last executing test programs: 9.687651212s ago: executing program 0 (id=5185): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYRES16=r1, @ANYRES32=0x0, @ANYRESDEC=r2, @ANYBLOB="e0000002000000000000000000000000ff993010d63e000000000100000654be5a418f09c0bd398322de2a6f05317720feea4480aa34ded547a721f56582ca08c603", @ANYRES32=0x0, @ANYRES64=r0], 0x128}, 0x1, 0x0, 0x0, 0x40014}, 0x20048800) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) r3 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00010200"/20, @ANYRES32=0x0, @ANYBLOB="bf"], 0x1c}}, 0x0) recvmmsg(r3, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0}}], 0x7, 0x0, 0x0) futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000040), 0x2}], 0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x0) setpriority(0x2, 0x0, 0x1) 8.878488159s ago: executing program 3 (id=5188): r0 = socket$inet6(0xa, 0x3, 0x3a) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)=""/129, 0x81}], 0x1) connect$inet6(r0, &(0x7f0000000040), 0x1c) sendto$inet6(r0, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x143c62, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000500)={0xb, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x7, 0x3, 0xacf0, 0x4, 0x0, 0x76, "8d8f21e34ab33d"}}, 0x11f) socket$inet6_tcp(0xa, 0x1, 0x0) io_submit(0x0, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000340)="ac09cae141a15e8277e70aafc535b1f8b9cd750d3d54cb1abee72acafe834b3f226e353535db531b4af0168c7dafa4b4d04afd7f03a9e554267c5208f8f8d83d61fa047ef63175797fbda821a67695ca773cda0a2e00", 0x56}]) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000700)={'sit0\x00', 0x0, 0x20, 0x700, 0x2, 0x6, {{0x2b, 0x4, 0x3, 0x2e, 0xac, 0x66, 0x0, 0x71, 0x29, 0x0, @broadcast, @broadcast, {[@timestamp_prespec={0x44, 0x4c, 0x9d, 0x3, 0x1, [{@dev={0xac, 0x14, 0x14, 0x2c}, 0xc}, {@private=0xa010101, 0x9}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x5}, {@rand_addr=0x64010101, 0x7}, {@multicast2, 0x2}, {@rand_addr=0x64010102, 0x80}, {@dev={0xac, 0x14, 0x14, 0x44}, 0x3}, {@loopback, 0x32}, {@private=0x10001, 0x80}]}, @timestamp_prespec={0x44, 0x14, 0x25, 0x3, 0x2, [{@dev={0xac, 0x14, 0x14, 0x20}, 0x6}, {@empty, 0x7}]}, @end, @end, @end, @noop, @lsrr={0x83, 0x13, 0xdd, [@multicast2, @remote, @remote, @private=0xa010102]}, @rr={0x7, 0x1f, 0x4d, [@empty, @multicast2, @remote, @multicast2, @local, @empty, @multicast2]}]}}}}}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x64, r2}) ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f00000001c0)={{r0}, 0x1, &(0x7f0000000000)=[0xffffffffffffff00], 0x3, 0x8, 0x1}) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') 8.265635964s ago: executing program 0 (id=5191): syz_init_net_socket$ax25(0x3, 0x5, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) r1 = shmat(r0, &(0x7f0000001000/0x3000)=nil, 0x0) shmctl$IPC_RMID(r0, 0x0) shmdt(r1) 8.143437136s ago: executing program 1 (id=5193): openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) r1 = socket(0x1e, 0x1, 0x0) connect$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x2, {0x0, 0x400, 0x3}}, 0xfffffffffffffe32) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000f000000000b004500757665726273000000000000000000"], 0x1c}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000003c0), 0xffffffffffffffff) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f00000000c0)={0x0, 'syz_tun\x00', {0x3}}) syz_emit_ethernet(0x7e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000088a8000081"], 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="6564460000d1", @ANYRES16=r4, @ANYBLOB="000227bd7000ffdbdf250100000008000400080000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000081}, 0x800) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x132, 0x8000, 0x800, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = socket(0x1000000000000010, 0x80802, 0x0) vmsplice(r6, &(0x7f0000000180)=[{&(0x7f0000000300)='h', 0x1}], 0x1, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000540), 0x10005, r7}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000036645e0830c00000581100009c209acdedae1a8ed45a3c891ec10a2e36d7f508aa2628030a20ddf1204852791ffa9d5b26a5dc8dd3b460d0394627627cdeb15ba20c9c3bf873f994041d75625b171d3cc6b4c25fcf0cd137bf86b64e28c5beda48994ad1a7c0fe99bb329e0516acd927327afc0fe8f1703cfe2c73", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x3f}, 0x48) 8.054665724s ago: executing program 0 (id=5194): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) fcntl$lock(r1, 0x24, &(0x7f00000002c0)={0x0, 0x0, 0xfffffffffffffffc}) 7.930283535s ago: executing program 3 (id=5195): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x118) r7 = creat(0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0x4112, 0x0) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xff, 0x6d}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac01, 0xfac14, 0xfac13, 0xfac0a, 0xfac0d, 0xfac0b, 0x0]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}], @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4040005) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f00000005c0)=""/107, 0x6b, 0x0, 0x0, 0x1}}, 0x48) 7.863847893s ago: executing program 0 (id=5196): syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000640), 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001800010300000000000000000a00000000030008000000000800040001000000e2abfb6f"], 0x24}}, 0x0) r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000680)=""/114, 0x72}], 0x2, &(0x7f0000000800)=[{&(0x7f0000000740)=""/172, 0xac}], 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}}, 0xfe4f) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)}], 0x1}, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) bind$bt_l2cap(r4, &(0x7f0000000000), 0xe) 6.896611331s ago: executing program 3 (id=5197): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = memfd_create(&(0x7f0000001980)='#]\\+&\x00w\xbb\xc8*\xdd\x0f|\xd4\x94\x9e\x9du=\x90\x9e\a$\xf7^?\xce\x16\xd8ZP\xbd\xe9e\x16E\xc9\x9f\xbc\xc6\xda`N\xb3\x97S,=\xaa\xfe\xcf$:9\xc9\xb0<4\x87\x9ah*&\x80\xdf\xd1S\xf6\x0e\x89\xa5\xa4\x06*ja\xbd\xe1\x1ep\xa3\x11!Q\x02 \x92_\x0e\x11_M\xe3\x94\xbc\x1e\xfeL\xcd\x10\x8d\x99\xc8\xb3a\a\xc7\xd9\x92\xdf\xd10\xfb\xa6l\x1f\xc0d\n\xb6\xee\x0e\x86\x9e\x9ck(\x06\x93\xa7\xcd\x8b\x152T\xf6m\xc1>\xe9\xd6!\xfa\xb7t0\x7fko\xa3f\xfd0\x80\x14K\xe8lMj\x13e\xbc\xe5Rl\xfb\x13\xa9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\xb2\xdb\x06\xf7\x9f\xcb\xd3+H@\x9dU\x17\xef\xac^\xba\x89%\x80\xed\xca\x8e{\x9a\xbd\x84$1\x12\r\xee\x9d/\x9f\x93\xf6\xec\xb1\x01\xcaq\xa28\xd0\x01\xb9\xf7U`\xe1\xd7\x05\'.\xbb\xc7&\x99\x8dqi\xdc\v\xe3\x9f\x1c\xfb~|?/C\x19\xeb\xc9\x01V\bW@>\ru%\x95\x91z\xe7\x9f\x83/\x99\x8bv-E>\x16\xf5\x06\x80aH\x97s\x87\x06H\xf2\xdd\xa2M\x16\xc5d\xfd\xd8\xab\xf6n\x1aTh\xbb\xaf\xdf*\xf0@c7?@\xb6\x13\x96C\xb2%A\x12\x10\xd5\xf1\x92\x82\xe20\x06,\xa0]\r\xe7\xbf\x89\xdc\x00\xb6$j\x00'/428, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000001900), 0x140040, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = syz_io_uring_setup(0x3673, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x3}) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r8, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r9, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000001b40)={0x48}) io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x0, &(0x7f0000001940)=0x1, 0x4) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f00000017c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001780)={&(0x7f0000001680)={0xe0, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x9, 0xe}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffffe}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x10}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x10001}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x5}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x23d}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xf5}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}]]}, 0xe0}, 0x1, 0x0, 0x0, 0x4004}, 0x40011) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000001800)={r1, 0x0, 0x2, 0x8}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r10, 0x40a85321, &(0x7f0000001840)={{0x9, 0x3}, 'port1\x00', 0x8, 0x140001, 0x5, 0x2, 0x7, 0xfffffffb, 0x80000001, 0x0, 0x5, 0x4}) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) preadv(r1, &(0x7f0000001600)=[{&(0x7f0000000040)=""/229, 0xe5}, {&(0x7f0000000140)=""/41, 0x29}, {&(0x7f0000000180)=""/111, 0x6f}, {&(0x7f00000002c0)=""/197, 0xc5}, {&(0x7f00000003c0)=""/133, 0x85}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/87, 0x57}, {&(0x7f0000001500)=""/225, 0xe1}], 0x8, 0x5, 0x80) 6.02739637s ago: executing program 2 (id=5199): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050efd0409430009003f000c000a0000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) (fail_nth: 5) 5.941559993s ago: executing program 3 (id=5200): socketpair$unix(0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x7, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000a00)={0x340, 0x0, 0x0, [{{0x0, 0x0, 0x1, 0x1000, 0x0, 0x8001, {0x4, 0x1, 0x9, 0x5, 0x5, 0x9, 0xff, 0x5, 0x3, 0x8000, 0x1ff, 0x0, 0x0, 0x100, 0x2}}, {0x3, 0x100000001, 0x12, 0x30, 'jbd2_handle_stats\x00'}}, {{0x5, 0x0, 0x7664ea50, 0x3ffc00000000000, 0x4, 0x6, {0x2, 0x1, 0x7, 0x74, 0x1, 0x5, 0x80000000, 0x0, 0x80, 0x1000, 0x1, 0x0, 0x0, 0x53, 0x2}}, {0x0, 0x6, 0x1, 0x0, ','}}, {{0x5, 0x0, 0xe2, 0x0, 0x6, 0x9, {0x2, 0x4, 0x3, 0x5, 0x0, 0x3d320, 0x9, 0x0, 0x2f4, 0x1000, 0x7, 0x0, 0x0, 0x7fff, 0x81}}, {0x3, 0x5, 0x4, 0xe, '$\xd1*@'}}, {{0x3, 0x2, 0x6e7, 0x3, 0x8, 0x39, {0x6, 0x2, 0x5, 0x8, 0x4, 0x2, 0x9, 0x0, 0x2, 0x1000, 0x80, 0x0, 0x0, 0xf17}}, {0x4, 0x7, 0x0, 0x800}}, {{0x5, 0x3, 0x4, 0x0, 0x5, 0x8, {0x4, 0x7, 0x4, 0x400, 0x0, 0xffffffffffffffff, 0x6, 0x800, 0x0, 0x1000, 0x1, 0x0, 0x0, 0xe, 0xcab}}, {0x0, 0x41f, 0xb, 0x2, '/dev/audio\x00'}}]}, 0x340) ioctl$SOUND_MIXER_READ_DEVMASK(r3, 0xc0044dff, &(0x7f0000001480)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={0x1}, 0x4) 5.235831618s ago: executing program 2 (id=5201): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYRES16=r1, @ANYRES32=0x0, @ANYRESDEC=r2, @ANYBLOB="e0000002000000000000000000000000ff993010d63e000000000100000654be5a418f09c0bd398322de2a6f05317720feea4480aa34ded547a721f56582ca08c603", @ANYRES32=0x0, @ANYRES64=r0], 0x128}, 0x1, 0x0, 0x0, 0x40014}, 0x20048800) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) r3 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00010200"/20, @ANYRES32=0x0, @ANYBLOB="bf"], 0x1c}}, 0x0) recvmmsg(r3, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0}}], 0x7, 0x0, 0x0) futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000040), 0x2}], 0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x0) setpriority(0x2, 0x0, 0x1) 4.907407569s ago: executing program 0 (id=5203): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@noprefix}, {@none}, {@subsystem='net_prio'}]}) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'veth0_to_hsr\x00', {0x2, 0x4e23, @loopback}}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a00000000000018100000", @ANYRES32, @ANYBLOB="10000000000000250000006cd42d130065e100009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x20000050) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000340), 0x1, 0x82) syz_emit_ethernet(0x7c, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000b00462f00fe880000000000000000000000000001fe8000000000000000000000000000aa242065580002000097de00000800000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0) socket(0x10, 0x0, 0x0) openat$smackfs_relabel_self(0xffffffffffffff9c, 0x0, 0x2, 0x0) 3.656170163s ago: executing program 4 (id=5204): syz_init_net_socket$ax25(0x3, 0x5, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) r1 = shmat(r0, &(0x7f0000001000/0x3000)=nil, 0x0) shmctl$IPC_RMID(r0, 0x0) shmdt(r1) 3.543979489s ago: executing program 1 (id=5205): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)={0x18, 0x30, 0x1, 0x0, 0x0, "", [@typed={0x8, 0xb8, 0x0, 0x0, @fd}]}, 0x18}], 0x1}, 0x0) 3.468080493s ago: executing program 2 (id=5206): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) fcntl$lock(r1, 0x24, &(0x7f00000002c0)={0x0, 0x0, 0xfffffffffffffffc}) 3.33635994s ago: executing program 4 (id=5207): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x118) r7 = creat(0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0x4112, 0x0) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xff, 0x6d}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac01, 0xfac14, 0xfac13, 0xfac0a, 0xfac0d, 0xfac0b, 0x0]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}], @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4040005) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f00000005c0)=""/107, 0x6b, 0x0, 0x0, 0x1}}, 0x48) 3.292162513s ago: executing program 1 (id=5208): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x118) r7 = creat(0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0x4112, 0x0) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xff, 0x6d}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_AKM_SUITES={0x20, 0x4c, [0xfac01, 0xfac14, 0xfac13, 0xfac0a, 0xfac0d, 0xfac0b, 0x0]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}], @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4040005) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f00000005c0)=""/107, 0x6b, 0x0, 0x0, 0x1}}, 0x48) 3.19399422s ago: executing program 2 (id=5209): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1100}}, &(0x7f0000014ff5)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0xc, &(0x7f0000000000), 0x1, 0x10, &(0x7f0000000000), 0xa}, 0x70) 2.291242179s ago: executing program 0 (id=5210): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100002eab5a40401c3405cc6d010203010902120001000000000904"], 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000100)={@link_local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000080)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$uac1(0x6, 0x92, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x80, 0x3, 0x1, 0xdb, 0xa0, 0xb8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xb, 0x9}, [@input_terminal={0xc, 0x24, 0x2, 0x6, 0x203, 0x1, 0x15, 0x9, 0x8, 0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xa, 0x2, 0x2, 0x2c, "7419"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x0, 0x2, 0x8, 0x40, "de32", 'M'}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x3, 0x5, 0x27, {0x7, 0x25, 0x1, 0x3, 0x51, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x8, 0x28, 0x1, {0x7, 0x25, 0x1, 0x83, 0x4}}}}}}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0xd, 0x2, 0x7, 0x10, 0x7b}, 0x16, &(0x7f0000000040)={0x5, 0xf, 0x16, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x5, 0x2}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x6, 0x0, 0x8000}]}, 0x3, [{0x69, &(0x7f0000000180)=@string={0x69, 0x3, "fd25901960a6a247097ce1d1c04d953b69e81011bbf80b69af684e8002a9e2dc56a76b0c6f0e0888a8929e057cf5a4e7e3ea446d4dbcbd31b84c00dba124a53c4157035cef19a8b56c53fc93c072056d634c5c3d3f376bf2d5af8f6353b7150486c59c9a55238c"}}, {0xa5, &(0x7f00000002c0)=@string={0xa5, 0x3, "4b18066f44a0446b28958d5f4fd5ba663ddbd14c05f7d2de0955d4b6ed0870863f6e5e51002bf4c6bb0a8684c5827fe15979c8f1e72d995adeaa24680351d2d00b4da789a2e9a8e79ca8f0b0841752d38921cf6f80307748618868107f24c64b62c34e8b8e8d993d018821d459d025229b1c99e6ef686bb72ba8949fe061bb0c4c28a502f863972ce13cd36e43b162852615a98e8e7672377b383285766d347a5a8b20"}}, {0x67, &(0x7f0000000200)=@string={0x67, 0x3, "8eeded01929f167e5a410089dce0c0171a2f8b8c0252625fdcc65ae639413d1b9f1c2765231d8c58882d2bf87ee486ec6e88d747581a588b22c86f035e42f5be0e10992bc02159f5c3622018efd08b5cfe89ac65e2366a558e4a5f48b5e5ecc2648123f5d7"}}]}) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x92, 0xdf, 0x55, 0x10, 0x5ac, 0x9226, 0xb289, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0xe9}}]}}]}}, 0x0) r3 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x0, 0x1}) syz_usb_disconnect(r2) r4 = syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) syz_usb_disconnect(r4) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x90, &(0x7f0000000440)={[{0x8c, 0x4e00, "0a1715ef08b4159b6c45dbf660934ae641aee0a84da6c4a961a304a39f842b8f7362ec648fe55dc0933d0f61dcb34382d37a58d9d3120e592fc818a03f64df21ca68ab2b1962a937bda4935d64f160c7c2447773c36d0e34e76138b4b2ad4edce4be1b00c9fcd3457c95554c4c04cca5f9459d3e0df4440ee72801c9338d0edcbca08682ef781b8e203740d9"}]}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000080)={0x40, 0x0, 0x4, "5bce791a"}, 0x0, 0x0}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={0xffffffffffffffff, 0x0, &(0x7f0000001580)=""/92}, 0x20) 2.290327596s ago: executing program 4 (id=5211): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x40, 0x0) unshare(0x56050d00) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f0000000080)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) r6 = syz_io_uring_setup(0x110, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x4, 0x1a7}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x108, &(0x7f0000000080)=0xfffffffe, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000340)='attr\x00') getdents64(r9, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000600)={0x0, 0x1, 0x2, &(0x7f0000000400)}) setreuid(0x0, r2) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r9, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r11, 0x0, 0x24000800) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000180)={'veth1_virt_wifi\x00', 0x0}) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="380000005400e501000000000000000007000000", @ANYRES32=r13, @ANYRES16=0x0, @ANYRES32, @ANYRES8=r12], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x10) 2.27734121s ago: executing program 1 (id=5212): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x19) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000580)='ns/cgroup\x00') gettid() bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000c40), 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r6 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r6, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1000000, 0x12) 2.216021942s ago: executing program 2 (id=5213): syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000640), 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001800010300000000000000000a00000000030008000000000800040001000000e2abfb6f"], 0x24}}, 0x0) r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000680)=""/114, 0x72}], 0x2, &(0x7f0000000800)=[{&(0x7f0000000740)=""/172, 0xac}], 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}}, 0xfe4f) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)}], 0x1}, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) bind$bt_l2cap(r4, &(0x7f0000000000), 0xe) 1.788801139s ago: executing program 4 (id=5214): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x2}) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x2) close(r1) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWSETELEM={0xdc, 0xc, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xbc, 0x3, 0x0, 0x1, [{0x98, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x1d, 0x6, 0x1, 0x0, "9ddd8550d24296230dbe0cdf64c89d6afb19a7be0d30bee732"}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xffffffff}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_LOG_SNAPLEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_LOG_SNAPLEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_LOG_LEVEL={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x101}, @NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x5}, @NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x8}]}}}]}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x100000001}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x9}]}]}]}], {0x14}}, 0x104}}, 0x0) 1.443896304s ago: executing program 4 (id=5215): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = inotify_init() bpf$PROG_LOAD(0x5, 0x0, 0x0) readv(r2, &(0x7f0000000180)=[{&(0x7f0000000680)=""/139, 0x8b}], 0x1) 1.078857527s ago: executing program 1 (id=5216): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYRES16=r1, @ANYRES32=0x0, @ANYRESDEC=r2, @ANYBLOB="e0000002000000000000000000000000ff993010d63e000000000100000654be5a418f09c0bd398322de2a6f05317720feea4480aa34ded547a721f56582ca08c6031e", @ANYRES32=0x0, @ANYRES64=r0], 0x128}, 0x1, 0x0, 0x0, 0x40014}, 0x20048800) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) r3 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00010200"/20, @ANYRES32=0x0, @ANYBLOB="bf"], 0x1c}}, 0x0) recvmmsg(r3, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0}}], 0x7, 0x0, 0x0) futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000040), 0x2}], 0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x0) setpriority(0x2, 0x0, 0x1) 729.7715ms ago: executing program 3 (id=5217): preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$ndb(0x0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000300)={0x0, 0x2, 0x0, 'queue1\x00', 0x3}) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000f, 0x10, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) statx(r1, 0x0, 0x1000, 0x0, &(0x7f0000000040)) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r2, 0xffffffffffffffff, 0xd, 0x0, 0x4000, @link_id}, 0x20) 383.963778ms ago: executing program 3 (id=5218): pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) r2 = dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r4 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0xe177, 0x0, 0x0, 0x158}, &(0x7f0000000480)=0x0, &(0x7f0000000240)=0x0) syz_emit_ethernet(0xa2, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaa10aaaaaaaaaaaa86dc6092c01f006c2f00fe8000000000000000000000000000bb00000000000000000000ffff000000002420880b000000000000002113565ccefe5d31f29e248840f7360be63033d565b8cfe3af99d096c6022c5d97cf495bfa81adb370bf61883a57f2000086dd080088be000000041000"], 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1500b4, &(0x7f0000000640)=ANY=[@ANYRESOCT=r6, @ANYRES64=r2, @ANYRESDEC=r2, @ANYRES8=r0, @ANYRES64=r1]) ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f00000004c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x104, &(0x7f0000000340)=0xc97, 0x0, 0x4) r7 = socket$packet(0x11, 0x3, 0x300) getpeername$packet(r7, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000200)=0x14) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$join(0x1, 0x0) keyctl$join(0x1, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="040f040000110449ab820d3d2f6965ed74697176dbbd462dc27d0cfcbac6e4c8c1a350f679a713d876fdb7a946f5c94139d6b1a38d56fc1b537a02d9851ac44183833f0eb4dd6b2e3daa7ff4c27f6e0688e0cf2441adbd4248ef73d2ab0ee9b233663f83fcb6478daa6a51a260fb4d690f15732c9582d97edb0185947922f1e716b6660abcfb99a6118615cc4bef222666167b9470b1293a5c3c8730722583af57d9ab82184f7a8112efb654eda84cb2262fda5326d8b7680d3df9c9d445c46d1efba18bd5dfea32d3"], 0x7) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000380)={'#! ', '', [{0x20, '^sz\xd1=\xc1\xe4\xe6\xfcf\xbf\x00\xcf\x03\x84\xd7\xb6\x9d\xa0\x13\x1bc\x1e<\x89\xb665->\xdb\x8eh2%$>\xce#w= \xb0\x89\xfe\xb6\x1e%\xcf*\xfd\xff\x03w\x1d\x17\x83>WW\xeby\xee<\x9b\x1f\x1a\xfb>@h\xb7u\xcd\xae\xc9\x8c\x892\xffZ\xa2o\xf4\xc6\x97s4,\xd1\xab|5\xd1\xcb1\xc9\xf76,\xc1\xf8\xba\xbf\x8e;\xb5\x9e\x81\x94\xd7E\xf2\x00\xad<\xb0c\x8eL\x8b\x9e\xb7\xfbh?\xbf\x98\xc1\xb2(\xd8\xb4\xd8\xad\x03\xba\xe1\x9b\x8a1j\x87\xafL\xfb\xe3\xba=/\xc0\xa0 i\xf5\xa5\xce\x10+\xd6\x0e\x01\b\x9e8\x8cAH\xcf}\x19\xf8\xeeo2p\xa1\xb6]\x10\xd4\t.U\x9e\xf9\bO]\xc1\xbeF4\x0e6.\x88fQ\xf1\x80\x99P\xdd\t=\xe8MS\xcb\x1b\x90\x99l\xe9\x94\xa3<\xea\x92\xe3'}]}, 0xe2) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x9, &(0x7f0000000040), 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x6) syz_emit_ethernet(0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) 373.387493ms ago: executing program 4 (id=5219): openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', 0x101040, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$unix(0x1, 0x1, 0x0) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) dup2(r3, r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x4e868757) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x8004, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x200408c0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) 133.136377ms ago: executing program 2 (id=5220): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@noprefix}, {@none}, {@subsystem='net_prio'}]}) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'veth0_to_hsr\x00', {0x2, 0x4e23, @loopback}}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a00000000000018100000", @ANYRES32, @ANYBLOB="10000000000000250000006cd42d130065e100009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x20000050) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000340), 0x1, 0x82) syz_emit_ethernet(0x7c, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000b00462f00fe880000000000000000000000000001fe8000000000000000000000000000aa242065580002000097de00000800000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0) socket(0x10, 0x0, 0x0) openat$smackfs_relabel_self(0xffffffffffffff9c, 0x0, 0x2, 0x0) 0s ago: executing program 1 (id=5221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xff}, 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000040)='source', &(0x7f0000000080)='//', 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r4}, 0x40) syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x18, &(0x7f00000003c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r6, 0x5, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc}, {0x3}}]}, 0x54}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000001400000014000000023e4c03b41b14325c013fd140dcb2f33488a3fdab5d76957485a2c17eea974deabee61e3261d04bc4118156a7fe2ee19c2d844ae4955a58"], &(0x7f0000001f40)=""/4089, 0x2e, 0xff9, 0xa, 0x3ff}, 0x20) kernel console output (not intermixed with test programs): rror parsing options; rc = [-22] [ 1798.864012][T22300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1798.908597][T22301] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4751'. [ 1799.338805][T22300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1799.378731][T22300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1799.423685][T22309] program syz.1.4752 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1800.993483][ T9900] usb 3-1: USB disconnect, device number 36 [ 1801.000772][T22323] vivid-002: disconnect [ 1801.074827][T22323] vivid-002: reconnect [ 1801.410182][T22333] 9pnet_fd: Insufficient options for proto=fd [ 1801.931704][ T29] audit: type=1326 audit(1721899720.226:2886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22325 comm="syz.1.4757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1802.329741][T22342] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4760'. [ 1802.700442][T22346] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1802.718389][T22346] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1802.772520][T22346] Error parsing options; rc = [-22] [ 1802.950559][T22346] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4763'. [ 1803.868319][T21092] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1804.068225][T21092] usb 2-1: Using ep0 maxpacket: 32 [ 1804.092577][T21092] usb 2-1: config 0 has an invalid interface number: 236 but max is 2 [ 1804.109610][T21092] usb 2-1: config 0 has an invalid interface number: 144 but max is 2 [ 1804.119509][T21092] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 1804.130925][T21092] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 1804.140181][T21092] usb 2-1: config 0 has no interface number 0 [ 1804.149584][T21092] usb 2-1: config 0 has no interface number 1 [ 1804.157204][T21092] usb 2-1: config 0 interface 236 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 1804.175211][T21092] usb 2-1: config 0 interface 144 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 1804.188989][T21092] usb 2-1: config 0 interface 236 has no altsetting 0 [ 1804.195866][T21092] usb 2-1: config 0 interface 144 has no altsetting 0 [ 1804.210848][T21092] usb 2-1: New USB device found, idVendor=05cc, idProduct=3362, bcdDevice=da.da [ 1804.228770][T21092] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1804.237663][T21092] usb 2-1: Product: syz [ 1804.249404][T21092] usb 2-1: Manufacturer: syz [ 1804.259408][T21092] usb 2-1: SerialNumber: syz [ 1804.267988][T21092] usb 2-1: config 0 descriptor?? [ 1804.948264][T16417] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1805.189122][T16417] usb 3-1: Using ep0 maxpacket: 16 [ 1805.225245][T16417] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1805.298735][T16417] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1805.370163][T16417] usb 3-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 1805.434189][T16417] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1805.650338][T16417] usb 3-1: config 0 descriptor?? [ 1805.768230][T21092] usb 2-1: [ueagle-atm] ADSL device founded vid (0X5CC) pid (0X3362) Rev (0XDADA): ADI930 [ 1806.102512][T16417] cypress 0003:04B4:0001.000C: unknown main item tag 0x0 [ 1806.160961][T16417] cypress 0003:04B4:0001.000C: hidraw0: USB HID v0.00 Device [HID 04b4:0001] on usb-dummy_hcd.2-1/input0 [ 1806.748587][T21092] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware [ 1806.756354][T21092] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/adi930.fw [ 1806.768833][ T9900] usb 2-1: Direct firmware load for ueagle-atm/adi930.fw failed with error -2 [ 1806.807728][ T9900] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/adi930.fw [ 1806.847815][T21092] usb 2-1: [ueagle-atm] ADSL device founded vid (0X5CC) pid (0X3362) Rev (0XDADA): ADI930 [ 1806.883728][T21092] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware [ 1806.893794][ T5105] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1806.910558][T21092] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/adi930.fw [ 1806.913911][ T5105] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1806.939854][ T5105] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1806.948593][T21092] usb 2-1: USB disconnect, device number 4 [ 1806.949288][ T5105] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1806.962646][ T5105] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1806.971405][ T5105] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1807.409662][ C0] eth0: bad gso: type: 1, size: 1408 [ 1807.731848][T22386] 9pnet_fd: Insufficient options for proto=fd [ 1807.741558][ T9886] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1808.015939][ T9886] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1808.253048][ T9886] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1808.428486][ T29] audit: type=1326 audit(1721899726.706:2887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22378 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1808.579406][ T29] audit: type=1326 audit(1721899726.706:2888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22378 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1808.637198][ T29] audit: type=1326 audit(1721899726.706:2889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22378 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1808.675342][ T9886] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1809.033454][T22397] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1809.069834][ T5105] Bluetooth: hci6: command tx timeout [ 1809.077821][T22397] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1809.088088][T22373] chnl_net:caif_netlink_parms(): no params data found [ 1809.118709][T22397] Error parsing options; rc = [-22] [ 1809.197416][ T9886] bridge_slave_1: left allmulticast mode [ 1809.216123][ T9886] bridge_slave_1: left promiscuous mode [ 1809.232528][ T9886] bridge0: port 2(bridge_slave_1) entered disabled state [ 1809.271703][ T9886] bridge_slave_0: left allmulticast mode [ 1809.300802][ T9886] bridge_slave_0: left promiscuous mode [ 1809.322399][ T9886] bridge0: port 1(bridge_slave_0) entered disabled state [ 1809.867284][T22400] vivid-001: disconnect [ 1809.900261][T22400] vivid-001: reconnect [ 1811.035695][ T9886] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1811.069662][ T9886] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1811.092269][ T9886] bond0 (unregistering): Released all slaves [ 1811.116664][T22408] netlink: 'syz.0.4776': attribute type 2 has an invalid length. [ 1811.149964][ T5105] Bluetooth: hci6: command tx timeout [ 1811.150349][T22397] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4774'. [ 1811.189525][T22408] netlink: 'syz.0.4776': attribute type 1 has an invalid length. [ 1811.197336][T22408] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.4776'. [ 1811.269309][T22409] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.4776'. [ 1811.387878][T22409] netlink: zone id is out of range [ 1811.408579][T22409] netlink: zone id is out of range [ 1811.457720][T22409] netlink: zone id is out of range [ 1811.468027][T22409] netlink: zone id is out of range [ 1811.503192][T22409] netlink: zone id is out of range [ 1811.528026][T22409] netlink: zone id is out of range [ 1811.539357][T22409] netlink: zone id is out of range [ 1811.565422][T22409] netlink: zone id is out of range [ 1811.607366][T22409] netlink: zone id is out of range [ 1811.969499][ T9886] hsr_slave_0: left promiscuous mode [ 1812.012179][ T9886] hsr_slave_1: left promiscuous mode [ 1812.035225][ T9886] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1812.063714][ T9886] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1812.118986][ T9886] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1812.259881][ T9886] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1812.327025][ T9886] veth1_macvtap: left promiscuous mode [ 1812.363166][ T9886] veth0_macvtap: left promiscuous mode [ 1812.400926][ T9886] veth1_vlan: left promiscuous mode [ 1812.422088][ T9886] veth0_vlan: left promiscuous mode [ 1812.858835][T22433] FAULT_INJECTION: forcing a failure. [ 1812.858835][T22433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1812.898325][T22433] CPU: 1 UID: 0 PID: 22433 Comm: syz.1.4781 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1812.908805][T22433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1812.918888][T22433] Call Trace: [ 1812.922185][T22433] [ 1812.925129][T22433] dump_stack_lvl+0x241/0x360 [ 1812.929830][T22433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1812.935050][T22433] ? __pfx__printk+0x10/0x10 [ 1812.939671][T22433] ? __pfx_lock_release+0x10/0x10 [ 1812.944722][T22433] should_fail_ex+0x3b0/0x4e0 [ 1812.949429][T22433] _copy_from_user+0x2f/0xe0 [ 1812.954042][T22433] copy_msghdr_from_user+0xae/0x680 [ 1812.959266][T22433] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1812.965110][T22433] __sys_sendmsg+0x23d/0x3a0 [ 1812.969716][T22433] ? __pfx___sys_sendmsg+0x10/0x10 [ 1812.974840][T22433] ? vfs_write+0x7c4/0xc90 [ 1812.979315][T22433] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1812.986708][T22433] ? do_syscall_64+0x100/0x230 [ 1812.991498][T22433] ? do_syscall_64+0xb6/0x230 [ 1812.996195][T22433] do_syscall_64+0xf3/0x230 [ 1813.000719][T22433] ? clear_bhb_loop+0x35/0x90 [ 1813.005430][T22433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1813.011358][T22433] RIP: 0033:0x7f4e95375f19 [ 1813.015791][T22433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1813.035418][T22433] RSP: 002b:00007f4e961c4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1813.043856][T22433] RAX: ffffffffffffffda RBX: 00007f4e95505f60 RCX: 00007f4e95375f19 [ 1813.051850][T22433] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004 [ 1813.059934][T22433] RBP: 00007f4e961c40a0 R08: 0000000000000000 R09: 0000000000000000 [ 1813.067926][T22433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1813.075922][T22433] R13: 000000000000000b R14: 00007f4e95505f60 R15: 00007fff82c72108 [ 1813.083943][T22433] [ 1813.087192][ C1] vkms_vblank_simulate: vblank timer overrun [ 1813.239401][ T5105] Bluetooth: hci6: command tx timeout [ 1813.487328][T22439] 9pnet_fd: Insufficient options for proto=fd [ 1814.168306][ T29] audit: type=1326 audit(1721899732.446:2890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22434 comm="syz.1.4782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1814.271374][ T29] audit: type=1326 audit(1721899732.446:2891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22434 comm="syz.1.4782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1814.349480][ T29] audit: type=1326 audit(1721899732.446:2892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22434 comm="syz.1.4782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1814.446398][ T29] audit: type=1326 audit(1721899732.446:2893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22434 comm="syz.1.4782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1814.538305][ T29] audit: type=1326 audit(1721899732.446:2894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22434 comm="syz.1.4782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1814.959757][ T9886] team0 (unregistering): Port device team_slave_1 removed [ 1815.140546][T19352] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1815.154863][T19352] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1815.164869][T19352] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1815.173332][T19352] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1815.184721][T19352] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1815.193057][T19352] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1815.219645][ T9886] team0 (unregistering): Port device team_slave_0 removed [ 1815.308243][ T5105] Bluetooth: hci6: command tx timeout [ 1816.113666][T22452] vivid-003: disconnect [ 1816.165955][T22452] vivid-003: reconnect [ 1817.053340][T22455] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1817.062521][T22455] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1817.080784][T22455] Error parsing options; rc = [-22] [ 1817.179955][T22373] bridge0: port 1(bridge_slave_0) entered blocking state [ 1817.199386][T22373] bridge0: port 1(bridge_slave_0) entered disabled state [ 1817.206663][T22373] bridge_slave_0: entered allmulticast mode [ 1817.231771][T22373] bridge_slave_0: entered promiscuous mode [ 1817.238703][ T5105] Bluetooth: hci1: command tx timeout [ 1817.252266][T22373] bridge0: port 2(bridge_slave_1) entered blocking state [ 1817.259828][T22373] bridge0: port 2(bridge_slave_1) entered disabled state [ 1817.267077][T22373] bridge_slave_1: entered allmulticast mode [ 1817.278036][T22373] bridge_slave_1: entered promiscuous mode [ 1817.286606][T22455] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4786'. [ 1817.363812][T22460] FAULT_INJECTION: forcing a failure. [ 1817.363812][T22460] name failslab, interval 1, probability 0, space 0, times 0 [ 1817.398324][T22460] CPU: 1 UID: 0 PID: 22460 Comm: syz.0.4788 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1817.408778][T22460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1817.418915][T22460] Call Trace: [ 1817.422217][T22460] [ 1817.425139][T22460] dump_stack_lvl+0x241/0x360 [ 1817.429818][T22460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1817.435012][T22460] ? __pfx__printk+0x10/0x10 [ 1817.439600][T22460] ? fs_reclaim_acquire+0x93/0x140 [ 1817.444718][T22460] ? __pfx___might_resched+0x10/0x10 [ 1817.450006][T22460] should_fail_ex+0x3b0/0x4e0 [ 1817.454686][T22460] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1817.460404][T22460] should_failslab+0xac/0x100 [ 1817.465084][T22460] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1817.470797][T22460] __kmalloc_noprof+0xd8/0x400 [ 1817.475560][T22460] ? kfree+0x4e/0x360 [ 1817.479539][T22460] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1817.485122][T22460] tomoyo_path_number_perm+0x23a/0x880 [ 1817.490601][T22460] ? tomoyo_path_number_perm+0x208/0x880 [ 1817.496242][T22460] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1817.502260][T22460] ? __fget_files+0x29/0x470 [ 1817.506850][T22460] ? __fget_files+0x3f6/0x470 [ 1817.511521][T22460] ? __fget_files+0x29/0x470 [ 1817.516116][T22460] security_file_ioctl+0x75/0xb0 [ 1817.521064][T22460] __se_sys_ioctl+0x47/0x170 [ 1817.525739][T22460] do_syscall_64+0xf3/0x230 [ 1817.530242][T22460] ? clear_bhb_loop+0x35/0x90 [ 1817.534916][T22460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1817.540833][T22460] RIP: 0033:0x7fbce0775f19 [ 1817.545244][T22460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1817.564957][T22460] RSP: 002b:00007fbce152b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1817.573463][T22460] RAX: ffffffffffffffda RBX: 00007fbce0905f60 RCX: 00007fbce0775f19 [ 1817.581442][T22460] RDX: 0000000020000400 RSI: 00000000c0347c03 RDI: 0000000000000003 [ 1817.589413][T22460] RBP: 00007fbce152b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1817.597379][T22460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1817.605346][T22460] R13: 000000000000000b R14: 00007fbce0905f60 R15: 00007ffc29d02298 [ 1817.613331][T22460] [ 1817.798898][T22460] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1817.821119][T22373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1817.832152][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1817.867669][T22373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1817.916968][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1817.991294][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.044208][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.068773][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.096605][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.143519][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.171002][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.211837][T22373] team0: Port device team_slave_0 added [ 1818.217878][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.248116][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.259062][T22373] team0: Port device team_slave_1 added [ 1818.265985][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.304116][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.332216][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.361009][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.398308][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.405746][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.418322][ T5141] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1818.444649][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.475655][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.506999][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.518913][T22471] vivid-003: disconnect [ 1818.523736][T22471] vivid-003: reconnect [ 1818.539738][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.554735][T22373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1818.568566][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.580657][T22373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1818.598267][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.614056][ T5141] usb 4-1: device descriptor read/64, error -71 [ 1818.641615][T22373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1818.683622][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.723738][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.757228][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.770245][T22373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1818.787649][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.796836][T22373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1818.815800][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.864653][T22477] 9pnet_fd: Insufficient options for proto=fd [ 1818.878988][T22373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1818.892328][ T5141] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1818.892520][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1818.977371][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1819.029914][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1819.058291][ T5141] usb 4-1: device descriptor read/64, error -71 [ 1819.077162][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1819.115238][ T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 1819.184125][ T5141] usb usb4-port1: attempt power cycle [ 1819.196798][ T8] hid-generic 0000:0000:0000.000D: hidraw1: HID v0.00 Device [syz0] on syz0 [ 1819.308446][ T5105] Bluetooth: hci1: command tx timeout [ 1819.343648][T22373] hsr_slave_0: entered promiscuous mode [ 1819.376809][T22373] hsr_slave_1: entered promiscuous mode [ 1819.414115][T22373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1819.454742][T22373] Cannot create hsr debugfs directory [ 1819.485512][T22449] chnl_net:caif_netlink_parms(): no params data found [ 1819.522412][ T29] audit: type=1326 audit(1721899737.816:2895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22472 comm="syz.1.4792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1819.614726][ T5141] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1819.684255][ T5141] usb 4-1: device descriptor read/8, error -71 [ 1820.156949][ T5141] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1820.165868][T22449] bridge0: port 1(bridge_slave_0) entered blocking state [ 1820.173159][T22449] bridge0: port 1(bridge_slave_0) entered disabled state [ 1820.180669][T22449] bridge_slave_0: entered allmulticast mode [ 1820.189063][ T5141] usb 4-1: device descriptor read/8, error -71 [ 1820.196815][T22449] bridge_slave_0: entered promiscuous mode [ 1820.341570][T22491] vivid-003: disconnect [ 1820.346378][T22491] vivid-003: reconnect [ 1820.519510][ T5141] usb usb4-port1: unable to enumerate USB device [ 1820.556517][T22449] bridge0: port 2(bridge_slave_1) entered blocking state [ 1820.565254][T22449] bridge0: port 2(bridge_slave_1) entered disabled state [ 1820.583677][T22449] bridge_slave_1: entered allmulticast mode [ 1820.636706][T22449] bridge_slave_1: entered promiscuous mode [ 1820.916929][T22449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1820.969326][T22449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1821.078864][T22497] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1821.124830][T22497] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1821.218250][T22499] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4797'. [ 1821.245391][T22497] Error parsing options; rc = [-22] [ 1821.328637][T22449] team0: Port device team_slave_0 added [ 1821.384660][T22449] team0: Port device team_slave_1 added [ 1821.390791][ T5105] Bluetooth: hci1: command tx timeout [ 1821.715842][T22449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1821.744615][T22449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1822.158222][T22449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1822.201243][T22449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1822.228298][T22449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1822.328398][T22449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1822.350186][T22511] batadv_slave_1: entered promiscuous mode [ 1822.436472][T22510] batadv_slave_1: left promiscuous mode [ 1822.595591][T22518] 9pnet_fd: Insufficient options for proto=fd [ 1822.658059][T22449] hsr_slave_0: entered promiscuous mode [ 1822.698903][T22449] hsr_slave_1: entered promiscuous mode [ 1822.716008][T22449] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1822.726200][T22449] Cannot create hsr debugfs directory [ 1822.745918][T22523] FAULT_INJECTION: forcing a failure. [ 1822.745918][T22523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1822.773783][T22373] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1822.807297][T22523] CPU: 1 UID: 0 PID: 22523 Comm: syz.3.4803 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1822.817770][T22523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1822.827849][T22523] Call Trace: [ 1822.831144][T22523] [ 1822.834090][T22523] dump_stack_lvl+0x241/0x360 [ 1822.838802][T22523] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1822.844025][T22523] ? __pfx__printk+0x10/0x10 [ 1822.848637][T22523] ? __pfx_lock_release+0x10/0x10 [ 1822.853691][T22523] ? vfs_write+0x7c4/0xc90 [ 1822.858140][T22523] should_fail_ex+0x3b0/0x4e0 [ 1822.862849][T22523] _copy_from_user+0x2f/0xe0 [ 1822.867460][T22523] __sys_bpf+0x1a4/0x810 [ 1822.871723][T22523] ? __pfx___sys_bpf+0x10/0x10 [ 1822.876518][T22523] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1822.882525][T22523] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1822.888875][T22523] ? do_syscall_64+0x100/0x230 [ 1822.893673][T22523] __x64_sys_bpf+0x7c/0x90 [ 1822.898111][T22523] do_syscall_64+0xf3/0x230 [ 1822.902648][T22523] ? clear_bhb_loop+0x35/0x90 [ 1822.907355][T22523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1822.913273][T22523] RIP: 0033:0x7f2f4d375f19 [ 1822.917712][T22523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1822.937341][T22523] RSP: 002b:00007f2f4e0d7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1822.945782][T22523] RAX: ffffffffffffffda RBX: 00007f2f4d505f60 RCX: 00007f2f4d375f19 [ 1822.953775][T22523] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 1822.961947][T22523] RBP: 00007f2f4e0d70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1822.969944][T22523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1822.978020][T22523] R13: 000000000000000b R14: 00007f2f4d505f60 R15: 00007fff29cbec38 [ 1822.986031][T22523] [ 1822.989172][ C1] vkms_vblank_simulate: vblank timer overrun [ 1823.012234][T22373] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1823.024859][T22373] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1823.094250][T22373] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1823.279492][ T29] audit: type=1326 audit(1721899741.526:2896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22512 comm="syz.0.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1823.532333][T22532] vivid-002: disconnect [ 1823.537121][T22532] vivid-002: reconnect [ 1823.548973][ T5105] Bluetooth: hci1: command tx timeout [ 1823.893523][T22535] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1823.926950][T22535] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1823.940251][T22535] Error parsing options; rc = [-22] [ 1824.098709][T22535] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4807'. [ 1824.328524][T22538] vivid-001: disconnect [ 1824.413772][T22449] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1824.553422][T22530] vivid-001: reconnect [ 1824.813372][T22449] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1824.965828][T22546] input: syz0 as /devices/virtual/input/input83 [ 1825.352937][T22449] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1825.445810][T22373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1825.621357][T22449] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1825.756369][T22373] 8021q: adding VLAN 0 to HW filter on device team0 [ 1825.831337][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 1825.838608][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1825.908027][T21092] bridge0: port 2(bridge_slave_1) entered blocking state [ 1825.915313][T21092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1826.326911][T22373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1826.538272][T22449] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1826.609626][T22449] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1826.670562][T22449] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1826.728999][T22449] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1827.215617][T22449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1827.295881][T22373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1827.384359][T22449] 8021q: adding VLAN 0 to HW filter on device team0 [ 1827.394284][T22556] FAULT_INJECTION: forcing a failure. [ 1827.394284][T22556] name failslab, interval 1, probability 0, space 0, times 0 [ 1827.448490][T22556] CPU: 0 UID: 0 PID: 22556 Comm: syz.3.4812 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1827.451372][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 1827.459022][T22556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1827.459038][T22556] Call Trace: [ 1827.459047][T22556] [ 1827.459056][T22556] dump_stack_lvl+0x241/0x360 [ 1827.466281][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1827.476234][T22556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1827.476259][T22556] ? __pfx__printk+0x10/0x10 [ 1827.476289][T22556] ? fs_reclaim_acquire+0x93/0x140 [ 1827.509326][T22556] ? __pfx___might_resched+0x10/0x10 [ 1827.514649][T22556] should_fail_ex+0x3b0/0x4e0 [ 1827.519452][T22556] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1827.525197][T22556] should_failslab+0xac/0x100 [ 1827.529898][T22556] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1827.532921][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 1827.535623][T22556] __kmalloc_noprof+0xd8/0x400 [ 1827.542772][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1827.547360][T22556] ? kfree+0x4e/0x360 [ 1827.558548][T22556] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1827.564125][T22556] tomoyo_path_number_perm+0x23a/0x880 [ 1827.569590][T22556] ? tomoyo_path_number_perm+0x208/0x880 [ 1827.575213][T22556] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1827.581221][T22556] ? __fget_files+0x29/0x470 [ 1827.585807][T22556] ? __fget_files+0x3f6/0x470 [ 1827.590475][T22556] ? __fget_files+0x29/0x470 [ 1827.595064][T22556] security_file_ioctl+0x75/0xb0 [ 1827.600004][T22556] __se_sys_ioctl+0x47/0x170 [ 1827.604589][T22556] do_syscall_64+0xf3/0x230 [ 1827.609180][T22556] ? clear_bhb_loop+0x35/0x90 [ 1827.613984][T22556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1827.619963][T22556] RIP: 0033:0x7f2f4d375f19 [ 1827.624373][T22556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1827.643979][T22556] RSP: 002b:00007f2f4e0d7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1827.652387][T22556] RAX: ffffffffffffffda RBX: 00007f2f4d505f60 RCX: 00007f2f4d375f19 [ 1827.660453][T22556] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000006 [ 1827.668428][T22556] RBP: 00007f2f4e0d70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1827.676408][T22556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1827.684381][T22556] R13: 000000000000000b R14: 00007f2f4d505f60 R15: 00007fff29cbec38 [ 1827.692453][T22556] [ 1827.768907][T22556] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1827.877244][T22560] netlink: 'syz.1.4813': attribute type 5 has an invalid length. [ 1828.214437][T22576] 9pnet_fd: Insufficient options for proto=fd [ 1828.502808][T22449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1828.529061][T22373] veth0_vlan: entered promiscuous mode [ 1828.576902][T22373] veth1_vlan: entered promiscuous mode [ 1828.725975][T22449] veth0_vlan: entered promiscuous mode [ 1828.875555][T22583] vivid-003: disconnect [ 1828.881140][T22583] vivid-003: reconnect [ 1828.952754][ T29] audit: type=1326 audit(1721899747.216:2897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22567 comm="syz.3.4814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4d375f19 code=0x7fc00000 [ 1829.030840][T22373] veth0_macvtap: entered promiscuous mode [ 1829.081732][T22449] veth1_vlan: entered promiscuous mode [ 1829.110172][T22373] veth1_macvtap: entered promiscuous mode [ 1829.265982][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1829.286190][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.297855][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1829.329131][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.354189][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1829.369716][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.393434][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1829.414781][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.426337][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1829.451501][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.467477][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1829.490924][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.513759][T22373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1829.548659][T22585] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4817'. [ 1829.657789][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1829.708944][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.742254][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1829.799721][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.834404][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1829.864254][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.881776][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1829.902360][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.917019][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1829.932887][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1829.958035][T22373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1829.982644][T22373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.031536][T22373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1830.062126][T22449] veth0_macvtap: entered promiscuous mode [ 1830.120174][T22373] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1830.147551][T22373] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1830.197144][T22373] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1830.234912][T22373] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1830.238339][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1830.242671][T22595] vivid-001: disconnect [ 1830.243242][T22595] vivid-001: reconnect [ 1830.248474][T22449] veth1_macvtap: entered promiscuous mode [ 1830.387772][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387797][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.387810][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387824][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.387836][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387849][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.387861][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387875][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.387886][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387899][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.387911][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387924][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.387937][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1830.387950][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.391815][T22449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1830.420752][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1830.437971][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 1830.523487][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.620636][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1830.644815][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.674978][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1830.742289][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.763197][ T8] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1830.776113][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1830.776972][ T8] usb 2-1: config 0 has no interface number 0 [ 1830.807399][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.830891][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1830.838318][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1830.865385][ T8] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1830.888247][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.896123][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1830.924779][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1830.960595][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1830.982007][ T8] usb 2-1: config 0 descriptor?? [ 1830.994314][T22449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1831.029560][ T8] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1831.032466][T22449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1831.107553][T22449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1831.871599][T22449] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1831.878057][T22589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1831.897848][T22589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1831.928033][T22449] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1831.952452][T22449] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1831.979496][T22449] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1832.199678][T13277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1832.230605][T13277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1833.805124][T22603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1833.843233][T22603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1833.851968][T16417] usb 2-1: USB disconnect, device number 5 [ 1833.888446][T16417] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 1833.980506][ T9880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1834.014587][ T9880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1834.157374][T22603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1834.273589][T22615] 9pnet_fd: Insufficient options for proto=fd [ 1834.298940][T22603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1834.329200][T22622] program syz.4.4766 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1834.418324][ C0] net_ratelimit: 117 callbacks suppressed [ 1834.418343][ C0] eth0: bad gso: type: 1, size: 1408 [ 1834.437103][ C0] eth0: bad gso: type: 1, size: 1408 [ 1834.565545][T22626] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1834.579217][T22626] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1834.604918][T22626] Error parsing options; rc = [-22] [ 1834.753801][T22626] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4827'. [ 1834.813866][T22630] FAULT_INJECTION: forcing a failure. [ 1834.813866][T22630] name failslab, interval 1, probability 0, space 0, times 0 [ 1834.858136][T22630] CPU: 1 UID: 0 PID: 22630 Comm: syz.4.4828 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1834.861464][ T29] audit: type=1326 audit(1721899753.156:2898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22614 comm="syz.1.4825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1834.868595][T22630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1834.868616][T22630] Call Trace: [ 1834.868627][T22630] [ 1834.868637][T22630] dump_stack_lvl+0x241/0x360 [ 1834.868670][T22630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1834.868692][T22630] ? __pfx__printk+0x10/0x10 [ 1834.868716][T22630] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 1834.868742][T22630] ? __pfx___might_resched+0x10/0x10 [ 1834.868762][T22630] ? process_measurement+0x1af3/0x1fb0 [ 1834.868794][T22630] should_fail_ex+0x3b0/0x4e0 [ 1834.868826][T22630] should_failslab+0xac/0x100 [ 1834.868849][T22630] ? __alloc_skb+0x1c3/0x440 [ 1834.868876][T22630] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1834.868906][T22630] __alloc_skb+0x1c3/0x440 [ 1834.868938][T22630] ? __pfx___alloc_skb+0x10/0x10 [ 1834.868973][T22630] alloc_skb_with_frags+0xc3/0x770 [ 1834.868995][T22630] ? validate_chain+0x11e/0x5900 [ 1834.869016][T22630] ? __pfx_lock_acquire+0x10/0x10 [ 1834.982214][T22630] sock_alloc_send_pskb+0x91a/0xa60 [ 1834.988040][T22630] ? __lock_acquire+0x137a/0x2040 [ 1834.993074][T22630] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1834.998806][T22630] tun_get_user+0xcf3/0x4720 [ 1835.003406][T22630] ? __lock_acquire+0x137a/0x2040 [ 1835.008440][T22630] ? __pfx_tun_get_user+0x10/0x10 [ 1835.013573][T22630] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1835.019118][T22630] ? tun_get+0x1e/0x2f0 [ 1835.023270][T22630] ? __pfx_lock_release+0x10/0x10 [ 1835.028310][T22630] ? tun_get+0x1e/0x2f0 [ 1835.032468][T22630] ? tun_get+0x27d/0x2f0 [ 1835.036706][T22630] tun_chr_write_iter+0x113/0x1f0 [ 1835.041730][T22630] vfs_write+0xa72/0xc90 [ 1835.046001][T22630] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1835.051545][T22630] ? __pfx_vfs_write+0x10/0x10 [ 1835.056321][T22630] ksys_write+0x1a0/0x2c0 [ 1835.060659][T22630] ? __pfx_ksys_write+0x10/0x10 [ 1835.065594][T22630] ? do_syscall_64+0x100/0x230 [ 1835.070368][T22630] ? do_syscall_64+0xb6/0x230 [ 1835.075052][T22630] do_syscall_64+0xf3/0x230 [ 1835.079554][T22630] ? clear_bhb_loop+0x35/0x90 [ 1835.084228][T22630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1835.090124][T22630] RIP: 0033:0x7f983a974a9f [ 1835.094540][T22630] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 1835.114146][T22630] RSP: 002b:00007f983b6d3010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1835.122570][T22630] RAX: ffffffffffffffda RBX: 00007f983ab05f60 RCX: 00007f983a974a9f [ 1835.130540][T22630] RDX: 000000000000fdef RSI: 0000000020001b80 RDI: 00000000000000c8 [ 1835.138506][T22630] RBP: 00007f983b6d30a0 R08: 0000000000000000 R09: 0000000000000000 [ 1835.146475][T22630] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000001 [ 1835.154443][T22630] R13: 000000000000000b R14: 00007f983ab05f60 R15: 00007ffcd5154c68 [ 1835.162428][T22630] [ 1835.749924][T22638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4830'. [ 1835.985251][ T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1836.259590][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 1836.386993][ T8] usb 5-1: config 0 has no interfaces? [ 1836.425981][ T8] usb 5-1: New USB device found, idVendor=0582, idProduct=05e6, bcdDevice=4e.00 [ 1836.609514][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1836.617601][ T8] usb 5-1: Product: syz [ 1836.660572][ T8] usb 5-1: Manufacturer: syz [ 1836.665471][ T8] usb 5-1: SerialNumber: syz [ 1836.776657][ T8] usb 5-1: config 0 descriptor?? [ 1837.044104][T22646] vivid-001: disconnect [ 1837.277074][T22646] vivid-001: reconnect [ 1837.594616][T22604] usb 5-1: USB disconnect, device number 4 [ 1837.717302][T22658] netlink: 'syz.3.4834': attribute type 1 has an invalid length. [ 1837.863961][T22661] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4834'. [ 1837.885997][T22661] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1837.912663][T22663] tmpfs: Bad value for 'mpol' [ 1838.042733][T22658] bond1: (slave gretap1): making interface the new active one [ 1838.098996][T22658] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 1838.382237][T22664] netlink: 'syz.1.4836': attribute type 1 has an invalid length. [ 1838.390730][T22664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4836'. [ 1838.652487][T22664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1838.694599][T22666] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 1838.701161][T22666] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1838.709091][T22666] vhci_hcd vhci_hcd.0: Device attached [ 1838.719710][T22670] vhci_hcd: connection closed [ 1838.720343][T22603] vhci_hcd: stop threads [ 1838.799264][T22603] vhci_hcd: release socket [ 1838.823016][T22603] vhci_hcd: disconnect device [ 1838.840709][T22664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1838.995882][T22678] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1839.009365][T22679] 9pnet_fd: Insufficient options for proto=fd [ 1839.024735][T22678] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1839.160128][T22678] Error parsing options; rc = [-22] [ 1840.050331][ T29] audit: type=1326 audit(1721899758.346:2899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22671 comm="syz.3.4839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4d375f19 code=0x7fc00000 [ 1840.239608][T22689] vivid-004: disconnect [ 1840.244474][T22689] vivid-004: reconnect [ 1841.758412][ T5141] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1842.041942][ T5141] usb 2-1: Using ep0 maxpacket: 16 [ 1842.162260][ T5141] usb 2-1: config 0 has no interfaces? [ 1842.183534][ T5141] usb 2-1: New USB device found, idVendor=0582, idProduct=05e6, bcdDevice=4e.00 [ 1842.198256][ T5141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1842.207502][ T5141] usb 2-1: Product: syz [ 1842.215831][ T5141] usb 2-1: Manufacturer: syz [ 1842.225298][ T5141] usb 2-1: SerialNumber: syz [ 1842.413375][ T5141] usb 2-1: config 0 descriptor?? [ 1842.830093][ T928] usb 2-1: USB disconnect, device number 6 [ 1843.438877][T22719] vivid-002: disconnect [ 1843.528824][T22719] vivid-002: reconnect [ 1844.671732][T22733] 9pnet_fd: Insufficient options for proto=fd [ 1845.203270][T22742] 9pnet_fd: Insufficient options for proto=fd [ 1845.253182][ T29] audit: type=1326 audit(1721899763.546:2900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1845.388360][ T29] audit: type=1326 audit(1721899763.546:2901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1845.478418][ T29] audit: type=1326 audit(1721899763.546:2902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1845.556123][ T29] audit: type=1326 audit(1721899763.546:2903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1845.638534][ T29] audit: type=1326 audit(1721899763.546:2904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1845.858788][ T29] audit: type=1326 audit(1721899763.546:2905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1846.071617][T22745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1846.287205][T22745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1846.308335][ T29] audit: type=1326 audit(1721899763.546:2906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1846.420960][ T29] audit: type=1326 audit(1721899763.546:2907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1846.530234][ T29] audit: type=1326 audit(1721899763.546:2908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1846.780680][ T29] audit: type=1326 audit(1721899763.546:2909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22728 comm="syz.0.4854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbce0775f19 code=0x7fc00000 [ 1846.834012][T22762] overlayfs: overlapping lowerdir path [ 1847.623195][T22769] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1847.658714][T22763] syzkaller0: entered allmulticast mode [ 1847.715223][T22769] fuse: Bad value for 'fd' [ 1847.868773][T22747] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1848.371556][T22780] cgroup: Need name or subsystem set [ 1849.130980][T22791] 9pnet_fd: Insufficient options for proto=fd [ 1849.862239][T22785] vivid-003: disconnect [ 1849.869811][T22785] vivid-003: reconnect [ 1851.201438][T22814] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.4873'. [ 1851.212602][T22814] openvswitch: netlink: IP tunnel attribute has 3036 unknown bytes. [ 1851.464767][T22819] FAULT_INJECTION: forcing a failure. [ 1851.464767][T22819] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.593698][T22819] CPU: 0 UID: 0 PID: 22819 Comm: syz.4.4875 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1851.604184][T22819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1851.614273][T22819] Call Trace: [ 1851.617569][T22819] [ 1851.620520][T22819] dump_stack_lvl+0x241/0x360 [ 1851.625234][T22819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1851.630462][T22819] ? __pfx__printk+0x10/0x10 [ 1851.635084][T22819] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 1851.641088][T22819] ? __pfx___might_resched+0x10/0x10 [ 1851.646408][T22819] should_fail_ex+0x3b0/0x4e0 [ 1851.651218][T22819] should_failslab+0xac/0x100 [ 1851.655967][T22819] ? __alloc_skb+0x1c3/0x440 [ 1851.660618][T22819] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1851.666454][T22819] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1851.672466][T22819] __alloc_skb+0x1c3/0x440 [ 1851.676922][T22819] ? trace_irq_enable+0x2c/0x120 [ 1851.681144][T22824] FAULT_INJECTION: forcing a failure. [ 1851.681144][T22824] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.681878][T22819] ? __pfx___alloc_skb+0x10/0x10 [ 1851.699416][T22819] ? queue_work_on+0x25f/0x380 [ 1851.704302][T22819] ? __pfx_queue_work_on+0x10/0x10 [ 1851.709520][T22819] virtio_transport_alloc_skb+0x4b/0xe90 [ 1851.715254][T22819] virtio_transport_send_pkt_info+0x5dd/0xf10 [ 1851.721330][T22819] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1851.727314][T22819] virtio_transport_stream_enqueue+0x155/0x200 [ 1851.733464][T22819] ? __pfx_virtio_transport_stream_enqueue+0x10/0x10 [ 1851.740137][T22819] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1851.746463][T22819] ? virtio_transport_stream_has_space+0x4b/0x120 [ 1851.752879][T22819] ? remove_wait_queue+0x33/0x130 [ 1851.757920][T22819] vsock_connectible_sendmsg+0xa40/0xf60 [ 1851.763572][T22819] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 1851.769737][T22819] ? __pfx_woken_wake_function+0x10/0x10 [ 1851.775376][T22819] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1851.780663][T22819] ? security_socket_sendmsg+0x87/0xb0 [ 1851.786164][T22819] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 1851.792418][T22819] __sock_sendmsg+0x221/0x270 [ 1851.797107][T22819] sock_write_iter+0x2dd/0x400 [ 1851.801882][T22819] ? __pfx_sock_write_iter+0x10/0x10 [ 1851.807190][T22819] do_iter_readv_writev+0x60a/0x890 [ 1851.812390][T22819] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1851.818112][T22819] ? bpf_lsm_file_permission+0x9/0x10 [ 1851.823484][T22819] ? security_file_permission+0x7f/0xa0 [ 1851.829027][T22819] ? rw_verify_area+0x1d2/0x6b0 [ 1851.833872][T22819] vfs_writev+0x37c/0xbb0 [ 1851.838210][T22819] ? __pfx_lock_acquire+0x10/0x10 [ 1851.843233][T22819] ? __pfx_vfs_writev+0x10/0x10 [ 1851.848079][T22819] ? vfs_write+0x7c4/0xc90 [ 1851.852498][T22819] ? __fget_files+0x29/0x470 [ 1851.857095][T22819] do_writev+0x1b1/0x350 [ 1851.861343][T22819] ? __pfx_do_writev+0x10/0x10 [ 1851.866121][T22819] ? do_syscall_64+0x100/0x230 [ 1851.870893][T22819] ? do_syscall_64+0xb6/0x230 [ 1851.875577][T22819] do_syscall_64+0xf3/0x230 [ 1851.880081][T22819] ? clear_bhb_loop+0x35/0x90 [ 1851.884757][T22819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1851.890737][T22819] RIP: 0033:0x7f983a975f19 [ 1851.895163][T22819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1851.914782][T22819] RSP: 002b:00007f983b6b2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1851.923198][T22819] RAX: ffffffffffffffda RBX: 00007f983ab06038 RCX: 00007f983a975f19 [ 1851.931169][T22819] RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 000000000000000a [ 1851.939136][T22819] RBP: 00007f983b6b20a0 R08: 0000000000000000 R09: 0000000000000000 [ 1851.947104][T22819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1851.955078][T22819] R13: 000000000000006e R14: 00007f983ab06038 R15: 00007ffcd5154c68 [ 1851.963062][T22819] [ 1852.061223][T22824] CPU: 0 UID: 0 PID: 22824 Comm: syz.2.4878 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1852.071703][T22824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1852.081788][T22824] Call Trace: [ 1852.085092][T22824] [ 1852.088045][T22824] dump_stack_lvl+0x241/0x360 [ 1852.092757][T22824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1852.097993][T22824] ? __pfx__printk+0x10/0x10 [ 1852.102801][T22824] ? fs_reclaim_acquire+0x93/0x140 [ 1852.107933][T22824] ? __pfx___might_resched+0x10/0x10 [ 1852.113228][T22824] should_fail_ex+0x3b0/0x4e0 [ 1852.117921][T22824] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1852.123640][T22824] should_failslab+0xac/0x100 [ 1852.128315][T22824] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1852.134118][T22824] __kmalloc_noprof+0xd8/0x400 [ 1852.138914][T22824] ? kfree+0x4e/0x360 [ 1852.142907][T22824] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1852.148459][T22824] tomoyo_path_number_perm+0x23a/0x880 [ 1852.153918][T22824] ? tomoyo_path_number_perm+0x208/0x880 [ 1852.159545][T22824] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1852.165557][T22824] ? __fget_files+0x29/0x470 [ 1852.170150][T22824] ? __fget_files+0x3f6/0x470 [ 1852.174826][T22824] ? __fget_files+0x29/0x470 [ 1852.179421][T22824] security_file_ioctl+0x75/0xb0 [ 1852.184451][T22824] __se_sys_ioctl+0x47/0x170 [ 1852.189040][T22824] do_syscall_64+0xf3/0x230 [ 1852.193545][T22824] ? clear_bhb_loop+0x35/0x90 [ 1852.198394][T22824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1852.204293][T22824] RIP: 0033:0x7f78fb975f19 [ 1852.208716][T22824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1852.228324][T22824] RSP: 002b:00007f78fc70c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1852.236736][T22824] RAX: ffffffffffffffda RBX: 00007f78fbb06038 RCX: 00007f78fb975f19 [ 1852.244702][T22824] RDX: 0000000020000100 RSI: 00000000c020aa04 RDI: 0000000000000005 [ 1852.252757][T22824] RBP: 00007f78fc70c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.260811][T22824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1852.268783][T22824] R13: 000000000000006e R14: 00007f78fbb06038 R15: 00007ffea45850a8 [ 1852.276767][T22824] [ 1852.428987][T22824] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1852.936116][T22832] overlayfs: missing 'lowerdir' [ 1853.479149][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.486755][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.876335][T22852] 9pnet_fd: Insufficient options for proto=fd [ 1854.000235][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 1854.000257][ T29] audit: type=1326 audit(1721899772.286:2939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22838 comm="syz.1.4882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x7fc00000 [ 1854.260056][T22860] FAULT_INJECTION: forcing a failure. [ 1854.260056][T22860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1854.313274][T22860] CPU: 1 UID: 0 PID: 22860 Comm: syz.3.4886 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1854.323745][T22860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1854.333815][T22860] Call Trace: [ 1854.337088][T22860] [ 1854.340006][T22860] dump_stack_lvl+0x241/0x360 [ 1854.344959][T22860] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1854.350257][T22860] ? __pfx__printk+0x10/0x10 [ 1854.354853][T22860] ? __pfx_lock_release+0x10/0x10 [ 1854.359886][T22860] should_fail_ex+0x3b0/0x4e0 [ 1854.364566][T22860] _copy_from_user+0x2f/0xe0 [ 1854.369160][T22860] copy_msghdr_from_user+0xae/0x680 [ 1854.374356][T22860] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1854.380192][T22860] __sys_sendmsg+0x23d/0x3a0 [ 1854.384910][T22860] ? __pfx___sys_sendmsg+0x10/0x10 [ 1854.390024][T22860] ? vfs_write+0x7c4/0xc90 [ 1854.394461][T22860] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1854.400970][T22860] ? do_syscall_64+0x100/0x230 [ 1854.405752][T22860] ? do_syscall_64+0xb6/0x230 [ 1854.410443][T22860] do_syscall_64+0xf3/0x230 [ 1854.414941][T22860] ? clear_bhb_loop+0x35/0x90 [ 1854.419610][T22860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1854.425506][T22860] RIP: 0033:0x7f2f4d375f19 [ 1854.429925][T22860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1854.449529][T22860] RSP: 002b:00007f2f4e0d7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1854.457941][T22860] RAX: ffffffffffffffda RBX: 00007f2f4d505f60 RCX: 00007f2f4d375f19 [ 1854.466000][T22860] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1854.473976][T22860] RBP: 00007f2f4e0d70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1854.481944][T22860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1854.489924][T22860] R13: 000000000000000b R14: 00007f2f4d505f60 R15: 00007fff29cbec38 [ 1854.497939][T22860] [ 1854.500983][ C1] vkms_vblank_simulate: vblank timer overrun [ 1854.698525][ T928] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1854.911667][T22867] vivid-001: disconnect [ 1854.916703][T22867] vivid-001: reconnect [ 1854.937754][ T928] usb 2-1: Using ep0 maxpacket: 32 [ 1854.965708][ T928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1855.000275][ T928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1855.056648][ T928] usb 2-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.00 [ 1855.084212][ T928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1855.131264][ T928] usb 2-1: config 0 descriptor?? [ 1855.633484][ T928] wacom 0003:056A:00DE.000E: Unknown device_type for 'HID 056a:00de'. Assuming pen. [ 1855.705891][ T928] wacom 0003:056A:00DE.000E: hidraw1: USB HID v0.00 Device [HID 056a:00de] on usb-dummy_hcd.1-1/input0 [ 1855.773962][ T928] input: Wacom Bamboo 16FG 4x5 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00DE.000E/input/input85 [ 1856.054498][ T928] usb 2-1: USB disconnect, device number 7 [ 1856.071387][T22873] FAULT_INJECTION: forcing a failure. [ 1856.071387][T22873] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1856.134020][T22873] CPU: 1 UID: 0 PID: 22873 Comm: syz.3.4891 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1856.144670][T22873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1856.154751][T22873] Call Trace: [ 1856.158058][T22873] [ 1856.161014][T22873] dump_stack_lvl+0x241/0x360 [ 1856.165701][T22873] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1856.170989][T22873] ? __pfx__printk+0x10/0x10 [ 1856.175584][T22873] ? snprintf+0xda/0x120 [ 1856.179824][T22873] should_fail_ex+0x3b0/0x4e0 [ 1856.184502][T22873] _copy_to_user+0x2f/0xb0 [ 1856.188919][T22873] simple_read_from_buffer+0xca/0x150 [ 1856.194295][T22873] proc_fail_nth_read+0x1e9/0x250 [ 1856.199335][T22873] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1856.204882][T22873] ? rw_verify_area+0x520/0x6b0 [ 1856.209810][T22873] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1856.215354][T22873] vfs_read+0x204/0xbc0 [ 1856.219510][T22873] ? __pfx_lock_release+0x10/0x10 [ 1856.224590][T22873] ? __pfx_vfs_read+0x10/0x10 [ 1856.229261][T22873] ? __fget_files+0x29/0x470 [ 1856.233935][T22873] ? __fget_files+0x3f6/0x470 [ 1856.238616][T22873] ksys_read+0x1a0/0x2c0 [ 1856.242859][T22873] ? __pfx_ksys_read+0x10/0x10 [ 1856.247614][T22873] ? do_syscall_64+0x100/0x230 [ 1856.252397][T22873] ? do_syscall_64+0xb6/0x230 [ 1856.257071][T22873] do_syscall_64+0xf3/0x230 [ 1856.261572][T22873] ? clear_bhb_loop+0x35/0x90 [ 1856.266248][T22873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1856.272145][T22873] RIP: 0033:0x7f2f4d3749fc [ 1856.276557][T22873] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1856.296164][T22873] RSP: 002b:00007f2f4e0d7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1856.304578][T22873] RAX: ffffffffffffffda RBX: 00007f2f4d505f60 RCX: 00007f2f4d3749fc [ 1856.312546][T22873] RDX: 000000000000000f RSI: 00007f2f4e0d70b0 RDI: 000000000000000d [ 1856.320513][T22873] RBP: 00007f2f4e0d70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1856.328476][T22873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1856.336442][T22873] R13: 000000000000000b R14: 00007f2f4d505f60 R15: 00007fff29cbec38 [ 1856.344425][T22873] [ 1856.347543][ C1] vkms_vblank_simulate: vblank timer overrun [ 1856.931652][ T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 1857.138237][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 1857.188973][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1857.314083][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1857.444699][ T8] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 1857.575390][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1857.773285][ T8] usb 5-1: config 0 descriptor?? [ 1858.236263][T22895] vivid-001: disconnect [ 1858.242045][T22895] vivid-001: reconnect [ 1858.281487][T22897] 9pnet_fd: Insufficient options for proto=fd [ 1858.288944][ T8] ntrig 0003:1B96:0008.000F: item fetching failed at offset 6/7 [ 1858.297316][ T8] ntrig 0003:1B96:0008.000F: parse failed [ 1858.373991][ T8] ntrig 0003:1B96:0008.000F: probe with driver ntrig failed with error -22 [ 1858.854163][ T29] audit: type=1326 audit(1721899777.146:2940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22888 comm="syz.2.4897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7fc00000 [ 1858.889329][T22901] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 1858.895895][T22901] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1858.903727][T22901] vhci_hcd vhci_hcd.0: Device attached [ 1858.918723][T22904] vhci_hcd: connection closed [ 1858.920857][ T9880] vhci_hcd: stop threads [ 1859.010494][ T9880] vhci_hcd: release socket [ 1859.017616][ T8] usb 5-1: USB disconnect, device number 5 [ 1859.068944][ T9880] vhci_hcd: disconnect device [ 1859.715936][T22926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1859.960962][ T928] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 1860.021360][T22926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1860.306572][ T928] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1860.400058][T22926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1860.419015][ T928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1860.430927][T22926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1860.472297][ T928] usb 5-1: config 0 descriptor?? [ 1861.116900][T22920] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4905'. [ 1861.439027][ T928] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 1861.447588][ T928] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1861.463589][ T928] [drm:udl_init] *ERROR* Selecting channel failed [ 1861.479499][ T928] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 1861.486242][ T928] [drm] Initialized udl on minor 2 [ 1861.495726][ T928] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1861.504100][ T928] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1861.511686][ T5141] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1861.526084][ T928] usb 5-1: USB disconnect, device number 6 [ 1861.532901][ T5141] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1861.640289][ T9] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1861.729782][T22944] program syz.2.4911 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1861.750599][ T29] audit: type=1326 audit(1721899780.046:2941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22939 comm="syz.1.4912" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e95375f19 code=0x0 [ 1861.852885][ T9] usb 4-1: New USB device found, idVendor=1235, idProduct=000e, bcdDevice=f0.ee [ 1861.880044][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1861.945645][ T9] usb 4-1: config 0 descriptor?? [ 1862.003939][ T9] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1862.198654][ T9] usb 4-1: USB disconnect, device number 33 [ 1862.403110][T22950] FAULT_INJECTION: forcing a failure. [ 1862.403110][T22950] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1862.458776][T22950] CPU: 0 UID: 0 PID: 22950 Comm: syz.4.4915 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1862.469342][T22950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1862.479427][T22950] Call Trace: [ 1862.482726][T22950] [ 1862.485678][T22950] dump_stack_lvl+0x241/0x360 [ 1862.489004][T22952] sctp: [Deprecated]: syz.2.4916 (pid 22952) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1862.489004][T22952] Use struct sctp_sack_info instead [ 1862.490376][T22950] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1862.511912][T22950] ? __pfx__printk+0x10/0x10 [ 1862.516541][T22950] ? __pfx_lock_release+0x10/0x10 [ 1862.521610][T22950] should_fail_ex+0x3b0/0x4e0 [ 1862.526319][T22950] set_fd_set+0x3a/0xa0 [ 1862.530503][T22950] core_sys_select+0x72c/0x910 [ 1862.535298][T22950] ? __pfx_core_sys_select+0x10/0x10 [ 1862.540617][T22950] ? ksys_write+0x23e/0x2c0 [ 1862.545169][T22950] ? __pfx_set_user_sigmask+0x10/0x10 [ 1862.550579][T22950] ? __fget_files+0x3f6/0x470 [ 1862.555287][T22950] __se_sys_pselect6+0x319/0x3f0 [ 1862.560275][T22950] ? __pfx___se_sys_pselect6+0x10/0x10 [ 1862.565773][T22950] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1862.572132][T22950] ? do_syscall_64+0x100/0x230 [ 1862.576906][T22950] ? __x64_sys_pselect6+0x21/0xf0 [ 1862.581959][T22950] do_syscall_64+0xf3/0x230 [ 1862.586491][T22950] ? clear_bhb_loop+0x35/0x90 [ 1862.591177][T22950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1862.597091][T22950] RIP: 0033:0x7f983a975f19 [ 1862.601524][T22950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1862.621141][T22950] RSP: 002b:00007f983b6d3048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1862.629560][T22950] RAX: ffffffffffffffda RBX: 00007f983ab05f60 RCX: 00007f983a975f19 [ 1862.637527][T22950] RDX: 0000000020000800 RSI: 00000000200007c0 RDI: 0000000000000040 [ 1862.645491][T22950] RBP: 00007f983b6d30a0 R08: 0000000000000000 R09: 0000000000000000 [ 1862.653458][T22950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1862.661447][T22950] R13: 000000000000000b R14: 00007f983ab05f60 R15: 00007ffcd5154c68 [ 1862.669442][T22950] [ 1863.042564][T22955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1863.108571][T22955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1863.142424][T22955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1863.178029][T22955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1863.217454][T22955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1863.261600][T22955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1863.371261][T22955] trusted_key: encrypted_key: master key parameter 'g9*pms-H8E$v×' is invalid [ 1863.465540][T22967] vivid-002: disconnect [ 1863.472128][T22967] vivid-002: reconnect [ 1863.548343][T16417] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1863.855246][T16417] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1863.888935][T16417] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1864.136857][T16417] usb 5-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice= a.f0 [ 1864.330364][T16417] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1864.485098][T16417] usb 5-1: Product: syz [ 1864.512025][T16417] usb 5-1: Manufacturer: syz [ 1864.537013][T16417] usb 5-1: SerialNumber: syz [ 1864.600772][T16417] usb 5-1: config 0 descriptor?? [ 1864.609779][ T5141] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1864.660642][T16417] keyspan 5-1:0.0: Keyspan 1 port adapter converter detected [ 1864.704734][T16417] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 84 [ 1864.744229][T16417] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 81 [ 1864.779331][T16417] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 1 [ 1864.815353][T16417] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 2 [ 1864.841777][ T5141] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1864.859933][T22958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1864.879022][T16417] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 83 [ 1864.888602][ T5141] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1864.917156][T16417] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 3 [ 1864.925987][T22958] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1864.934232][ T5141] usb 4-1: Product: syz [ 1864.948214][ T5141] usb 4-1: Manufacturer: syz [ 1864.960615][T16417] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1864.974980][ T5141] usb 4-1: SerialNumber: syz [ 1865.009150][ T5141] usb 4-1: config 0 descriptor?? [ 1865.033577][ T5141] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 034 [ 1865.094614][ T29] audit: type=1326 audit(1721899783.386:2942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.231982][ T29] audit: type=1326 audit(1721899783.386:2943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.349021][ T29] audit: type=1326 audit(1721899783.386:2944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.457569][ T29] audit: type=1326 audit(1721899783.386:2945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.544812][T22970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1865.565747][ T928] usb 5-1: USB disconnect, device number 7 [ 1865.576093][ T29] audit: type=1326 audit(1721899783.386:2946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.597478][T22970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1865.621543][ T928] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1865.650786][ T928] keyspan 5-1:0.0: device disconnected [ 1865.708664][ T29] audit: type=1326 audit(1721899783.386:2947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.786261][ T29] audit: type=1326 audit(1721899783.386:2948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.807977][ C1] vkms_vblank_simulate: vblank timer overrun [ 1865.888330][ T29] audit: type=1326 audit(1721899783.386:2949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1865.910002][ C1] vkms_vblank_simulate: vblank timer overrun [ 1866.003801][T22989] sctp: [Deprecated]: syz.2.4927 (pid 22989) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1866.003801][T22989] Use struct sctp_sack_info instead [ 1866.008518][ T29] audit: type=1326 audit(1721899783.386:2950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22975 comm="syz.2.4923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7ffc0000 [ 1866.042070][ C1] vkms_vblank_simulate: vblank timer overrun [ 1866.100978][T22970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1866.150251][T22970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1866.333707][T22994] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4930'. [ 1866.347790][T22992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1866.357467][T22992] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1866.431348][ T5141] i2c i2c-1: failure reading functionality [ 1866.464720][ T5141] i2c i2c-1: connected i2c-tiny-usb device [ 1866.471035][T22999] FAULT_INJECTION: forcing a failure. [ 1866.471035][T22999] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1866.497688][T22999] CPU: 1 UID: 0 PID: 22999 Comm: syz.2.4928 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1866.508240][T22999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1866.518319][T22999] Call Trace: [ 1866.521696][T22999] [ 1866.524636][T22999] dump_stack_lvl+0x241/0x360 [ 1866.529342][T22999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1866.534567][T22999] ? __pfx__printk+0x10/0x10 [ 1866.539181][T22999] ? __pfx_lock_release+0x10/0x10 [ 1866.544238][T22999] should_fail_ex+0x3b0/0x4e0 [ 1866.548945][T22999] _copy_from_user+0x2f/0xe0 [ 1866.553560][T22999] copy_msghdr_from_user+0xae/0x680 [ 1866.558785][T22999] ? __pfx___might_resched+0x10/0x10 [ 1866.564101][T22999] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1866.570115][T22999] ? __might_fault+0xaa/0x120 [ 1866.574905][T22999] do_recvmmsg+0x40f/0xae0 [ 1866.579350][T22999] ? random_recv_done+0x138/0x1e0 [ 1866.584396][T22999] ? __pfx_do_recvmmsg+0x10/0x10 [ 1866.589347][T22999] ? detach_buf_split+0x9e8/0xb80 [ 1866.594513][T22999] ? __lock_acquire+0x137a/0x2040 [ 1866.599596][T22999] ? sched_clock_cpu+0x76/0x490 [ 1866.604476][T22999] ? __pfx_sched_clock_cpu+0x10/0x10 [ 1866.609894][T22999] __x64_sys_recvmmsg+0x199/0x250 [ 1866.614950][T22999] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1866.620520][T22999] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1866.626911][T22999] ? __irq_exit_rcu+0x100/0x1c0 [ 1866.631803][T22999] ? do_syscall_64+0xb6/0x230 [ 1866.636512][T22999] do_syscall_64+0xf3/0x230 [ 1866.641042][T22999] ? clear_bhb_loop+0x35/0x90 [ 1866.645745][T22999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1866.651668][T22999] RIP: 0033:0x7f78fb975f19 [ 1866.656108][T22999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1866.675746][T22999] RSP: 002b:00007f78fc70c048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1866.684194][T22999] RAX: ffffffffffffffda RBX: 00007f78fbb06038 RCX: 00007f78fb975f19 [ 1866.692197][T22999] RDX: 0000000000000a0d RSI: 00000000200066c0 RDI: 0000000000000004 [ 1866.700198][T22999] RBP: 00007f78fc70c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1866.708197][T22999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1866.716194][T22999] R13: 000000000000006e R14: 00007f78fbb06038 R15: 00007ffea45850a8 [ 1866.724210][T22999] [ 1866.727316][ C1] vkms_vblank_simulate: vblank timer overrun [ 1866.765815][ T5141] usb 4-1: USB disconnect, device number 34 [ 1866.950291][T23002] vivid-003: disconnect [ 1866.955207][T23002] vivid-003: reconnect [ 1867.308530][T22982] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1868.596843][T23016] xt_l2tp: v2 sid > 0xffff: 16777216 [ 1868.680299][ T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1868.711276][T23018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4936'. [ 1868.752317][T23018] netlink: 'syz.3.4936': attribute type 12 has an invalid length. [ 1868.934631][T21671] usb 2-1: [UEAGLE-ATM] firmware is not available [ 1868.975995][ T9900] usb 2-1: [UEAGLE-ATM] firmware is not available [ 1869.000202][T23018] netlink: 'syz.3.4936': attribute type 14 has an invalid length. [ 1869.583585][T23018] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1869.592631][T23018] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1869.601450][T23018] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1869.610286][T23018] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1869.748861][T23018] vxlan0: entered promiscuous mode [ 1869.758815][T23023] sctp: [Deprecated]: syz.0.4938 (pid 23023) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1869.758815][T23023] Use struct sctp_sack_info instead [ 1869.782327][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 1869.811285][ T8] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1869.843100][ T8] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1869.873530][ T8] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1869.914833][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1869.964715][ T8] hub 5-1:4.0: USB hub found [ 1870.170170][ T8] hub 5-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 1870.439379][T23031] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1870.445956][T23031] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1870.453800][T23031] vhci_hcd vhci_hcd.0: Device attached [ 1870.473338][T23033] vhci_hcd: connection closed [ 1870.478303][ T7446] vhci_hcd: stop threads [ 1870.533552][ T7446] vhci_hcd: release socket [ 1870.553862][ T7446] vhci_hcd: disconnect device [ 1870.570223][T23009] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4933'. [ 1870.750410][T21671] usb 5-1: USB disconnect, device number 8 [ 1870.853180][T23036] vivid-003: disconnect [ 1870.858120][T23036] vivid-003: reconnect [ 1871.269919][T23042] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.4944'. [ 1871.301437][T23042] netlink: 183228 bytes leftover after parsing attributes in process `syz.3.4944'. [ 1871.341597][ T5105] Bluetooth: hci1: link tx timeout [ 1871.347196][ T5105] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1872.666611][T23053] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1873.308852][T23063] sctp: [Deprecated]: syz.4.4950 (pid 23063) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1873.308852][T23063] Use struct sctp_sack_info instead [ 1873.395022][T19352] Bluetooth: hci1: command 0x0406 tx timeout [ 1873.432100][T10248] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1873.651053][T23068] xt_l2tp: v2 sid > 0xffff: 16777216 [ 1873.728330][T10248] usb 4-1: Using ep0 maxpacket: 8 [ 1873.748896][T23071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4951'. [ 1873.755388][T10248] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1873.798439][T23071] netlink: 'syz.2.4951': attribute type 12 has an invalid length. [ 1873.806280][T10248] usb 4-1: config 0 has no interface number 0 [ 1873.807239][T10248] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1873.861003][T23071] netlink: 'syz.2.4951': attribute type 14 has an invalid length. [ 1873.899624][T10248] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1873.933427][T10248] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1873.968471][T10248] usb 4-1: config 0 descriptor?? [ 1873.988420][T10248] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1874.031627][T23071] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1874.040752][T23071] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1874.049627][T23071] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1874.058587][T23071] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1874.068546][T23071] vxlan0: entered promiscuous mode [ 1874.294891][T23061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1874.333510][T23061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1875.479449][T23083] program syz.2.4957 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1875.534582][T23083] netlink: 'syz.2.4957': attribute type 3 has an invalid length. [ 1875.571107][T23083] netlink: 'syz.2.4957': attribute type 3 has an invalid length. [ 1876.549095][T10248] usb 4-1: USB disconnect, device number 35 [ 1876.578590][T10248] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected [ 1876.788099][T23096] sctp: [Deprecated]: syz.2.4962 (pid 23096) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1876.788099][T23096] Use struct sctp_sack_info instead [ 1876.825742][T23097] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1878.168335][ T5141] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1878.380119][ T5141] usb 4-1: Using ep0 maxpacket: 8 [ 1878.421219][ T5141] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1878.450400][ T5141] usb 4-1: config 0 has no interface number 0 [ 1878.485001][ T5141] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1878.552033][ T5141] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1878.593604][ T5141] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1878.656991][ T5141] usb 4-1: config 0 descriptor?? [ 1878.671466][T23118] 9pnet_fd: Insufficient options for proto=fd [ 1878.695661][ T5141] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1879.052948][T23103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1879.080163][T23103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1880.051843][T23130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1880.066799][T23130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1880.391290][T23133] QAT: Invalid ioctl -1071618518 [ 1880.407850][T23133] QAT: Invalid ioctl -805268463 [ 1880.419071][T23133] QAT: Invalid ioctl -2114415556 [ 1880.435604][T23133] QAT: Invalid ioctl -805268418 [ 1880.450288][T23133] QAT: Invalid ioctl -805268419 [ 1880.465851][T23133] QAT: Invalid ioctl -1066363887 [ 1880.482106][T23133] QAT: Invalid ioctl -1066363887 [ 1880.507090][T23133] QAT: Invalid ioctl -2114415556 [ 1880.541774][T23133] QAT: Invalid ioctl 21531 [ 1880.567577][T23133] QAT: Invalid ioctl 1074292268 [ 1880.634126][T23136] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1880.720173][ T8] usb 4-1: USB disconnect, device number 36 [ 1880.758829][ T8] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected [ 1880.779031][T23138] sctp: [Deprecated]: syz.2.4974 (pid 23138) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1880.779031][T23138] Use struct sctp_sack_info instead [ 1881.155682][T19352] Bluetooth: hci4: command 0x0406 tx timeout [ 1881.225617][T23145] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1881.307603][T23149] ecryptfs_parse_options: eCryptfs: unrecognized option [arrier] [ 1881.315854][T23149] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1881.330386][T23149] Error parsing options; rc = [-22] [ 1881.345672][T23149] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4979'. [ 1884.881197][T23181] sctp: [Deprecated]: syz.2.4986 (pid 23181) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1884.881197][T23181] Use struct sctp_sack_info instead [ 1885.760022][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1886.000677][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1886.053029][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1886.088439][ T9] usb 2-1: config 0 has no interface number 0 [ 1886.124290][ T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1886.191820][ T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1886.223771][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1886.267265][ T9] usb 2-1: config 0 descriptor?? [ 1886.302401][ T9] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1886.779456][T23186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1886.918613][T23186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1888.399686][T23207] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1888.426487][ T9900] usb 2-1: USB disconnect, device number 8 [ 1888.453473][ T9900] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 1889.848784][T23223] sctp: [Deprecated]: syz.1.4998 (pid 23223) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1889.848784][T23223] Use struct sctp_sack_info instead [ 1893.031959][T23247] FAULT_INJECTION: forcing a failure. [ 1893.031959][T23247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1893.083346][T23247] CPU: 0 UID: 0 PID: 23247 Comm: syz.4.5005 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1893.093829][T23247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1893.103896][T23247] Call Trace: [ 1893.107187][T23247] [ 1893.110110][T23247] dump_stack_lvl+0x241/0x360 [ 1893.114789][T23247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1893.119983][T23247] ? __pfx__printk+0x10/0x10 [ 1893.124565][T23247] ? __pfx_lock_release+0x10/0x10 [ 1893.129608][T23247] should_fail_ex+0x3b0/0x4e0 [ 1893.134311][T23247] _copy_to_user+0x2f/0xb0 [ 1893.138727][T23247] bpf_test_finish+0x593/0x8b0 [ 1893.143490][T23247] ? __pfx_bpf_test_finish+0x10/0x10 [ 1893.148781][T23247] ? _copy_from_user+0xa6/0xe0 [ 1893.153558][T23247] ? bpf_test_init+0x15a/0x180 [ 1893.158328][T23247] bpf_prog_test_run_xdp+0x905/0x11b0 [ 1893.163752][T23247] ? __pfx_lock_release+0x10/0x10 [ 1893.168777][T23247] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1893.174578][T23247] ? __fget_files+0x29/0x470 [ 1893.179164][T23247] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1893.184971][T23247] bpf_prog_test_run+0x33a/0x3b0 [ 1893.189908][T23247] __sys_bpf+0x48d/0x810 [ 1893.194144][T23247] ? __pfx___sys_bpf+0x10/0x10 [ 1893.198908][T23247] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1893.204882][T23247] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1893.211214][T23247] ? do_syscall_64+0x100/0x230 [ 1893.216002][T23247] __x64_sys_bpf+0x7c/0x90 [ 1893.220423][T23247] do_syscall_64+0xf3/0x230 [ 1893.224911][T23247] ? clear_bhb_loop+0x35/0x90 [ 1893.229571][T23247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1893.235459][T23247] RIP: 0033:0x7f983a975f19 [ 1893.239879][T23247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1893.259478][T23247] RSP: 002b:00007f983b6d3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1893.267890][T23247] RAX: ffffffffffffffda RBX: 00007f983ab05f60 RCX: 00007f983a975f19 [ 1893.275949][T23247] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 1893.283914][T23247] RBP: 00007f983b6d30a0 R08: 0000000000000000 R09: 0000000000000000 [ 1893.291902][T23247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1893.299946][T23247] R13: 000000000000000b R14: 00007f983ab05f60 R15: 00007ffcd5154c68 [ 1893.307911][T23247] [ 1893.528470][ T5141] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 1893.708347][ T5141] usb 2-1: device descriptor read/64, error -71 [ 1894.011541][ T5141] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 1894.198292][ T5141] usb 2-1: device descriptor read/64, error -71 [ 1894.242979][T16383] usb 3-1: reset high-speed USB device number 37 using dummy_hcd [ 1894.354153][ T5141] usb usb2-port1: attempt power cycle [ 1894.423956][T23257] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1894.868361][ T5141] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 1894.956201][ T5141] usb 2-1: device descriptor read/8, error -71 [ 1895.319696][ T5141] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 1895.448067][ T5141] usb 2-1: device descriptor read/8, error -71 [ 1895.482093][T23268] sctp: [Deprecated]: syz.3.5010 (pid 23268) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1895.482093][T23268] Use struct sctp_sack_info instead [ 1895.638495][ T5141] usb usb2-port1: unable to enumerate USB device [ 1896.997541][T23284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.029217][T23284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1897.281179][T23284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.369737][T23284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1897.807806][T23284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.858726][T23284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1898.374208][T23300] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1899.262514][T23310] sctp: [Deprecated]: syz.2.5023 (pid 23310) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1899.262514][T23310] Use struct sctp_sack_info instead [ 1899.552436][T16383] usb 3-1: device descriptor read/64, error -110 [ 1899.971324][T23319] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5024'. [ 1900.696329][T16383] usb 3-1: reset high-speed USB device number 37 using dummy_hcd [ 1900.908619][T16383] usb 3-1: device descriptor read/64, error -32 [ 1901.033514][ C0] eth0: bad gso: type: 1, size: 1408 [ 1901.228510][T23333] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5028'. [ 1901.912608][T16383] usb 3-1: reset high-speed USB device number 37 using dummy_hcd [ 1901.968915][T16383] usb 3-1: device descriptor read/8, error -32 [ 1902.304860][T23349] blktrace: Concurrent blktraces are not allowed on nullb0 [ 1902.828454][T23351] vivid-007: kernel_thread() failed [ 1902.861889][T23347] program syz.4.5031 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1902.928387][T16383] usb 3-1: reset high-speed USB device number 37 using dummy_hcd [ 1903.138649][T16383] usb 3-1: device descriptor read/8, error -32 [ 1903.200622][T23357] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1903.292355][T16383] raw-gadget.1 gadget.2: failed to queue suspend event [ 1903.357019][T21671] usb 3-1: USB disconnect, device number 37 [ 1903.372792][T23362] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1903.403289][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1903.538717][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1903.607720][T23363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1903.627254][T23371] sctp: [Deprecated]: syz.4.5035 (pid 23371) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1903.627254][T23371] Use struct sctp_sack_info instead [ 1903.661712][T21671] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1903.685533][T23363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1903.698484][ C1] raw-gadget.1 gadget.2: ignoring, device is not running [ 1903.718395][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1903.827871][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1903.942884][T21671] usb 3-1: device descriptor read/64, error -32 [ 1904.089896][T21671] raw-gadget.1 gadget.2: failed to queue suspend event [ 1904.125089][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1904.238862][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1904.278119][T23380] cifs: Unknown parameter ')7!?ȿt7B2Z|[HW] W +xk̖>FTF2]Rus-\}.p&N?6w۾{Ai :smOMebhpb0Z7 6(' [ 1904.340228][T21671] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1904.368663][ C1] raw-gadget.1 gadget.2: ignoring, device is not running [ 1904.375930][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1904.469658][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1904.541598][T21671] usb 3-1: device descriptor read/64, error -32 [ 1904.658586][T21671] raw-gadget.1 gadget.2: failed to queue suspend event [ 1904.659190][T21671] usb usb3-port1: attempt power cycle [ 1904.659469][T21671] raw-gadget.1 gadget.2: failed to queue disconnect event [ 1904.711512][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1904.814573][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1904.816470][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1905.029229][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1905.102813][T21671] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1905.192780][ C1] raw-gadget.1 gadget.2: ignoring, device is not running [ 1905.197373][T21671] usb 3-1: device descriptor read/8, error -32 [ 1905.309979][T21671] raw-gadget.1 gadget.2: failed to queue suspend event [ 1905.310361][T21671] raw-gadget.1 gadget.2: failed to queue reset event [ 1905.395636][T21671] raw-gadget.1 gadget.2: failed to queue resume event [ 1905.406711][T23389] lo: entered allmulticast mode [ 1905.427229][T23389] lo: left allmulticast mode [ 1905.449566][T23389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1905.449818][T23389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1905.458372][T21671] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1905.459280][T23389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1905.459905][T23389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1905.488530][ C1] raw-gadget.1 gadget.2: ignoring, device is not running [ 1905.488977][T21671] usb 3-1: device descriptor read/8, error -32 [ 1905.608659][T21671] raw-gadget.1 gadget.2: failed to queue suspend event [ 1905.608881][T21671] usb usb3-port1: unable to enumerate USB device [ 1907.775197][T23409] program syz.3.5045 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1907.911471][T23412] sctp: [Deprecated]: syz.1.5048 (pid 23412) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1907.911471][T23412] Use struct sctp_sack_info instead [ 1908.034785][T23410] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1909.248457][T13369] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1909.518857][T13369] usb 2-1: Using ep0 maxpacket: 8 [ 1909.566731][T13369] usb 2-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 1909.586352][T13369] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1909.606066][T13369] usb 2-1: Product: syz [ 1909.622176][T13369] usb 2-1: Manufacturer: syz [ 1909.626825][T13369] usb 2-1: SerialNumber: syz [ 1909.644070][T13369] usb 2-1: config 0 descriptor?? [ 1909.672849][T13369] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 1909.927040][T13369] gspca_sn9c2028: read1 error -71 [ 1909.951231][T13369] gspca_sn9c2028: read1 error -71 [ 1909.977819][T13369] gspca_sn9c2028: read1 error -71 [ 1910.001706][T13369] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71 [ 1910.109525][T13369] usb 2-1: USB disconnect, device number 13 [ 1911.009513][T23453] program syz.0.5060 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1911.621399][T23462] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1913.598275][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1913.816997][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1913.839506][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1913.879330][ T9] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1913.890439][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1913.931859][ T9] usb 5-1: SerialNumber: syz [ 1914.170942][ T9] usb 5-1: 0:2 : does not exist [ 1914.301367][T23498] program syz.1.5075 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1914.568117][T23504] IPVS: sync thread started: state = MASTER, mcast_ifn = lo, syncid = 1, id = 0 [ 1914.572161][ C0] eth0: bad gso: type: 1, size: 1408 [ 1914.835974][T13369] usb 5-1: USB disconnect, device number 9 [ 1914.933296][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.943042][T23507] vivid-001: disconnect [ 1914.947373][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.041736][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1915.041755][ T29] audit: type=1326 audit(1721899833.336:2952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23487 comm="syz.2.5072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78fb975f19 code=0x7fc00000 [ 1915.506007][T23505] vivid-001: reconnect [ 1915.603831][T23512] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1916.237415][T23523] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1916.243954][T23523] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1916.300968][T23523] vhci_hcd vhci_hcd.0: Device attached [ 1916.499288][ T8] vhci_hcd: vhci_device speed not set [ 1916.944123][ T8] usb 9-1: new high-speed USB device number 3 using vhci_hcd [ 1916.985008][T23539] program syz.1.5087 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1917.337956][ C0] eth0: bad gso: type: 1, size: 1408 [ 1917.630218][T23550] FAULT_INJECTION: forcing a failure. [ 1917.630218][T23550] name failslab, interval 1, probability 0, space 0, times 0 [ 1917.669859][T23550] CPU: 0 UID: 0 PID: 23550 Comm: syz.2.5088 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1917.680319][T23550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1917.690405][T23550] Call Trace: [ 1917.693698][T23550] [ 1917.696655][T23550] dump_stack_lvl+0x241/0x360 [ 1917.701362][T23550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1917.706675][T23550] ? __pfx__printk+0x10/0x10 [ 1917.711302][T23550] ? __kmalloc_noprof+0xb0/0x400 [ 1917.716268][T23550] ? __pfx___might_resched+0x10/0x10 [ 1917.721581][T23550] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1917.727589][T23550] should_fail_ex+0x3b0/0x4e0 [ 1917.732298][T23550] ? sock_kmalloc+0xd7/0x160 [ 1917.736908][T23550] should_failslab+0xac/0x100 [ 1917.741616][T23550] ? sock_kmalloc+0xd7/0x160 [ 1917.746235][T23550] __kmalloc_noprof+0xd8/0x400 [ 1917.751029][T23550] ? __lock_acquire+0x137a/0x2040 [ 1917.756086][T23550] sock_kmalloc+0xd7/0x160 [ 1917.760632][T23550] af_alg_alloc_areq+0x90/0x260 [ 1917.765516][T23550] skcipher_recvmsg+0x382/0x1230 [ 1917.770517][T23550] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 1917.775913][T23550] ? __might_fault+0xaa/0x120 [ 1917.780658][T23550] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 1917.785976][T23550] ? security_socket_recvmsg+0x90/0xb0 [ 1917.791482][T23550] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 1917.796879][T23550] sock_recvmsg+0x22f/0x280 [ 1917.801412][T23550] ____sys_recvmsg+0x1db/0x470 [ 1917.806195][T23550] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1917.811528][T23550] do_recvmmsg+0x474/0xae0 [ 1917.815971][T23550] ? __pfx_lock_release+0x10/0x10 [ 1917.821035][T23550] ? __pfx_do_recvmmsg+0x10/0x10 [ 1917.826010][T23550] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1917.831929][T23550] ? ksys_write+0x23e/0x2c0 [ 1917.836455][T23550] ? __pfx_lock_release+0x10/0x10 [ 1917.841519][T23550] ? vfs_write+0x7c4/0xc90 [ 1917.845967][T23550] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1917.851695][T23550] ? __fget_files+0x3f6/0x470 [ 1917.856440][T23550] __x64_sys_recvmmsg+0x199/0x250 [ 1917.861500][T23550] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1917.867077][T23550] ? do_syscall_64+0x100/0x230 [ 1917.871854][T23550] ? do_syscall_64+0xb6/0x230 [ 1917.876532][T23550] do_syscall_64+0xf3/0x230 [ 1917.881123][T23550] ? clear_bhb_loop+0x35/0x90 [ 1917.885799][T23550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1917.891693][T23550] RIP: 0033:0x7f78fb975f19 [ 1917.896101][T23550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1917.915975][T23550] RSP: 002b:00007f78fc70c048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1917.924422][T23550] RAX: ffffffffffffffda RBX: 00007f78fbb06038 RCX: 00007f78fb975f19 [ 1917.932490][T23550] RDX: 0000000000000001 RSI: 0000000020001440 RDI: 000000000000000a [ 1917.940460][T23550] RBP: 00007f78fc70c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1917.948448][T23550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1917.956514][T23550] R13: 000000000000006e R14: 00007f78fbb06038 R15: 00007ffea45850a8 [ 1917.964500][T23550] [ 1918.328997][T23555] vivid-003: disconnect [ 1918.678636][T23551] vivid-003: reconnect [ 1919.177780][T23524] vhci_hcd: connection reset by peer [ 1919.193020][ T9883] vhci_hcd: stop threads [ 1919.199326][ T9883] vhci_hcd: release socket [ 1919.209703][ T9883] vhci_hcd: disconnect device [ 1919.276397][T23571] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1920.924164][T23591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1921.086113][T23591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1921.219677][T23600] vivid-002: disconnect [ 1921.746717][T23594] vivid-002: reconnect [ 1922.118291][ T8] vhci_hcd: vhci_device speed not set [ 1924.194094][T23635] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1924.501488][T23642] vivid-001: disconnect [ 1925.080707][T23639] vivid-001: reconnect [ 1926.091943][T23662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5121'. [ 1927.999684][T23674] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1928.246154][T19352] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1928.324868][T19352] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1928.347755][T19352] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1928.439034][T19352] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1928.460951][T19352] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1928.500490][T19352] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1929.304104][T23687] blktrace: Concurrent blktraces are not allowed on loop3 [ 1929.389370][T23689] vivid-002: disconnect [ 1929.928666][T23684] vivid-002: reconnect [ 1930.035481][T23676] chnl_net:caif_netlink_parms(): no params data found [ 1930.157157][T23698] fuse: Unknown parameter 'f' [ 1930.309914][T23698] netlink: 'syz.3.5130': attribute type 10 has an invalid length. [ 1930.588334][T19352] Bluetooth: hci7: command tx timeout [ 1932.902628][T19352] Bluetooth: hci6: command 0x0406 tx timeout [ 1932.908880][T19352] Bluetooth: hci7: command tx timeout [ 1932.932703][T23698] 8021q: adding VLAN 0 to HW filter on device team0 [ 1933.032905][T23698] bond0: (slave team0): Enslaving as an active interface with an up link [ 1933.331245][T23676] bridge0: port 1(bridge_slave_0) entered blocking state [ 1933.374844][T23676] bridge0: port 1(bridge_slave_0) entered disabled state [ 1933.401106][T23676] bridge_slave_0: entered allmulticast mode [ 1933.437338][T23676] bridge_slave_0: entered promiscuous mode [ 1933.504644][T23676] bridge0: port 2(bridge_slave_1) entered blocking state [ 1933.578801][T23676] bridge0: port 2(bridge_slave_1) entered disabled state [ 1933.586257][T23676] bridge_slave_1: entered allmulticast mode [ 1933.595121][T23676] bridge_slave_1: entered promiscuous mode [ 1933.662108][T23676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1933.737919][T23676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1934.002388][T23676] team0: Port device team_slave_0 added [ 1934.044234][T23676] team0: Port device team_slave_1 added [ 1934.290509][T23676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1934.321965][T23676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1934.459456][T23676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1934.535539][T23729] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1934.549418][T23732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1934.559115][T23676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1934.566083][T23676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1934.592018][ C1] vkms_vblank_simulate: vblank timer overrun [ 1934.652369][T23732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1934.906599][T23676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1935.053409][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1935.063004][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1935.090853][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1935.100317][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1935.122292][ T5105] Bluetooth: hci7: command tx timeout [ 1935.880543][T23676] hsr_slave_0: entered promiscuous mode [ 1935.911849][T23676] hsr_slave_1: entered promiscuous mode [ 1935.977783][T23676] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1936.018465][T23676] Cannot create hsr debugfs directory [ 1936.890664][T23676] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1937.148268][ T5105] Bluetooth: hci7: command tx timeout [ 1937.246149][T23676] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1937.457187][T23676] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1937.701918][T23676] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1937.798738][T16383] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1937.840681][T23747] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1938.049309][T16383] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1938.082085][T16383] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1938.102791][T16383] usb 4-1: Product: syz [ 1938.107007][T16383] usb 4-1: Manufacturer: syz [ 1938.134888][T16383] usb 4-1: SerialNumber: syz [ 1938.149500][T16383] usb 4-1: config 0 descriptor?? [ 1938.165361][T23676] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1938.177807][T16383] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 037 [ 1938.203414][T23676] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1938.226243][T23676] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1938.255662][T23676] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1938.605469][T23676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1938.632923][T23741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1938.658648][T23741] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1938.704246][T23676] 8021q: adding VLAN 0 to HW filter on device team0 [ 1938.739761][ T928] bridge0: port 1(bridge_slave_0) entered blocking state [ 1938.747060][ T928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1939.506606][T23741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1939.528722][T23741] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1939.569712][ T928] bridge0: port 2(bridge_slave_1) entered blocking state [ 1939.576903][ T928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1939.896330][T16383] i2c i2c-1: failure reading functionality [ 1939.937538][T16383] i2c i2c-1: connected i2c-tiny-usb device [ 1940.117486][T16383] usb 4-1: USB disconnect, device number 37 [ 1940.169577][T23768] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1940.783017][T23676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1941.174145][T23780] hub 9-0:1.0: USB hub found [ 1941.209066][T23780] hub 9-0:1.0: 8 ports detected [ 1941.539618][ T8] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1941.808275][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 1941.826243][ T8] usb 2-1: config index 0 descriptor too short (expected 2340, got 36) [ 1941.838299][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1941.870903][T23676] veth0_vlan: entered promiscuous mode [ 1941.901994][ T8] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 4 [ 1941.926848][T23676] veth1_vlan: entered promiscuous mode [ 1941.931655][ T8] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 1941.998283][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1942.035404][ T8] usb 2-1: config 0 descriptor?? [ 1942.123329][T23676] veth0_macvtap: entered promiscuous mode [ 1942.183791][T23676] veth1_macvtap: entered promiscuous mode [ 1942.290138][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1942.315760][ T8] usb 2-1: USB disconnect, device number 14 [ 1942.354831][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1942.389738][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1942.434429][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.234244][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1943.244964][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.255250][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1943.265867][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.275842][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1943.286460][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.296495][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1943.310358][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.320448][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1943.332011][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.342067][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1943.352690][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.423911][T23676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1943.501948][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.544393][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.588321][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.635910][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.678856][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.730823][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.762950][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.794138][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.815694][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.841420][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.874111][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.896528][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.907820][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.937577][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1943.960582][T23676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1943.992896][T23676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1944.072593][T23676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1944.112010][T23676] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1944.148355][T23676] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1944.157117][T23676] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1944.202713][T23676] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1944.718852][T23823] program syz.2.5165 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1944.808648][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1944.816472][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1945.749453][ T9883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1945.757359][ T9883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1946.118267][T23842] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1949.541421][T23881] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1949.904846][T23900] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 1949.911373][T23900] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1949.982390][T23900] vhci_hcd vhci_hcd.0: Device attached [ 1950.009539][T23906] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1950.053853][T23900] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1950.110665][T23906] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(13) [ 1950.117298][T23906] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1950.159863][T23906] vhci_hcd vhci_hcd.0: Device attached [ 1950.179331][ T9900] vhci_hcd: vhci_device speed not set [ 1950.191480][ T5105] Bluetooth: hci7: SCO packet for unknown connection handle 0 [ 1950.269904][ T9900] usb 17-1: new high-speed USB device number 2 using vhci_hcd [ 1951.698748][T13369] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1951.859604][T23926] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1951.948612][T13369] usb 2-1: Using ep0 maxpacket: 32 [ 1952.203619][T13369] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1952.391691][T13369] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1952.410211][T13369] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1952.449775][T13369] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1952.571277][T13369] usb 2-1: config 0 descriptor?? [ 1952.650510][T13369] hub 2-1:0.0: USB hub found [ 1952.767045][T23939] netlink: 'syz.2.5199': attribute type 5 has an invalid length. [ 1952.808410][T23939] FAULT_INJECTION: forcing a failure. [ 1952.808410][T23939] name failslab, interval 1, probability 0, space 0, times 0 [ 1952.822144][T13369] hub 2-1:0.0: 1 port detected [ 1952.868389][T23939] CPU: 0 UID: 0 PID: 23939 Comm: syz.2.5199 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1952.878865][T23939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1952.888941][T23939] Call Trace: [ 1952.892236][T23939] [ 1952.895178][T23939] dump_stack_lvl+0x241/0x360 [ 1952.899882][T23939] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1952.905103][T23939] ? __pfx__printk+0x10/0x10 [ 1952.909717][T23939] ? __kmalloc_noprof+0xb0/0x400 [ 1952.914676][T23939] ? __pfx___might_resched+0x10/0x10 [ 1952.919983][T23939] should_fail_ex+0x3b0/0x4e0 [ 1952.924683][T23939] ? fib_trie_table+0x33/0x1e0 [ 1952.929471][T23939] should_failslab+0xac/0x100 [ 1952.934171][T23939] ? fib_trie_table+0x33/0x1e0 [ 1952.938959][T23939] __kmalloc_noprof+0xd8/0x400 [ 1952.943746][T23939] fib_trie_table+0x33/0x1e0 [ 1952.948378][T23939] fib_new_table+0x14c/0x2d0 [ 1952.952990][T23939] inet_rtm_newroute+0x131/0x290 [ 1952.957944][T23939] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 1952.963416][T23939] ? __dev_queue_xmit+0x1763/0x3e90 [ 1952.968655][T23939] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 1952.974133][T23939] rtnetlink_rcv_msg+0x73f/0xcf0 [ 1952.979087][T23939] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 1952.984219][T23939] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1952.989705][T23939] ? ref_tracker_free+0x643/0x7e0 [ 1952.994751][T23939] netlink_rcv_skb+0x1e3/0x430 [ 1952.999535][T23939] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1953.005103][T23939] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1953.010433][T23939] ? netlink_deliver_tap+0x2e/0x1b0 [ 1953.015666][T23939] netlink_unicast+0x7f0/0x990 [ 1953.020470][T23939] ? __pfx_netlink_unicast+0x10/0x10 [ 1953.025778][T23939] ? __virt_addr_valid+0x183/0x530 [ 1953.030901][T23939] ? __check_object_size+0x49c/0x900 [ 1953.036187][T23939] ? bpf_lsm_netlink_send+0x9/0x10 [ 1953.041308][T23939] netlink_sendmsg+0x8e4/0xcb0 [ 1953.046079][T23939] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1953.051370][T23939] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1953.056651][T23939] ? security_socket_sendmsg+0x87/0xb0 [ 1953.062193][T23939] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1953.067477][T23939] __sock_sendmsg+0x221/0x270 [ 1953.072155][T23939] __sys_sendto+0x3a4/0x4f0 [ 1953.076654][T23939] ? __pfx___sys_sendto+0x10/0x10 [ 1953.081691][T23939] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1953.087669][T23939] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1953.094003][T23939] __x64_sys_sendto+0xde/0x100 [ 1953.098774][T23939] do_syscall_64+0xf3/0x230 [ 1953.103274][T23939] ? clear_bhb_loop+0x35/0x90 [ 1953.107943][T23939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1953.113832][T23939] RIP: 0033:0x7f78fb975f19 [ 1953.118242][T23939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1953.137844][T23939] RSP: 002b:00007f78fc72d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1953.146264][T23939] RAX: ffffffffffffffda RBX: 00007f78fbb05f60 RCX: 00007f78fb975f19 [ 1953.154232][T23939] RDX: 0000000000000078 RSI: 0000000020000080 RDI: 0000000000000003 [ 1953.162200][T23939] RBP: 00007f78fc72d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1953.170177][T23939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1953.178835][T23939] R13: 000000000000000b R14: 00007f78fbb05f60 R15: 00007ffea45850a8 [ 1953.186812][T23939] [ 1953.319734][T23908] vhci_hcd: connection closed [ 1953.332398][T23904] vhci_hcd: connection reset by peer [ 1953.350124][ T9881] vhci_hcd: stop threads [ 1953.354444][ T9881] vhci_hcd: release socket [ 1953.388690][ T9881] vhci_hcd: disconnect device [ 1953.458456][ T9881] vhci_hcd: stop threads [ 1953.462840][ T9881] vhci_hcd: release socket [ 1953.482651][ T9881] vhci_hcd: disconnect device [ 1954.054177][T23951] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5202'. [ 1954.887954][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1954.896995][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1954.905335][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1954.915954][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1954.923244][T13369] hub 2-1:0.0: hub_hub_status failed (err = -32) [ 1954.932444][T13369] hub 2-1:0.0: config failed, can't get hub status (err -32) [ 1955.036905][T13369] usbhid 2-1:0.0: can't add hid device: -71 [ 1955.100221][T13369] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1955.169396][T13369] usb 2-1: USB disconnect, device number 15 [ 1955.925051][ T9900] vhci_hcd: vhci_device speed not set [ 1956.603095][T23982] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1958.552010][T24004] devpts: called with bogus options [ 1958.645833][T24007] 9pnet_fd: Insufficient options for proto=fd [ 1958.759161][T24011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5221'. [ 1958.828804][ C1] ================================================================== [ 1958.836938][ C1] BUG: KASAN: slab-out-of-bounds in bq_xmit_all+0x134/0x11d0 [ 1958.844311][ C1] Read of size 8 at addr ffff88802e7e3590 by task syz.1.5221/24011 [ 1958.852182][ C1] [ 1958.854488][ C1] CPU: 1 UID: 0 PID: 24011 Comm: syz.1.5221 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1958.864919][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1958.874963][ C1] Call Trace: [ 1958.878237][ C1] [ 1958.881068][ C1] dump_stack_lvl+0x241/0x360 [ 1958.885733][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1958.890918][ C1] ? __pfx__printk+0x10/0x10 [ 1958.895495][ C1] ? _printk+0xd5/0x120 [ 1958.899638][ C1] ? __virt_addr_valid+0x183/0x530 [ 1958.904730][ C1] ? __virt_addr_valid+0x183/0x530 [ 1958.909824][ C1] print_report+0x169/0x550 [ 1958.914311][ C1] ? __virt_addr_valid+0x183/0x530 [ 1958.919400][ C1] ? __virt_addr_valid+0x183/0x530 [ 1958.924490][ C1] ? __virt_addr_valid+0x45f/0x530 [ 1958.929596][ C1] ? __phys_addr+0xba/0x170 [ 1958.934077][ C1] ? bq_xmit_all+0x134/0x11d0 [ 1958.938734][ C1] kasan_report+0x143/0x180 [ 1958.943220][ C1] ? bq_xmit_all+0x134/0x11d0 [ 1958.947893][ C1] bq_xmit_all+0x134/0x11d0 [ 1958.952403][ C1] ? mark_lock+0x9a/0x350 [ 1958.956731][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1958.962698][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1958.969022][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 1958.974143][ C1] ? __pfx_bq_xmit_all+0x10/0x10 [ 1958.979255][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1958.984467][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1958.989662][ C1] ? process_backlog+0x151a/0x15b0 [ 1958.994763][ C1] __dev_flush+0x81/0x160 [ 1958.999076][ C1] xdp_do_check_flushed+0x129/0x240 [ 1959.004260][ C1] __napi_poll+0xe4/0x490 [ 1959.008573][ C1] net_rx_action+0x89b/0x1240 [ 1959.013240][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1959.018430][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 1959.023534][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1959.029849][ C1] handle_softirqs+0x2c4/0x970 [ 1959.034603][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 1959.039352][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1959.044651][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 1959.049837][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 1959.054436][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1959.059640][ C1] irq_exit_rcu+0x9/0x30 [ 1959.063864][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1959.069478][ C1] [ 1959.072392][ C1] [ 1959.075321][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1959.081313][ C1] RIP: 0010:unwind_next_frame+0x1a80/0x2a00 [ 1959.087198][ C1] Code: e8 35 61 52 00 49 89 df 48 8b 2c 24 e9 f2 02 00 00 48 8b 7c 24 18 48 8d 5f 02 48 83 c7 03 48 89 d8 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 36 0e 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 1959.106966][ C1] RSP: 0018:ffffc9000b6feec8 EFLAGS: 00000a07 [ 1959.113020][ C1] RAX: 0000000000000000 RBX: ffffffff903cc76c RCX: 0000000000000000 [ 1959.120974][ C1] RDX: 0000000000000003 RSI: ffffffff8e1a3320 RDI: ffffffff903cc76d [ 1959.128929][ C1] RBP: ffffffff903cc76e R08: 0000000000000005 R09: ffffffff814120bf [ 1959.136886][ C1] R10: 0000000000000003 R11: ffff88802b86bc00 R12: ffffc9000b6ff750 [ 1959.144839][ C1] R13: dffffc0000000000 R14: ffffc9000b6feff0 R15: 1ffff920016dfdf4 [ 1959.152822][ C1] ? unwind_next_frame+0x196f/0x2a00 [ 1959.158102][ C1] ? unwind_next_frame+0x196f/0x2a00 [ 1959.163375][ C1] ? free_pages_and_swap_cache+0x2ea/0x690 [ 1959.169532][ C1] ? free_pages_and_swap_cache+0x2ea/0x690 [ 1959.175319][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1959.181469][ C1] arch_stack_walk+0x151/0x1b0 [ 1959.186223][ C1] ? tlb_flush_mmu+0x3a3/0x680 [ 1959.190979][ C1] stack_trace_save+0x118/0x1d0 [ 1959.195815][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1959.201172][ C1] save_stack+0xfb/0x1f0 [ 1959.205399][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1959.210408][ C1] ? __pfx_save_stack+0x10/0x10 [ 1959.215238][ C1] ? free_unref_folios+0x100f/0x1ac0 [ 1959.220531][ C1] ? folios_put_refs+0x76e/0x860 [ 1959.225453][ C1] ? free_pages_and_swap_cache+0x2ea/0x690 [ 1959.231248][ C1] ? page_ext_get+0x20/0x2a0 [ 1959.235827][ C1] __reset_page_owner+0x75/0x3f0 [ 1959.240759][ C1] free_unref_folios+0x100f/0x1ac0 [ 1959.245866][ C1] folios_put_refs+0x76e/0x860 [ 1959.250732][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 1959.256009][ C1] ? free_swap_cache+0x141/0x880 [ 1959.260932][ C1] free_pages_and_swap_cache+0x2ea/0x690 [ 1959.266549][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 1959.272704][ C1] ? tlb_table_flush+0x143/0x410 [ 1959.277723][ C1] tlb_flush_mmu+0x3a3/0x680 [ 1959.282308][ C1] ? __pfx_down_write+0x10/0x10 [ 1959.287147][ C1] tlb_finish_mmu+0xd4/0x200 [ 1959.291722][ C1] exit_mmap+0x44f/0xc80 [ 1959.295954][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1959.300787][ C1] ? __asan_memset+0x23/0x50 [ 1959.305364][ C1] ? uprobe_clear_state+0x277/0x290 [ 1959.310545][ C1] ? mm_update_next_owner+0xa2/0x8a0 [ 1959.315819][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1959.321009][ C1] __mmput+0x115/0x380 [ 1959.325065][ C1] exit_mm+0x220/0x310 [ 1959.329118][ C1] ? __pfx_exit_mm+0x10/0x10 [ 1959.333688][ C1] ? taskstats_exit+0x326/0xa60 [ 1959.338528][ C1] do_exit+0x9b2/0x27f0 [ 1959.342671][ C1] ? __pfx_do_exit+0x10/0x10 [ 1959.347244][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1959.353302][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1959.359705][ C1] ? cgroup_freezing+0x2a8/0x350 [ 1959.364629][ C1] do_group_exit+0x207/0x2c0 [ 1959.369203][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1959.374392][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1959.379581][ C1] get_signal+0x1695/0x1730 [ 1959.384078][ C1] ? __pfx_get_signal+0x10/0x10 [ 1959.388919][ C1] arch_do_signal_or_restart+0x96/0x860 [ 1959.394455][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1959.400593][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1959.406585][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1959.412307][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 1959.417851][ C1] do_syscall_64+0x100/0x230 [ 1959.422466][ C1] ? clear_bhb_loop+0x35/0x90 [ 1959.427136][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1959.433021][ C1] RIP: 0033:0x7f4e95375f19 [ 1959.437419][ C1] Code: Unable to access opcode bytes at 0x7f4e95375eef. [ 1959.444426][ C1] RSP: 002b:00007f4e961c40f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1959.452822][ C1] RAX: fffffffffffffe00 RBX: 00007f4e95505f68 RCX: 00007f4e95375f19 [ 1959.460776][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4e95505f68 [ 1959.468731][ C1] RBP: 00007f4e95505f60 R08: 00007f4e961c46c0 R09: 00007f4e961c46c0 [ 1959.476684][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e95505f6c [ 1959.484655][ C1] R13: 000000000000000b R14: 00007fff82c72020 R15: 00007fff82c72108 [ 1959.492644][ C1] [ 1959.495651][ C1] [ 1959.497961][ C1] Allocated by task 24005: [ 1959.502364][ C1] kasan_save_track+0x3f/0x80 [ 1959.507024][ C1] __kasan_slab_alloc+0x66/0x80 [ 1959.511887][ C1] kmem_cache_alloc_noprof+0x135/0x2a0 [ 1959.517422][ C1] vm_area_alloc+0x24/0x1d0 [ 1959.521916][ C1] mmap_region+0xc3d/0x2090 [ 1959.526398][ C1] do_mmap+0x8f9/0x1010 [ 1959.530539][ C1] vm_mmap_pgoff+0x1dd/0x3d0 [ 1959.535121][ C1] do_syscall_64+0xf3/0x230 [ 1959.539615][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1959.545492][ C1] [ 1959.547794][ C1] The buggy address belongs to the object at ffff88802e7e34d8 [ 1959.547794][ C1] which belongs to the cache vm_area_struct of size 184 [ 1959.562087][ C1] The buggy address is located 0 bytes to the right of [ 1959.562087][ C1] allocated 184-byte region [ffff88802e7e34d8, ffff88802e7e3590) [ 1959.576559][ C1] [ 1959.578874][ C1] The buggy address belongs to the physical page: [ 1959.585300][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e7e3 [ 1959.594052][ C1] memcg:ffff88802baa2301 [ 1959.598273][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1959.605368][ C1] page_type: 0xfdffffff(slab) [ 1959.610024][ C1] raw: 00fff00000000000 ffff888015eefb40 ffffea0000791a80 dead000000000004 [ 1959.618602][ C1] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88802baa2301 [ 1959.627167][ C1] page dumped because: kasan: bad access detected [ 1959.633572][ C1] page_owner tracks the page as allocated [ 1959.639268][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4754, tgid 4754 (sh), ts 32059352634, free_ts 32056534124 [ 1959.657651][ C1] post_alloc_hook+0x1f3/0x230 [ 1959.662399][ C1] get_page_from_freelist+0x2e4c/0x2f10 [ 1959.667929][ C1] __alloc_pages_noprof+0x256/0x6c0 [ 1959.673114][ C1] alloc_slab_page+0x5f/0x120 [ 1959.677767][ C1] allocate_slab+0x5a/0x2f0 [ 1959.682249][ C1] ___slab_alloc+0xcd1/0x14b0 [ 1959.686910][ C1] __slab_alloc+0x58/0xa0 [ 1959.691228][ C1] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 1959.696676][ C1] vm_area_alloc+0x24/0x1d0 [ 1959.701165][ C1] mmap_region+0xc3d/0x2090 [ 1959.705648][ C1] do_mmap+0x8f9/0x1010 [ 1959.709781][ C1] vm_mmap_pgoff+0x1dd/0x3d0 [ 1959.714348][ C1] elf_load+0x153/0x6f0 [ 1959.718486][ C1] load_elf_interp+0x443/0xac0 [ 1959.723234][ C1] load_elf_binary+0x1a47/0x2680 [ 1959.728155][ C1] bprm_execve+0xaf8/0x1770 [ 1959.732656][ C1] page last free pid 4753 tgid 4753 stack trace: [ 1959.738960][ C1] free_unref_folios+0x100f/0x1ac0 [ 1959.744139][ C1] folios_put_refs+0x76e/0x860 [ 1959.748878][ C1] free_pages_and_swap_cache+0x5c8/0x690 [ 1959.754490][ C1] tlb_flush_mmu+0x3a3/0x680 [ 1959.759062][ C1] tlb_finish_mmu+0xd4/0x200 [ 1959.763626][ C1] exit_mmap+0x44f/0xc80 [ 1959.767895][ C1] __mmput+0x115/0x380 [ 1959.771946][ C1] exit_mm+0x220/0x310 [ 1959.776010][ C1] do_exit+0x9b2/0x27f0 [ 1959.780147][ C1] do_group_exit+0x207/0x2c0 [ 1959.784713][ C1] __x64_sys_exit_group+0x3f/0x40 [ 1959.789714][ C1] x64_sys_call+0x26c3/0x26d0 [ 1959.794383][ C1] do_syscall_64+0xf3/0x230 [ 1959.798874][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1959.804752][ C1] [ 1959.807054][ C1] Memory state around the buggy address: [ 1959.812659][ C1] ffff88802e7e3480: 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 00 [ 1959.820697][ C1] ffff88802e7e3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1959.828737][ C1] >ffff88802e7e3580: 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 00 00 [ 1959.836772][ C1] ^ [ 1959.841338][ C1] ffff88802e7e3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1959.849380][ C1] ffff88802e7e3680: 00 fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 [ 1959.857419][ C1] ================================================================== [ 1959.865985][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1959.873190][ C1] CPU: 1 UID: 0 PID: 24011 Comm: syz.1.5221 Not tainted 6.10.0-syzkaller-12381-gc33ffdb70cc6 #0 [ 1959.883621][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1959.893697][ C1] Call Trace: [ 1959.896987][ C1] [ 1959.899844][ C1] dump_stack_lvl+0x241/0x360 [ 1959.904559][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1959.909787][ C1] ? __pfx__printk+0x10/0x10 [ 1959.914404][ C1] ? vscnprintf+0x5d/0x90 [ 1959.919181][ C1] panic+0x349/0x860 [ 1959.923103][ C1] ? check_panic_on_warn+0x21/0xb0 [ 1959.928315][ C1] ? __pfx_panic+0x10/0x10 [ 1959.932747][ C1] ? mark_lock+0x9a/0x350 [ 1959.937094][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 1959.943013][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1959.948933][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1959.955284][ C1] ? print_report+0x502/0x550 [ 1959.959985][ C1] check_panic_on_warn+0x86/0xb0 [ 1959.964937][ C1] ? bq_xmit_all+0x134/0x11d0 [ 1959.969631][ C1] end_report+0x77/0x160 [ 1959.973898][ C1] kasan_report+0x154/0x180 [ 1959.978421][ C1] ? bq_xmit_all+0x134/0x11d0 [ 1959.983123][ C1] bq_xmit_all+0x134/0x11d0 [ 1959.987649][ C1] ? mark_lock+0x9a/0x350 [ 1959.992005][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1959.998010][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1960.004376][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 1960.009527][ C1] ? __pfx_bq_xmit_all+0x10/0x10 [ 1960.014491][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1960.019719][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1960.024947][ C1] ? process_backlog+0x151a/0x15b0 [ 1960.030087][ C1] __dev_flush+0x81/0x160 [ 1960.034431][ C1] xdp_do_check_flushed+0x129/0x240 [ 1960.039647][ C1] __napi_poll+0xe4/0x490 [ 1960.044088][ C1] net_rx_action+0x89b/0x1240 [ 1960.048782][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1960.053998][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 1960.059102][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1960.065419][ C1] handle_softirqs+0x2c4/0x970 [ 1960.070267][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 1960.075018][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1960.080285][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 1960.085554][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 1960.090127][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1960.095308][ C1] irq_exit_rcu+0x9/0x30 [ 1960.099541][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1960.105159][ C1] [ 1960.108079][ C1] [ 1960.110990][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1960.116950][ C1] RIP: 0010:unwind_next_frame+0x1a80/0x2a00 [ 1960.122841][ C1] Code: e8 35 61 52 00 49 89 df 48 8b 2c 24 e9 f2 02 00 00 48 8b 7c 24 18 48 8d 5f 02 48 83 c7 03 48 89 d8 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 36 0e 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 1960.142441][ C1] RSP: 0018:ffffc9000b6feec8 EFLAGS: 00000a07 [ 1960.148492][ C1] RAX: 0000000000000000 RBX: ffffffff903cc76c RCX: 0000000000000000 [ 1960.156445][ C1] RDX: 0000000000000003 RSI: ffffffff8e1a3320 RDI: ffffffff903cc76d [ 1960.164480][ C1] RBP: ffffffff903cc76e R08: 0000000000000005 R09: ffffffff814120bf [ 1960.172437][ C1] R10: 0000000000000003 R11: ffff88802b86bc00 R12: ffffc9000b6ff750 [ 1960.180410][ C1] R13: dffffc0000000000 R14: ffffc9000b6feff0 R15: 1ffff920016dfdf4 [ 1960.188457][ C1] ? unwind_next_frame+0x196f/0x2a00 [ 1960.193774][ C1] ? unwind_next_frame+0x196f/0x2a00 [ 1960.199046][ C1] ? free_pages_and_swap_cache+0x2ea/0x690 [ 1960.204839][ C1] ? free_pages_and_swap_cache+0x2ea/0x690 [ 1960.210631][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1960.216769][ C1] arch_stack_walk+0x151/0x1b0 [ 1960.221522][ C1] ? tlb_flush_mmu+0x3a3/0x680 [ 1960.226361][ C1] stack_trace_save+0x118/0x1d0 [ 1960.231200][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1960.236560][ C1] save_stack+0xfb/0x1f0 [ 1960.240791][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1960.245802][ C1] ? __pfx_save_stack+0x10/0x10 [ 1960.250635][ C1] ? free_unref_folios+0x100f/0x1ac0 [ 1960.255903][ C1] ? folios_put_refs+0x76e/0x860 [ 1960.260836][ C1] ? free_pages_and_swap_cache+0x2ea/0x690 [ 1960.266631][ C1] ? page_ext_get+0x20/0x2a0 [ 1960.271208][ C1] __reset_page_owner+0x75/0x3f0 [ 1960.276134][ C1] free_unref_folios+0x100f/0x1ac0 [ 1960.281235][ C1] folios_put_refs+0x76e/0x860 [ 1960.285985][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 1960.291345][ C1] ? free_swap_cache+0x141/0x880 [ 1960.296270][ C1] free_pages_and_swap_cache+0x2ea/0x690 [ 1960.301890][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 1960.308041][ C1] ? tlb_table_flush+0x143/0x410 [ 1960.312973][ C1] tlb_flush_mmu+0x3a3/0x680 [ 1960.317549][ C1] ? __pfx_down_write+0x10/0x10 [ 1960.322386][ C1] tlb_finish_mmu+0xd4/0x200 [ 1960.326957][ C1] exit_mmap+0x44f/0xc80 [ 1960.331194][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1960.336028][ C1] ? __asan_memset+0x23/0x50 [ 1960.340700][ C1] ? uprobe_clear_state+0x277/0x290 [ 1960.345879][ C1] ? mm_update_next_owner+0xa2/0x8a0 [ 1960.351147][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1960.356331][ C1] __mmput+0x115/0x380 [ 1960.360407][ C1] exit_mm+0x220/0x310 [ 1960.364544][ C1] ? __pfx_exit_mm+0x10/0x10 [ 1960.369115][ C1] ? taskstats_exit+0x326/0xa60 [ 1960.373950][ C1] do_exit+0x9b2/0x27f0 [ 1960.378088][ C1] ? __pfx_do_exit+0x10/0x10 [ 1960.382667][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1960.388633][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1960.394939][ C1] ? cgroup_freezing+0x2a8/0x350 [ 1960.399862][ C1] do_group_exit+0x207/0x2c0 [ 1960.404434][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1960.409621][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1960.414822][ C1] get_signal+0x1695/0x1730 [ 1960.419317][ C1] ? __pfx_get_signal+0x10/0x10 [ 1960.424153][ C1] arch_do_signal_or_restart+0x96/0x860 [ 1960.429683][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1960.435817][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1960.441786][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1960.447501][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 1960.453032][ C1] do_syscall_64+0x100/0x230 [ 1960.457605][ C1] ? clear_bhb_loop+0x35/0x90 [ 1960.462268][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1960.468148][ C1] RIP: 0033:0x7f4e95375f19 [ 1960.472555][ C1] Code: Unable to access opcode bytes at 0x7f4e95375eef. [ 1960.479566][ C1] RSP: 002b:00007f4e961c40f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1960.487977][ C1] RAX: fffffffffffffe00 RBX: 00007f4e95505f68 RCX: 00007f4e95375f19 [ 1960.495938][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4e95505f68 [ 1960.504065][ C1] RBP: 00007f4e95505f60 R08: 00007f4e961c46c0 R09: 00007f4e961c46c0 [ 1960.512037][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e95505f6c [ 1960.520085][ C1] R13: 000000000000000b R14: 00007fff82c72020 R15: 00007fff82c72108 [ 1960.528054][ C1] [ 1960.531294][ C1] Kernel Offset: disabled [ 1960.535607][ C1] Rebooting in 86400 seconds..