last executing test programs: 30.035438202s ago: executing program 3 (id=389): memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01090589"], 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r2, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) syz_usb_connect$cdc_ecm(0x3, 0x78, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r3], &(0x7f0000000400)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x8f, 0x7f, 0xa, 0x8, 0x88}, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="8058657e0f76b068684fdb32d37ff06b46c1238a364048601d68f4a526258771c907875aa6c7e50163a718741fac1cdc5fbbc9d41e39fa9e6d4322ef0b4b2814e556e4c00ebb0ec8bf23d547406551928a0fddafff7c4788fcd9c1c258a0e8c89d6038ae3caca5f6b79bff892a98f18d8c2340699782f4774f66302f05c4918d0df272427904968902994c8938e82d83b9f21ede4d9482044d"], 0x2, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x287f}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x430}}]}) sendmsg$nl_route_sched(r1, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000009380)={&(0x7f0000000000)=@deltfilter={0x34, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x0, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bd6efb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x0) r5 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) io_submit(r6, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x5, 0x0, r5, 0x0}]) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r8 = fcntl$dupfd(r7, 0x0, r7) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000700)=@urb_type_iso={0x0, {0x6, 0x1}, 0x7df, 0x22, &(0x7f0000000540)="f860634e813c212fff34c8e298481b0a25de7109e4d7c46fa43787446534cbe3e0cebf04b893d5bb4a2cba2e987172f4949097d0559b418cdd7d0fbcba41f0ff042be61b3c62272db0455627b5c37e67d433c4596168bf26f10c7c4d9b521a6e38cc4f39620e5c101f356b1a36522327b6a7d8dad318d469d22f3893f200adafc3076f7fa4ece7274ddc174462c2b8210c713b9796dac4134221b32b96abfe367180248794a63805c5a1487a2c489b01c7237bcead95476077f59044f9b3ca9e03aecce0df53f75db4bf851d49df3fd71c01ac556110460372fa8d426b001462db3d384f4ce2ccdc04ca7a0ceaed7bbf5eec", 0xf2, 0x9ff, 0xa, 0x18, 0x4, 0x9, &(0x7f0000000640)="c9f9ceea6a113980eeaebb36ece951fdab2e86159f344db1d84e3749f7e3d7fe24d952a396b3bbcd46dba75efb84a20c1f4a0aabb3e993b43b38e10886451ab3654710c6159238e9bb3a50282eca677e09cebc1b1f16027440cd62343f692d01e197e0555997b812ab8eda5b07b443fd04ae413ff5cb9e925b2c7e527949dfa0fc41dcdf8343f8dbc5660f715d8e257762cbb75d4831f8ac", [{0x10, 0x5, 0x401}, {0xff, 0x5, 0x5}, {0x6, 0xfffff000, 0x6}, {0x1, 0x1, 0x9}, {0x3, 0x8000, 0x5}, {0x101, 0x5, 0xf42}, {0x8, 0x1875e32, 0x9}, {0x6, 0x9, 0x2}, {0x9, 0x9, 0x1}, {0x2, 0x7ff, 0x3}, {0x8, 0x2, 0xac}, {0x0, 0xfffff800, 0xe}, {0x7, 0x7, 0x8001}, {0xfffffffe, 0x3, 0x80000000}, {0xfffffffa, 0x40, 0x33}, {0x3, 0x9, 0x1}, {0x5, 0x80, 0x4}, {0x3, 0x7}, {0x1, 0x0, 0x4}, {0x7fc0, 0x6, 0x6933}, {0xe, 0x6, 0x10001}, {0xc6, 0x3, 0x7}, {0xfffffff1, 0x6, 0x9}, {0x40, 0x4, 0x400}]}) write$binfmt_script(r8, &(0x7f0000000880)={'#! ', '', [], 0xa, "919334ade454f54e145a67cd9d3d212e1bcca847a7577c51bc22949441183dea127cdc438de2a015a90e20f267d84651ce48b46f349792f6e48e8ec0b56f56be0bd1a41b60f9cf68e1135738aef4582e4d3b79164843f935844e34ea43c5d16c89501174dfe6e34c4ddf45a92ace0226792255bf6341d72c0fa43fa1ea3c6be1f3b2567443531a6e8d15c28b1e33bfa9f8fc52a29381cb27785405bc5838393ae7ff0694f8b8028de99f6743868d1e807a4a8cedd077484b25"}, 0xbd) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x1, 0x80000) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff00000002000000", 0x57}], 0x1) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581d3"], 0x0) 29.835669657s ago: executing program 4 (id=393): socket$packet(0x11, 0x2, 0x300) r0 = syz_io_uring_setup(0x4f1f, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000180)=0x0) syz_io_uring_submit(r1, r2, 0x0) io_uring_enter(r0, 0xa3d, 0x0, 0x0, 0x0, 0x0) 29.762447913s ago: executing program 1 (id=395): socket$packet(0x11, 0x2, 0x300) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x4) umount2(&(0x7f0000000000)='./file0\x00', 0xa) openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x101000) syz_open_dev$video4linux(&(0x7f00000000c0), 0x7, 0x0) socket$packet(0x11, 0x2, 0x300) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/wakeup_count', 0x2c0, 0x102) openat$vnet(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x4, 0xe7142) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'ip6gretap0\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x2f, 0x0, 0x0, {0x0, @sctp_ip4_spec={@loopback, @empty}, {0x0, @random="496e8a70920f"}, @esp_ip6_spec={@mcast1, @private0}, {0x0, @random="19dd7cf0e8b6"}}}}) openat$sequencer(0xffffffffffffff9c, 0x0, 0x400000, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x64, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x1, 0x0, 0x0, {[@sack={0x5, 0x2}, @generic={0x2, 0x2}]}}}}}}}, 0x0) 29.687657141s ago: executing program 4 (id=396): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa158f35f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d09dcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000280)=0x40) sendto$inet6(r0, &(0x7f0000000240)="c4", 0x1, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) (fail_nth: 3) 29.128161398s ago: executing program 1 (id=398): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0xcc, 0x65, 0x8, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffe0, 0xd}}, [@TCA_CHAIN={0x8, 0xb, 0xba41}, @filter_kind_options=@f_u32={{0x8}, {0x2c, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x67}, @TCA_U32_HASH={0x8, 0x2, 0xdb87}, @TCA_U32_CLASSID={0x8, 0x1, {0x5, 0xe}}, @TCA_U32_DIVISOR={0x8, 0x4, 0x84}, @TCA_U32_HASH={0x8, 0x2, 0x5}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x64, 0x2, [@TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x4, 0x80000001, 0xee31, 0x7, {0xf9, 0x2, 0x8, 0x1ff, 0x7, 0x4}, {0x5, 0x1, 0x1, 0x4, 0x4, 0x2}, 0x1, 0x1, 0x7fff}}]}, @TCA_BPF_FD={0x8}, @TCA_BPF_POLICE={0xc, 0x2, [@TCA_POLICE_RESULT={0x8, 0x5, 0x6}]}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0xcc}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf, 0xb00}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 28.893225286s ago: executing program 4 (id=399): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x610, 0x420, 0x338, 0xf8, 0x420, 0x0, 0x540, 0x540, 0x540, 0x540, 0x540, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x28}}]}, @HL={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0xf3dd}}}, {{@ipv6={@mcast1, @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x670) 28.740110375s ago: executing program 1 (id=400): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x3}}}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a00000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 28.492807042s ago: executing program 4 (id=401): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7206de01020301110212"], 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000400)={{{@in=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x6c}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xffffffff}}, 0xe8) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000000952301090224000100007e000904340102d469e70009"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000000003f) r5 = dup(0xffffffffffffffff) fallocate(r5, 0x10, 0x0, 0x80400) openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x6020) r6 = fsmount(r0, 0x0, 0xf1) mknodat(r6, &(0x7f0000000080)='./file0\x00', 0xfff, 0x0) execveat(r6, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) preadv(r7, &(0x7f0000000180)=[{0x0, 0xed}], 0x1, 0x6, 0x6) r8 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0x77, 0xc, 0x40, 0x9c0, 0x203, 0xd332, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfa, 0x10, 0xc9}}]}}]}}, 0x0) syz_usb_control_io$printer(r8, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000800)=ANY=[@ANYBLOB="400d01000000de78b451e214871dd2ca34d92a5e976b7ae518247133473d461c374b409a9e18fd69909219647ef0923a8d11a783b6f581a520837641cce532aef5cb6a01d5b237c27ac44be6015f72b1f7"], 0x0, 0x0, 0x0, 0x0, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x84580, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x670, 0x5, 0x3b0, 0x108, 0x1a0, 0xffffffff, 0x108, 0x108, 0x318, 0x318, 0xffffffff, 0x318, 0x318, 0x5, 0x0, {[{{@uncond, 0x0, 0xc0, 0x108, 0x0, {}, [@common=@inet=@ecn={{0x28}}, @common=@ttl={{0x28}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4=@dev}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x318}}, {{@uncond, 0x0, 0x70, 0xa8, 0x0, {0x0, 0x4800}}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1c2, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x410) 28.334451107s ago: executing program 1 (id=402): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a33", 0x10}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @loopback}}}], 0x20}, 0x0) 27.896637527s ago: executing program 1 (id=403): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) dup2(r0, r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x13, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061118500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e066f30fa7c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r5}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000240)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x400000000000003, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private0}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x70}}, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x1c, &(0x7f0000000340)={0x20, 0x3a, 0xce, "2454138db53296d2860e74ba06e71d2d0412d54d1685d24a778e2a22c819423e21af226f4f675aea22c248a616ebca65603418a03387062f9ac7fd3c2eeda663c1d24b287fb7912e132cce0b915966974fae8622c933bb47d446c272ea136aea7658986bb007be308ea321f19c0d1042b8af39ee38a3beadd756039a46a901be09c74cc13a205f38e63d7345cd7810f1858446e98e675cdb91b8d59d00ee898bda470bbcc3143a9165436bd1c63db7906b76e6d8f616984be18c9a28ea0917c4fa4f9b66a75e7a7c04bd3d02e656"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x8}, 0x0}) fstat(r1, &(0x7f0000000600)) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f"], 0x48) openat$pfkey(0xffffff9c, 0x0, 0x84701, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x20, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 27.181553418s ago: executing program 3 (id=405): sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_io_uring_setup(0x79b3, &(0x7f00000003c0)={0x0, 0x0, 0x80, 0x20000}, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f}}, 0x20) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 24.637514627s ago: executing program 4 (id=408): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (fail_nth: 1) 24.619147803s ago: executing program 3 (id=409): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x530, 0xd0, 0xd0, 0x448, 0x300, 0x1b8, 0x5c0, 0x5c0, 0x5c0, 0x5c0, 0x5c0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@private}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r2) socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0x800000003, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r3, 0x6, 0x24, 0x0, &(0x7f0000002000)) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/notes', 0x200, 0x18c) r4 = socket(0x1, 0x3, 0x0) sendto$inet6(r4, &(0x7f0000000080)="7800000018002507b9409b14ffff00000200be04020506056402040c5c0009003f0020030a0000000d0085a168d0bf46d32345653600648d27000b000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0xa00000000000000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) ioctl$sock_SIOCINQ(r5, 0x5761, 0x0) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = dup(r6) ioctl$PTP_EXTTS_REQUEST2(r7, 0x40603d10, &(0x7f0000000040)) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES32, @ANYBLOB="0100000000000000000015000000400001"], 0x54}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r9, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x30, r10, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x48080) 24.065507695s ago: executing program 2 (id=411): r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106, 0x3}}, 0x20) syz_open_dev$vim2m(&(0x7f0000000040), 0x74b, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000900), 0x111, 0x6}}, 0x20) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f00000006c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x10000001}}}, 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x10000001}}, 0x10, 0x0}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) writev(r2, &(0x7f0000000000)=[{0x0}], 0x1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0/file0\x00', &(0x7f0000000340)={0x80041, 0x120, 0x8}, 0x18) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) write$nbd(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000"], 0x40) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000400)={0x0, 0x0, @pic={0xcc, 0xf, 0xc5, 0xba, 0xff, 0xc, 0x8, 0x4, 0x80, 0x7, 0x9d, 0x0, 0x8, 0x9c, 0x0, 0x5}}) add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) 23.890120511s ago: executing program 2 (id=412): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x3}}}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a00000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 23.727693385s ago: executing program 1 (id=413): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_X86_SET_MCE(r4, 0x4040ae9e, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4138ae84, &(0x7f00000000c0)=@x86={0x80, 0x9, 0x91, 0x0, 0x7, 0xd, 0x27, 0x7, 0x0, 0x8, 0x9, 0xa, 0x0, 0x7, 0x9, 0x75, 0xa5, 0x23, 0x8, '\x00', 0x9, 0x4}) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) r8 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r8, 0x0) r9 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) socket$alg(0x26, 0x5, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000280)={0x1ff}, 0x0, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, r4, {0x80}}, './file0\x00'}) ioctl$sock_ifreq(r11, 0x8943, &(0x7f0000000240)={'veth1_to_hsr\x00', @ifru_ivalue=0x80000001}) r12 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(r12, 0xc02c5625, &(0x7f0000000040)={0xe3d, 0x1ff, @value=0xdbda}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) 23.663018803s ago: executing program 2 (id=414): socket$inet6(0xa, 0x80002, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000000), 0x200142, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = socket$netlink(0x10, 0x3, 0xc) socket$alg(0x26, 0x5, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc}, @NFTA_LIMIT_UNIT={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @lookup={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd4}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a30"], 0x4b0}}, 0x0) r3 = dup(r0) write$binfmt_misc(r3, 0x0, 0x0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet(0x2, 0x1, 0x0) r4 = syz_open_dev$mouse(&(0x7f0000000100), 0x4, 0x800) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x801) r5 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r5, 0x3) r6 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r7 = accept4(r5, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f0000007940), 0x55, 0x0, 0x0) sendmmsg(r7, &(0x7f0000001500), 0x588, 0x0) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000340)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0xc0, 0x2, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0xfffffffd}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x7ff}, @IPSET_ATTR_SIZE={0x8}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xe459}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}]}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xfff}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x1}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xb}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0xc0}, 0x1, 0x0, 0x0, 0x20044010}, 0x800) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000040)={0x0, @in={{0xa}}, 0xffff}, 0x90) munlockall() bind$alg(r4, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x41) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000012000000080007000000ffff08000800ffffff70180001801400020076657468305f746f5f62617461647600080009"], 0x44}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004580)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) 23.561530706s ago: executing program 3 (id=415): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000280)=0x7441, 0x4) r0 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8", 0x18) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0xc0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000001740)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000100), 0x4) recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b", @ANYRES64], 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={0x0, 0x44}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x64}}, 0x0) mmap(&(0x7f0000b22000/0x1000)=nil, 0x1000, 0x0, 0x20010, 0xffffffffffffffff, 0x2c2c0000) 23.050050302s ago: executing program 4 (id=416): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xb0}, 0x9c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000004"]) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @loopback}]}, &(0x7f00000002c0)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f00000000c0)={r3, @in6={{0xa, 0x4e20, 0x0, @loopback}}, 0x0, 0xa000}, 0x90) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000080)={0x2, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_overlay={0x8000, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "26312dee"}, 0x0, 0x3, {0x0}}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x46032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000800000/0x800000)=nil, 0x800002, 0x18) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = dup(r7) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) socket$pppoe(0x18, 0x1, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000140a010800000000000000000300000308000340000000080c00064000000000000000050c00064000000000000000050c00064000000000000000030900020073797a3000000000080003400000000240000000030a01080000000000000000010000000900030073797a32e90000001400048008000240fffffffe08000140000000040900010073797a300000000050000000060a010400000000000000000100000208000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000000c080002400000000d140000001100010000000000000000000000000a"], 0x10c}, 0x1, 0x0, 0x0, 0x2000c045}, 0x24000004) syz_extract_tcp_res$synack(&(0x7f0000000240)={0x41424344, 0x41424344}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000009c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, 'v\x00', 0xffffffffffffff0e, 0x6, 0x0, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[], {{0x4e24, 0x4e22, 0x41424344, r11, 0x0, 0x2, 0x5, 0xc2}}}}}}}, 0x0) 20.137538945s ago: executing program 3 (id=418): ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r1, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={0xffffffffffffffff, 0x0, 0x47, 0xc1, &(0x7f0000000380)="3523678d1d7f98b57bfc481a30493a7e714953d5ef9f155720138d5f2fa8eeebe8629761ebf2d208edc683b0a66e0136bdc0c2882ea8c027d535f5bdde29f36a27d083650419f6", &(0x7f0000000580)=""/193, 0x5, 0x0, 0x74, 0x99, &(0x7f0000000680)="3e2e4858e7a7bd289f0e5a6da61ad2c72064027b10568baf045ab8a799f8f35d605592e5a9eca548fd4a99df9f9f44cccc8d20179194ec1cd8d870dbe8e05d4356a7dc54eae26eb673eef8badc7004081fe4b74b6226a16bc4d5abeadc9737ea54741a829c13b13b5bccd858671d23ca76a9a795", &(0x7f0000000700)="908fd10238171b9606e4f4adf10f8a95c50710f39e4d53520181d0358768b4f21aeffdcc025b6e8efa80380855d2e7d22e20a6e1d81b295f81d30803ac517f3ff56ed754fde687377c3abc2c42f3969047386e2903103f20c80706a6d6d0bf1f2dd464cd489bc658bdbd736acbb99fd0310dbbd54b823967dd1ee4cb7e694dc6317932deaae4267ef05c2636f3550a365f3d3e937f8ae05706", 0x0, 0x0, 0x8}, 0x50) connect$l2tp(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000004b40)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffffa1, 0x0) sendto$l2tp(r1, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x8, 0xfa04, 0xc8, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xc8, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x7a}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278) socket$inet6_tcp(0xa, 0x1, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x60) 20.096520584s ago: executing program 2 (id=419): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/17, 0x11}, 0x2}], 0x1, 0x10002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000400)={&(0x7f0000000280), 0xc, &(0x7f0000000540)={&(0x7f0000001340)={0x1288, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffff80000001}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xf}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}, @TIPC_NLA_NODE={0xac, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ID={0x7c, 0x3, "c592296fa819e292ef1c2c99cf130d9833437213b86392561362edb51d92282cfc0bf4d71e40ebf036e54948197821d695b07a4f635ac69c1345cb6f3606917b8858a51ccbe97fc95eb3d3f93405830ad814be0ddf44027d23bcc69e008858c0e6dae7d20a71bf8b0b3bcde072a4e9fbf765319854c872fb"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xa14d}, @TIPC_NLA_NODE_ID={0xb, 0x3, "6a2a3894a8b11c"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2000012}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}, @TIPC_NLA_NODE={0x111c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x46, 0x4, {'gcm(aes)\x00', 0x1e, "77c5bf9e6da0ed25fdcd77d93a89a8776b1075439220d11baabad974390a"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_ID={0x1004, 0x3, "a7bd9265bf8dad80bd951b64431712b6766b00b30bb81952b08af235f427fc52b692f0959fe5f2f0b65c288d8081df36e81265f96aca9394a24837209c5a17d4abf0fce1bfa1eec1e0a9ae1528e1b2839fcc93e63a1c46b536cbeb6c89557087e99ff099d491f51f61267a37701684806d1925f227523a369b448933e0748aaac73cf0deba0a88d991835bddb3e35af78d3372b0d13f2394594a5971ba2067586566e3ad5d4fadc8ddef5c763e9ed91b0c1a154485ef000a9eff4a2d667f121b66da1c2980720e0002a2fc51b6589268958245cbeeb02fef5c4435fa34c5718c5f0e5c8fd2bf1bf1dd6e111535512a4602051f3c5db3ed8800429628684ed201cdfdc5d1564b96b4714aa9baedee35b397220df5bf8529c1c58805516bd4939a0f1b88cc9d8b8277058383273a7831d467749fcfdaa26215ac7dfa2915d842c611d0e5706a2a569fd06f28a9c586560e3adc8951a9319d5b9ca58465bf6b78512497853fef1fd328207dff8dd9302a77f213d8854186ade4bfb0d539f074806dccd61bdd3d4206743864b93992f3a9655230777494914ebf96c8f4ab1a882d39591650b0cb4ee700fb80ec79a378e6c0c7c8025e1f9dcef67704d9c845b522b30d98186484d089474fbca5041f74fb1d544ce65cd7c85f6edff7dfa2ba865cc2df5b42e4388f9e54ed2abb0f34be6de9f86f849f21f390369c9848854f3fd7c8863d59701b8648fcd0d491b2e66e8734d3d75c3016d3a2bf9b3388d4ca7cf4dce9fef1e254751fd7943668e14933a07887f5d465549e4cc4ef4ca6c7b94d37c4e0eb6ec0674e3fb7f7b7531fce1a9a4bb4c4e64515e8b6570071e4f608e36dfecccc4248de57b25af1b80ac77dd122eebc254b91f7097284b213b3f4b5d582e00ae2a8776a33766440e73e55bacfab698032cf85a8d1d7a8bd6f855693a9c854564e12361683522f6944dd1c8dcc0bcc05ecfd8acc11041ecbe7ec75cf13ffcf60b861d7ef15bd301cf23c49deca358fcc338a3fb6be07248bd9f08678aa1fc359442aa0665fa2f0f13ad49385147de9f5520b13235c23f79f479c762f9b16d34fdb1de1efcfbb6d25f80e8724295be4e29b81df5f1b90e7fb1a02f831f98aee0ff001dca325d3a56298843e2d5ce58a5f2ecae09384647c1bc9309ca6bbbfff87e385a6246f902a330162dc19e39439ca0028cc7454d740fa8ddfbb6da11b68487a953c90ab9c27a2a92bd1e43d970420d9c202ce081877e3f709759b106c310945f1e81c7a817807363aee6ce7a9ea55a9b28319cc4923e23b10532efd96bc3965a33ab0fe70a818e6194adceab80231e0a0bb68b4deefd5edaa9d88051d30648b2ceca9a03a259bcb75c5a5f98bf1e2383da25d9dfa7ce0f22b2cbd5f380265e711c782bd323f8945128379220f71f4d0b9bf32b51e39b9e6e6ef1bb34dd7004502d6620a5c1f788bc03fee165cde9b52393d7fbec53372ffc0543c46dc697cfb0006b0e963e0a3a01f216d2d16de3bf54cd8a50293b29c413a3ec58a1ec5e5a213027031d952a7d7d8655a13a4b86f0b83a69ab4a62cc27b86b11cf0ac1a7724704353bd51a7148b40c62af5d6ef40a5abab0f336b385a2a7ef64ed91a810311bc1777eedfacad4bd853a83c89f327deaa4687693e71c4aefef33ca3ab8ad5c46a19d2598440db365bdf6dc9484a801fabb92266557019fcdc222e49e884cf74297e131a0fd0a8dfb5276faaf4da55af1c24f51c24ed384fbf2a9a28da95d48bb0a7d6d4023b641e47e6fc68c8b835356db9985a65f0af0e9ca62d427766c00607d04285e5887e960374bc278053c4fdcfcfe86629280664008f52eee5bd96fc2929523ceee226ae489f1f72d5a89d063bb7c4b70eeeb9942798cc8cf170236696b33848f285ed71d5c05343731417f0b6365e93297899434e080171e6f3938ced72755622cc25d102aada78d58fb6f903cf5fe4a44cc2178372bfb5e4e5df41824ed0e3d8ced0df69ab5233637aafcdf24f9bdc6bfb75dee77e0e683c10d7ac84ceb617937172278b17d7d0dd758afd91de6ea9997ecebbf2c981893291c5155c3c65be8ef71945cec160c54e085d9276f8872b92f2c7b1555138dbdcfe1f4697399e77942c23723d2b114312303e860fca741ff8e477757276e39225011ed96f1db709027dd6c8597890e544a94760c270842175ba7628348b7ad957e4def0ea796f228bc4f47c2aa689dde0c8f5d39e87c64db9cfd451da06fe57753b90aecebd74f7f69734cc17a1badcfee540dc25c9685681ab6cd361f173a01a735a19c71841bbb2a10359833d1e5d4f8246cdc96c303b8a94cbe6253ff1b7e1518ab7ffb3b9c2c448ede139f19fd6931fdb2c1a2850649675100b1d2e3571f8481dc3d06281742e12d24d434292b221ab1c5a531f835c4455edf8d8a80883eb5499fb41e49bbf51ae090e811cbe5778723770c16c6fd1f7e922983c1c9a7a46511a1aa9eee666d7403ea004fe8ec2ce03dcca8c1ea2dce859da216679cfbdcde8f4a99fe123f860d31ad254e0402cdda521ca9392830c791c7ab3eb87c27869141d70dfd58a94f11d9a2b50a3366eb4ad93fa14e095940fc413b3a7c4cf6473b454a57b745cc8891dee1c37d76fc710ab71fd676717dae7a5a6d07244e33142bfeb48ad674f4ddfff426f471d18f3f3df712ae9b07f6ae4b90604e9d52b041ae67e6ff61ca81f1db042148544b2c7607e58c56ec36bc7b17edc1479057d9046b78671df527043ea83e7e5cb7172a9860f39d3f92ff6aaecc755205645b379a6b53809cdc975a5296927efa3b320dd13a14d9dcba1c8400b14c68d8041d1a33d58b4b9be924f489fc7c88b448f50fef5f61f0c6944ca51614c1f251e1267cad3a6b061984236354d5a8066383d49ac3358e685870d8abd762e8e0c9bd66972bea2bb7d06f8501104936248744b4d1181c7a6946866001d86b9cfef7d897f126cd4f32a33b35729c0333650dfb808e194b13a6370ef9454ac009260921b6a94c82e85e01a1e701957be6e0049032a28db8920adb83189c408552877fac1f770d7d2d05ba359d30b2fd83630ab73b30bcc10ba1df6bc6962eef2011d1b849c2803f02d2783e2bb625fe64bf4b634e17c768794ab3a48a9f1ef565648d63f118d1de02901ec3aeba94cf021d85d74a203fbec820176fe04ff39f4504c2f956b022f9d584c5184648d88f9f5ff7e201765c31884cfe10ff7e5beafd3e6ba7a00494612b9f06febb8f863349a6367b0c58876ef0004801c9f7a8b3b53580e40c13500cd53286a23ccdb6c7f3c10295a2de2e5f5137ce976ca48fa262b9e640fc694639be14f824fcdd75dc459d3ee0b4b4e16489e8049d68f3f829b549dcaae76d6ca885ad94493e7f428c7d2e740d248473aeaf818729e2bea35d17159870c7b943cf8fa008343c57ae2a281791a302fab1d6bcce53b39ede3cf428cddf57ad726c021b635925385f37fdc0e39f48a4bacd474ee948e9abca20805b7bd399966243c61d041128a9688f132c59e65ee33056c8f0a12b16ca4cf6252f40bae8978bde97a5b791e1e1d22af7c09d691e25ccb818763c710bd4b160b650e6f04fcb15e1c498a64215252e169a5949e572c23875880e6b31f6595a5c0b954f0a81b2a6b3daef9cdcdf5c1c8e4b22af60c2f1ed4d64e6a1ec93263d8f0320dbd52fbfd6a3a99aed20f38be6a10c2b26f2db50dbb8b82a84b944ca02f247cea78e656d61ef4c6a936c37f0bdd9903028dda145aa92eb10ee2e7cf515d23b7d46dbdaa4506eaf567ff11c3af307d971ae6a5d51dfc5be38c626784604c34b192fe029a429c7f119500989363ae1606936b96fd5b6bd8fa84262526a732f3123da1555e1f14da595409b3ffb41461770501c063c141ad5c0f88729b4e9edd1aa9c05f5c5f0bd83ceaae6c8577d3a899829f7e629445cda497523588800b14b199245a2d0a5fbcaeafe6a9cb1faafc5759c4a4e67927e5b0f4c5acca444237c0ee6ade69b941688281d2ed0a0ee195e291b2654b1e2558c0b06fccd2f5fbbd34ff5a8c77324d722f9bbca22ebfecd2e5328bde6a61c182bf6890e1061e7d19e3a96cea2efe54ce457217364c450463bfe05229abde4d0ef5cb2a5262f99718ed5b10ce9c495b7682d97806b4abbedd5fc8fec8eb8c2afbfe725175dc0baa56a9367ff66b6980983d320fb2345bbe118e84800a4ee859e51d91ded628d2e6496ba35e190cd426f433d4c9ba0c1bd0f9c5f97d749da659ffd372c7a7dfeaeae6d3d18d0d3cf7fd39a75c92cc381630405e93c4f08f087d76a42126e859684716347677195688556684da2aa6bb7b00e822eb8eafa6d9ded3aa433e80666e27b0b314925d0a0ab589b5f1074f42533574fd5e5459116f26d07395333e92da713489ed403bde08089fb439ce8ee9f4a577c60a903ce842b3d5d5f6ab79ee44cb51e05537878fc87d0a0d238ae334e78823ae8200980db557d4b5f8927cccf106bdb8b0886d53171cfc08c3981f142bdd4a43e46740ed711fa9e1a1a3ab6a8c9bf1ea1d1afac555c7c3aad0818a34461b6d091963340427f4034088c65c5263803bfb066bd7e16ddc208e54545de2056ce94bf97e7274b603d70316bb980b693e87ce33b728b9a3914f66d3838b570f678200ba76632b3953e0c60ac3172c854be2d35d965e332b878e0ba5bab94b077f4daaa00d7575c1614febaaff514ded6e1225c441edcebbb43828b4f73d357bd09fb6b4d5f61e4bb811983e64a39de1304f1dbdbdb1b91d4763bb2201b8b666830ab6296ba2d024d6ad37066f570ff5085710eb65be4748ff6284bba07798984022aaa4f91d01b7ae2effd2cf5527761f4811196069524f1ed95687e69c8aae87e84f6a15d38c786fdcac778f6a150fe811499e70df723ae44f449d43d16b565e812375fb845b87d8872c3bb287a8b160ff167503913258f6397657bf13a156c63f1b4d3017b52e7bd2ebb9a7b7577a1e59455cc81bbbcf2d85b17c1c6f43ca469e4fccfba2b5e39f90c2b7485f97026610b87fb0e1ccacd19113d5bcf872eb96d9665468e4468c11a51fea7ce28c3151ebf108ba19499cb69524b4640b6c1de7340ca238de9428ba88aaf05cd6271f61a37043c212ee1c85606e2b0a9dbace228fe3e1ae4db93693eb84e10a5b21fe7db7812d42c12b258a5a8761ad2ad210dd2b429e9a0b98251ca9a5c23c07e6c048f4373d020428b6406420072112a85ceb1da6667372d87820916f89c67877fbe210d58fa6f4db941823167b06785fba87af1cdada5821260fba46f017311537a73fd65bfd8b4cd992e5aab61ee76f30d50e81160e11478a2dab3108d38c05a8147eefa3bb832ed22b849583d9bce234c4623ead9db58cdb780e26542786fcdebb30bc69c7c1f87ca7496043417da6b36f6f291bb4b509c1b0121ada310f5cf32692e0d22b495123aca0fa74485ee8f81b9de4707a2ed04c73baabdf4c7075aba5b668c4cbf2822578205b2d7cb3e58fa1625ee6a7ee4b41fd4c6b3242372206b0f5ec793fe17941c49f913f9b5563a14b27588ea2b8838d75750586b2fa18412302f0838c69c64c5d455e9c007182b65ffea80d33214fe0c8d9a285abbef3d9ac08da64172c8f1fdbdbb370427ddffa05983a40327718b2414f2a85d2166d6811979a819921a121889476e667afca555a52e3d078fe43fb0891b77a0c455d8e79e628e18060606564843318a55e3a8c9063e9057747fc9eafd8fc24eeeecbca460d01ae8c10ef702abdac"}, @TIPC_NLA_NODE_ID={0x64, 0x3, "dfa6b8ee2248d003d48513caea2e06b285e52dace70efffa2669d9eed366223342e010e9e178cdf59859a12b9fd8075260faac8b36fdfdd22436c84f903abc4af583636680d622b63ad8a48d13b54ca059e20fc8739a1dd21122272bb522b8e0"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "8c3d2f12a8ec543a22992a6a911e18ff752fa42862209181d50835ba732891e45acf42"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1bf}]}, @TIPC_NLA_SOCK={0x28, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xff}]}]}, 0x1288}, 0x1, 0x0, 0x0, 0x44000882}, 0x810) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0xfffd, 0x0, 0x0, 0xfff7f038}, {0x6}]}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup(0x30d0, &(0x7f00000000c0)) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000240)=0x40) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000300)='\"', 0x1}], 0x1) 12.699310575s ago: executing program 2 (id=423): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newtaction={0x54, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x40, 0x1, [@m_tunnel_key={0x3c, 0x17, 0x0, 0x0, {{0xf}, {0x4}, {0x9, 0x6, "13885b9622"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 12.697938512s ago: executing program 3 (id=424): r0 = io_uring_setup(0x7, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x40000}) io_uring_enter(r0, 0x0, 0x54aa, 0x5, 0x0, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000001c0)={0x20, 0x2, 0x4}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000080)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "147cedad"}}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001600)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000600)="ef", 0x1}, 0x68) r2 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='#(:.', 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "c04d831721b66c43", "7e50992d53face4acb591d981848b3d9", "a7844c4e", "6c25c0284645e18b"}, 0x28) setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000000080)=0x1, 0x4) r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='#(:.', 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000040), 0x2) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r6, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r8, 0x40806685, &(0x7f0000000280)={0x2000, 0x0, {r7}, {}, 0xfffffffffffffffe, 0xffffffffffffffff}) sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000180a05000000000000000000070000070c00054000000000000000034c00038008000240000000060800014000000000080001400000000008000240000100010800014000000000080002400000008008000140000000000800014000000000080001400000000008000740000000030800074000000000cc000000080a050000000000000000000100000308000a4000000000b0000480100001800b00010072656a6563740000100001800b0001007470726f78790000100001800b000100736f636b6574000048000180080001006e6174003c0002800800034000000001080007400000000c08000440000000090800074000000020080003400000000b0800064000000012080007400000000034000180090001006d6173710000000024000280080003400000000d080001400000000a080003400000000308000240000000031c0000000b0a0108000000000000000002000006080008400000000084020000020a01020000000000000000030000040900010073797a310000000089000600e237502c7f12670d2dc8362ac18ffcaffbe60f4b1f76e40126cad8d379af5e0122d424a53fadd2de5f0f6b18b9bac04241f9d446c603698c40ac63d24016703d115a6ca89ada28d56d56cb4e9adfdbeb4f208928ae0dca09a3091a9d91dceac10887d323056bd416b5dd246d6fd0a1fe02ce7d1672e19432eae13f57515b05c8514e4d5b7e000000dd000600337f496149af294c9f1d563655f600c3e76db339025734430998585c02bffed77d05421e1e5614a82db965005d56c2356d4b29f094774561037fbd7e3c28248d3600419d61c66b9f8717e4531868e5939b350cac2e10bb27f5ee8a381f9d6f06df5eaf8997d0915282e82787e040513e2427ddae43efde16a4beb02ba303831330d46eb37b2e8dab36ce6b67ac6a43581cb64c42657c283c04b07fffcb0f84197e4ed126e2eb0f25c6e1172ac28c682cd03ce109c90c8c60fa256d7ff9b6d80e3277b0d9246940b8111ab0f916b7c9c1843873a4e000de5aff0000000900010073797a30000000000900010073797a3000000000c100060001d500d83264c31991e30652db296f0f4760a1ddb9de58fc1928c58a07cc40fc18fa5b1526827d6953ba1e63a1d5721eef6bce76a2dfca00649ecf4c9e8092bb4746641f3fe51404062ec21f24204e59dbcff8b21d6f33048cd0802548a7d2b7664a905f535da9e3e1750466dd5eb1a7a426f95d64717812a547730e777374a1bd304fced8944d70fa1a9078c9e803e25ace8f82d99c0cdecf6bc0c79f5328e13b6f94bd03b1021f75c7c89de96f2a36dfb8d0570917fefa493e0091330000000900010073797a300000000008000240000000000800024000000000cc000000140a01030000000000000000050000040900010073797a30000000000c00064000000000000000040c00064000000000000000010900010073797a3000000000560008005e7e7e2c5efeb5d360e56cf1ec1f83c24e6b8ab8451a549b870c04aff9f4c93a2a833132a2a669d285502764c06159bea3dba78b4fe23d279274e91434bbb5c26d25a36fa3eb66d2fc23898caeb5b60209fc00000c00064000000000000000050c00064000000000000000050900010073797a30000000000c0006400000000000000001140000001100010000000000000000000200000a"], 0x4dc}, 0x1, 0x0, 0x0, 0xc0}, 0x20000800) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0xe}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x8}, @TCA_FQ_PLIMIT={0x8}]}}]}, 0x48}}, 0x0) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x40, 0x0, 0x0, 0x0, 0xf, 0x0, {}, {}, {0x0, 0x4}, {0x1000000, 0x0, 0x8}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8e, 0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0xc}) 12.302963051s ago: executing program 2 (id=426): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7206de01020301110212"], 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000400)={{{@in=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x6c}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xffffffff}}, 0xe8) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000000952301090224000100007e000904340102d469e70009"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0) r6 = dup(r5) fallocate(r6, 0x10, 0x0, 0x80400) openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x6020) r7 = fsmount(r0, 0x0, 0xf1) mknodat(r7, &(0x7f0000000080)='./file0\x00', 0xfff, 0x0) execveat(r7, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0) r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) preadv(r8, &(0x7f0000000180)=[{0x0, 0xed}], 0x1, 0x6, 0x6) r9 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0x77, 0xc, 0x40, 0x9c0, 0x203, 0xd332, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfa, 0x10, 0xc9}}]}}]}}, 0x0) syz_usb_control_io$printer(r9, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000800)=ANY=[@ANYBLOB="400d01000000de78b451e214871dd2ca34d92a5e976b7ae518247133473d461c374b409a9e18fd69909219647ef0923a8d11a783b6f581a520837641cce532aef5cb6a01d5b237c27ac44be6015f72b1f7"], 0x0, 0x0, 0x0, 0x0, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x84580, 0x0) r10 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x670, 0x5, 0x3b0, 0x108, 0x1a0, 0xffffffff, 0x108, 0x108, 0x318, 0x318, 0xffffffff, 0x318, 0x318, 0x5, 0x0, {[{{@uncond, 0x0, 0xc0, 0x108, 0x0, {}, [@common=@inet=@ecn={{0x28}}, @common=@ttl={{0x28}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4=@dev}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x318}}, {{@uncond, 0x0, 0x70, 0xa8, 0x0, {0x0, 0x4800}}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1c2, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x410) 12.050214469s ago: executing program 0 (id=427): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000140)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff0924031300010005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0) getuid() r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = io_uring_setup(0x86b, &(0x7f0000000680)={0x0, 0x0, 0x100}) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCSBRK(r4, 0x5409, 0x401) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000500)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6f0765ac61f8a91acf0195abc177e56cc91a9c11ccf95d2a58de5494e66cfa1e758438ee4bb163ee05927e551e4d05b308a0eb01cea0e43", 0x480}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYRESOCT], 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) accept4(r5, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(0xffffffffffffffff, 0xc008551c, &(0x7f00000003c0)=ANY=[@ANYBLOB='\t\x00\x00\x00$']) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000002000000034000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f26019e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22e9bc162bcc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd80102fc9ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b639767c609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb083fb0a7e607452d8d335fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f64949680000000000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) setsockopt$packet_rx_ring(r1, 0x107, 0x5, 0x0, 0x0) 4.705573202s ago: executing program 0 (id=428): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000280)=0x7441, 0x4) r0 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8", 0x18) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0xc0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000001740)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000100), 0x4) recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b", @ANYRES64], 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={0x0, 0x44}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x64}}, 0x0) mmap(&(0x7f0000b22000/0x1000)=nil, 0x1000, 0x0, 0x20010, 0xffffffffffffffff, 0x2c2c0000) 1.283724704s ago: executing program 0 (id=431): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8c, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x7, 0x2800, 0x9, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}}) (fail_nth: 2) 800.494325ms ago: executing program 0 (id=432): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x300, 0xfc, 0x3}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) (fail_nth: 3) 281.311302ms ago: executing program 0 (id=433): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000000200)=0x7, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) keyctl$restrict_keyring(0xa, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, 0x0) r2 = io_uring_setup(0x734a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfffffffc}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}, {0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}}, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r3, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r2, 0x1, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r6, 0x3b87, &(0x7f0000000140)={0x18, 0x0, 0x0, 0x0, 0x2}) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r7, @ANYBLOB="05003400000008002600c1160000"], 0x2c}}, 0x0) syz_emit_ethernet(0x82, &(0x7f00000004c0)={@local, @random="c4bc9cac9686", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x4c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x13, 0xe2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @timestamp={0x3, 0xa, 0x0, 0x2}, @sack_perm={0x4, 0x2}, @sack={0x5, 0x6, [0x0]}, @eol, @window={0x3, 0x3}, @exp_fastopen={0xfe, 0x8, 0xf989, "d463e2c4"}, @exp_smc={0xfe, 0x6}, @mss={0x2, 0x4}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0) 0s ago: executing program 0 (id=434): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) kernel console output (not intermixed with test programs): e_sys_ioctl+0xf9/0x170 [ 133.873047][ T6049] do_syscall_64+0xf3/0x230 [ 134.028782][ T6049] ? clear_bhb_loop+0x35/0x90 [ 134.033478][ T6049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.039382][ T6049] RIP: 0033:0x7f83b377dff9 [ 134.043808][ T6049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.063431][ T6049] RSP: 002b:00007f83b4613038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.071898][ T6049] RAX: ffffffffffffffda RBX: 00007f83b3935f80 RCX: 00007f83b377dff9 [ 134.079910][ T6049] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 134.087906][ T6049] RBP: 00007f83b4613090 R08: 0000000000000000 R09: 0000000000000000 [ 134.095898][ T6049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.103873][ T6049] R13: 0000000000000000 R14: 00007f83b3935f80 R15: 00007f83b3a5fa28 [ 134.111865][ T6049] [ 134.147221][ T5253] Bluetooth: hci1: command tx timeout [ 134.385500][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.393239][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.421694][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.476642][ T8] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 134.496489][ T5253] Bluetooth: hci0: command tx timeout [ 134.509737][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.522238][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.555506][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.637984][ T8] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 134.682922][ T8] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 134.698194][ T25] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 134.706045][ T8] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 134.727471][ T8] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 134.746700][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.757633][ T5975] hsr_slave_0: entered promiscuous mode [ 134.771005][ T6053] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.779395][ T6053] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.784808][ T5975] hsr_slave_1: entered promiscuous mode [ 134.794596][ T5975] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 134.799760][ T8] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 134.811473][ T5975] Cannot create hsr debugfs directory [ 134.876651][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 134.905547][ T25] usb 2-1: config 0 descriptor has 1 excess byte, ignoring [ 134.927270][ T25] usb 2-1: config 0 has no interfaces? [ 134.950854][ T6041] chnl_net:caif_netlink_parms(): no params data found [ 134.967069][ T25] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 134.986599][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.999550][ T25] usb 2-1: Product: syz [ 135.003788][ T25] usb 2-1: Manufacturer: syz [ 135.009911][ T25] usb 2-1: SerialNumber: syz [ 135.032622][ T25] r8152-cfgselector 2-1: Unknown version 0x0000 [ 135.041060][ T8] usb 1-1: USB disconnect, device number 17 [ 135.052003][ T25] r8152-cfgselector 2-1: config 0 descriptor?? [ 135.105619][ T6077] FAULT_INJECTION: forcing a failure. [ 135.105619][ T6077] name failslab, interval 1, probability 0, space 0, times 0 [ 135.137623][ T6077] CPU: 0 UID: 0 PID: 6077 Comm: syz.3.213 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 135.148293][ T6077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 135.158388][ T6077] Call Trace: [ 135.161711][ T6077] [ 135.164681][ T6077] dump_stack_lvl+0x241/0x360 [ 135.169409][ T6077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.174651][ T6077] ? __pfx__printk+0x10/0x10 [ 135.179304][ T6077] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 135.184823][ T6077] ? __pfx___might_resched+0x10/0x10 [ 135.190187][ T6077] should_fail_ex+0x3b0/0x4e0 [ 135.194945][ T6077] should_failslab+0xac/0x100 [ 135.199673][ T6077] ? kobject_uevent_env+0x28b/0x8e0 [ 135.205097][ T6077] __kmalloc_cache_noprof+0x6c/0x2c0 [ 135.210429][ T6077] ? set_capacity_and_notify+0xf0/0x240 [ 135.215997][ T6077] ? __pfx_dev_uevent_name+0x10/0x10 [ 135.221300][ T6077] kobject_uevent_env+0x28b/0x8e0 [ 135.226371][ T6077] lo_ioctl+0x114b/0x1f50 [ 135.230720][ T6077] ? mark_lock+0x9a/0x360 [ 135.235087][ T6077] ? validate_chain+0x11e/0x5920 [ 135.240037][ T6077] ? __pfx_lo_ioctl+0x10/0x10 [ 135.244725][ T6077] ? mark_lock+0x9a/0x360 [ 135.249072][ T6077] ? __lock_acquire+0x1384/0x2050 [ 135.254134][ T6077] ? __pfx_lock_acquire+0x10/0x10 [ 135.259178][ T6077] ? is_bpf_text_address+0x26/0x2a0 [ 135.264394][ T6077] ? __pfx_lock_release+0x10/0x10 [ 135.269435][ T6077] ? unwind_next_frame+0x18e6/0x22d0 [ 135.274748][ T6077] ? preempt_count_add+0x93/0x190 [ 135.279805][ T6077] ? is_bpf_text_address+0x285/0x2a0 [ 135.285148][ T6077] ? is_bpf_text_address+0x26/0x2a0 [ 135.290365][ T6077] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 135.296541][ T6077] ? kernel_text_address+0xa7/0xe0 [ 135.301667][ T6077] ? __kernel_text_address+0xd/0x40 [ 135.306888][ T6077] ? unwind_get_return_address+0x4d/0x90 [ 135.312554][ T6077] ? arch_stack_walk+0xfd/0x150 [ 135.317446][ T6077] ? stack_trace_save+0x118/0x1d0 [ 135.322730][ T6077] ? __pfx_stack_trace_save+0x10/0x10 [ 135.328151][ T6077] ? stack_depot_save_flags+0x29/0x830 [ 135.333647][ T6077] ? kasan_save_track+0x51/0x80 [ 135.338529][ T6077] ? kasan_save_track+0x3f/0x80 [ 135.343437][ T6077] ? kasan_save_free_info+0x40/0x50 [ 135.348668][ T6077] ? __kasan_slab_free+0x59/0x70 [ 135.353624][ T6077] ? kfree+0x1a0/0x440 [ 135.357713][ T6077] ? tomoyo_path_number_perm+0x68d/0x880 [ 135.363366][ T6077] ? security_file_ioctl+0xc6/0x2a0 [ 135.368577][ T6077] ? __se_sys_ioctl+0x47/0x170 [ 135.373361][ T6077] ? do_syscall_64+0xf3/0x230 [ 135.378046][ T6077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.384136][ T6077] ? do_vfs_ioctl+0xf08/0x2e40 [ 135.388923][ T6077] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 135.393974][ T6077] ? mark_lock+0x9a/0x360 [ 135.398346][ T6077] ? tomoyo_path_number_perm+0x208/0x880 [ 135.404021][ T6077] ? __pfx_lock_release+0x10/0x10 [ 135.409110][ T6077] ? lockdep_hardirqs_on+0x99/0x150 [ 135.414341][ T6077] ? kfree+0x1a0/0x440 [ 135.418437][ T6077] ? tomoyo_path_number_perm+0x68d/0x880 [ 135.424097][ T6077] ? blkdev_common_ioctl+0xfca/0x2480 [ 135.430006][ T6077] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 135.435648][ T6077] ? tomoyo_path_number_perm+0x208/0x880 [ 135.441472][ T6077] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 135.447498][ T6077] ? file_to_blk_mode+0xcc/0x140 [ 135.452449][ T6077] ? __pfx_lo_ioctl+0x10/0x10 [ 135.457144][ T6077] blkdev_ioctl+0x57d/0x6a0 [ 135.461663][ T6077] ? __pfx_blkdev_ioctl+0x10/0x10 [ 135.466727][ T6077] ? __pfx_blkdev_ioctl+0x10/0x10 [ 135.471763][ T6077] __se_sys_ioctl+0xf9/0x170 [ 135.476377][ T6077] do_syscall_64+0xf3/0x230 [ 135.480937][ T6077] ? clear_bhb_loop+0x35/0x90 [ 135.485641][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.491566][ T6077] RIP: 0033:0x7f83b377dff9 [ 135.496004][ T6077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.515645][ T6077] RSP: 002b:00007f83b45f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.524086][ T6077] RAX: ffffffffffffffda RBX: 00007f83b3936058 RCX: 00007f83b377dff9 [ 135.532076][ T6077] RDX: 0000000000000000 RSI: 0000000000004c07 RDI: 0000000000000003 [ 135.540059][ T6077] RBP: 00007f83b45f2090 R08: 0000000000000000 R09: 0000000000000000 [ 135.548066][ T6077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.556053][ T6077] R13: 0000000000000001 R14: 00007f83b3936058 R15: 00007f83b3a5fa28 [ 135.564056][ T6077] [ 135.572416][ T6063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.594953][ T6063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.833177][ T6085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.842779][ T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.910015][ T6085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.948779][ T6085] xt_nat: multiple ranges no longer supported [ 136.034961][ T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.264900][ T5253] Bluetooth: hci1: command tx timeout [ 136.373135][ T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.604556][ T5253] Bluetooth: hci0: command tx timeout [ 136.809773][ T6041] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.828560][ T6041] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.848735][ T6041] bridge_slave_0: entered allmulticast mode [ 136.856193][ T6041] bridge_slave_0: entered promiscuous mode [ 136.911609][ T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.970568][ T6084] netlink: 'syz.3.214': attribute type 5 has an invalid length. [ 137.041563][ T6103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.216'. [ 137.115066][ T6041] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.125256][ T6041] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.133240][ T6041] bridge_slave_1: entered allmulticast mode [ 137.148818][ T6041] bridge_slave_1: entered promiscuous mode [ 137.440289][ T6041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.489033][ T6041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.956627][ T5296] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 138.002627][ T6041] team0: Port device team_slave_0 added [ 138.056063][ T6041] team0: Port device team_slave_1 added [ 138.076877][ T8] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 138.131371][ T5296] usb 4-1: Using ep0 maxpacket: 32 [ 138.168024][ T5296] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.197450][ T61] bridge_slave_1: left allmulticast mode [ 138.206491][ T61] bridge_slave_1: left promiscuous mode [ 138.212295][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.215292][ T5296] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.278856][ T61] bridge_slave_0: left allmulticast mode [ 138.305331][ T61] bridge_slave_0: left promiscuous mode [ 138.315504][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.367131][ T8] usb 1-1: config 0 has no interfaces? [ 138.372768][ T5296] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 138.438481][ T8] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 138.454393][ T5296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.610620][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.666566][ T5253] Bluetooth: hci0: command tx timeout [ 138.689732][ T5296] usb 4-1: config 0 descriptor?? [ 138.694924][ T8] usb 1-1: Product: syz [ 138.699279][ T8] usb 1-1: Manufacturer: syz [ 138.710386][ T5296] hub 4-1:0.0: USB hub found [ 138.715202][ T8] usb 1-1: SerialNumber: syz [ 138.728786][ T8] usb 1-1: config 0 descriptor?? [ 138.919746][ T5296] hub 4-1:0.0: 1 port detected [ 139.545328][ T5296] hub 4-1:0.0: activate --> -90 [ 139.716218][ T5326] r8152-cfgselector 2-1: USB disconnect, device number 13 [ 139.754077][ T6112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.770715][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 139.818550][ T6112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.909673][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.948570][ T61] bond0 (unregistering): Released all slaves [ 140.065157][ T6041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.089871][ T6041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.116327][ T6041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.158977][ T6041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.166005][ T6041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.235161][ T6041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.248763][ T6112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.263276][ T6112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 140.368768][ T938] usb 4-1: USB disconnect, device number 9 [ 140.377683][ T5296] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 140.532691][ T6041] hsr_slave_0: entered promiscuous mode [ 140.540909][ T6041] hsr_slave_1: entered promiscuous mode [ 140.547985][ T6041] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 140.560728][ T6041] Cannot create hsr debugfs directory [ 140.747136][ T5253] Bluetooth: hci0: command tx timeout [ 140.896669][ T8] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 140.936528][ T61] hsr_slave_0: left promiscuous mode [ 140.981049][ T61] hsr_slave_1: left promiscuous mode [ 140.997906][ T61] batman_adv: batadv0: Removing interface: team0 [ 141.052911][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.095378][ T8] usb 2-1: config 0 has no interfaces? [ 141.095411][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.110310][ T8] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 141.125080][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.134215][ T8] usb 2-1: Product: syz [ 141.151981][ T8] usb 2-1: Manufacturer: syz [ 141.157045][ T8] usb 2-1: SerialNumber: syz [ 141.177369][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.180596][ T8] usb 2-1: config 0 descriptor?? [ 141.199639][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.240742][ T61] veth1_macvtap: left promiscuous mode [ 141.247459][ T61] veth0_macvtap: left promiscuous mode [ 141.253129][ T61] veth1_vlan: left promiscuous mode [ 141.263873][ T61] veth0_vlan: left promiscuous mode [ 141.339895][ T5296] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 141.456122][ T8] usb 1-1: USB disconnect, device number 18 [ 141.558423][ T5296] usb 4-1: Using ep0 maxpacket: 16 [ 141.568193][ T5296] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 141.575555][ T5296] usb 4-1: config 0 has no interfaces? [ 141.584067][ T5296] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 141.594495][ T5296] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.608120][ T5296] usb 4-1: Product: syz [ 141.612388][ T5296] usb 4-1: Manufacturer: syz [ 141.617877][ T5296] usb 4-1: SerialNumber: syz [ 141.633727][ T5296] r8152-cfgselector 4-1: Unknown version 0x0000 [ 141.642234][ T5296] r8152-cfgselector 4-1: config 0 descriptor?? [ 141.899458][ T6127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.929297][ T6127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.154370][ T6133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.174982][ T6133] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.220321][ T6133] xt_nat: multiple ranges no longer supported [ 142.545360][ T61] team0 (unregistering): Port device team_slave_1 removed [ 142.764846][ T61] team0 (unregistering): Port device team_slave_0 removed [ 143.658176][ T5296] usb 2-1: USB disconnect, device number 14 [ 144.384592][ T6139] FAULT_INJECTION: forcing a failure. [ 144.384592][ T6139] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 144.452259][ T5975] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 144.472032][ T6139] CPU: 1 UID: 0 PID: 6139 Comm: syz.1.226 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 144.482712][ T6139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 144.492786][ T6139] Call Trace: [ 144.496081][ T6139] [ 144.499044][ T6139] dump_stack_lvl+0x241/0x360 [ 144.503752][ T6139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.508974][ T6139] ? __pfx__printk+0x10/0x10 [ 144.513613][ T6139] ? snprintf+0xda/0x120 [ 144.517910][ T6139] should_fail_ex+0x3b0/0x4e0 [ 144.522670][ T6139] _copy_to_user+0x2f/0xb0 [ 144.527141][ T6139] simple_read_from_buffer+0xca/0x150 [ 144.532574][ T6139] proc_fail_nth_read+0x1e9/0x250 [ 144.537634][ T6139] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 144.543218][ T6139] ? rw_verify_area+0x55e/0x6f0 [ 144.548089][ T6139] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 144.553682][ T6139] vfs_read+0x201/0xbc0 [ 144.557952][ T6139] ? __pfx_lock_release+0x10/0x10 [ 144.563002][ T6139] ? __pfx_vfs_read+0x10/0x10 [ 144.567704][ T6139] ? __fget_files+0x3f3/0x470 [ 144.572414][ T6139] ? fdget_pos+0x24e/0x320 [ 144.576850][ T6139] ksys_read+0x183/0x2b0 [ 144.581107][ T6139] ? __pfx_ksys_read+0x10/0x10 [ 144.585884][ T6139] ? do_syscall_64+0x100/0x230 [ 144.590667][ T6139] ? do_syscall_64+0xb6/0x230 [ 144.595358][ T6139] do_syscall_64+0xf3/0x230 [ 144.599876][ T6139] ? clear_bhb_loop+0x35/0x90 [ 144.604572][ T6139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.610492][ T6139] RIP: 0033:0x7f1f9257ca3c [ 144.614920][ T6139] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 144.634550][ T6139] RSP: 002b:00007f1f933a2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 144.643012][ T6139] RAX: ffffffffffffffda RBX: 00007f1f92735f80 RCX: 00007f1f9257ca3c [ 144.651019][ T6139] RDX: 000000000000000f RSI: 00007f1f933a20a0 RDI: 0000000000000004 [ 144.659008][ T6139] RBP: 00007f1f933a2090 R08: 0000000000000000 R09: 0000000000000000 [ 144.666992][ T6139] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 144.674983][ T6139] R13: 0000000000000000 R14: 00007f1f92735f80 R15: 00007f1f9285fa28 [ 144.682992][ T6139] [ 144.842548][ T5975] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 144.949346][ T5975] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 145.025459][ T5975] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 145.626649][ T5296] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 145.707197][ T938] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 146.038663][ T938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.091862][ T5296] usb 1-1: config 0 has no interfaces? [ 146.117361][ T938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.133129][ T5296] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 146.165601][ T938] usb 2-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00 [ 146.199532][ T5296] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.225011][ T5296] usb 1-1: Product: syz [ 146.291446][ T938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.312484][ T5296] usb 1-1: Manufacturer: syz [ 146.319110][ T5296] usb 1-1: SerialNumber: syz [ 146.325772][ T938] usb 2-1: config 0 descriptor?? [ 146.333047][ T5296] usb 1-1: config 0 descriptor?? [ 146.642666][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.700991][ T5975] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.763379][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.770639][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.818641][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.825899][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.269709][ T6041] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 147.351437][ T6041] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 147.371467][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.384094][ T6041] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 147.437043][ T6041] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 147.506473][ T5326] r8152-cfgselector 4-1: USB disconnect, device number 10 [ 147.743069][ T6041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.779005][ T5975] veth0_vlan: entered promiscuous mode [ 147.849604][ T6041] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.883026][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.890245][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.932009][ T5975] veth1_vlan: entered promiscuous mode [ 148.056497][ T5326] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 148.149904][ T2918] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.157125][ T2918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.181380][ T5975] veth0_macvtap: entered promiscuous mode [ 148.240858][ T5975] veth1_macvtap: entered promiscuous mode [ 148.247791][ T5326] usb 4-1: config 0 has no interfaces? [ 148.287091][ T5326] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 148.332832][ T5326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.352187][ T6041] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 148.386773][ T5326] usb 4-1: Product: syz [ 148.391007][ T5326] usb 4-1: Manufacturer: syz [ 148.395665][ T5326] usb 4-1: SerialNumber: syz [ 148.449909][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.513185][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.534843][ T5326] usb 4-1: config 0 descriptor?? [ 148.570525][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.581396][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.591469][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.603341][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.758187][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.796535][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.814530][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.892204][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.962396][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.008350][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.057617][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.100545][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.190943][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.301012][ T5975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.339171][ T5975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.351944][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.363430][ T6041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.376919][ T5975] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.394373][ T5975] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.408914][ T5975] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.417830][ T5975] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.728853][ T938] usbhid 2-1:0.0: can't add hid device: -71 [ 149.763148][ T938] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 149.791319][ T938] usb 2-1: USB disconnect, device number 15 [ 149.891175][ T5292] usb 1-1: USB disconnect, device number 19 [ 150.046034][ T6041] veth0_vlan: entered promiscuous mode [ 150.061278][ T6041] veth1_vlan: entered promiscuous mode [ 150.088631][ T6041] veth0_macvtap: entered promiscuous mode [ 150.098340][ T6041] veth1_macvtap: entered promiscuous mode [ 150.117576][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.125445][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.298801][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.298833][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.298848][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.298865][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.298879][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.298896][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.298912][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.298929][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.298944][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.298962][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.300228][ T6041] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.310637][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.310666][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.310681][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.310698][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.310713][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.310731][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.310747][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.310764][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.310779][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.310795][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.312116][ T6041] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.330722][ T6195] usb usb1: usbfs: process 6195 (syz.0.232) did not claim interface 0 before use [ 150.345365][ T6195] sctp: [Deprecated]: syz.0.232 (pid 6195) Use of struct sctp_assoc_value in delayed_ack socket option. [ 150.345365][ T6195] Use struct sctp_sack_info instead [ 150.377613][ T6041] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.377671][ T6041] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.377694][ T6041] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.377716][ T6041] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.384883][ T6189] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 150.385107][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.385123][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.753221][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.753254][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.924031][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.924059][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.254774][ T5292] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 151.416864][ T5292] usb 2-1: Using ep0 maxpacket: 8 [ 151.425802][ T5292] usb 2-1: config 0 has an invalid interface number: 17 but max is 0 [ 151.425840][ T5292] usb 2-1: config 0 has no interface number 0 [ 151.425877][ T5292] usb 2-1: config 0 interface 17 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.425908][ T5292] usb 2-1: config 0 interface 17 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.425948][ T5292] usb 2-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 151.425976][ T5292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.428635][ T5292] usb 2-1: config 0 descriptor?? [ 151.611573][ T5296] usb 4-1: USB disconnect, device number 11 [ 151.815821][ T6231] xt_CT: You must specify a L4 protocol and not use inversions on it [ 151.841052][ T6210] bond1: entered promiscuous mode [ 151.841082][ T6210] bond1: entered allmulticast mode [ 151.855663][ T6234] netlink: 68 bytes leftover after parsing attributes in process `syz.3.239'. [ 151.868956][ T29] audit: type=1326 audit(1729115466.619:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869010][ T29] audit: type=1326 audit(1729115466.619:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869056][ T29] audit: type=1326 audit(1729115466.619:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869095][ T29] audit: type=1326 audit(1729115466.619:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869132][ T29] audit: type=1326 audit(1729115466.619:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869167][ T29] audit: type=1326 audit(1729115466.619:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869205][ T29] audit: type=1326 audit(1729115466.619:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869242][ T29] audit: type=1326 audit(1729115466.619:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869278][ T29] audit: type=1326 audit(1729115466.619:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 151.869314][ T29] audit: type=1326 audit(1729115466.619:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6233 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x7ffc0000 [ 152.073906][ T5292] usbhid 2-1:0.17: can't add hid device: -71 [ 152.074009][ T5292] usbhid 2-1:0.17: probe with driver usbhid failed with error -71 [ 152.080831][ T5292] usb 2-1: USB disconnect, device number 16 [ 152.314332][ T46] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 152.591773][ T46] usb 5-1: config 0 has no interfaces? [ 152.596534][ T2638] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 152.678360][ T46] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 152.678389][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.678405][ T46] usb 5-1: Product: syz [ 152.678417][ T46] usb 5-1: Manufacturer: syz [ 152.678430][ T46] usb 5-1: SerialNumber: syz [ 152.684240][ T46] usb 5-1: config 0 descriptor?? [ 152.986752][ T2638] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 152.986787][ T2638] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.986808][ T2638] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 152.986846][ T2638] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.997130][ T2638] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 152.997157][ T2638] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 152.997174][ T2638] usb 4-1: Product: syz [ 152.997187][ T2638] usb 4-1: Manufacturer: syz [ 153.001908][ T2638] cdc_wdm 4-1:1.0: skipping garbage [ 153.001929][ T2638] cdc_wdm 4-1:1.0: skipping garbage [ 153.004001][ T2638] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 153.004033][ T2638] cdc_wdm 4-1:1.0: Unknown control protocol [ 153.257434][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.257498][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 153.257732][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.257756][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 153.258008][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.258194][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.258237][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 153.258461][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.258488][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 153.258659][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.258685][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 153.258862][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 153.258888][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 153.263526][ T5292] usb 4-1: USB disconnect, device number 12 [ 153.997978][ T6275] binder: 6274:6275 ioctl 40046205 0 returned -22 [ 154.080107][ T6228] tty tty1: ldisc open failed (-12), clearing slot 0 [ 154.157890][ T6280] bridge0: port 3(team0) entered disabled state [ 154.303570][ T6280] dummy0: left promiscuous mode [ 154.325855][ T6280] dummy0: left allmulticast mode [ 154.348036][ T6280] team0: Port device dummy0 removed [ 154.358824][ T6280] bridge_slave_0: left allmulticast mode [ 154.364669][ T6280] bridge_slave_0: left promiscuous mode [ 154.371915][ T6280] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.397405][ T6280] bridge_slave_1: left allmulticast mode [ 154.403317][ T6280] bridge_slave_1: left promiscuous mode [ 154.409978][ T6280] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.434226][ T6280] bond0: (slave bond_slave_0): Releasing backup interface [ 154.477470][ T6280] bond0: (slave bond_slave_1): Releasing backup interface [ 154.516985][ T6280] team_slave_0: left promiscuous mode [ 154.552968][ T6280] team_slave_0: left allmulticast mode [ 154.612478][ T6280] team0: Port device team_slave_0 removed [ 154.673124][ T6280] team_slave_1: left promiscuous mode [ 154.706700][ T6280] team_slave_1: left allmulticast mode [ 154.740861][ T6280] team0: Port device team_slave_1 removed [ 154.777582][ T6280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.836597][ T6280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.869306][ T6280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.877305][ T6280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.040713][ T6281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.079295][ T6281] bond0: entered promiscuous mode [ 155.126637][ T6281] bond0: entered allmulticast mode [ 155.132771][ T6281] team0: Port device bond0 added [ 155.206861][ T6301] fuse: Bad value for 'fd' [ 155.216767][ T46] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 155.346461][ T5300] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 155.459296][ T46] usb 2-1: config 0 has no interfaces? [ 155.515228][ T46] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 155.535507][ T6309] binder: 6308:6309 ioctl 40107447 20000040 returned -22 [ 155.545491][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.574115][ T46] usb 2-1: Product: syz [ 155.584979][ T46] usb 2-1: Manufacturer: syz [ 155.589839][ T5300] usb 3-1: Using ep0 maxpacket: 16 [ 155.615469][ T46] usb 2-1: SerialNumber: syz [ 155.625432][ T5300] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 155.637400][ T5300] usb 3-1: config 0 has no interfaces? [ 155.644047][ T46] usb 2-1: config 0 descriptor?? [ 155.652580][ T5300] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 155.662015][ T5300] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.679788][ T5300] usb 3-1: Product: syz [ 155.684667][ T5300] usb 3-1: Manufacturer: syz [ 155.690038][ T5300] usb 3-1: SerialNumber: syz [ 155.704978][ T5300] r8152-cfgselector 3-1: Unknown version 0x0000 [ 155.716688][ T5300] r8152-cfgselector 3-1: config 0 descriptor?? [ 155.794615][ T5293] usb 5-1: USB disconnect, device number 17 [ 155.795069][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.256'. [ 155.827538][ T2638] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 155.934133][ T6306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.952325][ T6306] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.996045][ T6319] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 156.020097][ T2638] usb 4-1: Using ep0 maxpacket: 16 [ 156.120847][ T2638] usb 4-1: New USB device found, idVendor=17ef, idProduct=720c, bcdDevice= 0.90 [ 156.144554][ T2638] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.177836][ T2638] r8152-cfgselector 4-1: Unknown version 0x0000 [ 156.192776][ T2638] r8152-cfgselector 4-1: config 0 descriptor?? [ 156.202217][ T2638] r8152 4-1:0.0: Expected endpoints are not found [ 156.222891][ T6322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.288632][ T6322] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.340466][ T6322] xt_nat: multiple ranges no longer supported [ 156.411830][ T2638] r8152-cfgselector 4-1: USB disconnect, device number 13 [ 157.366604][ T5293] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 157.485927][ T6331] program syz.3.261 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.634271][ T5293] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.644792][ T5293] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 157.655576][ T5293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.666770][ T5293] usb 5-1: config 0 descriptor?? [ 157.707529][ T5293] pwc: Askey VC010 type 2 USB webcam detected. [ 157.877882][ T5293] pwc: send_video_command error -71 [ 157.892745][ T5293] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 157.926697][ T5293] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 158.019427][ T5293] usb 5-1: USB disconnect, device number 18 [ 158.162656][ T6339] binder: 6338:6339 ioctl c02064a5 20000200 returned -22 [ 158.401894][ T6341] FAULT_INJECTION: forcing a failure. [ 158.401894][ T6341] name failslab, interval 1, probability 0, space 0, times 0 [ 158.425261][ T6341] CPU: 1 UID: 0 PID: 6341 Comm: syz.3.265 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 158.426002][ T5293] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 158.435907][ T6341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 158.435932][ T6341] Call Trace: [ 158.435942][ T6341] [ 158.435952][ T6341] dump_stack_lvl+0x241/0x360 [ 158.464539][ T6341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.469773][ T6341] ? __pfx__printk+0x10/0x10 [ 158.474413][ T6341] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 158.480476][ T6341] ? __pfx___might_resched+0x10/0x10 [ 158.485818][ T6341] should_fail_ex+0x3b0/0x4e0 [ 158.490523][ T6341] should_failslab+0xac/0x100 [ 158.495239][ T6341] ? __alloc_skb+0x1c3/0x440 [ 158.499845][ T6341] kmem_cache_alloc_node_noprof+0x71/0x320 [ 158.505674][ T6341] __alloc_skb+0x1c3/0x440 [ 158.510102][ T6341] ? __pfx___alloc_skb+0x10/0x10 [ 158.515055][ T6341] ? netlink_autobind+0xd6/0x2f0 [ 158.520019][ T6341] ? netlink_autobind+0x2b0/0x2f0 [ 158.525085][ T6341] netlink_sendmsg+0x638/0xcb0 [ 158.529876][ T6341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.535175][ T6341] ? aa_sock_msg_perm+0x91/0x160 [ 158.540134][ T6341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.545431][ T6341] __sock_sendmsg+0x221/0x270 [ 158.550395][ T6341] ____sys_sendmsg+0x52a/0x7e0 [ 158.555280][ T6341] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.560588][ T6341] __sys_sendmsg+0x292/0x380 [ 158.565208][ T6341] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.570343][ T6341] ? __pfx_vfs_write+0x10/0x10 [ 158.575131][ T6341] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 158.581478][ T6341] ? do_syscall_64+0x100/0x230 [ 158.586254][ T6341] ? do_syscall_64+0xb6/0x230 [ 158.590983][ T6341] do_syscall_64+0xf3/0x230 [ 158.595499][ T6341] ? clear_bhb_loop+0x35/0x90 [ 158.600221][ T6341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.606135][ T6341] RIP: 0033:0x7f83b377dff9 [ 158.610583][ T6341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.630206][ T6341] RSP: 002b:00007f83b4613038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.638659][ T6341] RAX: ffffffffffffffda RBX: 00007f83b3935f80 RCX: 00007f83b377dff9 [ 158.646675][ T6341] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 0000000000000005 [ 158.654655][ T6341] RBP: 00007f83b4613090 R08: 0000000000000000 R09: 0000000000000000 [ 158.662644][ T6341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.670637][ T6341] R13: 0000000000000000 R14: 00007f83b3935f80 R15: 00007f83b3a5fa28 [ 158.678641][ T6341] [ 158.698190][ T6342] binder: 6340:6342 ioctl c02064a5 20000200 returned -22 [ 158.721726][ T2638] usb 2-1: USB disconnect, device number 17 [ 158.748911][ T5293] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.764676][ T5293] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 158.777268][ T5293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.815488][ T5293] usb 5-1: config 0 descriptor?? [ 158.867937][ T5293] pwc: Askey VC010 type 2 USB webcam detected. [ 159.082047][ T6347] bridge0: port 1(team0) entered blocking state [ 159.095875][ T6347] bridge0: port 1(team0) entered disabled state [ 159.159339][ T6351] FAULT_INJECTION: forcing a failure. [ 159.159339][ T6351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.251285][ T6351] CPU: 1 UID: 0 PID: 6351 Comm: syz.1.269 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 159.261978][ T6351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 159.270325][ T5293] pwc: recv_control_msg error -32 req 02 val 2b00 [ 159.272052][ T6351] Call Trace: [ 159.272070][ T6351] [ 159.280204][ T5293] pwc: recv_control_msg error -32 req 02 val 2700 [ 159.281763][ T6351] dump_stack_lvl+0x241/0x360 [ 159.285459][ T5293] pwc: recv_control_msg error -32 req 02 val 2c00 [ 159.291114][ T6351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.291151][ T6351] ? __pfx__printk+0x10/0x10 [ 159.291176][ T6351] ? __pfx_lock_release+0x10/0x10 [ 159.299117][ T5293] pwc: recv_control_msg error -32 req 04 val 1000 [ 159.302373][ T6351] should_fail_ex+0x3b0/0x4e0 [ 159.312053][ T5293] pwc: recv_control_msg error -32 req 04 val 1300 [ 159.312166][ T6351] _copy_from_user+0x2f/0xe0 [ 159.318352][ T5293] pwc: recv_control_msg error -32 req 04 val 1400 [ 159.323605][ T6351] ____sys_sendmsg+0x2ef/0x7e0 [ 159.323654][ T6351] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.330073][ T5293] pwc: recv_control_msg error -32 req 02 val 2000 [ 159.334810][ T6351] __sys_sendmmsg+0x3ab/0x730 [ 159.341043][ T5293] pwc: recv_control_msg error -32 req 02 val 2100 [ 159.345887][ T6351] ? __pfx___sys_sendmmsg+0x10/0x10 [ 159.352042][ T5293] pwc: recv_control_msg error -32 req 04 val 1500 [ 159.355924][ T6351] ? __pfx_lock_release+0x10/0x10 [ 159.364054][ T5293] pwc: recv_control_msg error -32 req 02 val 2500 [ 159.366995][ T6351] ? kstrtouint_from_user+0x128/0x190 [ 159.367050][ T6351] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 159.376177][ T5293] pwc: recv_control_msg error -32 req 02 val 2400 [ 159.378666][ T6351] ? ksys_write+0x229/0x2b0 [ 159.378697][ T6351] ? __pfx_lock_release+0x10/0x10 [ 159.378739][ T6351] ? vfs_write+0x7bf/0xc90 [ 159.387029][ T5293] pwc: recv_control_msg error -32 req 02 val 2600 [ 159.390161][ T6351] ? kmem_cache_free+0x1a2/0x420 [ 159.439913][ T6351] ? __mutex_unlock_slowpath+0x21d/0x750 [ 159.445597][ T6351] ? __fget_files+0x3f3/0x470 [ 159.450332][ T6351] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 159.456369][ T6351] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 159.462753][ T6351] ? do_syscall_64+0x100/0x230 [ 159.467553][ T6351] __x64_sys_sendmmsg+0xa0/0xb0 [ 159.472427][ T6351] do_syscall_64+0xf3/0x230 [ 159.476963][ T6351] ? clear_bhb_loop+0x35/0x90 [ 159.481673][ T6351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.487600][ T6351] RIP: 0033:0x7f1f9257dff9 [ 159.492032][ T6351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.511657][ T6351] RSP: 002b:00007f1f933a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 159.520096][ T6351] RAX: ffffffffffffffda RBX: 00007f1f92735f80 RCX: 00007f1f9257dff9 [ 159.528085][ T6351] RDX: 0000000000000001 RSI: 00000000200032c0 RDI: 0000000000000003 [ 159.536092][ T6351] RBP: 00007f1f933a2090 R08: 0000000000000000 R09: 0000000000000000 [ 159.544078][ T6351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.552066][ T6351] R13: 0000000000000000 R14: 00007f1f92735f80 R15: 00007f1f9285fa28 [ 159.560067][ T6351] [ 160.071803][ T5296] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 160.226549][ T5296] usb 2-1: Using ep0 maxpacket: 32 [ 160.264106][ T5296] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.316439][ T5296] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.328798][ T5296] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 160.338041][ T5296] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.417999][ T5296] usb 2-1: config 0 descriptor?? [ 160.423264][ T5293] pwc: recv_control_msg error -71 req 02 val 2800 [ 160.445114][ T5293] pwc: recv_control_msg error -71 req 04 val 1100 [ 160.463385][ T5296] hub 2-1:0.0: USB hub found [ 160.468963][ T5293] pwc: recv_control_msg error -71 req 04 val 1200 [ 160.483425][ T5293] pwc: Registered as video71. [ 160.491907][ T5293] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input11 [ 160.535576][ T5293] usb 5-1: USB disconnect, device number 19 [ 160.541921][ T938] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 160.666981][ T5296] hub 2-1:0.0: 1 port detected [ 160.766667][ T938] usb 4-1: Using ep0 maxpacket: 8 [ 160.815684][ T938] usb 4-1: config 0 has too many interfaces: 250, using maximum allowed: 32 [ 160.837557][ T938] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 250 [ 160.856477][ T938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 160.865484][ T5300] r8152-cfgselector 3-1: USB disconnect, device number 12 [ 160.919365][ T938] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 160.943981][ T938] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 160.970168][ T938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.004438][ T938] usb 4-1: Product: syz [ 161.012550][ T938] usb 4-1: Manufacturer: syz [ 161.023796][ T938] usb 4-1: SerialNumber: syz [ 161.081169][ T938] usb 4-1: config 0 descriptor?? [ 161.275708][ T5296] hub 2-1:0.0: activate --> -90 [ 161.426493][ T5293] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 161.462310][ T5300] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 161.484274][ T6357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.500061][ T5292] usb 4-1: USB disconnect, device number 14 [ 161.554437][ T6357] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.620378][ T5293] usb 3-1: config 0 has no interfaces? [ 161.636148][ T5300] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.663301][ T5300] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.735893][ T5300] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 161.758250][ T5300] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.830557][ T5300] usb 5-1: Product: syz [ 161.850625][ T5300] usb 5-1: Manufacturer: syz [ 161.855278][ T5300] usb 5-1: SerialNumber: syz [ 161.896909][ T5300] cdc_mbim 5-1:1.0: MBIM functional descriptor missing [ 161.917175][ T5300] cdc_mbim 5-1:1.0: bind() failure [ 162.016976][ T5293] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 162.026592][ T5293] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.035356][ T5293] usb 3-1: Product: syz [ 162.040324][ T5293] usb 3-1: Manufacturer: syz [ 162.045077][ T5293] usb 3-1: SerialNumber: syz [ 162.093316][ T5293] usb 3-1: config 0 descriptor?? [ 162.113107][ T6368] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.142639][ T46] usb 5-1: USB disconnect, device number 20 [ 162.149720][ T6369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.274213][ T6369] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.498314][ T5296] hub 2-1:0.0: hub_ext_port_status failed (err = -32) [ 162.596575][ T938] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 162.976130][ T6379] blktrace: Concurrent blktraces are not allowed on nbd0 [ 162.985137][ T5296] usb 2-1: USB disconnect, device number 18 [ 163.002918][ T6379] fuse: Bad value for 'fd' [ 163.009225][ T938] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 163.020659][ T938] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 163.041084][ T938] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 163.054994][ T938] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 163.066025][ T938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.082173][ T6373] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 163.090398][ T6373] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 163.130549][ T938] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 163.262796][ T6382] bridge_slave_0: left allmulticast mode [ 163.276991][ T6382] bridge_slave_0: left promiscuous mode [ 163.282789][ T6382] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.297328][ T6382] bridge_slave_1: left allmulticast mode [ 163.309196][ T6382] bridge_slave_1: left promiscuous mode [ 163.326314][ T6382] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.348955][ T5296] usb 4-1: USB disconnect, device number 15 [ 163.517012][ T6382] bond0: (slave bond_slave_0): Releasing backup interface [ 163.631055][ T6382] bond0: (slave bond_slave_1): Releasing backup interface [ 163.680860][ T6382] team0: Port device team_slave_0 removed [ 163.720536][ T6382] team0: Port device team_slave_1 removed [ 163.735392][ T6382] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.743624][ T6382] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.761473][ T6382] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.783387][ T6382] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.854945][ T6385] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.871101][ T6385] team0: Port device bond0 added [ 163.931772][ T6389] netdevsim netdevsim1: Direct firmware load for W failed with error -2 [ 163.967888][ T6389] netdevsim netdevsim1: Falling back to sysfs fallback for: W [ 164.114681][ T6393] netlink: 12 bytes leftover after parsing attributes in process `syz.4.281'. [ 164.352619][ T5292] usb 3-1: USB disconnect, device number 13 [ 164.409469][ T6397] syz.2.285 uses obsolete (PF_INET,SOCK_PACKET) [ 164.438625][ T6397] syzkaller1: entered promiscuous mode [ 164.444154][ T6397] syzkaller1: entered allmulticast mode [ 164.460803][ T6397] FAULT_INJECTION: forcing a failure. [ 164.460803][ T6397] name failslab, interval 1, probability 0, space 0, times 0 [ 164.490100][ T6399] program syz.4.283 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 164.492364][ T6397] CPU: 0 UID: 0 PID: 6397 Comm: syz.2.285 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 164.509890][ T6397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 164.520001][ T6397] Call Trace: [ 164.523329][ T6397] [ 164.526306][ T6397] dump_stack_lvl+0x241/0x360 [ 164.531086][ T6397] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.536332][ T6397] ? __pfx__printk+0x10/0x10 [ 164.540986][ T6397] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 164.547026][ T6397] ? __pfx___might_resched+0x10/0x10 [ 164.552376][ T6397] should_fail_ex+0x3b0/0x4e0 [ 164.557129][ T6397] should_failslab+0xac/0x100 [ 164.561873][ T6397] ? __alloc_skb+0x1c3/0x440 [ 164.566525][ T6397] kmem_cache_alloc_node_noprof+0x71/0x320 [ 164.572419][ T6397] __alloc_skb+0x1c3/0x440 [ 164.576894][ T6397] ? __pfx___alloc_skb+0x10/0x10 [ 164.581899][ T6397] ? __pfx___might_resched+0x10/0x10 [ 164.587252][ T6397] alloc_skb_with_frags+0xc3/0x820 [ 164.592421][ T6397] ? validate_chain+0x11e/0x5920 [ 164.597445][ T6397] sock_alloc_send_pskb+0x91a/0xa60 [ 164.602715][ T6397] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 164.608479][ T6397] ? iov_iter_advance+0x8f/0x1e0 [ 164.613448][ T6397] tun_get_user+0xcf3/0x47e0 [ 164.618065][ T6397] ? __lock_acquire+0x1384/0x2050 [ 164.623113][ T6397] ? __pfx_tun_get_user+0x10/0x10 [ 164.628164][ T6397] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 164.633635][ T6397] ? tun_get+0x1e/0x2f0 [ 164.637818][ T6397] ? __pfx_lock_release+0x10/0x10 [ 164.642895][ T6397] ? tun_get+0x1e/0x2f0 [ 164.647074][ T6397] ? tun_get+0x27d/0x2f0 [ 164.651374][ T6397] tun_chr_write_iter+0x10d/0x1f0 [ 164.656420][ T6397] vfs_write+0xa6d/0xc90 [ 164.660769][ T6397] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 164.666334][ T6397] ? __pfx_vfs_write+0x10/0x10 [ 164.671127][ T6397] ? fdget_pos+0x19a/0x320 [ 164.675560][ T6397] ksys_write+0x183/0x2b0 [ 164.679901][ T6397] ? __pfx_ksys_write+0x10/0x10 [ 164.684766][ T6397] ? do_syscall_64+0x100/0x230 [ 164.689546][ T6397] ? do_syscall_64+0xb6/0x230 [ 164.694249][ T6397] do_syscall_64+0xf3/0x230 [ 164.698778][ T6397] ? clear_bhb_loop+0x35/0x90 [ 164.703478][ T6397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.709397][ T6397] RIP: 0033:0x7fadc8f7dff9 [ 164.713826][ T6397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.733448][ T6397] RSP: 002b:00007fadc9dc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.741885][ T6397] RAX: ffffffffffffffda RBX: 00007fadc9135f80 RCX: 00007fadc8f7dff9 [ 164.749875][ T6397] RDX: 000000000000fdef RSI: 0000000020000140 RDI: 0000000000000004 [ 164.757862][ T6397] RBP: 00007fadc9dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 164.765872][ T6397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.773877][ T6397] R13: 0000000000000000 R14: 00007fadc9135f80 R15: 00007fadc925fa28 [ 164.781890][ T6397] [ 164.784946][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.842298][ T6403] netlink: 'syz.4.283': attribute type 12 has an invalid length. [ 164.851737][ T6403] netlink: 132 bytes leftover after parsing attributes in process `syz.4.283'. [ 164.999069][ T6410] netlink: 'syz.3.289': attribute type 10 has an invalid length. [ 165.024904][ T6410] dummy0: entered promiscuous mode [ 165.031153][ T6410] dummy0: entered allmulticast mode [ 165.039054][ T6410] team0: Port device dummy0 added [ 165.052155][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 165.052177][ T29] audit: type=1326 audit(1729115479.799:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.3.289" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x0 [ 165.057228][ T2986] bridge0: port 1(team0) entered blocking state [ 165.079915][ C0] vkms_vblank_simulate: vblank timer overrun [ 165.092450][ T2986] bridge0: port 1(team0) entered forwarding state [ 165.367406][ T46] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 165.448465][ T6424] team0: Port device bond0 removed [ 165.547580][ T46] usb 3-1: Using ep0 maxpacket: 16 [ 165.563705][ T46] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 165.573828][ T46] usb 3-1: can't read configurations, error -61 [ 165.706535][ T46] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 165.872049][ T46] usb 3-1: Using ep0 maxpacket: 16 [ 165.898963][ T46] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 165.929259][ T46] usb 3-1: can't read configurations, error -61 [ 165.946775][ T46] usb usb3-port1: attempt power cycle [ 166.009411][ T6444] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 166.021955][ T6446] netlink: 32 bytes leftover after parsing attributes in process `syz.4.300'. [ 166.326634][ T46] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 166.376611][ T5296] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 166.403537][ T46] usb 3-1: Using ep0 maxpacket: 16 [ 166.414980][ T46] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 166.426561][ T46] usb 3-1: can't read configurations, error -61 [ 166.528031][ T25] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 166.570874][ T5296] usb 4-1: config 0 has no interfaces? [ 166.598354][ T5296] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 166.616624][ T46] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 166.619620][ T5296] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.642113][ T6458] netlink: 12 bytes leftover after parsing attributes in process `syz.0.305'. [ 166.661702][ T5296] usb 4-1: Product: syz [ 166.665945][ T5296] usb 4-1: Manufacturer: syz [ 166.691878][ T46] usb 3-1: Using ep0 maxpacket: 16 [ 166.700851][ T46] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 166.701430][ T5296] usb 4-1: SerialNumber: syz [ 166.723823][ T46] usb 3-1: can't read configurations, error -61 [ 166.736800][ T46] usb usb3-port1: unable to enumerate USB device [ 166.787633][ T5296] usb 4-1: config 0 descriptor?? [ 166.804296][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 166.841250][ T25] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 166.869836][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.884375][ T6461] netlink: 68 bytes leftover after parsing attributes in process `syz.0.306'. [ 166.904968][ T25] usb 5-1: config 0 descriptor?? [ 166.913709][ T25] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 166.924494][ T29] audit: type=1326 audit(1729115481.659:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 166.976153][ T29] audit: type=1326 audit(1729115481.659:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.012777][ T29] audit: type=1326 audit(1729115481.659:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.080171][ T29] audit: type=1326 audit(1729115481.659:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.115588][ T29] audit: type=1326 audit(1729115481.659:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.167880][ T29] audit: type=1326 audit(1729115481.659:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.192819][ T29] audit: type=1326 audit(1729115481.659:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.215166][ T29] audit: type=1326 audit(1729115481.659:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 167.237529][ T29] audit: type=1326 audit(1729115481.659:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 168.095222][ T6454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.123691][ T6454] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.246198][ T6471] netlink: 'syz.2.309': attribute type 10 has an invalid length. [ 168.314764][ T6471] team0: Port device dummy0 added [ 168.686638][ T25] gspca_sunplus: reg_w_riv err -110 [ 168.692868][ T25] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 169.415345][ T6478] fuse: Bad value for 'fd' [ 169.547824][ T5293] usb 5-1: USB disconnect, device number 21 [ 169.600067][ T5292] usb 4-1: USB disconnect, device number 16 [ 169.826607][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.316'. [ 169.884843][ T6497] netlink: 68 bytes leftover after parsing attributes in process `syz.3.317'. [ 170.280715][ T6514] blktrace: Concurrent blktraces are not allowed on nbd2 [ 170.317543][ T6514] fuse: Bad value for 'fd' [ 170.388110][ T2638] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 170.631285][ T6522] netlink: 196536 bytes leftover after parsing attributes in process `syz.4.324'. [ 170.649213][ T6522] openvswitch: netlink: IP tunnel dst address not specified [ 170.660912][ T6523] FAULT_INJECTION: forcing a failure. [ 170.660912][ T6523] name failslab, interval 1, probability 0, space 0, times 0 [ 170.706233][ T6523] CPU: 0 UID: 0 PID: 6523 Comm: syz.2.326 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 170.716990][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 170.727100][ T6523] Call Trace: [ 170.730400][ T6523] [ 170.733366][ T6523] dump_stack_lvl+0x241/0x360 [ 170.738095][ T6523] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.743341][ T6523] ? __pfx__printk+0x10/0x10 [ 170.747972][ T6523] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 170.753982][ T6523] ? __pfx___might_resched+0x10/0x10 [ 170.759317][ T6523] should_fail_ex+0x3b0/0x4e0 [ 170.764055][ T6523] should_failslab+0xac/0x100 [ 170.768798][ T6523] ? __alloc_skb+0x1c3/0x440 [ 170.773420][ T6523] kmem_cache_alloc_node_noprof+0x71/0x320 [ 170.779307][ T6523] __alloc_skb+0x1c3/0x440 [ 170.783784][ T6523] ? __pfx___alloc_skb+0x10/0x10 [ 170.788784][ T6523] ? __pfx_validate_chain+0x10/0x10 [ 170.794012][ T6523] alloc_skb_with_frags+0xc3/0x820 [ 170.799189][ T6523] sock_alloc_send_pskb+0x91a/0xa60 [ 170.804452][ T6523] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 170.810216][ T6523] ? __lock_acquire+0x1384/0x2050 [ 170.815312][ T6523] __ip6_append_data+0x2b06/0x40a0 [ 170.820486][ T6523] ? ip6_mtu+0x81/0x3f0 [ 170.824692][ T6523] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 170.830303][ T6523] ? __pfx___ip6_append_data+0x10/0x10 [ 170.835813][ T6523] ? ip6_setup_cork+0x9fd/0xfb0 [ 170.840703][ T6523] ip6_make_skb+0x43b/0x530 [ 170.845243][ T6523] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 170.850833][ T6523] ? __pfx_ip6_make_skb+0x10/0x10 [ 170.855897][ T6523] ? __pfx_lock_release+0x10/0x10 [ 170.860971][ T6523] ? ip6_sk_dst_lookup_flow+0x6bf/0xa30 [ 170.866575][ T6523] udpv6_sendmsg+0x2382/0x3270 [ 170.871402][ T6523] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 170.877005][ T6523] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 170.882169][ T6523] ? irqentry_exit+0x63/0x90 [ 170.886800][ T6523] ? exc_page_fault+0x590/0x8c0 [ 170.891708][ T6523] ? iovec_from_user+0xf7/0x240 [ 170.896617][ T6523] ? inet_send_prepare+0x21/0x260 [ 170.901694][ T6523] ? inet_send_prepare+0x5a/0x260 [ 170.906775][ T6523] __sock_sendmsg+0xef/0x270 [ 170.911416][ T6523] ____sys_sendmsg+0x52a/0x7e0 [ 170.916234][ T6523] ? __pfx_____sys_sendmsg+0x10/0x10 [ 170.921577][ T6523] __sys_sendmmsg+0x3ab/0x730 [ 170.926302][ T6523] ? __pfx___sys_sendmmsg+0x10/0x10 [ 170.931572][ T6523] ? __pfx_lock_release+0x10/0x10 [ 170.936644][ T6523] ? kstrtouint_from_user+0x128/0x190 [ 170.942090][ T6523] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 170.948034][ T6523] ? ksys_write+0x229/0x2b0 [ 170.952580][ T6523] ? __pfx_lock_release+0x10/0x10 [ 170.957749][ T6523] ? vfs_write+0x7bf/0xc90 [ 170.962184][ T6523] ? kmem_cache_free+0x1a2/0x420 [ 170.967348][ T6523] ? __mutex_unlock_slowpath+0x21d/0x750 [ 170.973029][ T6523] ? __fget_files+0x3f3/0x470 [ 170.977752][ T6523] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 170.983761][ T6523] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 170.990162][ T6523] ? do_syscall_64+0x100/0x230 [ 170.995044][ T6523] __x64_sys_sendmmsg+0xa0/0xb0 [ 171.000016][ T6523] do_syscall_64+0xf3/0x230 [ 171.004553][ T6523] ? clear_bhb_loop+0x35/0x90 [ 171.009270][ T6523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.015215][ T6523] RIP: 0033:0x7fadc8f7dff9 [ 171.019660][ T6523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.039293][ T6523] RSP: 002b:00007fadc9dc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 171.047769][ T6523] RAX: ffffffffffffffda RBX: 00007fadc9135f80 RCX: 00007fadc8f7dff9 [ 171.055861][ T6523] RDX: 0400000000000172 RSI: 0000000020003cc0 RDI: 0000000000000003 [ 171.063872][ T6523] RBP: 00007fadc9dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 171.071882][ T6523] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.079931][ T6523] R13: 0000000000000000 R14: 00007fadc9135f80 R15: 00007fadc925fa28 [ 171.088048][ T6523] [ 171.146196][ T2638] usb 2-1: config 0 has no interfaces? [ 171.217751][ T6527] program syz.4.328 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 171.236810][ T6526] program syz.4.328 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 171.287642][ T2638] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 171.314453][ T2638] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.333408][ T2638] usb 2-1: Product: syz [ 171.364659][ T2638] usb 2-1: Manufacturer: syz [ 171.380723][ T6536] FAULT_INJECTION: forcing a failure. [ 171.380723][ T6536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.402283][ T2638] usb 2-1: SerialNumber: syz [ 171.416499][ T6536] CPU: 0 UID: 0 PID: 6536 Comm: syz.2.329 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 171.418661][ T2638] usb 2-1: config 0 descriptor?? [ 171.427152][ T6536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 171.427171][ T6536] Call Trace: [ 171.427182][ T6536] [ 171.427193][ T6536] dump_stack_lvl+0x241/0x360 [ 171.427228][ T6536] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.427253][ T6536] ? __pfx__printk+0x10/0x10 [ 171.427278][ T6536] ? __pfx_lock_release+0x10/0x10 [ 171.427318][ T6536] should_fail_ex+0x3b0/0x4e0 [ 171.472842][ T6536] _copy_from_iter+0x1ed/0x1d60 [ 171.477752][ T6536] ? __virt_addr_valid+0x183/0x530 [ 171.482935][ T6536] ? __pfx_lock_release+0x10/0x10 [ 171.488043][ T6536] ? __alloc_skb+0x28f/0x440 [ 171.492682][ T6536] ? __pfx__copy_from_iter+0x10/0x10 [ 171.498026][ T6536] ? __virt_addr_valid+0x183/0x530 [ 171.503194][ T6536] ? __virt_addr_valid+0x183/0x530 [ 171.508526][ T6536] ? __virt_addr_valid+0x45f/0x530 [ 171.513743][ T6536] ? __check_object_size+0x48e/0x900 [ 171.519087][ T6536] netlink_sendmsg+0x73d/0xcb0 [ 171.523926][ T6536] ? __pfx_netlink_sendmsg+0x10/0x10 [ 171.529258][ T6536] ? __pfx_aa_file_perm+0x10/0x10 [ 171.534340][ T6536] ? aa_sock_msg_perm+0x91/0x160 [ 171.539336][ T6536] ? __pfx_netlink_sendmsg+0x10/0x10 [ 171.544672][ T6536] __sock_sendmsg+0x221/0x270 [ 171.549502][ T6536] sock_write_iter+0x2d7/0x3f0 [ 171.554347][ T6536] ? __pfx_sock_write_iter+0x10/0x10 [ 171.559696][ T6536] ? bpf_lsm_file_permission+0x9/0x10 [ 171.565130][ T6536] ? security_file_permission+0x74/0x280 [ 171.570836][ T6536] vfs_write+0xa6d/0xc90 [ 171.575133][ T6536] ? __pfx_sock_write_iter+0x10/0x10 [ 171.580498][ T6536] ? __pfx_vfs_write+0x10/0x10 [ 171.585326][ T6536] ? fdget_pos+0x19a/0x320 [ 171.589764][ T6536] ksys_write+0x183/0x2b0 [ 171.594120][ T6536] ? __pfx_ksys_write+0x10/0x10 [ 171.598985][ T6536] ? do_syscall_64+0x100/0x230 [ 171.603770][ T6536] ? do_syscall_64+0xb6/0x230 [ 171.608893][ T6536] do_syscall_64+0xf3/0x230 [ 171.613407][ T6536] ? clear_bhb_loop+0x35/0x90 [ 171.618098][ T6536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.624039][ T6536] RIP: 0033:0x7fadc8f7dff9 [ 171.628476][ T6536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.648153][ T6536] RSP: 002b:00007fadc9dc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.656685][ T6536] RAX: ffffffffffffffda RBX: 00007fadc9135f80 RCX: 00007fadc8f7dff9 [ 171.664670][ T6536] RDX: 0000000000000024 RSI: 00000000200000c0 RDI: 0000000000000003 [ 171.672738][ T6536] RBP: 00007fadc9dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 171.680716][ T6536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.688688][ T6536] R13: 0000000000000000 R14: 00007fadc9135f80 R15: 00007fadc925fa28 [ 171.696674][ T6536] [ 171.928718][ T6551] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.117372][ T6557] netlink: 304 bytes leftover after parsing attributes in process `syz.4.335'. [ 172.143304][ T6557] unsupported nla_type 23315 [ 172.316456][ T25] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 172.489302][ T25] usb 3-1: config 0 has no interfaces? [ 172.543296][ T25] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 172.557609][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.565888][ T25] usb 3-1: Product: syz [ 172.573740][ T25] usb 3-1: Manufacturer: syz [ 172.581783][ T25] usb 3-1: SerialNumber: syz [ 172.618662][ T25] usb 3-1: config 0 descriptor?? [ 172.744544][ T938] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 172.836514][ T5293] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 172.916629][ T938] usb 5-1: device descriptor read/64, error -71 [ 172.997388][ T5293] usb 4-1: Using ep0 maxpacket: 32 [ 173.012277][ T5293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.064317][ T5293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.083443][ T5293] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 173.119099][ T5293] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.156784][ T5293] usb 4-1: config 0 descriptor?? [ 173.179236][ T5293] hub 4-1:0.0: USB hub found [ 173.191112][ T938] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 173.329775][ T938] usb 5-1: device descriptor read/64, error -71 [ 173.387737][ T5293] hub 4-1:0.0: 1 port detected [ 173.459260][ T938] usb usb5-port1: attempt power cycle [ 173.621708][ T5292] usb 2-1: USB disconnect, device number 19 [ 173.750725][ T6566] FAULT_INJECTION: forcing a failure. [ 173.750725][ T6566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.764812][ T6566] CPU: 0 UID: 0 PID: 6566 Comm: syz.1.339 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 173.775456][ T6566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 173.785517][ T6566] Call Trace: [ 173.788804][ T6566] [ 173.791738][ T6566] dump_stack_lvl+0x241/0x360 [ 173.796428][ T6566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.801629][ T6566] ? __pfx__printk+0x10/0x10 [ 173.806223][ T6566] ? __pfx_lock_release+0x10/0x10 [ 173.811274][ T6566] should_fail_ex+0x3b0/0x4e0 [ 173.815986][ T6566] _copy_from_user+0x2f/0xe0 [ 173.820624][ T6566] do_sys_poll+0x249/0x1600 [ 173.825177][ T6566] ? __lock_acquire+0x1384/0x2050 [ 173.830267][ T6566] ? __pfx_do_sys_poll+0x10/0x10 [ 173.835252][ T6566] ? mark_lock+0x9a/0x360 [ 173.839659][ T6566] ? rcu_read_lock_any_held+0xb7/0x160 [ 173.845132][ T6566] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 173.851032][ T6566] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 173.856695][ T6566] ? __pfx_set_user_sigmask+0x10/0x10 [ 173.862078][ T6566] ? handle_softirqs+0x7ac/0x980 [ 173.867049][ T6566] __se_sys_ppoll+0x2a0/0x330 [ 173.871763][ T6566] ? __pfx___se_sys_ppoll+0x10/0x10 [ 173.877073][ T6566] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 173.883423][ T6566] ? do_syscall_64+0x100/0x230 [ 173.888202][ T6566] ? __x64_sys_ppoll+0x20/0xc0 [ 173.892996][ T6566] do_syscall_64+0xf3/0x230 [ 173.897514][ T6566] ? clear_bhb_loop+0x35/0x90 [ 173.902204][ T6566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.908122][ T6566] RIP: 0033:0x7f1f9257dff9 [ 173.912552][ T6566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.932178][ T6566] RSP: 002b:00007f1f933a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 173.940617][ T6566] RAX: ffffffffffffffda RBX: 00007f1f92735f80 RCX: 00007f1f9257dff9 [ 173.948600][ T6566] RDX: 0000000000000000 RSI: 0000000000000046 RDI: 0000000020000000 [ 173.956581][ T6566] RBP: 00007f1f933a2090 R08: 0000000000000000 R09: 0000000000000000 [ 173.964558][ T6566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.972537][ T6566] R13: 0000000000000000 R14: 00007f1f92735f80 R15: 00007f1f9285fa28 [ 173.980539][ T6566] [ 173.989544][ T938] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 174.037032][ T938] usb 5-1: device descriptor read/8, error -71 [ 174.201371][ T5293] hub 4-1:0.0: activate --> -90 [ 174.289392][ T938] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 174.351600][ T938] usb 5-1: device descriptor read/8, error -71 [ 174.405798][ T6563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.485206][ T938] usb usb5-port1: unable to enumerate USB device [ 174.509622][ T6563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.631468][ T6574] netlink: 68 bytes leftover after parsing attributes in process `syz.0.343'. [ 174.646529][ T29] kauditd_printk_skb: 44 callbacks suppressed [ 174.646552][ T29] audit: type=1326 audit(1729115489.389:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 174.696156][ T6572] netlink: 'syz.1.342': attribute type 10 has an invalid length. [ 174.698044][ T29] audit: type=1326 audit(1729115489.429:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 174.789532][ T29] audit: type=1326 audit(1729115489.429:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 174.880776][ T6572] dummy0: entered promiscuous mode [ 174.916479][ T29] audit: type=1326 audit(1729115489.429:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 174.917222][ T6572] dummy0: entered allmulticast mode [ 174.970788][ T6563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.001376][ T6572] team0: Port device dummy0 added [ 175.011535][ T6563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.054924][ T29] audit: type=1326 audit(1729115489.429:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 175.153000][ T5326] usb 4-1: USB disconnect, device number 17 [ 175.155198][ T5293] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 175.187107][ T29] audit: type=1326 audit(1729115489.429:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 175.197282][ T6583] Context (ID=0x0) not attached to queue pair (handle=0x1:0x0) [ 175.272172][ T29] audit: type=1326 audit(1729115489.429:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 175.326243][ T29] audit: type=1326 audit(1729115489.429:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 175.356510][ T29] audit: type=1326 audit(1729115489.429:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 175.409150][ T5293] usb 3-1: USB disconnect, device number 18 [ 175.431852][ T29] audit: type=1326 audit(1729115489.429:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b7b7dff9 code=0x7ffc0000 [ 175.820756][ T6594] FAULT_INJECTION: forcing a failure. [ 175.820756][ T6594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.856769][ T5293] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 175.868589][ T6594] CPU: 1 UID: 0 PID: 6594 Comm: syz.4.349 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 175.879253][ T6594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 175.889360][ T6594] Call Trace: [ 175.892672][ T6594] [ 175.895636][ T6594] dump_stack_lvl+0x241/0x360 [ 175.900460][ T6594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.905708][ T6594] ? __pfx__printk+0x10/0x10 [ 175.910343][ T6594] ? __pfx_lock_release+0x10/0x10 [ 175.915430][ T6594] should_fail_ex+0x3b0/0x4e0 [ 175.920260][ T6594] _copy_to_user+0x2f/0xb0 [ 175.924758][ T6594] sctp_getsockopt_scheduler+0x410/0x590 [ 175.930452][ T6594] ? __pfx_sctp_getsockopt_scheduler+0x10/0x10 [ 175.936670][ T6594] sctp_getsockopt+0xb21/0xbb0 [ 175.941483][ T6594] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 175.947438][ T6594] do_sock_getsockopt+0x3c4/0x7e0 [ 175.952516][ T6594] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 175.958109][ T6594] ? __fget_files+0x3f3/0x470 [ 175.962844][ T6594] ? __fget_files+0x29/0x470 [ 175.967502][ T6594] __sys_getsockopt+0x267/0x330 [ 175.972406][ T6594] ? __pfx___sys_getsockopt+0x10/0x10 [ 175.977835][ T6594] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 175.984238][ T6594] ? do_syscall_64+0x100/0x230 [ 175.989056][ T6594] __x64_sys_getsockopt+0xb5/0xd0 [ 175.994135][ T6594] do_syscall_64+0xf3/0x230 [ 175.998690][ T6594] ? clear_bhb_loop+0x35/0x90 [ 176.003430][ T6594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.009388][ T6594] RIP: 0033:0x7f6c4137dff9 [ 176.013848][ T6594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.019606][ T5293] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 176.033559][ T6594] RSP: 002b:00007f6c4209a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 176.033598][ T6594] RAX: ffffffffffffffda RBX: 00007f6c41536058 RCX: 00007f6c4137dff9 [ 176.033617][ T6594] RDX: 000000000000007b RSI: 0000000000000084 RDI: 0000000000000003 [ 176.033632][ T6594] RBP: 00007f6c4209a090 R08: 0000000020000100 R09: 0000000000000000 [ 176.033648][ T6594] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001 [ 176.033662][ T6594] R13: 0000000000000001 R14: 00007f6c41536058 R15: 00007f6c4165fa28 [ 176.033695][ T6594] [ 176.099879][ T5293] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 176.111861][ T5293] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 176.129989][ T5293] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 176.145415][ T5293] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.202653][ T6590] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 176.216204][ T6590] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 176.251565][ T5293] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 176.447279][ T5293] usb 3-1: USB disconnect, device number 19 [ 176.557709][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.352'. [ 177.151778][ T6624] FAULT_INJECTION: forcing a failure. [ 177.151778][ T6624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.170069][ T6624] CPU: 1 UID: 0 PID: 6624 Comm: syz.2.360 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 177.180745][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 177.190858][ T6624] Call Trace: [ 177.194177][ T6624] [ 177.197150][ T6624] dump_stack_lvl+0x241/0x360 [ 177.201880][ T6624] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.207128][ T6624] ? __pfx__printk+0x10/0x10 [ 177.211772][ T6624] ? snprintf+0xda/0x120 [ 177.216062][ T6624] should_fail_ex+0x3b0/0x4e0 [ 177.220791][ T6624] _copy_to_user+0x2f/0xb0 [ 177.225231][ T6624] simple_read_from_buffer+0xca/0x150 [ 177.230626][ T6624] proc_fail_nth_read+0x1e9/0x250 [ 177.235671][ T6624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.241245][ T6624] ? rw_verify_area+0x55e/0x6f0 [ 177.246114][ T6624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.251684][ T6624] vfs_read+0x201/0xbc0 [ 177.255880][ T6624] ? __pfx_lock_release+0x10/0x10 [ 177.260943][ T6624] ? __pfx_vfs_read+0x10/0x10 [ 177.265659][ T6624] ? __fget_files+0x3f3/0x470 [ 177.270370][ T6624] ? fdget_pos+0x24e/0x320 [ 177.274810][ T6624] ksys_read+0x183/0x2b0 [ 177.279070][ T6624] ? __pfx_ksys_read+0x10/0x10 [ 177.283849][ T6624] ? do_syscall_64+0x100/0x230 [ 177.288625][ T6624] ? do_syscall_64+0xb6/0x230 [ 177.293319][ T6624] do_syscall_64+0xf3/0x230 [ 177.297847][ T6624] ? clear_bhb_loop+0x35/0x90 [ 177.302543][ T6624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.308461][ T6624] RIP: 0033:0x7fadc8f7ca3c [ 177.312890][ T6624] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 177.332511][ T6624] RSP: 002b:00007fadc9dc1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 177.340942][ T6624] RAX: ffffffffffffffda RBX: 00007fadc9135f80 RCX: 00007fadc8f7ca3c [ 177.348926][ T6624] RDX: 000000000000000f RSI: 00007fadc9dc10a0 RDI: 0000000000000004 [ 177.356907][ T6624] RBP: 00007fadc9dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 177.364887][ T6624] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001 [ 177.372872][ T6624] R13: 0000000000000000 R14: 00007fadc9135f80 R15: 00007fadc925fa28 [ 177.380871][ T6624] [ 177.565885][ T6632] netlink: 24 bytes leftover after parsing attributes in process `syz.0.362'. [ 177.756847][ T8] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 177.880204][ T6639] fuse: Bad value for 'fd' [ 177.921411][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 177.945577][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.982253][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.013338][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 178.053897][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.140659][ T8] usb 3-1: config 0 descriptor?? [ 178.193209][ T8] hub 3-1:0.0: USB hub found [ 178.197821][ T6644] FAULT_INJECTION: forcing a failure. [ 178.197821][ T6644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.197877][ T6644] CPU: 1 UID: 0 PID: 6644 Comm: syz.0.365 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 178.197904][ T6644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.197919][ T6644] Call Trace: [ 178.197927][ T6644] [ 178.197937][ T6644] dump_stack_lvl+0x241/0x360 [ 178.197977][ T6644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.198003][ T6644] ? __pfx__printk+0x10/0x10 [ 178.198032][ T6644] ? snprintf+0xda/0x120 [ 178.198062][ T6644] should_fail_ex+0x3b0/0x4e0 [ 178.198102][ T6644] _copy_to_user+0x2f/0xb0 [ 178.212283][ T938] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 178.221695][ T6644] simple_read_from_buffer+0xca/0x150 [ 178.221750][ T6644] proc_fail_nth_read+0x1e9/0x250 [ 178.221788][ T6644] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 178.221825][ T6644] ? rw_verify_area+0x55e/0x6f0 [ 178.221858][ T6644] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 178.221895][ T6644] vfs_read+0x201/0xbc0 [ 178.221927][ T6644] ? __pfx_lock_release+0x10/0x10 [ 178.221978][ T6644] ? __pfx_vfs_read+0x10/0x10 [ 178.222020][ T6644] ? __fget_files+0x3f3/0x470 [ 178.222069][ T6644] ? fdget_pos+0x24e/0x320 [ 178.222098][ T6644] ksys_read+0x183/0x2b0 [ 178.222122][ T6644] ? __pfx_ksys_read+0x10/0x10 [ 178.222146][ T6644] ? do_syscall_64+0x100/0x230 [ 178.222174][ T6644] ? do_syscall_64+0xb6/0x230 [ 178.222202][ T6644] do_syscall_64+0xf3/0x230 [ 178.222227][ T6644] ? clear_bhb_loop+0x35/0x90 [ 178.222254][ T6644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.222290][ T6644] RIP: 0033:0x7fb3b7b7ca3c [ 178.222312][ T6644] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 178.380466][ T6644] RSP: 002b:00007fb3b88b1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 178.388904][ T6644] RAX: ffffffffffffffda RBX: 00007fb3b7d35f80 RCX: 00007fb3b7b7ca3c [ 178.396886][ T6644] RDX: 000000000000000f RSI: 00007fb3b88b10a0 RDI: 0000000000000004 [ 178.404885][ T6644] RBP: 00007fb3b88b1090 R08: 0000000000000000 R09: 0000000000000000 [ 178.412876][ T6644] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001 [ 178.420862][ T6644] R13: 0000000000000000 R14: 00007fb3b7d35f80 R15: 00007fb3b7e5fa28 [ 178.428966][ T6644] [ 178.614306][ T6648] FAULT_INJECTION: forcing a failure. [ 178.614306][ T6648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.635549][ T6648] CPU: 1 UID: 0 PID: 6648 Comm: syz.4.368 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 178.646215][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.650285][ T8] hub 3-1:0.0: 1 port detected [ 178.656290][ T6648] Call Trace: [ 178.664404][ T6648] [ 178.667368][ T6648] dump_stack_lvl+0x241/0x360 [ 178.672090][ T6648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.677328][ T6648] ? __pfx__printk+0x10/0x10 [ 178.681976][ T6648] ? __pfx_lock_release+0x10/0x10 [ 178.687051][ T6648] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 178.693248][ T6648] ? kernel_text_address+0xa7/0xe0 [ 178.698419][ T6648] should_fail_ex+0x3b0/0x4e0 [ 178.703151][ T6648] _copy_from_user+0x2f/0xe0 [ 178.707785][ T6648] sock_ioctl_inout+0x57/0x150 [ 178.712601][ T6648] ipmr_sk_ioctl+0x10a/0x170 [ 178.717231][ T6648] ? __pfx_ipmr_sk_ioctl+0x10/0x10 [ 178.722383][ T6648] ? __pfx_stack_trace_save+0x10/0x10 [ 178.727818][ T6648] ? kasan_save_track+0x51/0x80 [ 178.732709][ T6648] ? kasan_save_track+0x3f/0x80 [ 178.737611][ T6648] sk_ioctl+0x119/0x680 [ 178.741814][ T6648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.747943][ T6648] ? __pfx_sk_ioctl+0x10/0x10 [ 178.752678][ T6648] ? do_vfs_ioctl+0xf08/0x2e40 [ 178.757494][ T6648] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 178.762570][ T6648] ? mark_lock+0x9a/0x360 [ 178.766950][ T6648] inet_ioctl+0x42f/0x4f0 [ 178.771326][ T6648] ? tomoyo_path_number_perm+0x208/0x880 [ 178.777080][ T6648] ? __pfx_inet_ioctl+0x10/0x10 [ 178.781970][ T6648] ? lockdep_hardirqs_on+0x99/0x150 [ 178.787233][ T6648] sock_do_ioctl+0x158/0x460 [ 178.791875][ T6648] ? __pfx_sock_do_ioctl+0x10/0x10 [ 178.797052][ T6648] sock_ioctl+0x626/0x8e0 [ 178.801428][ T6648] ? __pfx_sock_ioctl+0x10/0x10 [ 178.806319][ T6648] ? __fget_files+0x29/0x470 [ 178.810948][ T6648] ? __fget_files+0x3f3/0x470 [ 178.815678][ T6648] ? __pfx_sock_ioctl+0x10/0x10 [ 178.820576][ T6648] __se_sys_ioctl+0xf9/0x170 [ 178.825213][ T6648] do_syscall_64+0xf3/0x230 [ 178.829754][ T6648] ? clear_bhb_loop+0x35/0x90 [ 178.834491][ T6648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.840448][ T6648] RIP: 0033:0x7f6c4137dff9 [ 178.844926][ T6648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.864747][ T6648] RSP: 002b:00007f6c420bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.873216][ T6648] RAX: ffffffffffffffda RBX: 00007f6c41535f80 RCX: 00007f6c4137dff9 [ 178.881227][ T6648] RDX: 0000000020000140 RSI: 00000000000089e1 RDI: 0000000000000003 [ 178.889236][ T6648] RBP: 00007f6c420bb090 R08: 0000000000000000 R09: 0000000000000000 [ 178.897247][ T6648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.905278][ T6648] R13: 0000000000000000 R14: 00007f6c41535f80 R15: 00007f6c4165fa28 [ 178.913302][ T6648] [ 179.009385][ T6650] netlink: 'syz.0.369': attribute type 4 has an invalid length. [ 179.042818][ T6650] netlink: 'syz.0.369': attribute type 4 has an invalid length. [ 179.128149][ T6653] sctp: [Deprecated]: syz.0.369 (pid 6653) Use of int in max_burst socket option deprecated. [ 179.128149][ T6653] Use struct sctp_assoc_value instead [ 179.189190][ T6655] FAULT_INJECTION: forcing a failure. [ 179.189190][ T6655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.262550][ T6655] CPU: 1 UID: 0 PID: 6655 Comm: syz.4.370 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 179.273193][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 179.283275][ T6655] Call Trace: [ 179.286585][ T6655] [ 179.289539][ T6655] dump_stack_lvl+0x241/0x360 [ 179.294242][ T6655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.299444][ T6655] ? __pfx__printk+0x10/0x10 [ 179.304052][ T6655] ? __pfx_lock_release+0x10/0x10 [ 179.309093][ T6655] should_fail_ex+0x3b0/0x4e0 [ 179.313787][ T6655] _copy_from_user+0x2f/0xe0 [ 179.318389][ T6655] get_user_ifreq+0xc3/0x200 [ 179.323003][ T6655] sock_ioctl+0x793/0x8e0 [ 179.327341][ T6655] ? __pfx_sock_ioctl+0x10/0x10 [ 179.332194][ T6655] ? __fget_files+0x3f3/0x470 [ 179.336901][ T6655] ? __pfx_sock_ioctl+0x10/0x10 [ 179.341770][ T6655] __se_sys_ioctl+0xf9/0x170 [ 179.346399][ T6655] do_syscall_64+0xf3/0x230 [ 179.350921][ T6655] ? clear_bhb_loop+0x35/0x90 [ 179.355623][ T6655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.361530][ T6655] RIP: 0033:0x7f6c4137dff9 [ 179.365954][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.385578][ T6655] RSP: 002b:00007f6c420bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.394002][ T6655] RAX: ffffffffffffffda RBX: 00007f6c41535f80 RCX: 00007f6c4137dff9 [ 179.401980][ T6655] RDX: 0000000020000900 RSI: 00000000000089f1 RDI: 0000000000000004 [ 179.409952][ T6655] RBP: 00007f6c420bb090 R08: 0000000000000000 R09: 0000000000000000 [ 179.417922][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.425903][ T6655] R13: 0000000000000000 R14: 00007f6c41535f80 R15: 00007f6c4165fa28 [ 179.433901][ T6655] [ 179.449835][ T938] usb 2-1: config 0 has no interfaces? [ 179.453329][ T6650] netlink: 'syz.0.369': attribute type 21 has an invalid length. [ 179.465326][ T938] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 179.482076][ T938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.491088][ T5292] hub 3-1:0.0: activate --> -90 [ 179.506316][ T938] usb 2-1: Product: syz [ 179.510837][ T938] usb 2-1: Manufacturer: syz [ 179.515808][ T938] usb 2-1: SerialNumber: syz [ 179.520702][ T6650] netlink: 168 bytes leftover after parsing attributes in process `syz.0.369'. [ 179.573025][ T938] usb 2-1: config 0 descriptor?? [ 179.702090][ T6629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.756969][ T6629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.836269][ T5293] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 180.024991][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 180.316878][ T6629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.351661][ T5293] usb 4-1: config 0 has no interfaces? [ 180.375432][ T6673] netlink: 24 bytes leftover after parsing attributes in process `syz.4.376'. [ 180.387823][ T6629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.420215][ T5293] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 180.451524][ T5293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.495530][ T5293] usb 4-1: Product: syz [ 180.507790][ T5292] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 180.515122][ T5292] usb 3-1: USB disconnect, device number 20 [ 180.522897][ T938] usb 3-1: Failed to suspend device, error -19 [ 180.535070][ T5293] usb 4-1: Manufacturer: syz [ 180.564831][ T5293] usb 4-1: SerialNumber: syz [ 180.581672][ T5293] usb 4-1: config 0 descriptor?? [ 182.326793][ T5292] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 182.499167][ T5292] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 182.522237][ T5292] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 182.536194][ T5292] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 182.549337][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 182.584756][ T5292] usb 3-1: SerialNumber: syz [ 182.737604][ T5293] usb 2-1: USB disconnect, device number 20 [ 182.847054][ T2638] usb 4-1: USB disconnect, device number 18 [ 182.964365][ T5292] usb 3-1: 0:2 : does not exist [ 183.013827][ T5292] usb 3-1: USB disconnect, device number 21 [ 183.378070][ T2638] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 183.467745][ T6727] FAULT_INJECTION: forcing a failure. [ 183.467745][ T6727] name failslab, interval 1, probability 0, space 0, times 0 [ 183.480889][ T6727] CPU: 1 UID: 0 PID: 6727 Comm: syz.4.396 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 183.491537][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 183.501639][ T6727] Call Trace: [ 183.504955][ T6727] [ 183.507931][ T6727] dump_stack_lvl+0x241/0x360 [ 183.512671][ T6727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.517920][ T6727] ? __pfx__printk+0x10/0x10 [ 183.522563][ T6727] ? __pfx_lock_acquire+0x10/0x10 [ 183.527648][ T6727] should_fail_ex+0x3b0/0x4e0 [ 183.532378][ T6727] ? __inet_hash_connect+0xa2e/0x2170 [ 183.537798][ T6727] should_failslab+0xac/0x100 [ 183.542522][ T6727] ? __inet_hash_connect+0xa2e/0x2170 [ 183.547941][ T6727] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 183.553382][ T6727] __inet_hash_connect+0xa2e/0x2170 [ 183.558627][ T6727] ? __pfx___inet6_check_established+0x10/0x10 [ 183.564844][ T6727] ? __pfx___inet_hash_connect+0x10/0x10 [ 183.570538][ T6727] ? inet6_hash_connect+0x7d/0xd0 [ 183.575609][ T6727] tcp_v6_connect+0x1158/0x1e40 [ 183.580515][ T6727] ? __pfx_tcp_v6_connect+0x10/0x10 [ 183.585754][ T6727] ? kasan_save_track+0x3f/0x80 [ 183.590632][ T6727] ? __kasan_kmalloc+0x98/0xb0 [ 183.595459][ T6727] __inet_stream_connect+0x262/0xf30 [ 183.600812][ T6727] ? __pfx___inet_stream_connect+0x10/0x10 [ 183.606676][ T6727] ? __kasan_kmalloc+0x98/0xb0 [ 183.611479][ T6727] ? tcp_sendmsg_fastopen+0x1d8/0x5d0 [ 183.616890][ T6727] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 183.622481][ T6727] tcp_sendmsg_fastopen+0x3a2/0x5d0 [ 183.627722][ T6727] tcp_sendmsg_locked+0x4a23/0x50a0 [ 183.632962][ T6727] ? __lock_acquire+0x1384/0x2050 [ 183.638051][ T6727] ? mark_lock+0x9a/0x360 [ 183.642421][ T6727] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 183.648459][ T6727] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 183.654845][ T6727] ? lockdep_hardirqs_on+0x99/0x150 [ 183.660109][ T6727] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 183.665698][ T6727] ? __local_bh_enable_ip+0x168/0x200 [ 183.671127][ T6727] ? do_raw_spin_unlock+0x13c/0x8b0 [ 183.676384][ T6727] tcp_sendmsg+0x30/0x50 [ 183.680667][ T6727] __sock_sendmsg+0xef/0x270 [ 183.685306][ T6727] __sys_sendto+0x39b/0x4f0 [ 183.689848][ T6727] ? __pfx___sys_sendto+0x10/0x10 [ 183.694906][ T6727] ? __mutex_unlock_slowpath+0x21d/0x750 [ 183.700629][ T6727] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 183.706667][ T6727] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 183.713052][ T6727] __x64_sys_sendto+0xde/0x100 [ 183.717865][ T6727] do_syscall_64+0xf3/0x230 [ 183.722402][ T6727] ? clear_bhb_loop+0x35/0x90 [ 183.727115][ T6727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.733068][ T6727] RIP: 0033:0x7f6c4137dff9 [ 183.737517][ T6727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.757181][ T6727] RSP: 002b:00007f6c420bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 183.765666][ T6727] RAX: ffffffffffffffda RBX: 00007f6c41535f80 RCX: 00007f6c4137dff9 [ 183.773678][ T6727] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003 [ 183.781689][ T6727] RBP: 00007f6c420bb090 R08: 0000000020b63fe4 R09: 000000000000001c [ 183.789698][ T6727] R10: 0000000020000841 R11: 0000000000000246 R12: 0000000000000001 [ 183.797703][ T6727] R13: 0000000000000000 R14: 00007f6c41535f80 R15: 00007f6c4165fa28 [ 183.805724][ T6727] [ 183.866488][ T2638] usb 4-1: Using ep0 maxpacket: 16 [ 183.902962][ T2638] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 183.951000][ T2638] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 184.004340][ T2638] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.059657][ T2638] usb 4-1: config 0 descriptor?? [ 184.307580][ T6713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.316221][ T25] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 184.343641][ T6713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.391304][ T6713] netlink: 'syz.3.389': attribute type 10 has an invalid length. [ 184.437978][ T6733] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 184.490071][ T25] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 184.536538][ T25] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 184.588874][ T6736] netlink: 12 bytes leftover after parsing attributes in process `syz.1.400'. [ 184.606389][ T25] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 184.666544][ T25] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 184.729502][ T6713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.741531][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.782428][ T6713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.808058][ T6729] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 184.851719][ T6729] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 184.883601][ T2638] hid (null): unknown global tag 0xd [ 184.925838][ T2638] hid-generic 0003:0158:0100.0004: unknown main item tag 0x1 [ 184.960005][ T25] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 184.988082][ T2638] hid-generic 0003:0158:0100.0004: unexpected long global item [ 185.046772][ T2638] hid-generic 0003:0158:0100.0004: probe with driver hid-generic failed with error -22 [ 185.091126][ T6713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.126653][ T46] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 185.182089][ T25] usb 3-1: USB disconnect, device number 22 [ 185.196673][ T6713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.313613][ T5300] usb 4-1: USB disconnect, device number 19 [ 185.327010][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 185.356126][ T46] usb 5-1: config 0 descriptor has 1 excess byte, ignoring [ 185.401595][ T46] usb 5-1: config 0 has no interfaces? [ 185.451857][ T46] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 185.494000][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.524769][ T46] usb 5-1: Product: syz [ 185.531841][ T46] usb 5-1: Manufacturer: syz [ 185.542047][ T46] usb 5-1: SerialNumber: syz [ 185.574288][ T46] r8152-cfgselector 5-1: Unknown version 0x0000 [ 185.596460][ T46] r8152-cfgselector 5-1: config 0 descriptor?? [ 185.838938][ T6738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.903429][ T6738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.185186][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 188.185214][ T29] audit: type=1326 audit(1729115502.509:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6751 comm="syz.3.405" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83b377dff9 code=0x0 [ 188.300729][ T46] r8152-cfgselector 5-1: USB disconnect, device number 26 [ 188.616815][ T6762] FAULT_INJECTION: forcing a failure. [ 188.616815][ T6762] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.690166][ T6762] CPU: 1 UID: 0 PID: 6762 Comm: syz.4.408 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 188.700832][ T6762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 188.710959][ T6762] Call Trace: [ 188.714273][ T6762] [ 188.717237][ T6762] dump_stack_lvl+0x241/0x360 [ 188.721963][ T6762] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.727207][ T6762] ? __pfx__printk+0x10/0x10 [ 188.731839][ T6762] ? __pfx_lock_release+0x10/0x10 [ 188.736933][ T6762] should_fail_ex+0x3b0/0x4e0 [ 188.741660][ T6762] _copy_from_user+0x2f/0xe0 [ 188.746299][ T6762] copy_msghdr_from_user+0xae/0x680 [ 188.751557][ T6762] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 188.757439][ T6762] __sys_sendmsg+0x22d/0x380 [ 188.762106][ T6762] ? __pfx___sys_sendmsg+0x10/0x10 [ 188.767265][ T6762] ? __pfx_vfs_write+0x10/0x10 [ 188.772102][ T6762] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 188.778484][ T6762] ? do_syscall_64+0x100/0x230 [ 188.783297][ T6762] ? do_syscall_64+0xb6/0x230 [ 188.788010][ T6762] do_syscall_64+0xf3/0x230 [ 188.792556][ T6762] ? clear_bhb_loop+0x35/0x90 [ 188.797269][ T6762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.803212][ T6762] RIP: 0033:0x7f6c4137dff9 [ 188.807661][ T6762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.827311][ T6762] RSP: 002b:00007f6c420bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.835777][ T6762] RAX: ffffffffffffffda RBX: 00007f6c41535f80 RCX: 00007f6c4137dff9 [ 188.843797][ T6762] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 188.851807][ T6762] RBP: 00007f6c420bb090 R08: 0000000000000000 R09: 0000000000000000 [ 188.859821][ T6762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.867831][ T6762] R13: 0000000000000000 R14: 00007f6c41535f80 R15: 00007f6c4165fa28 [ 188.875945][ T6762] [ 188.916743][ T6768] 8021q: VLANs not supported on hsr0 [ 189.321673][ T6776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.412'. [ 190.006185][ T6780] netlink: 48 bytes leftover after parsing attributes in process `syz.2.414'. [ 191.426470][ T25] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 192.964399][ T6792] program syz.4.416 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.332637][ T6803] xt_CT: You must specify a L4 protocol and not use inversions on it [ 194.600022][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 197.189495][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.242164][ T5241] Bluetooth: hci4: command 0x0406 tx timeout [ 197.248365][ T5241] Bluetooth: hci2: command 0x0406 tx timeout [ 200.802706][ T12] bridge_slave_1: left allmulticast mode [ 200.833867][ T12] bridge_slave_1: left promiscuous mode [ 200.896326][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.216003][ T12] bridge_slave_0: left allmulticast mode [ 201.257546][ T12] bridge_slave_0: left promiscuous mode [ 201.314488][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.506682][ T5300] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 201.694371][ T5248] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 201.705085][ T5248] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 201.712246][ T5300] usb 3-1: Using ep0 maxpacket: 16 [ 201.722364][ T5248] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 201.733507][ T5248] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 201.741954][ T5248] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 201.756571][ T5248] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 201.776010][ T5300] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 201.825021][ T5300] usb 3-1: config 0 has no interfaces? [ 201.841301][ T5300] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 201.863059][ T5300] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.891733][ T5300] usb 3-1: Product: syz [ 201.896944][ T5300] usb 3-1: Manufacturer: syz [ 201.901801][ T5300] usb 3-1: SerialNumber: syz [ 201.916692][ T5300] r8152-cfgselector 3-1: Unknown version 0x0000 [ 201.949547][ T5248] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 201.966531][ T5248] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 201.975446][ T5248] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 201.985751][ T5248] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 201.994659][ T5248] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 202.002223][ T5248] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 202.036514][ T5300] r8152-cfgselector 3-1: config 0 descriptor?? [ 202.291107][ T6822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.324901][ T6822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.856648][ T5248] Bluetooth: hci3: command tx timeout [ 204.106653][ T5248] Bluetooth: hci5: command tx timeout [ 205.936658][ T5248] Bluetooth: hci3: command tx timeout [ 206.716354][ C0] sched: DL replenish lagged too much [ 206.716474][ T5248] Bluetooth: hci5: command tx timeout [ 208.027369][ T5248] Bluetooth: hci3: command tx timeout [ 208.816852][ T5248] Bluetooth: hci5: command tx timeout [ 210.096774][ T5248] Bluetooth: hci3: command tx timeout [ 210.906512][ T5248] Bluetooth: hci5: command tx timeout [ 211.581373][ T5253] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 211.590885][ T5253] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 211.605307][ T5253] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 211.618631][ T5253] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 211.628409][ T5253] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 211.635951][ T5253] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 211.716162][ T5248] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 211.729683][ T5248] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 211.739086][ T5248] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 211.750060][ T5248] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 211.758004][ T5248] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 211.767196][ T5248] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 211.981250][ T6844] FAULT_INJECTION: forcing a failure. [ 211.981250][ T6844] name failslab, interval 1, probability 0, space 0, times 0 [ 212.000648][ T6844] CPU: 1 UID: 0 PID: 6844 Comm: syz.0.431 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 212.011317][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 212.021420][ T6844] Call Trace: [ 212.024737][ T6844] [ 212.027709][ T6844] dump_stack_lvl+0x241/0x360 [ 212.032432][ T6844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.037686][ T6844] ? __pfx__printk+0x10/0x10 [ 212.042361][ T6844] ? fs_reclaim_acquire+0x93/0x130 [ 212.047515][ T6844] ? __pfx___might_resched+0x10/0x10 [ 212.052849][ T6844] should_fail_ex+0x3b0/0x4e0 [ 212.057592][ T6844] ? tomoyo_encode+0x26f/0x540 [ 212.062403][ T6844] should_failslab+0xac/0x100 [ 212.067125][ T6844] ? tomoyo_encode+0x26f/0x540 [ 212.071938][ T6844] __kmalloc_noprof+0xd8/0x400 [ 212.076756][ T6844] tomoyo_encode+0x26f/0x540 [ 212.081397][ T6844] tomoyo_realpath_from_path+0x59e/0x5e0 [ 212.087086][ T6844] tomoyo_path_number_perm+0x23a/0x880 [ 212.092591][ T6844] ? tomoyo_path_number_perm+0x208/0x880 [ 212.098353][ T6844] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 212.104408][ T6844] ? __fget_files+0x29/0x470 [ 212.109040][ T6844] ? __fget_files+0x3f3/0x470 [ 212.113783][ T6844] security_file_ioctl+0xc6/0x2a0 [ 212.118847][ T6844] __se_sys_ioctl+0x47/0x170 [ 212.123483][ T6844] do_syscall_64+0xf3/0x230 [ 212.128020][ T6844] ? clear_bhb_loop+0x35/0x90 [ 212.132740][ T6844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.138695][ T6844] RIP: 0033:0x7fb3b7b7dff9 [ 212.143169][ T6844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.162823][ T6844] RSP: 002b:00007fb3b88b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.171285][ T6844] RAX: ffffffffffffffda RBX: 00007fb3b7d35f80 RCX: 00007fb3b7b7dff9 [ 212.179299][ T6844] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 212.187305][ T6844] RBP: 00007fb3b88b1090 R08: 0000000000000000 R09: 0000000000000000 [ 212.195321][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.203337][ T6844] R13: 0000000000000000 R14: 00007fb3b7d35f80 R15: 00007fb3b7e5fa28 [ 212.211369][ T6844] [ 212.259917][ T6844] ERROR: Out of memory at tomoyo_realpath_from_path. [ 212.410129][ T6846] FAULT_INJECTION: forcing a failure. [ 212.410129][ T6846] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.432745][ T6846] CPU: 1 UID: 0 PID: 6846 Comm: syz.0.432 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 212.443410][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 212.453505][ T6846] Call Trace: [ 212.456816][ T6846] [ 212.459775][ T6846] dump_stack_lvl+0x241/0x360 [ 212.464502][ T6846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.469742][ T6846] ? __pfx__printk+0x10/0x10 [ 212.474468][ T6846] ? __pfx_lock_release+0x10/0x10 [ 212.479548][ T6846] should_fail_ex+0x3b0/0x4e0 [ 212.484285][ T6846] _copy_from_iter+0x1ed/0x1d60 [ 212.489178][ T6846] ? __virt_addr_valid+0x183/0x530 [ 212.494327][ T6846] ? __pfx_lock_release+0x10/0x10 [ 212.499413][ T6846] ? __alloc_skb+0x28f/0x440 [ 212.504045][ T6846] ? __pfx__copy_from_iter+0x10/0x10 [ 212.509381][ T6846] ? __virt_addr_valid+0x183/0x530 [ 212.514540][ T6846] ? __virt_addr_valid+0x183/0x530 [ 212.519740][ T6846] ? __virt_addr_valid+0x45f/0x530 [ 212.524899][ T6846] ? __check_object_size+0x48e/0x900 [ 212.530240][ T6846] netlink_sendmsg+0x73d/0xcb0 [ 212.535057][ T6846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.540387][ T6846] ? __pfx_aa_file_perm+0x10/0x10 [ 212.545455][ T6846] ? aa_sock_msg_perm+0x91/0x160 [ 212.550444][ T6846] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.555767][ T6846] __sock_sendmsg+0x221/0x270 [ 212.560495][ T6846] sock_write_iter+0x2d7/0x3f0 [ 212.565303][ T6846] ? __pfx_sock_write_iter+0x10/0x10 [ 212.570727][ T6846] ? bpf_lsm_file_permission+0x9/0x10 [ 212.576132][ T6846] ? security_file_permission+0x74/0x280 [ 212.581811][ T6846] vfs_write+0xa6d/0xc90 [ 212.586098][ T6846] ? __pfx_sock_write_iter+0x10/0x10 [ 212.591442][ T6846] ? __pfx_vfs_write+0x10/0x10 [ 212.596258][ T6846] ? fdget_pos+0x19a/0x320 [ 212.600717][ T6846] ksys_write+0x183/0x2b0 [ 212.605085][ T6846] ? __pfx_ksys_write+0x10/0x10 [ 212.609986][ T6846] ? do_syscall_64+0x100/0x230 [ 212.614790][ T6846] ? do_syscall_64+0xb6/0x230 [ 212.619508][ T6846] do_syscall_64+0xf3/0x230 [ 212.624090][ T6846] ? clear_bhb_loop+0x35/0x90 [ 212.628898][ T6846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.634846][ T6846] RIP: 0033:0x7fb3b7b7dff9 [ 212.639297][ T6846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.659041][ T6846] RSP: 002b:00007fb3b88b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 212.667516][ T6846] RAX: ffffffffffffffda RBX: 00007fb3b7d35f80 RCX: 00007fb3b7b7dff9 [ 212.675529][ T6846] RDX: 0000000000000027 RSI: 0000000020005c00 RDI: 0000000000000004 [ 212.683570][ T6846] RBP: 00007fb3b88b1090 R08: 0000000000000000 R09: 0000000000000000 [ 212.691585][ T6846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.699602][ T6846] R13: 0000000000000000 R14: 00007fb3b7d35f80 R15: 00007fb3b7e5fa28 [ 212.707641][ T6846] [ 213.698256][ T5248] Bluetooth: hci1: command tx timeout [ 213.858967][ T5248] Bluetooth: hci6: command tx timeout [ 215.776525][ T5248] Bluetooth: hci1: command tx timeout [ 215.948834][ T5248] Bluetooth: hci6: command tx timeout [ 217.856522][ T5248] Bluetooth: hci1: command tx timeout [ 218.016523][ T5248] Bluetooth: hci6: command tx timeout [ 219.936507][ T5248] Bluetooth: hci1: command tx timeout [ 220.096663][ T5248] Bluetooth: hci6: command tx timeout [ 223.763411][ T5253] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 223.776561][ T5253] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 223.787928][ T5253] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 223.797348][ T5253] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 223.807318][ T5253] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 223.816062][ T5253] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 225.936742][ T5253] Bluetooth: hci7: command tx timeout [ 228.016623][ T5253] Bluetooth: hci7: command tx timeout [ 230.096653][ T5253] Bluetooth: hci7: command tx timeout [ 232.177274][ T5253] Bluetooth: hci7: command tx timeout [ 256.036017][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.042442][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.104256][ T5253] Bluetooth: hci0: command 0x0406 tx timeout [ 261.021294][ T5253] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 261.041135][ T5253] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 261.049691][ T5253] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 261.058472][ T5253] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 261.071156][ T5253] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 261.081138][ T5253] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 261.207194][ T5253] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 261.217255][ T5253] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 261.227066][ T5253] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 261.235110][ T5253] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 261.244274][ T5253] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 261.254445][ T5253] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 263.136810][ T5253] Bluetooth: hci8: command tx timeout [ 263.296556][ T5253] Bluetooth: hci9: command tx timeout [ 265.216578][ T5253] Bluetooth: hci8: command tx timeout [ 265.386607][ T5253] Bluetooth: hci9: command tx timeout [ 267.296593][ T5253] Bluetooth: hci8: command tx timeout [ 267.456480][ T5253] Bluetooth: hci9: command tx timeout [ 269.376530][ T5253] Bluetooth: hci8: command tx timeout [ 269.536442][ T5253] Bluetooth: hci9: command tx timeout [ 272.515795][ T5248] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 272.545200][ T5248] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 272.562419][ T5248] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 272.570644][ T5248] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 272.579436][ T5248] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 272.587974][ T5248] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 272.728458][ T5253] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 272.747767][ T5253] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 272.759165][ T5253] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 272.767732][ T5253] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 272.777515][ T5253] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 272.786815][ T5253] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 274.656792][ T5253] Bluetooth: hci10: command tx timeout [ 274.816728][ T5253] Bluetooth: hci11: command tx timeout [ 276.736656][ T5253] Bluetooth: hci10: command tx timeout [ 276.896763][ T5253] Bluetooth: hci11: command tx timeout [ 278.816614][ T5253] Bluetooth: hci10: command tx timeout [ 278.976613][ T5253] Bluetooth: hci11: command tx timeout [ 280.896626][ T5253] Bluetooth: hci10: command tx timeout [ 281.056614][ T5253] Bluetooth: hci11: command tx timeout [ 284.330033][ T5248] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 284.346559][ T5248] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 284.355588][ T5248] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 284.366477][ T5248] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 284.374373][ T5248] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 284.381860][ T5248] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 286.416567][ T5253] Bluetooth: hci12: command tx timeout [ 288.506630][ T5253] Bluetooth: hci12: command tx timeout [ 290.576673][ T5253] Bluetooth: hci12: command tx timeout [ 292.656441][ T5253] Bluetooth: hci12: command tx timeout [ 317.463083][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.475371][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.404437][ T5248] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 321.426675][ T5248] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 321.442737][ T5248] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 321.451837][ T5248] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 321.462321][ T5248] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 321.470510][ T5248] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 321.896104][ T5253] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 321.915562][ T5253] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 321.923572][ T5253] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 321.937757][ T5253] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 321.945617][ T5253] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 321.957862][ T5253] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 323.536576][ T5253] Bluetooth: hci13: command tx timeout [ 324.016644][ T5253] Bluetooth: hci14: command tx timeout [ 324.668616][ T5241] Bluetooth: hci3: command 0x0406 tx timeout [ 324.674755][ T5253] Bluetooth: hci5: command 0x0406 tx timeout [ 325.616741][ T5248] Bluetooth: hci13: command tx timeout [ 326.096435][ T5248] Bluetooth: hci14: command tx timeout [ 327.698377][ T5248] Bluetooth: hci13: command tx timeout [ 328.186753][ T5248] Bluetooth: hci14: command tx timeout [ 329.776581][ T5248] Bluetooth: hci13: command tx timeout [ 330.256505][ T5248] Bluetooth: hci14: command tx timeout [ 332.444955][ T4628] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 332.457091][ T4628] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 332.465114][ T4628] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 332.473394][ T4628] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 332.484558][ T4628] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 332.495087][ T4628] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 333.480171][ T5241] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 333.491164][ T5241] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 333.506481][ T5241] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 333.515764][ T5241] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 333.524078][ T5241] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 333.531622][ T5241] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 334.586360][ T5241] Bluetooth: hci15: command tx timeout [ 334.907565][ T4628] Bluetooth: hci6: command 0x0406 tx timeout [ 334.913670][ T5241] Bluetooth: hci1: command 0x0406 tx timeout [ 335.626620][ T5248] Bluetooth: hci16: command tx timeout [ 336.656555][ T5248] Bluetooth: hci15: command tx timeout [ 337.696574][ T5248] Bluetooth: hci16: command tx timeout [ 338.736589][ T5248] Bluetooth: hci15: command tx timeout [ 339.776454][ T5248] Bluetooth: hci16: command tx timeout [ 340.816559][ T5248] Bluetooth: hci15: command tx timeout [ 341.857453][ T5248] Bluetooth: hci16: command tx timeout [ 344.474055][ T5253] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 344.486745][ T5253] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 344.495020][ T5253] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 344.503987][ T5253] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 344.512231][ T5253] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 344.520038][ T5253] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 346.576610][ T5253] Bluetooth: hci17: command tx timeout [ 348.656634][ T5253] Bluetooth: hci17: command tx timeout [ 350.256474][ T5253] Bluetooth: hci7: command 0x0406 tx timeout [ 350.736640][ T5248] Bluetooth: hci17: command tx timeout [ 352.826618][ T5253] Bluetooth: hci17: command tx timeout [ 353.936805][ T30] INFO: task kworker/u8:1:12 blocked for more than 143 seconds. [ 353.944515][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 353.981641][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.013281][ T30] task:kworker/u8:1 state:D stack:23064 pid:12 tgid:12 ppid:2 flags:0x00004000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 354.096505][ T30] Workqueue: netns cleanup_net [ 354.101382][ T30] Call Trace: [ 354.104694][ T30] [ 354.166330][ T30] __schedule+0x1895/0x4b30 [ 354.170989][ T30] ? __pfx___schedule+0x10/0x10 [ 354.175928][ T30] ? __pfx_lock_release+0x10/0x10 [ 354.199768][ T30] ? kthread_data+0x52/0xd0 [ 354.204360][ T30] ? wq_worker_sleeping+0x66/0x240 [ 354.214744][ T30] ? schedule+0x90/0x320 [ 354.221738][ T30] schedule+0x14b/0x320 [ 354.225970][ T30] schedule_timeout+0xb0/0x310 [ 354.235955][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 354.246542][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 354.252611][ T30] ? wait_for_completion+0x2fe/0x620 [ 354.265515][ T30] ? wait_for_completion+0x2fe/0x620 [ 354.271587][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.284531][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 354.290126][ T30] ? wait_for_completion+0x2fe/0x620 [ 354.295462][ T30] wait_for_completion+0x355/0x620 [ 354.306372][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 354.312085][ T30] ? __flush_work+0xe7/0xc50 [ 354.324248][ T30] __flush_work+0xa37/0xc50 [ 354.329102][ T30] ? __flush_work+0xe7/0xc50 [ 354.333742][ T30] ? __pfx___flush_work+0x10/0x10 [ 354.346319][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 354.351687][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 354.367353][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 354.372539][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.384252][ T30] unregister_netdevice_many_notify+0x87b/0x1da0 [ 354.392356][ T30] ? net_generic+0x1f/0x240 [ 354.403034][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 354.412556][ T30] ? unregister_netdevice_queue+0x26b/0x370 [ 354.426544][ T30] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 354.432868][ T30] ? nexthop_net_exit_batch_rtnl+0x100/0x150 [ 354.446316][ T30] cleanup_net+0x75d/0xcc0 [ 354.450806][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 354.455797][ T30] ? process_scheduled_works+0x976/0x1850 [ 354.470385][ T30] process_scheduled_works+0xa63/0x1850 [ 354.476034][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 354.486341][ T30] ? assign_work+0x364/0x3d0 [ 354.491008][ T30] worker_thread+0x870/0xd30 [ 354.495674][ T30] ? __kthread_parkme+0x169/0x1d0 [ 354.506884][ T30] ? __pfx_worker_thread+0x10/0x10 [ 354.512158][ T30] kthread+0x2f0/0x390 [ 354.518476][ T30] ? __pfx_worker_thread+0x10/0x10 [ 354.523655][ T30] ? __pfx_kthread+0x10/0x10 [ 354.535405][ T30] ret_from_fork+0x4b/0x80 [ 354.542576][ T30] ? __pfx_kthread+0x10/0x10 [ 354.553549][ T30] ret_from_fork_asm+0x1a/0x30 [ 354.560844][ T30] [ 354.564460][ T30] INFO: task kworker/u8:5:62 blocked for more than 143 seconds. [ 354.579155][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 354.593530][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.603706][ T30] task:kworker/u8:5 state:D stack:24336 pid:62 tgid:62 ppid:2 flags:0x00004000 [ 354.619913][ T30] Workqueue: events_unbound linkwatch_event [ 354.625877][ T30] Call Trace: [ 354.632107][ T30] [ 354.635088][ T30] __schedule+0x1895/0x4b30 [ 354.646536][ T30] ? __pfx___schedule+0x10/0x10 [ 354.651461][ T30] ? __pfx_lock_release+0x10/0x10 [ 354.666370][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 354.673359][ T30] ? kthread_data+0x52/0xd0 [ 354.684127][ T30] ? schedule+0x90/0x320 [ 354.689972][ T30] ? wq_worker_sleeping+0x66/0x240 [ 354.695211][ T30] ? schedule+0x90/0x320 [ 354.708507][ T30] schedule+0x14b/0x320 [ 354.712720][ T30] schedule_preempt_disabled+0x13/0x30 [ 354.725051][ T30] __mutex_lock+0x6a7/0xd70 [ 354.729896][ T30] ? __mutex_lock+0x52a/0xd70 [ 354.734619][ T30] ? linkwatch_event+0xe/0x60 [ 354.746319][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 354.753959][ T30] ? process_scheduled_works+0x976/0x1850 [ 354.768327][ T30] linkwatch_event+0xe/0x60 [ 354.776312][ T30] process_scheduled_works+0xa63/0x1850 [ 354.781968][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 354.796164][ T30] ? assign_work+0x364/0x3d0 [ 354.801217][ T30] worker_thread+0x870/0xd30 [ 354.805877][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 354.817818][ T30] ? __kthread_parkme+0x169/0x1d0 [ 354.822915][ T30] ? __pfx_worker_thread+0x10/0x10 [ 354.836203][ T30] kthread+0x2f0/0x390 [ 354.840695][ T30] ? __pfx_worker_thread+0x10/0x10 [ 354.845879][ T30] ? __pfx_kthread+0x10/0x10 [ 354.856317][ T30] ret_from_fork+0x4b/0x80 [ 354.860798][ T30] ? __pfx_kthread+0x10/0x10 [ 354.865429][ T30] ret_from_fork_asm+0x1a/0x30 [ 354.878991][ T30] [ 354.882230][ T30] INFO: task kworker/1:8:5326 blocked for more than 144 seconds. [ 354.896612][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 354.904287][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.921053][ T30] task:kworker/1:8 state:D stack:22392 pid:5326 tgid:5326 ppid:2 flags:0x00004000 [ 354.934045][ T30] Workqueue: events switchdev_deferred_process_work [ 354.945395][ T30] Call Trace: [ 354.951369][ T30] [ 354.955427][ T30] __schedule+0x1895/0x4b30 [ 354.964991][ T30] ? __pfx___schedule+0x10/0x10 [ 354.972722][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 354.990083][ T30] ? __pfx_lock_release+0x10/0x10 [ 354.995197][ T30] ? kick_pool+0x45c/0x620 [ 355.006368][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 355.011654][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 355.023277][ T30] ? schedule+0x90/0x320 [ 355.027892][ T30] schedule+0x14b/0x320 [ 355.032114][ T30] schedule_preempt_disabled+0x13/0x30 [ 355.046585][ T30] __mutex_lock+0x6a7/0xd70 [ 355.051176][ T30] ? __mutex_lock+0x52a/0xd70 [ 355.066323][ T30] ? switchdev_deferred_process_work+0xe/0x20 [ 355.072448][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 355.083655][ T30] ? process_scheduled_works+0x976/0x1850 [ 355.090912][ T30] switchdev_deferred_process_work+0xe/0x20 [ 355.103974][ T30] process_scheduled_works+0xa63/0x1850 [ 355.110196][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 355.123488][ T30] ? assign_work+0x364/0x3d0 [ 355.128498][ T30] worker_thread+0x870/0xd30 [ 355.133161][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 355.146440][ T30] ? __kthread_parkme+0x169/0x1d0 [ 355.154323][ T30] ? __pfx_worker_thread+0x10/0x10 [ 355.166353][ T30] kthread+0x2f0/0x390 [ 355.170495][ T30] ? __pfx_worker_thread+0x10/0x10 [ 355.175667][ T30] ? __pfx_kthread+0x10/0x10 [ 355.187688][ T30] ret_from_fork+0x4b/0x80 [ 355.192725][ T30] ? __pfx_kthread+0x10/0x10 [ 355.203803][ T30] ret_from_fork_asm+0x1a/0x30 [ 355.211281][ T30] [ 355.214425][ T30] INFO: task syz-executor:5578 blocked for more than 144 seconds. [ 355.227192][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 355.234934][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.250155][ T30] task:syz-executor state:D stack:20992 pid:5578 tgid:5578 ppid:1 flags:0x00004006 [ 355.264502][ T30] Call Trace: [ 355.274104][ T30] [ 355.279792][ T30] __schedule+0x1895/0x4b30 [ 355.284954][ T30] ? __pfx___schedule+0x10/0x10 [ 355.295165][ T30] ? __pfx_lock_release+0x10/0x10 [ 355.304152][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 355.314566][ T30] ? schedule+0x90/0x320 [ 355.321505][ T30] schedule+0x14b/0x320 [ 355.325802][ T30] schedule_preempt_disabled+0x13/0x30 [ 355.342995][ T30] __mutex_lock+0x6a7/0xd70 [ 355.353129][ T30] ? __mutex_lock+0x52a/0xd70 [ 355.360602][ T30] ? tun_chr_close+0x3b/0x1b0 [ 355.366695][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 355.371790][ T30] ? __pfx_call_rcu+0x10/0x10 [ 355.383999][ T30] tun_chr_close+0x3b/0x1b0 [ 355.390303][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 355.395492][ T30] __fput+0x23f/0x880 [ 355.407677][ T30] task_work_run+0x24f/0x310 [ 355.412333][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 355.422804][ T30] ? __pfx_task_work_run+0x10/0x10 [ 355.430791][ T30] ? do_exit+0xa2a/0x28e0 [ 355.435178][ T30] ? kmem_cache_free+0x1a2/0x420 [ 355.445313][ T30] ? do_exit+0xa2a/0x28e0 [ 355.453228][ T30] do_exit+0xa2f/0x28e0 [ 355.463131][ T30] ? __pfx_do_exit+0x10/0x10 [ 355.471470][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 355.482047][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 355.491351][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 355.504284][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 355.512209][ T30] do_group_exit+0x207/0x2c0 [ 355.521870][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 355.529705][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 355.534956][ T30] get_signal+0x16a3/0x1740 [ 355.544690][ T30] ? __pfx_get_signal+0x10/0x10 [ 355.553987][ T30] arch_do_signal_or_restart+0x96/0x860 [ 355.564484][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 355.574783][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 355.585907][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 355.595018][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 355.606863][ T30] do_syscall_64+0x100/0x230 [ 355.611530][ T30] ? clear_bhb_loop+0x35/0x90 [ 355.623715][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.630080][ T30] RIP: 0033:0x7f1f92574257 [ 355.634550][ T30] RSP: 002b:00007f1f9285fd90 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 355.646301][ T30] RAX: fffffffffffffe00 RBX: 00000000000000a5 RCX: 00007f1f92574257 [ 355.654332][ T30] RDX: 0000000040000000 RSI: 00007f1f9285fdec RDI: 00000000ffffffff [ 355.670920][ T30] RBP: 00007f1f9285fdec R08: 0000000000000000 R09: 7fffffffffffffff [ 355.684209][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 000055557d7545eb [ 355.696668][ T30] R13: 000055557d754590 R14: 000000000002e448 R15: 00007f1f9285fe40 [ 355.704717][ T30] [ 355.714520][ T30] INFO: task syz.4.416:6791 blocked for more than 145 seconds. [ 355.723715][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 355.737512][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.746230][ T30] task:syz.4.416 state:D stack:25744 pid:6791 tgid:6791 ppid:5975 flags:0x00004006 [ 355.764115][ T30] Call Trace: [ 355.773086][ T30] [ 355.776072][ T30] __schedule+0x1895/0x4b30 [ 355.787981][ T30] ? __pfx___schedule+0x10/0x10 [ 355.792911][ T30] ? __pfx_lock_release+0x10/0x10 [ 355.806325][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 355.811867][ T30] ? schedule+0x90/0x320 [ 355.816169][ T30] schedule+0x14b/0x320 [ 355.827631][ T30] schedule_preempt_disabled+0x13/0x30 [ 355.833183][ T30] __mutex_lock+0x6a7/0xd70 [ 355.844467][ T30] ? __mutex_lock+0x52a/0xd70 [ 355.851826][ T30] ? tun_chr_close+0x3b/0x1b0 [ 355.864852][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 355.872679][ T30] ? __pfx_call_rcu+0x10/0x10 [ 355.883610][ T30] tun_chr_close+0x3b/0x1b0 [ 355.890829][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 355.901353][ T30] __fput+0x23f/0x880 [ 355.905417][ T30] task_work_run+0x24f/0x310 [ 355.915251][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 355.925876][ T30] ? __pfx_task_work_run+0x10/0x10 [ 355.933743][ T30] ? do_exit+0xa2a/0x28e0 [ 355.943631][ T30] ? kmem_cache_free+0x1a2/0x420 [ 355.951360][ T30] ? do_exit+0xa2a/0x28e0 [ 355.955750][ T30] do_exit+0xa2f/0x28e0 [ 355.966313][ T30] ? __pfx_do_exit+0x10/0x10 [ 355.970974][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 355.983700][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 355.990392][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 356.004865][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 356.010447][ T30] do_group_exit+0x207/0x2c0 [ 356.015205][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 356.028501][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 356.033783][ T30] get_signal+0x16a3/0x1740 [ 356.044868][ T30] ? __pfx_get_signal+0x10/0x10 [ 356.050143][ T30] arch_do_signal_or_restart+0x96/0x860 [ 356.063555][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 356.071960][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 356.086376][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 356.092196][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 356.107826][ T30] do_syscall_64+0x100/0x230 [ 356.112500][ T30] ? clear_bhb_loop+0x35/0x90 [ 356.122485][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.132314][ T30] RIP: 0033:0x7f6c4137dff9 [ 356.142457][ T30] RSP: 002b:00007f6c4165fb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 356.153700][ T30] RAX: 0000000000000000 RBX: 00007f6c41537a80 RCX: 00007f6c4137dff9 [ 356.166358][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 356.174396][ T30] RBP: 00007f6c41537a80 R08: 0000000000000006 R09: 00007f6c4165fe7f [ 356.191732][ T30] R10: 00000000003ffc20 R11: 0000000000000246 R12: 000000000002f48e [ 356.202577][ T30] R13: 00007f6c4165fc90 R14: 0000000000000032 R15: ffffffffffffffff [ 356.218902][ T30] [ 356.222055][ T30] INFO: task syz.3.424:6818 blocked for more than 145 seconds. [ 356.234522][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 356.246143][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 356.260528][ T30] task:syz.3.424 state:D stack:26048 pid:6818 tgid:6813 ppid:5258 flags:0x00000004 [ 356.274737][ T30] Call Trace: [ 356.281781][ T30] [ 356.285845][ T30] __schedule+0x1895/0x4b30 [ 356.295524][ T30] ? __pfx___schedule+0x10/0x10 [ 356.304372][ T30] ? __pfx_lock_release+0x10/0x10 [ 356.314009][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 356.323454][ T30] ? schedule+0x90/0x320 [ 356.332283][ T30] schedule+0x14b/0x320 [ 356.341116][ T30] schedule_preempt_disabled+0x13/0x30 [ 356.350543][ T30] __mutex_lock+0x6a7/0xd70 [ 356.355114][ T30] ? __mutex_lock+0x52a/0xd70 [ 356.365720][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 356.375270][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 356.384322][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 356.394449][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 356.403441][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 356.412881][ T30] ? ref_tracker_free+0x643/0x7e0 [ 356.423779][ T30] netlink_rcv_skb+0x1e3/0x430 [ 356.432553][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 356.441869][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 356.451058][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 356.460168][ T30] netlink_unicast+0x7f6/0x990 [ 356.465010][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 356.474309][ T30] ? __virt_addr_valid+0x183/0x530 [ 356.485212][ T30] ? __check_object_size+0x48e/0x900 [ 356.495460][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 356.505011][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.514335][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 356.523761][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.534253][ T30] __sock_sendmsg+0x221/0x270 [ 356.542885][ T30] ____sys_sendmsg+0x52a/0x7e0 [ 356.551496][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 356.560787][ T30] __sys_sendmsg+0x292/0x380 [ 356.565467][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 356.574569][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 356.584960][ T30] ? do_syscall_64+0x100/0x230 [ 356.596401][ T30] ? do_syscall_64+0xb6/0x230 [ 356.601160][ T30] do_syscall_64+0xf3/0x230 [ 356.605715][ T30] ? clear_bhb_loop+0x35/0x90 [ 356.618433][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.624406][ T30] RIP: 0033:0x7f83b377dff9 [ 356.633971][ T30] RSP: 002b:00007f83b45f2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 356.645133][ T30] RAX: ffffffffffffffda RBX: 00007f83b3936058 RCX: 00007f83b377dff9 [ 356.662401][ T30] RDX: 0000000000000000 RSI: 0000000020001200 RDI: 000000000000000b [ 356.670831][ T30] RBP: 00007f83b37f0296 R08: 0000000000000000 R09: 0000000000000000 [ 356.686189][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.695689][ T30] R13: 0000000000000000 R14: 00007f83b3936058 R15: 00007f83b3a5fa28 [ 356.712554][ T30] [ 356.715719][ T30] INFO: task syz-executor:6827 blocked for more than 146 seconds. [ 356.728385][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 356.736069][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 356.751289][ T30] task:syz-executor state:D stack:26256 pid:6827 tgid:6827 ppid:1 flags:0x00004004 [ 356.766023][ T30] Call Trace: [ 356.774665][ T30] [ 356.780270][ T30] __schedule+0x1895/0x4b30 [ 356.784866][ T30] ? __pfx___schedule+0x10/0x10 [ 356.794931][ T30] ? __pfx_lock_release+0x10/0x10 [ 356.803851][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 356.814808][ T30] ? schedule+0x90/0x320 [ 356.823070][ T30] schedule+0x14b/0x320 [ 356.832296][ T30] schedule_preempt_disabled+0x13/0x30 [ 356.841275][ T30] __mutex_lock+0x6a7/0xd70 [ 356.845857][ T30] ? __mutex_lock+0x52a/0xd70 [ 356.854625][ T30] ? register_nexthop_notifier+0x84/0x290 [ 356.864202][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 356.873196][ T30] ? __asan_memset+0x23/0x50 [ 356.882130][ T30] register_nexthop_notifier+0x84/0x290 [ 356.891576][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 356.904925][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 356.915224][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 356.926456][ T30] ? __asan_memset+0x23/0x50 [ 356.931135][ T30] ops_init+0x31e/0x590 [ 356.935344][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 356.949268][ T30] setup_net+0x287/0x9e0 [ 356.953596][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 356.964536][ T30] ? __pfx_setup_net+0x10/0x10 [ 356.972721][ T30] copy_net_ns+0x33f/0x570 [ 356.982455][ T30] create_new_namespaces+0x425/0x7b0 [ 356.990583][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 357.001973][ T30] ksys_unshare+0x57d/0xa70 [ 357.010027][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 357.015110][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 357.025423][ T30] ? do_syscall_64+0x100/0x230 [ 357.035095][ T30] __x64_sys_unshare+0x38/0x40 [ 357.043885][ T30] do_syscall_64+0xf3/0x230 [ 357.052204][ T30] ? clear_bhb_loop+0x35/0x90 [ 357.064644][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.074501][ T30] RIP: 0033:0x7fb317f7f7f7 [ 357.082804][ T30] RSP: 002b:00007fb31825ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 357.095018][ T30] RAX: ffffffffffffffda RBX: 00007fb317ff1a85 RCX: 00007fb317f7f7f7 [ 357.111346][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 357.122439][ T30] RBP: 0000000000000000 R08: 00007fb318c67d60 R09: 0000000000000000 [ 357.136308][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 357.144350][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 357.164873][ T30] [ 357.170832][ T30] INFO: task syz-executor:6828 blocked for more than 146 seconds. [ 357.188391][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 357.196093][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 357.214452][ T30] task:syz-executor state:D stack:26656 pid:6828 tgid:6828 ppid:1 flags:0x00004004 [ 357.225078][ T30] Call Trace: [ 357.237676][ T30] [ 357.240762][ T30] __schedule+0x1895/0x4b30 [ 357.245359][ T30] ? __pfx___schedule+0x10/0x10 [ 357.258438][ T30] ? __pfx_lock_release+0x10/0x10 [ 357.263557][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 357.274752][ T30] ? schedule+0x90/0x320 [ 357.281856][ T30] schedule+0x14b/0x320 [ 357.286090][ T30] schedule_preempt_disabled+0x13/0x30 [ 357.301382][ T30] __mutex_lock+0x6a7/0xd70 [ 357.305977][ T30] ? __mutex_lock+0x52a/0xd70 [ 357.313564][ T30] ? register_nexthop_notifier+0x84/0x290 [ 357.325641][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 357.332296][ T30] ? __asan_memset+0x23/0x50 [ 357.344963][ T30] register_nexthop_notifier+0x84/0x290 [ 357.352660][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 357.364729][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 357.372869][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 357.385528][ T30] ? __asan_memset+0x23/0x50 [ 357.391742][ T30] ops_init+0x31e/0x590 [ 357.395965][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 357.408875][ T30] setup_net+0x287/0x9e0 [ 357.414255][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 357.425124][ T30] ? __pfx_setup_net+0x10/0x10 [ 357.432934][ T30] copy_net_ns+0x33f/0x570 [ 357.442843][ T30] create_new_namespaces+0x425/0x7b0 [ 357.449731][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 357.455539][ T30] ksys_unshare+0x57d/0xa70 [ 357.466314][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 357.471402][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 357.484291][ T30] ? do_syscall_64+0x100/0x230 [ 357.489947][ T30] __x64_sys_unshare+0x38/0x40 [ 357.494772][ T30] do_syscall_64+0xf3/0x230 [ 357.506687][ T30] ? clear_bhb_loop+0x35/0x90 [ 357.511442][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.526536][ T30] RIP: 0033:0x7fc3fc37f7f7 [ 357.531034][ T30] RSP: 002b:00007fc3fc65ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 357.547879][ T30] RAX: ffffffffffffffda RBX: 00007fc3fc3f1a85 RCX: 00007fc3fc37f7f7 [ 357.555907][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 357.571452][ T30] RBP: 0000000000000000 R08: 00007fc3fd067d60 R09: 0000000000000000 [ 357.582321][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 357.595368][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 357.606697][ T30] [ 357.609873][ T30] [ 357.609873][ T30] Showing all locks held in the system: [ 357.625352][ T30] 5 locks held by kworker/u8:1/12: [ 357.633345][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 357.651932][ T30] #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 357.665569][ T30] #2: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 357.681060][ T30] #3: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: cleanup_net+0x6af/0xcc0 [ 357.692694][ T30] #4: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 357.709255][ T30] 3 locks held by kworker/1:0/25: [ 357.714342][ T30] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 357.735568][ T30] #1: ffffc900001f7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 357.755886][ T30] #2: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 357.765983][ T30] 1 lock held by khungtaskd/30: [ 357.778078][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 357.794528][ T30] 3 locks held by kworker/u8:5/62: [ 357.804017][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 357.820753][ T30] #1: ffffc900015d7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 357.835882][ T30] #2: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 357.849940][ T30] 3 locks held by kworker/u8:11/2998: [ 357.855376][ T30] #0: ffff88802df1c148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 357.877166][ T30] #1: ffffc90009d97d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 357.896628][ T30] #2: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 357.915179][ T30] 2 locks held by getty/5008: [ 357.920301][ T30] #0: ffff8880327820a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 357.941920][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 357.957057][ T30] 6 locks held by kworker/0:4/5292: [ 357.962313][ T30] 3 locks held by kworker/1:8/5326: [ 357.975333][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 357.993798][ T30] #1: ffffc90004277d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 358.005301][ T30] #2: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 358.024221][ T30] 1 lock held by syz-executor/5578: [ 358.030973][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 358.046525][ T30] 1 lock held by syz.4.416/6791: [ 358.051513][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 358.067499][ T30] 1 lock held by syz.3.424/6818: [ 358.072486][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 358.106623][ T30] 2 locks held by syz.2.426/6829: [ 358.111709][ T30] 2 locks held by syz-executor/6827: [ 358.154076][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.175264][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.190197][ T30] 2 locks held by syz-executor/6828: [ 358.195540][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.212842][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.223643][ T30] 2 locks held by syz-executor/6841: [ 358.237302][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.254141][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.267006][ T30] 2 locks held by syz-executor/6842: [ 358.272348][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.288321][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.303419][ T30] 1 lock held by syz.0.434/6851: [ 358.312284][ T30] #0: ffff888028f66068 (&pipe->mutex){+.+.}-{3:3}, at: pipe_write+0xd5b/0x1a30 [ 358.326356][ T30] 2 locks held by syz.0.434/6852: [ 358.331433][ T30] #0: ffff888028f66068 (&pipe->mutex){+.+.}-{3:3}, at: splice_to_socket+0xee/0x10b0 [ 358.349028][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 358.364474][ T30] 2 locks held by syz-executor/6857: [ 358.373599][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.387565][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.404003][ T30] 2 locks held by syz-executor/6870: [ 358.410905][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.431453][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.445165][ T30] 2 locks held by syz-executor/6872: [ 358.457399][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.473254][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.485168][ T30] 2 locks held by syz-executor/6879: [ 358.496418][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.505942][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.523227][ T30] 2 locks held by syz-executor/6881: [ 358.528910][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.548240][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.565216][ T30] 2 locks held by syz-executor/6886: [ 358.570937][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.587891][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.604902][ T30] 2 locks held by syz-executor/6893: [ 358.613010][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.629911][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.643951][ T30] 2 locks held by syz-executor/6895: [ 358.654148][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.671628][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.690847][ T30] 2 locks held by syz-executor/6900: [ 358.696177][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.706045][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.724660][ T30] 2 locks held by syz-executor/6903: [ 358.730423][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.746327][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.764007][ T30] 2 locks held by syz-executor/6908: [ 358.771229][ T30] #0: ffffffff8fcc6090 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 358.788172][ T30] #1: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 358.811741][ T30] [ 358.814137][ T30] ============================================= [ 358.814137][ T30] [ 358.845261][ T30] NMI backtrace for cpu 1 [ 358.849746][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 358.860283][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 358.870380][ T30] Call Trace: [ 358.873694][ T30] [ 358.876670][ T30] dump_stack_lvl+0x241/0x360 [ 358.881397][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 358.886661][ T30] ? __pfx__printk+0x10/0x10 [ 358.891306][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 358.896291][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 358.901789][ T30] ? _printk+0xd5/0x120 [ 358.905980][ T30] ? __pfx__printk+0x10/0x10 [ 358.910604][ T30] ? __wake_up_klogd+0xcc/0x110 [ 358.915505][ T30] ? __pfx__printk+0x10/0x10 [ 358.920133][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 358.925206][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 358.931233][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 358.937263][ T30] watchdog+0xff4/0x1040 [ 358.941547][ T30] ? watchdog+0x1ea/0x1040 [ 358.946027][ T30] ? __pfx_watchdog+0x10/0x10 [ 358.950751][ T30] kthread+0x2f0/0x390 [ 358.954900][ T30] ? __pfx_watchdog+0x10/0x10 [ 358.959638][ T30] ? __pfx_kthread+0x10/0x10 [ 358.964280][ T30] ret_from_fork+0x4b/0x80 [ 358.968767][ T30] ? __pfx_kthread+0x10/0x10 [ 358.973402][ T30] ret_from_fork_asm+0x1a/0x30 [ 358.978217][ T30] [ 358.982303][ T30] Sending NMI from CPU 1 to CPUs 0: [ 358.987975][ C0] NMI backtrace for cpu 0 [ 358.987989][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 358.988011][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 358.988023][ C0] RIP: 0010:unwind_next_frame+0x5f7/0x22d0 [ 358.988047][ C0] Code: 20 00 74 08 48 89 df e8 87 2e bd 00 48 8b 1b 48 85 db 0f 84 73 0b 00 00 48 83 c3 10 e9 06 02 00 00 83 fb 04 0f 84 0e 02 00 00 <83> fb 05 0f 85 e6 09 00 00 48 8b 44 24 58 42 80 3c 20 00 74 0d 4c [ 358.988063][ C0] RSP: 0018:ffffc90000156950 EFLAGS: 00000202 [ 358.988081][ C0] RAX: ffffc90000156a55 RBX: 0000000000000005 RCX: ffffffff902e9cd8 [ 358.988095][ C0] RDX: ffffffff90a4828c RSI: ffffffff90a4828c RDI: 0000000000000001 [ 358.988109][ C0] RBP: ffffc90000156a70 R08: 0000000000000001 R09: ffffc90000156b10 [ 358.988122][ C0] R10: ffffc90000156a70 R11: ffffffff8180a0e0 R12: dffffc0000000000 [ 358.988137][ C0] R13: ffffc90000156a20 R14: ffffc90000156a58 R15: ffffffff90a48290 [ 358.988151][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 358.988166][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 358.988179][ C0] CR2: 00007fadc9d7ef98 CR3: 000000000e734000 CR4: 00000000003526f0 [ 358.988195][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 358.988206][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 358.988218][ C0] Call Trace: [ 358.988224][ C0] [ 358.988232][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 358.988256][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 358.988284][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 358.988306][ C0] ? nmi_handle+0x2a/0x5a0 [ 358.988333][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 358.988358][ C0] ? nmi_handle+0x14f/0x5a0 [ 358.988376][ C0] ? nmi_handle+0x2a/0x5a0 [ 358.988395][ C0] ? unwind_next_frame+0x5f7/0x22d0 [ 358.988412][ C0] ? default_do_nmi+0x63/0x160 [ 358.988436][ C0] ? exc_nmi+0x123/0x1f0 [ 358.988458][ C0] ? end_repeat_nmi+0xf/0x53 [ 358.988478][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 358.988503][ C0] ? unwind_next_frame+0x5f7/0x22d0 [ 358.988520][ C0] ? unwind_next_frame+0x5f7/0x22d0 [ 358.988539][ C0] ? unwind_next_frame+0x5f7/0x22d0 [ 358.988556][ C0] [ 358.988562][ C0] [ 358.988572][ C0] ? kthread+0x2f0/0x390 [ 358.988592][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 358.988614][ C0] arch_stack_walk+0x11c/0x150 [ 358.988636][ C0] ? kthread+0x2f0/0x390 [ 358.988655][ C0] stack_trace_save+0x118/0x1d0 [ 358.988678][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 358.988702][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 358.988730][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 358.988759][ C0] kasan_save_track+0x3f/0x80 [ 358.988777][ C0] ? kasan_save_track+0x3f/0x80 [ 358.988794][ C0] ? kasan_save_free_info+0x40/0x50 [ 358.988818][ C0] ? __kasan_slab_free+0x59/0x70 [ 358.988837][ C0] ? kfree+0x1a0/0x440 [ 358.988857][ C0] ? skb_release_data+0x6a0/0x8a0 [ 358.988877][ C0] ? consume_skb+0x9f/0xf0 [ 358.988894][ C0] ? nft_synproxy_eval_v4+0x3d2/0x610 [ 358.988921][ C0] ? nft_synproxy_do_eval+0x362/0xa60 [ 358.988952][ C0] ? nft_do_chain+0x4ad/0x1da0 [ 358.988969][ C0] ? nft_do_chain_inet+0x418/0x6b0 [ 358.988995][ C0] ? nf_hook_slow+0xc3/0x220 [ 358.989017][ C0] ? NF_HOOK+0x29e/0x450 [ 358.989037][ C0] ? NF_HOOK+0x3a4/0x450 [ 358.989055][ C0] ? __netif_receive_skb+0x2bf/0x650 [ 358.989078][ C0] ? process_backlog+0x662/0x15b0 [ 358.989101][ C0] ? __napi_poll+0xcb/0x490 [ 358.989122][ C0] ? net_rx_action+0x89b/0x1240 [ 358.989145][ C0] ? handle_softirqs+0x2c5/0x980 [ 358.989167][ C0] ? run_ksoftirqd+0xca/0x130 [ 358.989192][ C0] ? smpboot_thread_fn+0x544/0xa30 [ 358.989215][ C0] ? kthread+0x2f0/0x390 [ 358.989248][ C0] kasan_save_free_info+0x40/0x50 [ 358.989273][ C0] __kasan_slab_free+0x59/0x70 [ 358.989291][ C0] ? skb_release_data+0x6a0/0x8a0 [ 358.989311][ C0] kfree+0x1a0/0x440 [ 358.989332][ C0] ? skb_release_data+0x6a0/0x8a0 [ 358.989353][ C0] skb_release_data+0x6a0/0x8a0 [ 358.989378][ C0] consume_skb+0x9f/0xf0 [ 358.989396][ C0] nft_synproxy_eval_v4+0x3d2/0x610 [ 358.989426][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 358.989455][ C0] ? nf_ip_checksum+0x13a/0x500 [ 358.989474][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 358.989504][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 358.989530][ C0] ? validate_chain+0x11e/0x5920 [ 358.989552][ C0] ? __pfx_validate_chain+0x10/0x10 [ 358.989577][ C0] nft_do_chain+0x4ad/0x1da0 [ 358.989601][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 358.989617][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 358.989654][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 358.989675][ C0] nft_do_chain_inet+0x418/0x6b0 [ 358.989704][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 358.989730][ C0] ? ipt_do_table+0x312/0x1860 [ 358.989765][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 358.989791][ C0] nf_hook_slow+0xc3/0x220 [ 358.989815][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 358.989837][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 358.989858][ C0] NF_HOOK+0x29e/0x450 [ 358.989880][ C0] ? NF_HOOK+0x9a/0x450 [ 358.989900][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 358.989921][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 358.989952][ C0] ? ip_rcv_finish+0x406/0x560 [ 358.989974][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 358.989995][ C0] NF_HOOK+0x3a4/0x450 [ 358.990015][ C0] ? __lock_acquire+0x1384/0x2050 [ 358.990042][ C0] ? NF_HOOK+0x9a/0x450 [ 358.990062][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 358.990081][ C0] ? ip_rcv_core+0x801/0xd10 [ 358.990102][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 358.990126][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 358.990147][ C0] __netif_receive_skb+0x2bf/0x650 [ 358.990171][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 358.990197][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 358.990220][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 358.990246][ C0] ? __pfx_lock_release+0x10/0x10 [ 358.990273][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 358.990305][ C0] process_backlog+0x662/0x15b0 [ 358.990331][ C0] ? process_backlog+0x33b/0x15b0 [ 358.990360][ C0] ? __pfx_process_backlog+0x10/0x10 [ 358.990383][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 358.990411][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 358.990440][ C0] __napi_poll+0xcb/0x490 [ 358.990464][ C0] net_rx_action+0x89b/0x1240 [ 358.990499][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 358.990523][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 358.990565][ C0] handle_softirqs+0x2c5/0x980 [ 358.990591][ C0] ? run_ksoftirqd+0xca/0x130 [ 358.990618][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 358.990640][ C0] ? preempt_schedule+0xe1/0xf0 [ 358.990671][ C0] run_ksoftirqd+0xca/0x130 [ 358.990696][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 358.990722][ C0] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 358.990749][ C0] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 358.990775][ C0] ? smpboot_thread_fn+0x2d3/0xa30 [ 358.990799][ C0] ? smpboot_thread_fn+0x4fb/0xa30 [ 358.990823][ C0] ? smpboot_thread_fn+0x656/0xa30 [ 358.990848][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 358.990873][ C0] smpboot_thread_fn+0x544/0xa30 [ 358.990898][ C0] ? smpboot_thread_fn+0x4e/0xa30 [ 358.990925][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 358.990956][ C0] kthread+0x2f0/0x390 [ 358.990973][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 358.990997][ C0] ? __pfx_kthread+0x10/0x10 [ 358.991015][ C0] ret_from_fork+0x4b/0x80 [ 358.991059][ C0] ? __pfx_kthread+0x10/0x10 [ 358.991077][ C0] ret_from_fork_asm+0x1a/0x30 [ 358.991110][ C0] [ 359.826641][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 359.833577][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 359.844116][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 359.854207][ T30] Call Trace: [ 359.857514][ T30] [ 359.860556][ T30] dump_stack_lvl+0x241/0x360 [ 359.865294][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.870544][ T30] ? __pfx__printk+0x10/0x10 [ 359.875169][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 359.881206][ T30] ? vscnprintf+0x5d/0x90 [ 359.885582][ T30] panic+0x349/0x880 [ 359.889516][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 359.895712][ T30] ? __pfx_panic+0x10/0x10 [ 359.900165][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 359.905583][ T30] ? __irq_work_queue_local+0x137/0x410 [ 359.911180][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 359.916634][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 359.922837][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 359.929038][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 359.935236][ T30] watchdog+0x1033/0x1040 [ 359.939613][ T30] ? watchdog+0x1ea/0x1040 [ 359.944079][ T30] ? __pfx_watchdog+0x10/0x10 [ 359.948813][ T30] kthread+0x2f0/0x390 [ 359.952909][ T30] ? __pfx_watchdog+0x10/0x10 [ 359.957661][ T30] ? __pfx_kthread+0x10/0x10 [ 359.962293][ T30] ret_from_fork+0x4b/0x80 [ 359.966772][ T30] ? __pfx_kthread+0x10/0x10 [ 359.971415][ T30] ret_from_fork_asm+0x1a/0x30 [ 359.976248][ T30] [ 359.979659][ T30] Kernel Offset: disabled [ 359.984017][ T30] Rebooting in 86400 seconds..