] usb 2-1: Product: syz [ 459.990625][ T943] usb 2-1: Manufacturer: syz [ 459.995446][ T943] usb 2-1: SerialNumber: syz [ 460.018370][ T943] usb 2-1: config 0 descriptor?? [ 460.048049][T10642] hsr_slave_0: entered promiscuous mode [ 460.065035][T10642] hsr_slave_1: entered promiscuous mode [ 460.072811][T10642] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 460.084113][T10642] Cannot create hsr debugfs directory [ 460.175288][T10326] veth0_macvtap: entered promiscuous mode [ 460.224518][T10326] veth1_macvtap: entered promiscuous mode [ 460.266513][ T943] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 460.315424][T10326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.410892][ T1131] hsr_slave_0: left promiscuous mode [ 460.411075][T10726] xt_TPROXY: Can be used only with -p tcp or -p udp [ 460.424543][ T1131] hsr_slave_1: left promiscuous mode [ 460.447602][ T1131] veth1_macvtap: left promiscuous mode [ 460.453205][ T1131] veth0_macvtap: left promiscuous mode [ 460.459043][ T1131] veth1_vlan: left promiscuous mode [ 460.464384][ T1131] veth0_vlan: left promiscuous mode [ 460.536282][ T4610] Bluetooth: hci5: command tx timeout [ 460.967409][ T943] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 460.997580][ T943] usb 2-1: USB disconnect, device number 34 [ 461.170750][ T1131] team0 (unregistering): Port device team_slave_1 removed [ 461.234935][ T1131] team0 (unregistering): Port device team_slave_0 removed [ 461.349716][T10736] fuse: Bad value for 'user_id' [ 461.355496][T10736] fuse: Bad value for 'user_id' [ 461.459636][ T943] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 461.615995][ T943] usb 2-1: Using ep0 maxpacket: 8 [ 461.636577][ T943] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 461.649633][ T943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.657867][ T943] usb 2-1: Product: syz [ 461.662296][ T943] usb 2-1: Manufacturer: syz [ 461.671431][ T943] usb 2-1: SerialNumber: syz [ 461.691364][ T943] usb 2-1: config 0 descriptor?? [ 461.696544][T10326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.707831][ T943] gspca_main: sq930x-2.14.0 probing 2770:930c [ 461.730031][T10326] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.740459][T10326] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.751520][T10326] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.760963][T10326] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.775085][T10460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.972405][T10460] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.036020][ T5488] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.043176][ T5488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.063547][ T5488] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.071040][ T5488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.118673][T10733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.162643][T10733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.227325][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.239182][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.469932][ T5488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.489031][ T943] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 462.511381][T10460] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 462.529033][ T5488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.541062][T10460] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 462.588673][T10642] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 462.598441][T10642] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 462.617828][ T4610] Bluetooth: hci5: command tx timeout [ 462.965527][T10642] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 463.186472][T10642] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 463.376317][ T943] gspca_sq930x: Unknown sensor [ 463.381217][ T943] sq930x 2-1:0.0: probe with driver sq930x failed with error -22 [ 463.412515][ T943] usb 2-1: USB disconnect, device number 35 [ 463.431013][T10760] FAULT_INJECTION: forcing a failure. [ 463.431013][T10760] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 463.469749][T10760] CPU: 1 UID: 0 PID: 10760 Comm: syz.0.945 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 463.480160][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 463.490263][T10760] Call Trace: [ 463.493581][T10760] [ 463.496552][T10760] dump_stack_lvl+0x241/0x360 [ 463.501294][T10760] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.506555][T10760] ? __pfx__printk+0x10/0x10 [ 463.511203][T10760] ? snprintf+0xda/0x120 [ 463.515494][T10760] should_fail_ex+0x3b0/0x4e0 [ 463.520228][T10760] _copy_to_user+0x2f/0xb0 [ 463.524710][T10760] simple_read_from_buffer+0xca/0x150 [ 463.530153][T10760] proc_fail_nth_read+0x1e9/0x250 [ 463.535228][T10760] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 463.540870][T10760] ? rw_verify_area+0x55e/0x6f0 [ 463.545727][T10760] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 463.551305][T10760] vfs_read+0x201/0xbc0 [ 463.555526][T10760] ? __pfx_vfs_read+0x10/0x10 [ 463.560244][T10760] ? __get_user_nocheck_8+0x20/0x20 [ 463.565532][T10760] ? iommufd_fops_ioctl+0x261/0x5a0 [ 463.570969][T10760] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 463.576570][T10760] ? __fdget_pos+0x265/0x320 [ 463.581322][T10760] ksys_read+0x1a0/0x2c0 [ 463.585620][T10760] ? __pfx_ksys_read+0x10/0x10 [ 463.590443][T10760] ? do_syscall_64+0x100/0x230 [ 463.595271][T10760] ? do_syscall_64+0xb6/0x230 [ 463.600111][T10760] do_syscall_64+0xf3/0x230 [ 463.604819][T10760] ? clear_bhb_loop+0x35/0x90 [ 463.609561][T10760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.615511][T10760] RIP: 0033:0x7f199eb7c93c [ 463.619976][T10760] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 463.639650][T10760] RSP: 002b:00007f199f969030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 463.648119][T10760] RAX: ffffffffffffffda RBX: 00007f199ed35f80 RCX: 00007f199eb7c93c [ 463.656151][T10760] RDX: 000000000000000f RSI: 00007f199f9690a0 RDI: 0000000000000004 [ 463.664261][T10760] RBP: 00007f199f969090 R08: 0000000000000000 R09: 0000000000000000 [ 463.672273][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.680292][T10760] R13: 0000000000000000 R14: 00007f199ed35f80 R15: 00007fffda9adc38 [ 463.688332][T10760] [ 465.644021][T10642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 465.752730][T10460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 465.794232][T10642] 8021q: adding VLAN 0 to HW filter on device team0 [ 466.496014][T10791] syz.1.950: attempt to access beyond end of device [ 466.496014][T10791] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 466.509006][T10791] FAT-fs (loop3): unable to read boot sector [ 466.756652][ T5488] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.763847][ T5488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 466.798705][ T5488] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.805964][ T5488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.935407][T10460] veth0_vlan: entered promiscuous mode [ 467.063164][T10642] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 467.123489][T10642] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 468.026137][T10804] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nbd1": -EINTR [ 468.159847][T10814] xt_TPROXY: Can be used only with -p tcp or -p udp [ 468.193050][ T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.293882][T10460] veth1_vlan: entered promiscuous mode [ 468.360097][ T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.442965][ T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.461764][T10460] veth0_macvtap: entered promiscuous mode [ 468.477846][T10460] veth1_macvtap: entered promiscuous mode [ 468.503684][T10460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.522638][T10460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.541109][T10460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.580892][ T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.619563][T10460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.636469][T10460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.647920][T10460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 468.663051][T10642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.674981][T10460] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.684447][T10460] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.694255][T10460] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.704113][T10460] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.892952][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.915735][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.925716][T10642] veth0_vlan: entered promiscuous mode [ 468.964461][ T52] bridge_slave_1: left allmulticast mode [ 468.981274][ T52] bridge_slave_1: left promiscuous mode [ 468.987786][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.996538][ T52] bridge_slave_0: left allmulticast mode [ 469.002198][ T52] bridge_slave_0: left promiscuous mode [ 469.008767][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.300168][ T5225] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 470.311204][ T5225] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 470.320925][ T5225] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 470.329061][ T5225] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 470.347631][ T5225] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 470.355102][ T5225] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 470.392335][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 470.407153][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 470.419012][ T52] bond0 (unregistering): Released all slaves [ 470.581910][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.606284][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.743684][T10642] veth1_vlan: entered promiscuous mode [ 471.039503][T10642] veth0_macvtap: entered promiscuous mode [ 471.129542][ T52] hsr_slave_0: left promiscuous mode [ 471.146484][ T52] hsr_slave_1: left promiscuous mode [ 471.161940][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 471.185242][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 471.206650][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 471.214173][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.252655][ T52] veth1_macvtap: left promiscuous mode [ 471.258978][ T52] veth0_macvtap: left promiscuous mode [ 471.264673][ T52] veth1_vlan: left promiscuous mode [ 471.270198][ T52] veth0_vlan: left promiscuous mode [ 471.841369][ T52] team0 (unregistering): Port device team_slave_1 removed [ 471.893555][ T52] team0 (unregistering): Port device team_slave_0 removed [ 472.401026][T10642] veth1_macvtap: entered promiscuous mode [ 472.421332][T10642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.433015][T10642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.446042][T10642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 472.456020][ T5225] Bluetooth: hci1: command tx timeout [ 472.485223][T10642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.533296][T10642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.575266][T10642] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 472.689478][T10642] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.699412][T10642] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.708306][T10642] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.717271][T10642] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.898206][ T4610] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 472.909712][T10844] chnl_net:caif_netlink_parms(): no params data found [ 472.916748][ T4610] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 472.950445][ T4610] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 472.965561][ T4610] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 472.988971][ T4610] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 473.001953][ T4610] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 473.074191][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.092398][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.146056][ T9] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 473.212401][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.221332][T10844] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.235554][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.239950][T10844] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.254440][T10844] bridge_slave_0: entered allmulticast mode [ 473.262376][T10844] bridge_slave_0: entered promiscuous mode [ 473.282086][T10844] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.289758][T10844] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.301351][T10844] bridge_slave_1: entered allmulticast mode [ 473.308915][T10844] bridge_slave_1: entered promiscuous mode [ 473.324756][ T9] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 473.349872][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.378039][ T9] usb 2-1: config 0 descriptor?? [ 473.461624][ T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.574510][T10844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 473.632563][ T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.672649][T10844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 473.690921][T10899] xt_TPROXY: Can be used only with -p tcp or -p udp [ 473.715931][ T25] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 473.724559][ T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.740380][ T9] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 473.749207][ T9] [drm] Initialized udl on minor 2 [ 473.768233][T10902] "syz.0.962" (10902) uses obsolete ecb(arc4) skcipher [ 473.853910][ T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.880163][T10844] team0: Port device team_slave_0 added [ 473.895666][T10844] team0: Port device team_slave_1 added [ 473.913245][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 473.928932][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 473.952048][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 473.984136][ T25] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 474.006703][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.024438][ T25] usb 4-1: config 0 descriptor?? [ 474.046802][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 474.065481][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 474.079484][ T9] usb 2-1: USB disconnect, device number 36 [ 474.087566][ T5266] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 474.093096][T10844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 474.099846][ T5266] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 474.123095][T10844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.177181][T10844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 474.192449][T10844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 474.199756][T10844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.229279][T10844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 474.448272][T10844] hsr_slave_0: entered promiscuous mode [ 474.455399][T10844] hsr_slave_1: entered promiscuous mode [ 474.465529][T10844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 474.480993][T10844] Cannot create hsr debugfs directory [ 474.488144][T10876] chnl_net:caif_netlink_parms(): no params data found [ 474.536335][ T5225] Bluetooth: hci1: command tx timeout [ 474.564328][ T25] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 474.614985][ T25] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 474.661451][ T25] prodikeys 0003:041E:2801.0006: item fetching failed at offset 2/5 [ 474.676642][ T25] prodikeys 0003:041E:2801.0006: hid parse failed [ 474.683374][ T25] prodikeys 0003:041E:2801.0006: probe with driver prodikeys failed with error -22 [ 474.745918][ T52] bridge_slave_1: left allmulticast mode [ 474.751640][ T52] bridge_slave_1: left promiscuous mode [ 474.778338][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.833505][ T52] bridge_slave_0: left allmulticast mode [ 474.852118][ T52] bridge_slave_0: left promiscuous mode [ 474.896154][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.998146][ T5268] usb 4-1: USB disconnect, device number 22 [ 475.098825][ T5225] Bluetooth: hci3: command tx timeout [ 476.617889][ T5225] Bluetooth: hci1: command tx timeout [ 477.176369][ T4610] Bluetooth: hci3: command tx timeout [ 477.704116][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 477.754398][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 477.800495][ T52] bond0 (unregistering): Released all slaves [ 478.719359][T10972] xt_TPROXY: Can be used only with -p tcp or -p udp [ 478.785907][ T4610] Bluetooth: hci1: command tx timeout [ 478.842041][T10876] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.866866][T10972] "syz.3.973" (10972) uses obsolete ecb(arc4) skcipher [ 478.893856][T10876] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.908729][T10876] bridge_slave_0: entered allmulticast mode [ 478.931408][T10876] bridge_slave_0: entered promiscuous mode [ 479.051084][T10876] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.072439][T10876] bridge0: port 2(bridge_slave_1) entered disabled state [ 479.080405][T10876] bridge_slave_1: entered allmulticast mode [ 479.088398][T10876] bridge_slave_1: entered promiscuous mode [ 479.257059][ T5225] Bluetooth: hci3: command tx timeout [ 479.843547][T10876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.949680][ T52] hsr_slave_0: left promiscuous mode [ 479.979690][ T52] hsr_slave_1: left promiscuous mode [ 479.993191][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 480.028982][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 480.072664][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 480.080851][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 480.281413][ T52] veth1_macvtap: left promiscuous mode [ 480.309505][ T52] veth0_macvtap: left promiscuous mode [ 480.322048][ T52] veth1_vlan: left promiscuous mode [ 480.328094][ T52] veth0_vlan: left promiscuous mode [ 481.421106][T10997] Bluetooth: hci3: command 0x0419 tx timeout [ 481.516275][ T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 481.684433][ T9] usb 1-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config [ 481.714378][ T9] usb 1-1: config 14 has 1 interface, different from the descriptor's value: 3 [ 481.744301][ T9] usb 1-1: New USB device found, idVendor=1d19, idProduct=0100, bcdDevice=60.11 [ 481.753852][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.781630][ T9] usb 1-1: Product: syz [ 481.787267][ T9] usb 1-1: Manufacturer: syz [ 481.792030][ T9] usb 1-1: SerialNumber: syz [ 481.836070][ T25] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 481.998022][ T25] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 482.013077][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.021414][ T25] usb 4-1: Product: syz [ 482.025631][ T25] usb 4-1: Manufacturer: syz [ 482.030552][ T25] usb 4-1: SerialNumber: syz [ 482.044097][ T25] usb 4-1: config 0 descriptor?? [ 482.185246][ T52] team0 (unregistering): Port device team_slave_1 removed [ 482.267515][ T52] team0 (unregistering): Port device team_slave_0 removed [ 483.085504][ T25] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 483.266740][ T4610] Bluetooth: hci4: command 0x0406 tx timeout [ 483.422321][T10876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.506459][ T5220] Bluetooth: hci3: command 0x0419 tx timeout [ 483.752760][T10876] team0: Port device team_slave_0 added [ 483.800063][T10876] team0: Port device team_slave_1 added [ 483.820345][ T9] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 483.830695][ T9] dvb_usb_af9035 1-1:14.0: probe with driver dvb_usb_af9035 failed with error -22 [ 483.881335][ T9] usb 1-1: USB disconnect, device number 28 [ 484.002673][T10876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 484.022574][T10876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 484.048531][ C0] vkms_vblank_simulate: vblank timer overrun [ 484.067909][T10876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 484.109179][T10876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 484.118548][T10876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 484.144934][ C0] vkms_vblank_simulate: vblank timer overrun [ 484.161412][T10876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 484.311259][T10876] hsr_slave_0: entered promiscuous mode [ 484.331729][T10876] hsr_slave_1: entered promiscuous mode [ 484.345549][T10876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 484.363842][T10876] Cannot create hsr debugfs directory [ 484.641381][ T25] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 484.702904][ T25] usb 4-1: USB disconnect, device number 23 [ 484.959852][T10844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 485.021307][T10844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 485.138048][T10844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 485.179308][T10844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 485.580716][T11045] netlink: 'syz.0.986': attribute type 13 has an invalid length. [ 485.687999][T11045] netlink: 'syz.0.986': attribute type 58 has an invalid length. [ 487.496993][T11045] netlink: 152 bytes leftover after parsing attributes in process `syz.0.986'. [ 487.894365][T10844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 488.000120][T10844] 8021q: adding VLAN 0 to HW filter on device team0 [ 488.014016][ T2547] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.021310][ T2547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 488.582661][ T2547] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.589892][ T2547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.841227][ T4610] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 488.851981][ T4610] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 488.865761][ T4610] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 488.879379][ T4610] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 488.896644][T10876] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 488.903767][ T4610] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 488.914017][ T4610] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 488.967581][T10876] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 489.098176][T10876] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 489.133567][T10876] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 489.443501][ T5488] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.497050][ T5266] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 489.536099][ T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 489.609929][ T5488] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.658434][ T5266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.672415][ T5266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.686083][ T5266] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 489.695351][ T5266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.704642][T10844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 489.707703][ T9] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 489.726217][ T5266] usb 4-1: config 0 descriptor?? [ 489.746546][ T9] usb 1-1: config 0 has no interface number 0 [ 489.752792][ T9] usb 1-1: config 0 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.792039][ T9] usb 1-1: config 0 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.802417][ T9] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 489.831180][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.838888][ T5488] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.861135][ T9] usb 1-1: config 0 descriptor?? [ 489.922035][T11063] chnl_net:caif_netlink_parms(): no params data found [ 489.967640][ T5488] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.066304][T10876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 490.155588][T10876] 8021q: adding VLAN 0 to HW filter on device team0 [ 490.327431][ T9] uclogic 0003:256C:006D.0007: interface is invalid, ignoring [ 490.358836][T11063] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.394642][T11063] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.426756][T11063] bridge_slave_0: entered allmulticast mode [ 490.435245][T11063] bridge_slave_0: entered promiscuous mode [ 490.462392][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.469634][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 490.489678][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.496983][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 490.510096][ T943] usb 1-1: USB disconnect, device number 29 [ 490.532624][T11063] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.545673][T11063] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.562295][T11063] bridge_slave_1: entered allmulticast mode [ 490.571722][T11063] bridge_slave_1: entered promiscuous mode [ 490.671934][T11063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 490.802552][T11063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 490.854150][ T5488] bridge_slave_1: left allmulticast mode [ 490.861880][ T5488] bridge_slave_1: left promiscuous mode [ 490.879196][ T5488] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.904039][ T5488] bridge_slave_0: left allmulticast mode [ 490.911380][ T5488] bridge_slave_0: left promiscuous mode [ 490.929279][ T5488] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.028250][ T4610] Bluetooth: hci6: command tx timeout [ 492.313247][ T5266] usbhid 4-1:0.0: can't add hid device: -71 [ 492.322832][ T5266] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 492.327546][ T5488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 492.357227][ T5266] usb 4-1: USB disconnect, device number 24 [ 492.411674][ T5488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 492.432673][ T5488] bond0 (unregistering): Released all slaves [ 492.456117][T11158] FAULT_INJECTION: forcing a failure. [ 492.456117][T11158] name failslab, interval 1, probability 0, space 0, times 0 [ 492.499811][T11158] CPU: 1 UID: 0 PID: 11158 Comm: syz.3.997 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 492.510296][T11158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 492.520371][T11158] Call Trace: [ 492.523676][T11158] [ 492.526638][T11158] dump_stack_lvl+0x241/0x360 [ 492.531352][T11158] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.536573][T11158] ? __pfx__printk+0x10/0x10 [ 492.541186][T11158] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 492.547004][T11158] ? __pfx___might_resched+0x10/0x10 [ 492.552328][T11158] should_fail_ex+0x3b0/0x4e0 [ 492.557025][T11158] ? getname_flags+0xb7/0x540 [ 492.561716][T11158] should_failslab+0xac/0x100 [ 492.566415][T11158] ? getname_flags+0xb7/0x540 [ 492.571112][T11158] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 492.576501][T11158] getname_flags+0xb7/0x540 [ 492.581019][T11158] ? __might_fault+0xc6/0x120 [ 492.585718][T11158] user_path_at+0x24/0x60 [ 492.590071][T11158] __se_sys_mount+0x297/0x3c0 [ 492.594867][T11158] ? __pfx___se_sys_mount+0x10/0x10 [ 492.600083][T11158] ? do_syscall_64+0x100/0x230 [ 492.604887][T11158] ? __x64_sys_mount+0x20/0xc0 [ 492.609736][T11158] do_syscall_64+0xf3/0x230 [ 492.614360][T11158] ? clear_bhb_loop+0x35/0x90 [ 492.619067][T11158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.625071][T11158] RIP: 0033:0x7f6176d7def9 [ 492.629500][T11158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.649127][T11158] RSP: 002b:00007f6177abf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 492.657561][T11158] RAX: ffffffffffffffda RBX: 00007f6176f35f80 RCX: 00007f6176d7def9 [ 492.665542][T11158] RDX: 00000000200004c0 RSI: 0000000020000480 RDI: 0000000000000000 [ 492.673541][T11158] RBP: 00007f6177abf090 R08: 0000000020001000 R09: 0000000000000000 [ 492.681623][T11158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 492.689614][T11158] R13: 0000000000000000 R14: 00007f6176f35f80 R15: 00007ffd032f5028 [ 492.697704][T11158] [ 492.804465][T11160] FAULT_INJECTION: forcing a failure. [ 492.804465][T11160] name failslab, interval 1, probability 0, space 0, times 0 [ 492.819663][T11160] CPU: 1 UID: 0 PID: 11160 Comm: syz.3.998 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 492.830061][T11160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 492.840165][T11160] Call Trace: [ 492.843483][T11160] [ 492.846547][T11160] dump_stack_lvl+0x241/0x360 [ 492.851279][T11160] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.856530][T11160] ? __pfx__printk+0x10/0x10 [ 492.861194][T11160] ? __kmalloc_noprof+0xb0/0x400 [ 492.866190][T11160] ? __pfx___might_resched+0x10/0x10 [ 492.871574][T11160] ? __mutex_lock+0x2ef/0xd70 [ 492.876477][T11160] should_fail_ex+0x3b0/0x4e0 [ 492.881204][T11160] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 492.887489][T11160] should_failslab+0xac/0x100 [ 492.892220][T11160] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 492.898505][T11160] __kmalloc_noprof+0xd8/0x400 [ 492.903400][T11160] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 492.909524][T11160] genl_rcv_msg+0x802/0xec0 [ 492.914071][T11160] ? mark_lock+0x9a/0x360 [ 492.918458][T11160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 492.923548][T11160] ? __pfx_lock_acquire+0x10/0x10 [ 492.928617][T11160] ? __pfx_nfc_genl_dep_link_down+0x10/0x10 [ 492.934557][T11160] ? __pfx___might_resched+0x10/0x10 [ 492.939904][T11160] netlink_rcv_skb+0x1e3/0x430 [ 492.944809][T11160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 492.949877][T11160] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 492.955277][T11160] genl_rcv+0x28/0x40 [ 492.959293][T11160] netlink_unicast+0x7f6/0x990 [ 492.964287][T11160] ? __pfx_netlink_unicast+0x10/0x10 [ 492.969610][T11160] ? __virt_addr_valid+0x183/0x530 [ 492.974762][T11160] ? __check_object_size+0x49c/0x900 [ 492.980554][T11160] netlink_sendmsg+0x8e4/0xcb0 [ 492.985377][T11160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 492.990722][T11160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 492.996062][T11160] __sock_sendmsg+0x221/0x270 [ 493.000795][T11160] ____sys_sendmsg+0x52a/0x7e0 [ 493.005617][T11160] ? __pfx_____sys_sendmsg+0x10/0x10 [ 493.010976][T11160] __sys_sendmsg+0x2aa/0x390 [ 493.015652][T11160] ? __pfx___sys_sendmsg+0x10/0x10 [ 493.020821][T11160] ? vfs_write+0x7bf/0xc90 [ 493.025326][T11160] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 493.031717][T11160] ? do_syscall_64+0x100/0x230 [ 493.036530][T11160] ? do_syscall_64+0xb6/0x230 [ 493.041225][T11160] do_syscall_64+0xf3/0x230 [ 493.045745][T11160] ? clear_bhb_loop+0x35/0x90 [ 493.050460][T11160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.056388][T11160] RIP: 0033:0x7f6176d7def9 [ 493.060832][T11160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.080455][T11160] RSP: 002b:00007f6177abf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 493.088899][T11160] RAX: ffffffffffffffda RBX: 00007f6176f35f80 RCX: 00007f6176d7def9 [ 493.096087][ T4610] Bluetooth: hci6: command tx timeout [ 493.096944][T11160] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000006 [ 493.111111][T11160] RBP: 00007f6177abf090 R08: 0000000000000000 R09: 0000000000000000 [ 493.119568][T11160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 493.127752][T11160] R13: 0000000000000000 R14: 00007f6176f35f80 R15: 00007ffd032f5028 [ 493.135881][T11160] [ 493.722594][T11063] team0: Port device team_slave_0 added [ 493.747291][T11063] team0: Port device team_slave_1 added [ 494.035991][T11063] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 494.043003][T11063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 494.260063][T11063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 494.273104][T11063] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 494.284370][T11063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 494.310912][ C0] vkms_vblank_simulate: vblank timer overrun [ 494.346345][T11063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 494.440208][ T5488] hsr_slave_0: left promiscuous mode [ 494.469180][ T5488] hsr_slave_1: left promiscuous mode [ 494.597352][ T5488] veth1_macvtap: left promiscuous mode [ 494.602997][ T5488] veth0_macvtap: left promiscuous mode [ 494.616743][ T5488] veth1_vlan: left promiscuous mode [ 494.622184][ T5488] veth0_vlan: left promiscuous mode [ 495.255499][ T4610] Bluetooth: hci6: command tx timeout [ 496.531854][ T5488] team0 (unregistering): Port device team_slave_1 removed [ 496.627615][ T5488] team0 (unregistering): Port device team_slave_0 removed [ 496.673920][T11209] syz.0.1006[11209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 496.674108][T11209] syz.0.1006[11209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 496.876282][T11214] FAULT_INJECTION: forcing a failure. [ 496.876282][T11214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 496.901200][T11214] CPU: 1 UID: 0 PID: 11214 Comm: syz.0.1007 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 496.911823][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 496.921896][T11214] Call Trace: [ 496.925221][T11214] [ 496.928163][T11214] dump_stack_lvl+0x241/0x360 [ 496.932865][T11214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 496.938096][T11214] ? __pfx__printk+0x10/0x10 [ 496.942710][T11214] ? __pfx_lock_release+0x10/0x10 [ 496.947780][T11214] ? from_kgid_munged+0x1fe/0x7a0 [ 496.952823][T11214] should_fail_ex+0x3b0/0x4e0 [ 496.957544][T11214] _copy_to_user+0x2f/0xb0 [ 496.962088][T11214] cp_new_stat+0x545/0x6e0 [ 496.966569][T11214] ? __pfx_cp_new_stat+0x10/0x10 [ 496.971539][T11214] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 496.977560][T11214] ? lockdep_hardirqs_on+0x99/0x150 [ 496.982790][T11214] ? __x64_sys_newlstat+0x104/0x180 [ 496.988016][T11214] ? kmem_cache_free+0x145/0x350 [ 496.992975][T11214] __x64_sys_newlstat+0x12c/0x180 [ 496.998021][T11214] ? __fget_files+0x3f3/0x470 [ 497.002712][T11214] ? __pfx___x64_sys_newlstat+0x10/0x10 [ 497.008292][T11214] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 497.014642][T11214] ? do_syscall_64+0x100/0x230 [ 497.019428][T11214] ? do_syscall_64+0xb6/0x230 [ 497.024128][T11214] do_syscall_64+0xf3/0x230 [ 497.028650][T11214] ? clear_bhb_loop+0x35/0x90 [ 497.033344][T11214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.039250][T11214] RIP: 0033:0x7f199eb7def9 [ 497.043676][T11214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 497.063389][T11214] RSP: 002b:00007f199f927038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 497.071928][T11214] RAX: ffffffffffffffda RBX: 00007f199ed36130 RCX: 00007f199eb7def9 [ 497.079913][T11214] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 00000000200005c0 [ 497.087896][T11214] RBP: 00007f199f927090 R08: 0000000000000000 R09: 0000000000000000 [ 497.095970][T11214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 497.103987][T11214] R13: 0000000000000000 R14: 00007f199ed36130 R15: 00007fffda9adc38 [ 497.111985][T11214] [ 497.122185][T11214] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1007'. [ 497.338274][ T4610] Bluetooth: hci6: command tx timeout [ 497.694647][T10844] veth0_vlan: entered promiscuous mode [ 497.821095][T11063] hsr_slave_0: entered promiscuous mode [ 497.835376][T11063] hsr_slave_1: entered promiscuous mode [ 497.843144][T11063] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 497.852254][T11063] Cannot create hsr debugfs directory [ 497.864387][T10844] veth1_vlan: entered promiscuous mode [ 497.901882][T10876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 498.088000][T10844] veth0_macvtap: entered promiscuous mode [ 498.097885][T11222] FAULT_INJECTION: forcing a failure. [ 498.097885][T11222] name failslab, interval 1, probability 0, space 0, times 0 [ 498.138667][T11222] CPU: 1 UID: 0 PID: 11222 Comm: syz.3.1009 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 498.149184][T11222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 498.159286][T11222] Call Trace: [ 498.162601][T11222] [ 498.165598][T11222] dump_stack_lvl+0x241/0x360 [ 498.170439][T11222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 498.175708][T11222] ? __pfx__printk+0x10/0x10 [ 498.180362][T11222] ? ref_tracker_alloc+0x332/0x490 [ 498.185528][T11222] should_fail_ex+0x3b0/0x4e0 [ 498.190278][T11222] ? skb_clone+0x20c/0x390 [ 498.194737][T11222] should_failslab+0xac/0x100 [ 498.199645][T11222] ? skb_clone+0x20c/0x390 [ 498.204100][T11222] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 498.209608][T11222] skb_clone+0x20c/0x390 [ 498.214155][T11222] __netlink_deliver_tap+0x3cc/0x7c0 [ 498.219616][T11222] ? netlink_deliver_tap+0x2e/0x1b0 [ 498.224966][T11222] netlink_deliver_tap+0x19d/0x1b0 [ 498.230136][T11222] netlink_unicast+0x7c4/0x990 [ 498.234970][T11222] ? __pfx_netlink_unicast+0x10/0x10 [ 498.240308][T11222] ? __virt_addr_valid+0x183/0x530 [ 498.245505][T11222] ? __check_object_size+0x49c/0x900 [ 498.250841][T11222] netlink_sendmsg+0x8e4/0xcb0 [ 498.255729][T11222] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.261080][T11222] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.266482][T11222] __sock_sendmsg+0x221/0x270 [ 498.271176][T11222] ____sys_sendmsg+0x52a/0x7e0 [ 498.275970][T11222] ? __pfx_____sys_sendmsg+0x10/0x10 [ 498.281292][T11222] __sys_sendmsg+0x2aa/0x390 [ 498.286016][T11222] ? __pfx___sys_sendmsg+0x10/0x10 [ 498.291146][T11222] ? vfs_write+0x7bf/0xc90 [ 498.295608][T11222] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 498.301957][T11222] ? do_syscall_64+0x100/0x230 [ 498.306763][T11222] ? do_syscall_64+0xb6/0x230 [ 498.311550][T11222] do_syscall_64+0xf3/0x230 [ 498.316085][T11222] ? clear_bhb_loop+0x35/0x90 [ 498.320785][T11222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.326786][T11222] RIP: 0033:0x7f6176d7def9 [ 498.331238][T11222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 498.350947][T11222] RSP: 002b:00007f6177abf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 498.359381][T11222] RAX: ffffffffffffffda RBX: 00007f6176f35f80 RCX: 00007f6176d7def9 [ 498.367379][T11222] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 498.375372][T11222] RBP: 00007f6177abf090 R08: 0000000000000000 R09: 0000000000000000 [ 498.383354][T11222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 498.391433][T11222] R13: 0000000000000000 R14: 00007f6176f35f80 R15: 00007ffd032f5028 [ 498.399697][T11222] [ 498.528322][T10844] veth1_macvtap: entered promiscuous mode [ 498.654974][T10876] veth0_vlan: entered promiscuous mode [ 498.690346][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 498.710894][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.748033][T10844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 498.778594][T10876] veth1_vlan: entered promiscuous mode [ 498.862362][T10844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 498.880842][T11238] FAULT_INJECTION: forcing a failure. [ 498.880842][T11238] name failslab, interval 1, probability 0, space 0, times 0 [ 498.895282][T10844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.910335][T11238] CPU: 0 UID: 0 PID: 11238 Comm: syz.3.1012 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 498.920898][T11238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 498.930997][T11238] Call Trace: [ 498.934310][T11238] [ 498.937288][T11238] dump_stack_lvl+0x241/0x360 [ 498.942023][T11238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 498.947269][T11238] ? __pfx__printk+0x10/0x10 [ 498.951905][T11238] ? __kmalloc_noprof+0xb0/0x400 [ 498.956884][T11238] ? __pfx___might_resched+0x10/0x10 [ 498.962224][T11238] should_fail_ex+0x3b0/0x4e0 [ 498.966953][T11238] ? security_sk_alloc+0x53/0x360 [ 498.972103][T11238] should_failslab+0xac/0x100 [ 498.976835][T11238] ? security_sk_alloc+0x53/0x360 [ 498.981893][T11238] __kmalloc_noprof+0xd8/0x400 [ 498.986776][T11238] ? sk_prot_alloc+0xe0/0x210 [ 498.991497][T11238] ? rcu_is_watching+0x15/0xb0 [ 498.996296][T11238] security_sk_alloc+0x53/0x360 [ 499.001187][T11238] sk_prot_alloc+0xfa/0x210 [ 499.005739][T11238] ? sk_alloc+0x26/0x370 [ 499.010025][T11238] sk_alloc+0x38/0x370 [ 499.014134][T11238] ? bpf_test_init+0x15a/0x180 [ 499.018939][T11238] ? bpf_ctx_init+0x162/0x1b0 [ 499.023656][T11238] bpf_prog_test_run_skb+0x3bd/0x1820 [ 499.029077][T11238] ? __pfx_lock_release+0x10/0x10 [ 499.034162][T11238] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 499.040020][T11238] ? fput+0x1a8/0x230 [ 499.044044][T11238] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 499.049893][T11238] bpf_prog_test_run+0x334/0x3b0 [ 499.054879][T11238] __sys_bpf+0x48d/0x810 [ 499.059172][T11238] ? __pfx___sys_bpf+0x10/0x10 [ 499.064023][T11238] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 499.070058][T11238] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 499.076445][T11238] ? do_syscall_64+0x100/0x230 [ 499.081263][T11238] __x64_sys_bpf+0x7c/0x90 [ 499.085740][T11238] do_syscall_64+0xf3/0x230 [ 499.090284][T11238] ? clear_bhb_loop+0x35/0x90 [ 499.095102][T11238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.101043][T11238] RIP: 0033:0x7f6176d7def9 [ 499.105504][T11238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.115543][T10844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 499.125123][T11238] RSP: 002b:00007f6177abf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 499.125157][T11238] RAX: ffffffffffffffda RBX: 00007f6176f35f80 RCX: 00007f6176d7def9 [ 499.125175][T11238] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a [ 499.125191][T11238] RBP: 00007f6177abf090 R08: 0000000000000000 R09: 0000000000000000 [ 499.125206][T11238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 499.125221][T11238] R13: 0000000000000000 R14: 00007f6176f35f80 R15: 00007ffd032f5028 [ 499.125253][T11238] [ 499.160534][T10844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.221018][T10844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.234572][T10844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.245707][T10844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.772661][T10876] veth0_macvtap: entered promiscuous mode [ 499.970793][T10876] veth1_macvtap: entered promiscuous mode [ 500.155616][T10876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.175642][T10876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.186699][T10876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.205247][T10876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.219645][T10876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.239210][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 500.257717][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 500.303950][T10876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.354154][T10876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.382113][T10876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.409908][T10876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.492389][T10876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.986327][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.020197][T10876] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.033939][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.052393][T10876] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.074410][T10876] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.105214][T10876] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.385982][T11063] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 501.423022][T11063] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 501.457775][T11063] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 501.524396][T10261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.537593][T11063] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 501.544243][T10261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.661867][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.687899][ T1131] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.733700][T11283] syz.3.1019: attempt to access beyond end of device [ 501.733700][T11283] loop7: rw=0, sector=0, nr_sectors = 1 limit=0 [ 501.748459][T11283] FAT-fs (loop7): unable to read boot sector [ 501.831773][ T5493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.866568][ T5493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.918681][ T1131] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.018619][ T1131] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.198251][ T1131] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.534654][T11063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 502.568974][ T1131] bridge_slave_1: left allmulticast mode [ 502.574954][ T1131] bridge_slave_1: left promiscuous mode [ 502.583068][ T1131] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.597252][ T1131] bridge_slave_0: left allmulticast mode [ 502.603347][ T1131] bridge_slave_0: left promiscuous mode [ 502.628233][ T1131] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.183353][ T5220] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 503.196711][ T5220] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 503.213194][ T5220] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 503.223767][ T5220] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 503.250955][ T5220] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 503.259224][ T5220] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 503.473535][ T1131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.485624][ T1131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.499062][ T1131] bond0 (unregistering): Released all slaves [ 503.557270][T11063] 8021q: adding VLAN 0 to HW filter on device team0 [ 503.619256][ T5493] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.626463][ T5493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 503.641306][ T5493] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.648522][ T5493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 503.880801][T11063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 503.990955][ T1131] hsr_slave_0: left promiscuous mode [ 504.066025][ T1131] hsr_slave_1: left promiscuous mode [ 504.106074][ T1131] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 504.137252][ T1131] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 504.192791][ T1131] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 504.230633][ T1131] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 504.370183][ T1131] veth1_macvtap: left promiscuous mode [ 504.375828][ T1131] veth0_macvtap: left promiscuous mode [ 504.409605][ T1131] veth1_vlan: left promiscuous mode [ 504.431305][ T1131] veth0_vlan: left promiscuous mode [ 505.106251][ T4610] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 505.125249][ T4610] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 505.137024][ T4610] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 505.145321][ T4610] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 505.154159][ T4610] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 505.161773][ T4610] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 505.314879][T11342] FAULT_INJECTION: forcing a failure. [ 505.314879][T11342] name failslab, interval 1, probability 0, space 0, times 0 [ 505.327934][T11342] CPU: 0 UID: 0 PID: 11342 Comm: syz.3.1026 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 505.338490][T11342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 505.348592][T11342] Call Trace: [ 505.351913][T11342] [ 505.354972][T11342] dump_stack_lvl+0x241/0x360 [ 505.359710][T11342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 505.365067][T11342] ? __pfx__printk+0x10/0x10 [ 505.369719][T11342] ? __kmalloc_cache_node_noprof+0x4c/0x300 [ 505.375623][T11342] ? __pfx___might_resched+0x10/0x10 [ 505.380931][T11342] should_fail_ex+0x3b0/0x4e0 [ 505.385641][T11342] should_failslab+0xac/0x100 [ 505.390343][T11342] __kmalloc_cache_node_noprof+0x74/0x300 [ 505.396098][T11342] ? __get_vm_area_node+0x113/0x270 [ 505.401320][T11342] __get_vm_area_node+0x113/0x270 [ 505.406569][T11342] __vmalloc_node_range_noprof+0x3c6/0x1400 [ 505.412977][T11342] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.418561][T11342] ? mark_lock+0x9a/0x360 [ 505.422942][T11342] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 505.429312][T11342] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.434888][T11342] __vmalloc_noprof+0x79/0x90 [ 505.439590][T11342] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.445261][T11342] bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.450868][T11342] ? bpf_prog_alloc+0x28/0x1b0 [ 505.455667][T11342] bpf_prog_alloc+0x3a/0x1b0 [ 505.460289][T11342] bpf_prog_load+0x7f7/0x20f0 [ 505.465177][T11342] ? __pfx_bpf_prog_load+0x10/0x10 [ 505.470341][T11342] ? __pfx___might_resched+0x10/0x10 [ 505.475667][T11342] ? __might_fault+0xc6/0x120 [ 505.480377][T11342] __sys_bpf+0x4ee/0x810 [ 505.484646][T11342] ? __pfx___sys_bpf+0x10/0x10 [ 505.489445][T11342] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 505.495542][T11342] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 505.501896][T11342] ? do_syscall_64+0x100/0x230 [ 505.506690][T11342] __x64_sys_bpf+0x7c/0x90 [ 505.511306][T11342] do_syscall_64+0xf3/0x230 [ 505.515832][T11342] ? clear_bhb_loop+0x35/0x90 [ 505.520523][T11342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.526444][T11342] RIP: 0033:0x7f6176d7def9 [ 505.530887][T11342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 505.550526][T11342] RSP: 002b:00007f6177abf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 505.558967][T11342] RAX: ffffffffffffffda RBX: 00007f6176f35f80 RCX: 00007f6176d7def9 [ 505.567213][T11342] RDX: 0000000000000048 RSI: 0000000020000280 RDI: 0000000000000005 [ 505.575194][T11342] RBP: 00007f6177abf090 R08: 0000000000000000 R09: 0000000000000000 [ 505.583182][T11342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 505.591195][T11342] R13: 0000000000000001 R14: 00007f6176f35f80 R15: 00007ffd032f5028 [ 505.599217][T11342] [ 505.611029][ T5220] Bluetooth: hci1: command tx timeout [ 505.619197][T11342] syz.3.1026: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 505.636387][T11342] CPU: 1 UID: 0 PID: 11342 Comm: syz.3.1026 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 505.646842][T11342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 505.657001][T11342] Call Trace: [ 505.660316][T11342] [ 505.663299][T11342] dump_stack_lvl+0x241/0x360 [ 505.668018][T11342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 505.673591][T11342] ? __pfx__printk+0x10/0x10 [ 505.678226][T11342] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 505.684760][T11342] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 505.691289][T11342] warn_alloc+0x278/0x410 [ 505.695654][T11342] ? __pfx_warn_alloc+0x10/0x10 [ 505.700529][T11342] ? __get_vm_area_node+0x113/0x270 [ 505.705765][T11342] ? __get_vm_area_node+0x261/0x270 [ 505.710996][T11342] __vmalloc_node_range_noprof+0x3eb/0x1400 [ 505.716912][T11342] ? mark_lock+0x9a/0x360 [ 505.721286][T11342] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 505.727645][T11342] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.733214][T11342] __vmalloc_noprof+0x79/0x90 [ 505.737918][T11342] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.743486][T11342] bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 505.748882][T11342] ? bpf_prog_alloc+0x28/0x1b0 [ 505.753670][T11342] bpf_prog_alloc+0x3a/0x1b0 [ 505.758368][T11342] bpf_prog_load+0x7f7/0x20f0 [ 505.763076][T11342] ? __pfx_bpf_prog_load+0x10/0x10 [ 505.768209][T11342] ? __pfx___might_resched+0x10/0x10 [ 505.773545][T11342] ? __might_fault+0xc6/0x120 [ 505.778269][T11342] __sys_bpf+0x4ee/0x810 [ 505.782546][T11342] ? __pfx___sys_bpf+0x10/0x10 [ 505.787348][T11342] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 505.793355][T11342] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 505.799711][T11342] ? do_syscall_64+0x100/0x230 [ 505.804502][T11342] __x64_sys_bpf+0x7c/0x90 [ 505.808962][T11342] do_syscall_64+0xf3/0x230 [ 505.813502][T11342] ? clear_bhb_loop+0x35/0x90 [ 505.818203][T11342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.824121][T11342] RIP: 0033:0x7f6176d7def9 [ 505.828549][T11342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 505.848176][T11342] RSP: 002b:00007f6177abf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 505.856609][T11342] RAX: ffffffffffffffda RBX: 00007f6176f35f80 RCX: 00007f6176d7def9 [ 505.864588][T11342] RDX: 0000000000000048 RSI: 0000000020000280 RDI: 0000000000000005 [ 505.872567][T11342] RBP: 00007f6177abf090 R08: 0000000000000000 R09: 0000000000000000 [ 505.880571][T11342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 505.888637][T11342] R13: 0000000000000001 R14: 00007f6176f35f80 R15: 00007ffd032f5028 [ 505.896640][T11342] [ 505.899735][ C1] vkms_vblank_simulate: vblank timer overrun [ 505.908147][T11342] Mem-Info: [ 505.911472][T11342] active_anon:18 inactive_anon:19507 isolated_anon:0 [ 505.911472][T11342] active_file:3546 inactive_file:1620 isolated_file:0 [ 505.911472][T11342] unevictable:767 dirty:108 writeback:0 [ 505.911472][T11342] slab_reclaimable:9252 slab_unreclaimable:96553 [ 505.911472][T11342] mapped:25523 shmem:15944 pagetables:967 [ 505.911472][T11342] sec_pagetables:0 bounce:0 [ 505.911472][T11342] kernel_misc_reclaimable:0 [ 505.911472][T11342] free:1375663 free_pcp:1313 free_cma:0 [ 505.961446][T11342] Node 0 active_anon:72kB inactive_anon:78024kB active_file:14184kB inactive_file:6472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102092kB dirty:428kB writeback:0kB shmem:62240kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10344kB pagetables:3868kB sec_pagetables:0kB all_unreclaimable? no [ 505.994675][T11342] Node 1 active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:8kB unevictable:1532kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 506.007162][T10346] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 506.029814][T11342] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 506.060718][T11342] lowmem_reserve[]: 0 2469 2470 0 0 [ 506.066222][T11342] Node 0 DMA32 free:1537656kB boost:0kB min:34244kB low:42804kB high:51364kB reserved_highatomic:0KB active_anon:60kB inactive_anon:77784kB active_file:13432kB inactive_file:6464kB unevictable:1536kB writepending:424kB present:3129332kB managed:2556544kB mlocked:0kB bounce:0kB free_pcp:5248kB local_pcp:5004kB free_cma:0kB [ 506.096876][T11342] lowmem_reserve[]: 0 0 1 0 0 [ 506.102594][T11342] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB active_anon:8kB inactive_anon:300kB active_file:752kB inactive_file:8kB unevictable:0kB writepending:4kB present:1048576kB managed:1128kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 506.134317][T11342] lowmem_reserve[]: 0 0 0 0 0 [ 506.143606][T11342] Node 1 Normal free:3949556kB boost:0kB min:55644kB low:69552kB high:83460kB reserved_highatomic:0KB active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:8kB unevictable:1532kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 506.177645][T11342] lowmem_reserve[]: 0 0 0 0 0 [ 506.182466][T11342] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 506.195696][T11342] Node 0 DMA32: 297*4kB (UME) 759*8kB (UME) 612*16kB (UME) 1070*32kB (UME) 790*64kB (UME) 147*128kB (UME) 75*256kB (UM) 35*512kB (UM) 23*1024kB (UM) 10*2048kB (UME) 326*4096kB (M) = 1537116kB [ 506.197926][T10346] usb 1-1: Using ep0 maxpacket: 16 [ 506.216488][T11342] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 506.233117][T11342] Node 1 Normal: 9*4kB (U) 12*8kB (U) 13*16kB (U) 13*32kB (U) 14*64kB (UM) 5*128kB (U) 5*256kB (UM) 7*512kB (UM) 4*1024kB (U) 3*2048kB (U) 960*4096kB (UM) = 3949556kB [ 506.252381][T11342] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 506.254583][T10346] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 506.262230][T11342] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 506.262261][T11342] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 506.262281][T11342] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 506.262300][T11342] 21089 total pagecache pages [ 506.262311][T11342] 0 pages in swap cache [ 506.262321][T11342] Free swap = 124420kB [ 506.287598][T10346] usb 1-1: config 0 has no interface number 0 [ 506.312658][T11342] Total swap = 124996kB [ 506.328232][T11342] 2097051 pages RAM [ 506.332184][T11342] 0 pages HighMem/MovableOnly [ 506.338338][T11342] 426513 pages reserved [ 506.342541][T11342] 0 pages cma reserved [ 506.395903][T10346] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 506.405023][T10346] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.420489][T10346] usb 1-1: Product: syz [ 506.424891][T10346] usb 1-1: Manufacturer: syz [ 506.429673][T10346] usb 1-1: SerialNumber: syz [ 506.448445][T10346] usb 1-1: config 0 descriptor?? [ 506.468830][T10346] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 506.823088][ T1131] team0 (unregistering): Port device team_slave_1 removed [ 506.887454][ T1131] team0 (unregistering): Port device team_slave_0 removed [ 506.888204][T11344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.915132][T11344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.336913][ T5220] Bluetooth: hci3: command tx timeout [ 507.603907][T11302] chnl_net:caif_netlink_parms(): no params data found [ 507.661743][ T5220] Bluetooth: hci1: command tx timeout [ 507.971466][T11302] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.996227][ T943] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 508.014915][T11302] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.022597][T11302] bridge_slave_0: entered allmulticast mode [ 508.034802][T11302] bridge_slave_0: entered promiscuous mode [ 508.078072][T11063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 508.096573][T11302] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.104115][T11302] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.123750][T11302] bridge_slave_1: entered allmulticast mode [ 508.135055][T11302] bridge_slave_1: entered promiscuous mode [ 508.156289][ T943] usb 4-1: Using ep0 maxpacket: 16 [ 508.180144][ T943] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 508.204298][ T943] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 508.214876][ T943] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 508.224351][ T943] usb 4-1: config 1 interface 0 has no altsetting 0 [ 508.238162][ T943] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 508.247604][ T943] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.261178][ T943] usb 4-1: Product: syz [ 508.265400][ T943] usb 4-1: Manufacturer: syz [ 508.270139][ T943] usb 4-1: SerialNumber: syz [ 508.354469][T11302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.379858][T11339] chnl_net:caif_netlink_parms(): no params data found [ 508.419016][T11302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.446063][T10346] gspca_spca1528: reg_r err -71 [ 508.454170][T10346] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 508.469472][T10346] usb 1-1: USB disconnect, device number 30 [ 508.495049][ T943] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 508.552141][ T943] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 508.604935][ T943] usb 4-1: USB disconnect, device number 25 [ 508.621580][T10832] udevd[10832]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 508.623003][ T1131] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.678405][T11302] team0: Port device team_slave_0 added [ 508.695119][T11302] team0: Port device team_slave_1 added [ 508.757305][ T1131] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.800078][T11302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 508.812214][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.848349][T11302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 508.897226][ T1131] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.917893][T11302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 508.925131][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.951182][ C1] vkms_vblank_simulate: vblank timer overrun [ 508.957734][T11302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.123318][T11339] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.138691][T11339] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.146368][T11339] bridge_slave_0: entered allmulticast mode [ 509.153924][T11339] bridge_slave_0: entered promiscuous mode [ 509.162804][T11339] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.170786][T11339] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.179200][T11339] bridge_slave_1: entered allmulticast mode [ 509.208931][T11339] bridge_slave_1: entered promiscuous mode [ 509.273243][T11400] syz.0.1032: attempt to access beyond end of device [ 509.273243][T11400] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 509.278592][ T1131] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.286701][T11400] FAT-fs (loop1): unable to read boot sector [ 509.325227][T11063] veth0_vlan: entered promiscuous mode [ 509.347828][T11302] hsr_slave_0: entered promiscuous mode [ 509.365442][T11302] hsr_slave_1: entered promiscuous mode [ 509.374630][T11302] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.387117][T11302] Cannot create hsr debugfs directory [ 509.418501][ T5220] Bluetooth: hci3: command tx timeout [ 509.470685][T11339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 509.543486][T11339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.584653][T11063] veth1_vlan: entered promiscuous mode [ 509.655685][T11339] team0: Port device team_slave_0 added [ 509.702983][T11339] team0: Port device team_slave_1 added [ 509.736071][ T5220] Bluetooth: hci1: command tx timeout [ 509.883509][T11339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.910054][T11339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 510.004315][T11339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 510.032590][T11339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 510.044823][T11339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 510.090527][T11339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.468891][ T1131] bridge_slave_1: left allmulticast mode [ 510.490242][ T1131] bridge_slave_1: left promiscuous mode [ 510.505444][ T1131] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.516798][ T1131] bridge_slave_0: left allmulticast mode [ 510.525880][ T1131] bridge_slave_0: left promiscuous mode [ 510.531758][ T1131] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.896264][T11421] syz.3.1034: attempt to access beyond end of device [ 510.896264][T11421] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 510.909938][T11421] XFS (nbd3): SB validate failed with error -5. [ 511.496218][ T5220] Bluetooth: hci3: command tx timeout [ 511.828001][ T5220] Bluetooth: hci1: command tx timeout [ 513.100006][T11436] xt_ipvs: protocol family 7 not supported [ 513.544497][ T1131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.563920][ T1131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.576151][ T5220] Bluetooth: hci3: command tx timeout [ 513.584053][ T1131] bond0 (unregistering): Released all slaves [ 513.618646][T11339] hsr_slave_0: entered promiscuous mode [ 513.625717][T11339] hsr_slave_1: entered promiscuous mode [ 513.632291][T11339] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 513.641866][T11339] Cannot create hsr debugfs directory [ 513.794037][T11063] veth0_macvtap: entered promiscuous mode [ 513.961934][T11063] veth1_macvtap: entered promiscuous mode [ 515.501845][ T1131] hsr_slave_0: left promiscuous mode [ 515.552112][ T1131] hsr_slave_1: left promiscuous mode [ 515.562044][ T1131] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 515.582783][ T1131] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 515.591565][ T1131] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 515.603865][ T1131] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 515.615554][T11469] syz.0.1045: attempt to access beyond end of device [ 515.615554][T11469] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 515.629596][T11469] FAT-fs (loop1): unable to read boot sector [ 515.694764][ T1131] veth1_macvtap: left promiscuous mode [ 515.700743][ T1131] veth0_macvtap: left promiscuous mode [ 515.706651][ T1131] veth1_vlan: left promiscuous mode [ 515.712052][ T1131] veth0_vlan: left promiscuous mode [ 517.894983][ T25] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 518.076869][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 518.091677][ T5219] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 518.094167][ T1131] team0 (unregistering): Port device team_slave_1 removed [ 518.100417][ T25] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 518.118471][ T25] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 518.127873][ T25] usb 1-1: Product: syz [ 518.132330][ T25] usb 1-1: Manufacturer: syz [ 518.137385][ T25] usb 1-1: SerialNumber: syz [ 518.144373][ T25] usb 1-1: config 0 descriptor?? [ 518.200709][ T1131] team0 (unregistering): Port device team_slave_0 removed [ 518.274295][ T5219] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 518.288216][ T5219] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 518.331306][ T5219] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 518.344874][ T5219] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 518.353555][ T5219] usb 4-1: SerialNumber: syz [ 518.398502][ T5268] usb 1-1: USB disconnect, device number 31 [ 518.605371][ T5219] usb 4-1: 0:2 : does not exist [ 518.966207][T11063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 518.979882][T11063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 518.991546][T11063] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 519.001860][T11063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 519.017096][T11063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.028462][T11063] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 519.099451][T11063] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.106536][T11492] "syz.0.1053" (11492) uses obsolete ecb(arc4) skcipher [ 519.110311][T11063] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.125513][T11063] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.136839][T11063] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.209543][T11488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.220569][T11488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.436889][ T5493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.445077][ T5493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.514790][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.523880][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.634218][T11302] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 519.646073][T11302] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 519.669158][T11302] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 519.696702][T11302] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 519.799995][T11499] syz.1.1055: attempt to access beyond end of device [ 519.799995][T11499] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 519.813232][T11499] FAT-fs (loop3): unable to read boot sector [ 519.931408][T11302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 519.959297][T11302] 8021q: adding VLAN 0 to HW filter on device team0 [ 519.991773][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.999063][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 520.021560][T11503] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1057'. [ 520.023177][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.037745][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 520.089283][T11503] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 520.153956][T11302] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 520.186559][T11302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 520.462137][T11339] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 520.490218][T11339] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 520.809936][T11339] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 520.924283][T11339] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 520.972396][ T29] audit: type=1326 audit(1726646280.635:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11510 comm="syz.0.1060" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199eb7def9 code=0x0 [ 521.510839][T11339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 521.610140][T11302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 521.631588][T11339] 8021q: adding VLAN 0 to HW filter on device team0 [ 521.653511][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.660788][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 521.680201][T11526] xt_TPROXY: Can be used only with -p tcp or -p udp [ 521.730064][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.737287][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.803908][T11531] "syz.0.1062" (11531) uses obsolete ecb(arc4) skcipher [ 522.221355][T11302] veth0_vlan: entered promiscuous mode [ 522.245965][T11339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 522.265827][T11302] veth1_vlan: entered promiscuous mode [ 522.355583][T11302] veth0_macvtap: entered promiscuous mode [ 522.442130][T11339] veth0_vlan: entered promiscuous mode [ 522.652325][T11302] veth1_macvtap: entered promiscuous mode [ 522.757657][T11339] veth1_vlan: entered promiscuous mode [ 522.812144][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.843445][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.885715][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 522.905865][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.935130][T11302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 522.982477][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.007480][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.042311][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.070979][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.103110][T11302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 523.172827][T11302] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.191349][T11302] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.200626][T11302] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.209800][T11302] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.287339][T11339] veth0_macvtap: entered promiscuous mode [ 523.329956][T11339] veth1_macvtap: entered promiscuous mode [ 523.517409][ T5220] Bluetooth: hci6: unexpected event 0x2f length: 509 > 260 [ 523.535740][T11339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.639619][T11339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.694739][T11339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.756418][T11339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.813278][T11571] syz.0.1066: attempt to access beyond end of device [ 523.813278][T11571] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 523.827762][T11571] FAT-fs (loop1): unable to read boot sector [ 523.943840][T11339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.146506][T11339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.212492][T11339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 524.283918][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.346821][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.391811][T11339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.443246][T11339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.482582][T11339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.514258][T11339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.524704][T11339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.535545][T11339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.547555][T11339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 524.605459][T10261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.646065][T10261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.725943][T11339] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.776945][T11339] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.809809][T11339] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.819113][T11339] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.232080][T10261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.240368][T10261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.262725][T10261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.273266][T10261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.714461][ T29] audit: type=1326 audit(1726646285.455:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11607 comm="syz.0.1072" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199eb7def9 code=0x0 [ 525.822274][ T1132] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.995814][ T1132] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.114398][ T1132] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.228837][ T1132] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.356731][ T4610] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 526.370447][ T4610] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 526.382777][ T4610] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 526.391213][ T4610] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 526.401966][ T4610] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 526.416303][ T4610] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 526.524505][ T1132] bridge_slave_1: left allmulticast mode [ 526.530391][ T1132] bridge_slave_1: left promiscuous mode [ 526.537989][ T1132] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.547897][ T1132] bridge_slave_0: left allmulticast mode [ 526.553587][ T1132] bridge_slave_0: left promiscuous mode [ 526.560259][ T1132] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.038171][ T1132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 527.050768][ T1132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 527.062690][ T1132] bond0 (unregistering): Released all slaves [ 527.218971][T11629] chnl_net:caif_netlink_parms(): no params data found [ 527.340294][T11629] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.348049][T11629] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.355419][T11629] bridge_slave_0: entered allmulticast mode [ 527.363406][T11629] bridge_slave_0: entered promiscuous mode [ 527.373749][T11629] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.381302][T11629] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.389714][T11629] bridge_slave_1: entered allmulticast mode [ 527.396738][T11629] bridge_slave_1: entered promiscuous mode [ 527.843813][T11629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.857795][T11629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.872079][T11644] futex_wake_op: syz.1.1075 tries to shift op by -1; fix this program [ 527.893843][ T1132] hsr_slave_0: left promiscuous mode [ 527.904251][ T1132] hsr_slave_1: left promiscuous mode [ 527.923520][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 527.934589][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 527.945316][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 527.957205][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 528.000173][ T1132] veth1_macvtap: left promiscuous mode [ 528.005753][ T1132] veth0_macvtap: left promiscuous mode [ 528.019015][ T1132] veth1_vlan: left promiscuous mode [ 528.024435][ T1132] veth0_vlan: left promiscuous mode [ 528.057812][ T4610] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 528.072804][ T4610] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 528.083533][ T4610] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 528.095644][ T4610] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 528.107506][ T4610] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 528.114973][ T4610] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 528.145277][ T940] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 528.331211][ T940] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 528.361682][ T940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.375031][ T940] usb 1-1: Product: syz [ 528.386605][ T940] usb 1-1: Manufacturer: syz [ 528.391418][ T940] usb 1-1: SerialNumber: syz [ 528.404245][ T940] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 528.456324][ T4610] Bluetooth: hci1: command tx timeout [ 528.507676][ T5220] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 528.519413][ T5220] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 528.546680][ T5220] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 528.565630][ T5220] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 528.574096][ T5220] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 528.600745][ T5220] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 528.699767][T10346] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 528.767922][T11655] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 528.791063][T11655] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 528.932663][T11642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 528.972856][T11642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.302248][ T1132] team0 (unregistering): Port device team_slave_1 removed [ 529.374402][ T1132] team0 (unregistering): Port device team_slave_0 removed [ 529.735499][ T5268] usb 1-1: USB disconnect, device number 32 [ 530.066409][T10346] usb 1-1: Service connection timeout for: 256 [ 530.079169][T10346] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 530.094766][T10346] ath9k_htc: Failed to initialize the device [ 530.125100][ T5268] usb 1-1: ath9k_htc: USB layer deinitialized [ 530.193713][T11629] team0: Port device team_slave_0 added [ 530.208335][T11629] team0: Port device team_slave_1 added [ 530.216194][ T4610] Bluetooth: hci3: command tx timeout [ 530.325851][T11629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 530.332848][T11629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 530.379413][T11629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 530.448663][T11629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 530.460222][T11629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 530.490965][T11629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 530.651882][T11674] syz.1.1084: attempt to access beyond end of device [ 530.651882][T11674] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 530.665308][T11674] FAT-fs (loop3): unable to read boot sector [ 530.679461][ T4610] Bluetooth: hci1: command tx timeout [ 530.695985][ T4610] Bluetooth: hci4: command tx timeout [ 531.422491][T11629] hsr_slave_0: entered promiscuous mode [ 531.443731][T11629] hsr_slave_1: entered promiscuous mode [ 531.458125][T11629] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 531.480472][T11629] Cannot create hsr debugfs directory [ 531.532448][ T29] audit: type=1326 audit(1726646291.275:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11682 comm="syz.0.1085" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199eb7def9 code=0x0 [ 531.685973][ T5266] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 531.835923][ T5266] usb 2-1: Using ep0 maxpacket: 16 [ 531.851112][ T5266] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 531.872510][ T1132] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.874007][ T5266] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 531.912962][ T5266] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 531.936537][ T5266] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.938928][T11648] chnl_net:caif_netlink_parms(): no params data found [ 531.960020][ T5266] usb 2-1: config 0 descriptor?? [ 532.033406][ T1132] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.142826][ T1132] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.197464][T11645] chnl_net:caif_netlink_parms(): no params data found [ 532.268720][ T1132] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.296330][ T4610] Bluetooth: hci3: command tx timeout [ 532.344376][T11707] FAULT_INJECTION: forcing a failure. [ 532.344376][T11707] name failslab, interval 1, probability 0, space 0, times 0 [ 532.359579][T11707] CPU: 1 UID: 0 PID: 11707 Comm: syz.0.1087 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 532.370070][T11707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 532.380352][T11707] Call Trace: [ 532.383790][T11707] [ 532.386800][T11707] dump_stack_lvl+0x241/0x360 [ 532.391522][T11707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 532.396772][T11707] ? __pfx__printk+0x10/0x10 [ 532.401537][T11707] ? fs_reclaim_acquire+0x93/0x140 [ 532.406686][T11707] ? __pfx___might_resched+0x10/0x10 [ 532.412114][T11707] should_fail_ex+0x3b0/0x4e0 [ 532.416845][T11707] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 532.422701][T11707] should_failslab+0xac/0x100 [ 532.427417][T11707] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 532.433163][T11707] __kmalloc_noprof+0xd8/0x400 [ 532.437952][T11707] ? kfree+0x4e/0x360 [ 532.442051][T11707] tomoyo_realpath_from_path+0xcf/0x5e0 [ 532.447639][T11707] tomoyo_path_number_perm+0x23a/0x880 [ 532.453134][T11707] ? tomoyo_path_number_perm+0x208/0x880 [ 532.458794][T11707] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 532.464848][T11707] ? lookup_one_qstr_excl+0x12f/0x260 [ 532.470339][T11707] tomoyo_path_mkdir+0xe7/0x130 [ 532.475238][T11707] ? __pfx_hook_path_mkdir+0x10/0x10 [ 532.480762][T11707] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 532.486351][T11707] ? __pfx_filename_create+0x10/0x10 [ 532.491749][T11707] ? __pfx_lock_release+0x10/0x10 [ 532.496904][T11707] security_path_mkdir+0x171/0x370 [ 532.502054][T11707] do_mkdirat+0x1c4/0x3a0 [ 532.506403][T11707] ? __check_object_size+0x49c/0x900 [ 532.511799][T11707] ? __might_fault+0xc6/0x120 [ 532.516608][T11707] ? __pfx_do_mkdirat+0x10/0x10 [ 532.521520][T11707] ? getname_flags+0x1e3/0x540 [ 532.526318][T11707] __x64_sys_mkdirat+0x87/0xa0 [ 532.531186][T11707] do_syscall_64+0xf3/0x230 [ 532.535711][T11707] ? clear_bhb_loop+0x35/0x90 [ 532.540441][T11707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.546466][T11707] RIP: 0033:0x7f199eb7def9 [ 532.550904][T11707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.570643][T11707] RSP: 002b:00007f199f969038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 532.579101][T11707] RAX: ffffffffffffffda RBX: 00007f199ed35f80 RCX: 00007f199eb7def9 [ 532.587101][T11707] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 532.595182][T11707] RBP: 00007f199f969090 R08: 0000000000000000 R09: 0000000000000000 [ 532.603178][T11707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 532.611165][T11707] R13: 0000000000000000 R14: 00007f199ed35f80 R15: 00007fffda9adc38 [ 532.619262][T11707] [ 532.635653][T11684] xt_CT: You must specify a L4 protocol and not use inversions on it [ 532.643641][T11648] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.660066][T11648] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.667737][T11648] bridge_slave_0: entered allmulticast mode [ 532.675475][T11648] bridge_slave_0: entered promiscuous mode [ 532.675599][T11707] ERROR: Out of memory at tomoyo_realpath_from_path. [ 532.696052][ T4610] Bluetooth: hci1: command tx timeout [ 532.775991][ T4610] Bluetooth: hci4: command tx timeout [ 532.866758][T11648] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.900984][T11648] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.919406][T11648] bridge_slave_1: entered allmulticast mode [ 532.945104][T11648] bridge_slave_1: entered promiscuous mode [ 533.026369][T11645] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.042022][T11645] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.051140][T11645] bridge_slave_0: entered allmulticast mode [ 533.053861][T11715] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 533.064528][T11645] bridge_slave_0: entered promiscuous mode [ 533.094197][T11715] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 533.119799][T11648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 533.141808][T11645] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.164716][T11645] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.181026][T11645] bridge_slave_1: entered allmulticast mode [ 533.193478][T11645] bridge_slave_1: entered promiscuous mode [ 533.211952][ T5266] usbhid 2-1:0.0: can't add hid device: -71 [ 533.220555][ T5266] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 533.237763][ T5266] usb 2-1: USB disconnect, device number 37 [ 533.254475][T11648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 533.367362][T11645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 533.410966][T11645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 533.571417][T11648] team0: Port device team_slave_0 added [ 533.602289][T11648] team0: Port device team_slave_1 added [ 534.017049][T11629] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 534.083593][T11629] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 534.357915][T11645] team0: Port device team_slave_0 added [ 534.378306][ T4610] Bluetooth: hci3: command tx timeout [ 534.447301][T11648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 534.454307][T11648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.582613][T11648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 534.720780][T11629] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 534.758622][T11629] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 534.779314][ T4610] Bluetooth: hci1: command tx timeout [ 534.803419][T11645] team0: Port device team_slave_1 added [ 534.815189][T11648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 534.831840][T11648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.855958][ T4610] Bluetooth: hci4: command tx timeout [ 534.873172][T11648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 534.890302][ T1132] bridge_slave_1: left allmulticast mode [ 534.913153][ T1132] bridge_slave_1: left promiscuous mode [ 534.938261][ T1132] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.978636][ T1132] bridge_slave_0: left allmulticast mode [ 534.984356][ T1132] bridge_slave_0: left promiscuous mode [ 534.999634][ T1132] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.055976][ T940] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 535.226058][ T940] usb 2-1: device descriptor read/64, error -71 [ 535.310115][ T5266] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 535.486061][ T940] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 535.492842][ T5266] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 535.514095][ T5266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.524193][ T5266] usb 1-1: Product: syz [ 535.530442][ T5266] usb 1-1: Manufacturer: syz [ 535.535267][ T5266] usb 1-1: SerialNumber: syz [ 535.561932][ T5266] usb 1-1: config 0 descriptor?? [ 535.567571][ T1132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 535.589676][ T5266] usb 1-1: selecting invalid altsetting 1 [ 535.600234][ T5266] comedi comedi0: could not switch to alternate setting 1 [ 535.608022][ T5266] usbduxfast 1-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 535.608606][ T1132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 535.632631][ T940] usb 2-1: device descriptor read/64, error -71 [ 535.643160][ T1132] bond0 (unregistering): Released all slaves [ 535.729051][T11645] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 535.736933][T11645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 535.763265][T11645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 535.780682][T11745] Bluetooth: MGMT ver 1.23 [ 535.785594][ T940] usb usb2-port1: attempt power cycle [ 535.786720][ T5268] usb 1-1: USB disconnect, device number 33 [ 535.824173][T11645] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 535.831623][T11645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 535.858279][T11645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 535.931591][T11645] hsr_slave_0: entered promiscuous mode [ 535.938566][T11645] hsr_slave_1: entered promiscuous mode [ 535.944683][T11645] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 535.952364][T11645] Cannot create hsr debugfs directory [ 535.965642][T11648] hsr_slave_0: entered promiscuous mode [ 535.972794][T11648] hsr_slave_1: entered promiscuous mode [ 535.979628][T11648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 535.987380][T11648] Cannot create hsr debugfs directory [ 536.142395][ T1132] hsr_slave_0: left promiscuous mode [ 536.152684][ T1132] hsr_slave_1: left promiscuous mode [ 536.159649][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 536.167533][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 536.175714][ T1132] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.176355][ T940] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 536.183398][ T1132] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.214778][ T1132] veth1_macvtap: left promiscuous mode [ 536.222156][ T940] usb 2-1: device descriptor read/8, error -71 [ 536.228854][ T1132] veth0_macvtap: left promiscuous mode [ 536.234607][ T1132] veth1_vlan: left promiscuous mode [ 536.239957][ T1132] veth0_vlan: left promiscuous mode [ 536.439208][ T29] audit: type=1326 audit(1726646296.185:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11746 comm="syz.0.1096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199eb7def9 code=0x0 [ 536.461139][ T4610] Bluetooth: hci3: command tx timeout [ 536.488216][ T940] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 536.556342][ T940] usb 2-1: device descriptor read/8, error -71 [ 536.681289][ T940] usb usb2-port1: unable to enumerate USB device [ 536.924804][ T1132] team0 (unregistering): Port device team_slave_1 removed [ 536.937628][ T4610] Bluetooth: hci4: command tx timeout [ 536.988007][ T1132] team0 (unregistering): Port device team_slave_0 removed [ 537.611199][T11758] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 537.624544][T11758] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 538.654600][T11648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.762339][T11629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 539.150078][T11788] syz.0.1103: attempt to access beyond end of device [ 539.150078][T11788] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 539.163821][T11788] FAT-fs (loop1): unable to read boot sector [ 539.464521][T11648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.790886][T11795] tmpfs: Bad value for 'mpol' [ 539.803904][T11648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.870318][T11629] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.907761][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.914885][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 539.947601][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.955143][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.009233][ T29] audit: type=1326 audit(1726646299.755:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11802 comm="syz.0.1106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199eb7def9 code=0x0 [ 540.038155][T11648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.556401][T11648] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 540.582592][T11829] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 540.588162][T11648] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 540.606611][T11829] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 540.774941][T11648] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 540.908484][T11842] FAULT_INJECTION: forcing a failure. [ 540.908484][T11842] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 540.926092][T11842] CPU: 0 UID: 0 PID: 11842 Comm: syz.0.1112 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 540.936582][T11842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 540.946791][T11842] Call Trace: [ 540.950084][T11842] [ 540.953023][T11842] dump_stack_lvl+0x241/0x360 [ 540.957764][T11842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 540.963220][T11842] ? __pfx__printk+0x10/0x10 [ 540.967948][T11842] ? __pfx_lock_release+0x10/0x10 [ 540.973005][T11842] should_fail_ex+0x3b0/0x4e0 [ 540.977810][T11842] _copy_from_user+0x2f/0xe0 [ 540.983079][T11842] kvmemdup_bpfptr_noprof+0x7d/0xf0 [ 540.988342][T11842] map_update_elem+0x4e7/0x6e0 [ 540.993354][T11842] __sys_bpf+0x76f/0x810 [ 540.997655][T11842] ? __pfx___sys_bpf+0x10/0x10 [ 541.002465][T11842] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 541.008469][T11842] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 541.014822][T11842] __x64_sys_bpf+0x7c/0x90 [ 541.019527][T11842] do_syscall_64+0xf3/0x230 [ 541.024071][T11842] ? clear_bhb_loop+0x35/0x90 [ 541.028951][T11842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.034968][T11842] RIP: 0033:0x7f199eb7def9 [ 541.039425][T11842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.059554][T11842] RSP: 002b:00007f199f969038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 541.068180][T11842] RAX: ffffffffffffffda RBX: 00007f199ed35f80 RCX: 00007f199eb7def9 [ 541.076194][T11842] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000002 [ 541.084207][T11842] RBP: 00007f199f969090 R08: 0000000000000000 R09: 0000000000000000 [ 541.092546][T11842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.101066][T11842] R13: 0000000000000000 R14: 00007f199ed35f80 R15: 00007fffda9adc38 [ 541.109266][T11842] [ 541.154656][T11648] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 541.178743][T11629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.140450][T11648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.393457][T11645] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 542.420736][T11867] netlink: 'syz.1.1115': attribute type 1 has an invalid length. [ 542.435087][T11645] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 542.443748][T11867] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1115'. [ 542.501258][T11648] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.642281][T11645] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 542.674474][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.681679][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.708475][T11645] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 542.806623][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.813833][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.931001][T11629] veth0_vlan: entered promiscuous mode [ 542.958949][T11878] xt_TPROXY: Can be used only with -p tcp or -p udp [ 542.995045][T11629] veth1_vlan: entered promiscuous mode [ 543.072335][T11885] "syz.1.1117" (11885) uses obsolete ecb(arc4) skcipher [ 543.142289][T11629] veth0_macvtap: entered promiscuous mode [ 543.189622][T11629] veth1_macvtap: entered promiscuous mode [ 543.279763][T11629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 543.306093][T11629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.326036][T11629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 543.345961][T11629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.367437][T11629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 543.380113][T11645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 543.421907][T11629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.462236][T11629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.491436][T11629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.525935][T11629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.540028][T11629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.581902][T11629] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.597646][T11629] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.607843][T11629] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.616840][T11629] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.640283][T11645] 8021q: adding VLAN 0 to HW filter on device team0 [ 543.693263][T11648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 543.747258][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.754416][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 543.774636][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.781894][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 543.990098][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.017854][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.033849][T11648] veth0_vlan: entered promiscuous mode [ 544.074938][T11903] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 544.081892][T11648] veth1_vlan: entered promiscuous mode [ 544.125579][T10261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.159866][T11903] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 544.169333][T10261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.208600][T11648] veth0_macvtap: entered promiscuous mode [ 544.266260][T11648] veth1_macvtap: entered promiscuous mode [ 544.314968][T11648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.361653][T11648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.395903][T11648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.407190][T11912] FAULT_INJECTION: forcing a failure. [ 544.407190][T11912] name failslab, interval 1, probability 0, space 0, times 0 [ 544.415910][T11648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.440559][T11912] CPU: 0 UID: 0 PID: 11912 Comm: syz.1.1120 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 544.451057][T11912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 544.454884][T11648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.461134][T11912] Call Trace: [ 544.461168][T11912] [ 544.461180][T11912] dump_stack_lvl+0x241/0x360 [ 544.461222][T11912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 544.481329][T11648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.482561][T11912] ? __pfx__printk+0x10/0x10 [ 544.482607][T11912] ? ref_tracker_alloc+0x332/0x490 [ 544.490535][T11648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 544.498690][T11912] should_fail_ex+0x3b0/0x4e0 [ 544.498744][T11912] ? skb_clone+0x20c/0x390 [ 544.498766][T11912] should_failslab+0xac/0x100 [ 544.498808][T11912] ? skb_clone+0x20c/0x390 [ 544.498829][T11912] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 544.498859][T11912] skb_clone+0x20c/0x390 [ 544.498885][T11912] __netlink_deliver_tap+0x3cc/0x7c0 [ 544.498935][T11912] ? netlink_deliver_tap+0x2e/0x1b0 [ 544.498967][T11912] netlink_deliver_tap+0x19d/0x1b0 [ 544.499003][T11912] netlink_unicast+0x7c4/0x990 [ 544.499041][T11912] ? __pfx_netlink_unicast+0x10/0x10 [ 544.499068][T11912] ? __virt_addr_valid+0x183/0x530 [ 544.499102][T11912] ? __check_object_size+0x49c/0x900 [ 544.499140][T11912] netlink_sendmsg+0x8e4/0xcb0 [ 544.499185][T11912] ? __pfx_netlink_sendmsg+0x10/0x10 [ 544.499232][T11912] ? __pfx_netlink_sendmsg+0x10/0x10 [ 544.499262][T11912] __sock_sendmsg+0x221/0x270 [ 544.499293][T11912] ____sys_sendmsg+0x52a/0x7e0 [ 544.606383][T11912] ? __pfx_____sys_sendmsg+0x10/0x10 [ 544.611775][T11912] __sys_sendmsg+0x2aa/0x390 [ 544.616436][T11912] ? __pfx___sys_sendmsg+0x10/0x10 [ 544.621615][T11912] ? vfs_write+0x7bf/0xc90 [ 544.626140][T11912] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 544.632548][T11912] ? do_syscall_64+0x100/0x230 [ 544.637401][T11912] ? do_syscall_64+0xb6/0x230 [ 544.642237][T11912] do_syscall_64+0xf3/0x230 [ 544.646816][T11912] ? clear_bhb_loop+0x35/0x90 [ 544.651695][T11912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.658189][T11912] RIP: 0033:0x7f8bb997def9 [ 544.663356][T11912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.683281][T11912] RSP: 002b:00007f8bba810038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 544.691773][T11912] RAX: ffffffffffffffda RBX: 00007f8bb9b35f80 RCX: 00007f8bb997def9 [ 544.699887][T11912] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 544.708001][T11912] RBP: 00007f8bba810090 R08: 0000000000000000 R09: 0000000000000000 [ 544.716025][T11912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.724045][T11912] R13: 0000000000000000 R14: 00007f8bb9b35f80 R15: 00007ffe1616b0c8 [ 544.732094][T11912] [ 544.740355][ T29] audit: type=1326 audit(1726646304.485:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11913 comm="syz.0.1121" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199eb7def9 code=0x0 [ 544.761433][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.812207][T11648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.846242][T11648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.863070][T11648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.874843][T11648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.891902][T11648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.903330][T11648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.953556][T11648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 544.993740][T11645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.115753][T11648] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.136439][T11648] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.152309][T11648] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.161766][T11648] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.539837][T10261] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.684988][T10261] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.789147][T10261] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.813777][T11645] veth0_vlan: entered promiscuous mode [ 545.825651][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.854617][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 545.905571][T10261] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.080452][T11645] veth1_vlan: entered promiscuous mode [ 546.093918][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.107082][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.227385][T11645] veth0_macvtap: entered promiscuous mode [ 546.243933][T10261] bridge_slave_1: left allmulticast mode [ 546.263963][T10261] bridge_slave_1: left promiscuous mode [ 546.276528][T10261] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.293340][T10261] bridge_slave_0: left allmulticast mode [ 546.300480][T10261] bridge_slave_0: left promiscuous mode [ 546.312089][T10261] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.930555][T10261] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 546.943542][T10261] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 546.956228][T10261] bond0 (unregistering): Released all slaves [ 546.971566][T11645] veth1_macvtap: entered promiscuous mode [ 547.115261][T11983] tipc: Invalid UDP bearer configuration [ 547.115390][T11983] tipc: Enabling of bearer rejected, failed to enable media [ 547.152408][T11645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.186951][T11645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.232142][T11645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.283979][T11645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.321941][T11645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.332645][T11645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.344935][T11645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.366502][T11645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.403673][T11645] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 652.395758][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 652.402769][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P11984 [ 652.410744][ C0] rcu: (detected by 0, t=10502 jiffies, g=68657, q=1378 ncpus=2) [ 652.418558][ C0] task:syz.3.1076 state:R running task stack:23776 pid:11984 tgid:11980 ppid:11648 flags:0x00004002 [ 652.431644][ C0] Call Trace: [ 652.434934][ C0] [ 652.437835][ C0] sched_show_task+0x506/0x6d0 [ 652.442625][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 652.447947][ C0] ? rcu_dump_cpu_stacks+0x76/0x440 [ 652.453175][ C0] ? wq_watchdog_touch+0xef/0x180 [ 652.458209][ C0] print_other_cpu_stall+0x11fe/0x15b0 [ 652.463685][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 652.469499][ C0] ? __pfx_lock_release+0x10/0x10 [ 652.474537][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 652.480785][ C0] rcu_sched_clock_irq+0xa2c/0x10d0 [ 652.485997][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 652.491629][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 652.496838][ C0] ? acct_account_cputime+0xd3/0x210 [ 652.502150][ C0] update_process_times+0x1ce/0x230 [ 652.507349][ C0] tick_nohz_handler+0x37c/0x500 [ 652.512377][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 652.517840][ C0] __hrtimer_run_queues+0x551/0xd50 [ 652.523142][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 652.528887][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 652.534993][ C0] hrtimer_interrupt+0x396/0x990 [ 652.539978][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 652.545983][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 652.551641][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 652.557638][ C0] RIP: 0010:unwind_next_frame+0x476/0x22d0 [ 652.563453][ C0] Code: fc ff df 42 0f b6 04 20 84 c0 0f 85 64 17 00 00 c6 03 01 48 c7 c2 a0 49 e8 8b 48 8b 6c 24 50 4c 8d 7a 04 48 8d 5a 05 4c 89 f8 <48> c1 e8 03 48 89 44 24 70 42 0f b6 04 20 84 c0 48 89 54 24 10 0f [ 652.583062][ C0] RSP: 0018:ffffc900000073b0 EFLAGS: 00000202 [ 652.589137][ C0] RAX: ffffffff907fd57e RBX: ffffffff907fd57f RCX: ffffffff900af39c [ 652.597156][ C0] RDX: ffffffff907fd57a RSI: ffffffff907fd57a RDI: 0000000000000001 [ 652.605135][ C0] RBP: ffffc90000007530 R08: 0000000000000001 R09: 0000000000000000 [ 652.613211][ C0] R10: ffffc900000074e0 R11: fffff52000000ea8 R12: dffffc0000000000 [ 652.621185][ C0] R13: ffffc900000074e0 R14: ffffffff907fd57f R15: ffffffff907fd57e [ 652.629197][ C0] ? get_stack_info_noinstr+0x47/0x130 [ 652.634683][ C0] ? __unwind_start+0xf8/0x740 [ 652.639501][ C0] __unwind_start+0x59a/0x740 [ 652.644216][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 652.650406][ C0] arch_stack_walk+0xe5/0x150 [ 652.655099][ C0] ? __unwind_start+0xf8/0x740 [ 652.659885][ C0] stack_trace_save+0x118/0x1d0 [ 652.664765][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 652.670240][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 652.676320][ C0] kasan_save_track+0x3f/0x80 [ 652.681035][ C0] ? llc_rcv+0x6f1/0xc10 [ 652.685288][ C0] kasan_save_free_info+0x40/0x50 [ 652.690316][ C0] poison_slab_object+0xe0/0x150 [ 652.695257][ C0] ? llc_rcv+0x6f1/0xc10 [ 652.699504][ C0] __kasan_slab_free+0x37/0x60 [ 652.704273][ C0] kmem_cache_free+0x145/0x350 [ 652.709057][ C0] llc_rcv+0x6f1/0xc10 [ 652.713221][ C0] ? __pfx_llc_rcv+0x10/0x10 [ 652.717841][ C0] __netif_receive_skb+0x2e0/0x650 [ 652.722974][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 652.728008][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 652.733636][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 652.739718][ C0] ? __pfx_lock_release+0x10/0x10 [ 652.744752][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 652.749878][ C0] process_backlog+0x662/0x15b0 [ 652.754735][ C0] ? process_backlog+0x33b/0x15b0 [ 652.759767][ C0] ? __pfx_process_backlog+0x10/0x10 [ 652.765053][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 652.771059][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 652.777498][ C0] __napi_poll+0xcb/0x490 [ 652.781942][ C0] net_rx_action+0x89b/0x1240 [ 652.786651][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 652.791780][ C0] ? sched_clock+0x4a/0x70 [ 652.796227][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 652.802657][ C0] handle_softirqs+0x2c5/0x980 [ 652.807432][ C0] ? do_softirq+0x11b/0x1e0 [ 652.812029][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 652.817327][ C0] do_softirq+0x11b/0x1e0 [ 652.821662][ C0] [ 652.824591][ C0] [ 652.827522][ C0] ? __pfx_do_softirq+0x10/0x10 [ 652.832375][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 652.838024][ C0] ? rcu_is_watching+0x15/0xb0 [ 652.842822][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 652.848033][ C0] ? __pfx___cant_migrate+0x10/0x10 [ 652.853255][ C0] ? bpf_test_run+0x370/0xa90 [ 652.857940][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 652.863668][ C0] ? bpf_test_timer_continue+0x11a/0x350 [ 652.869308][ C0] bpf_test_run+0x56b/0xa90 [ 652.873820][ C0] ? do_syscall_64+0xf3/0x230 [ 652.878503][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.884581][ C0] ? bpf_test_run+0x370/0xa90 [ 652.889286][ C0] ? __pfx_bpf_test_run+0x10/0x10 [ 652.894323][ C0] ? eth_type_trans+0x3d1/0x7a0 [ 652.899187][ C0] ? __pfx_eth_type_trans+0x10/0x10 [ 652.904486][ C0] ? convert___skb_to_skb+0x41/0x620 [ 652.909780][ C0] bpf_prog_test_run_skb+0xc97/0x1820 [ 652.915171][ C0] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 652.920987][ C0] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 652.926801][ C0] bpf_prog_test_run+0x334/0x3b0 [ 652.931765][ C0] __sys_bpf+0x48d/0x810 [ 652.936017][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 652.940884][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 652.946880][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 652.953218][ C0] ? do_syscall_64+0x100/0x230 [ 652.957999][ C0] __x64_sys_bpf+0x7c/0x90 [ 652.962422][ C0] do_syscall_64+0xf3/0x230 [ 652.966936][ C0] ? clear_bhb_loop+0x35/0x90 [ 652.971631][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.977526][ C0] RIP: 0033:0x7fb25037def9 [ 652.981939][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.001549][ C0] RSP: 002b:00007fb2511f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 653.009967][ C0] RAX: ffffffffffffffda RBX: 00007fb250535f80 RCX: 00007fb25037def9 [ 653.017940][ C0] RDX: 0000000000000050 RSI: 0000000020000080 RDI: 000000000000000a [ 653.025912][ C0] RBP: 00007fb2503f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 653.033886][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 653.041854][ C0] R13: 0000000000000000 R14: 00007fb250535f80 R15: 00007ffeb1bf44e8 [ 653.049848][ C0] [ 653.052867][ C0] rcu: rcu_preempt kthread starved for 10520 jiffies! g68657 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 653.064055][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 653.074020][ C0] rcu: RCU grace-period kthread stack dump: [ 653.080007][ C0] task:rcu_preempt state:R running task stack:24912 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 653.091740][ C0] Call Trace: [ 653.095278][ C0] [ 653.098224][ C0] __schedule+0x17ae/0x4a10 [ 653.102838][ C0] ? __pfx___schedule+0x10/0x10 [ 653.107696][ C0] ? __pfx_lock_release+0x10/0x10 [ 653.112729][ C0] ? __asan_memset+0x23/0x50 [ 653.117324][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 653.123134][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 653.129486][ C0] ? schedule+0x90/0x320 [ 653.133730][ C0] schedule+0x14b/0x320 [ 653.137889][ C0] schedule_timeout+0x1be/0x310 [ 653.142739][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 653.148119][ C0] ? __pfx_process_timeout+0x10/0x10 [ 653.153410][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 653.158963][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 653.163908][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 653.169139][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 653.175301][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 653.180597][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 653.186497][ C0] ? finish_swait+0xd4/0x1e0 [ 653.191094][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 653.195690][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 653.200999][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 653.206904][ C0] ? __kthread_parkme+0x169/0x1d0 [ 653.211939][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 653.217163][ C0] kthread+0x2f0/0x390 [ 653.221232][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 653.226453][ C0] ? __pfx_kthread+0x10/0x10 [ 653.231044][ C0] ret_from_fork+0x4b/0x80 [ 653.235480][ C0] ? __pfx_kthread+0x10/0x10 [ 653.240086][ C0] ret_from_fork_asm+0x1a/0x30 [ 653.244874][ C0] [ 653.247898][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 653.254230][ C0] Sending NMI from CPU 0 to CPUs 1: [ 653.259548][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x21/0x30