last executing test programs: 43.352690981s ago: executing program 4 (id=152): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000480)=0x0) ptrace$setregs(0xf, r1, 0x9d, &(0x7f0000000740)="a677286d8a3e12a097eda93f118fa690c1e98a8f3586fbb529b72560702e70ab8063cc62c17930b7e7c3c11cc0a0bd123ed926eec6d3b079ded55ed8639c95813a4ead69e00d036e5440eaa88361f96719b89fd3555783b16851cffbf587dcc2fbe42618b471665eb41a7da4bad446679249ff3376e273") getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000400)=""/103, &(0x7f0000000300)=0x67) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x1dc82e11}, {&(0x7f0000000580)=""/156}, {&(0x7f00000000c0)=""/11}, {&(0x7f0000000640)=""/247}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "ac"}]}, @NFTA_CMP_SREG={0x8}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xf8}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r3, 0x0, 0x0) semget$private(0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) madvise(&(0x7f0000c85000/0x3000)=nil, 0x3000, 0xf) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) clock_nanosleep(0x5, 0x1, &(0x7f0000000080), &(0x7f00000000c0)) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x900, 0x0, 0x1c, {[@window={0xe, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x1, 0x9, 0xa, 0x2008, 0x1, 0xc08, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x2, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfc8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979e29857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37ceff9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f0800000000000000af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed210d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734f87da3770845cf442d488afdc0e170000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bbf8ab9c691841ab0931d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f080091c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efde0142cf90ff668b9757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c2f56855b18f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55d02d48e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cffe6740f90735f66ca54fd87800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc604d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a37870000000000000000000000000000000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7da88d2489fb000a4aa838f911c1a869fa55e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e357e0cbed29faef19c0082e26fb867bf0ff0099d71bb0d2f443e77a44e8c4b0455d95b19c73ef4c98f775aad9e1b317b3cc48f7ad1d82ea6ad6c3c7d943fb0157c250e2ba56301e25c19a7e37ce880bed8a8e1538560f2be7d4cca6539277505826bd61bad2bcd4914344d4a27b29d2eb89bdc7a702e485d68c04e8f6b05336bf8d8e116605eaf375a592fe2382763c3cba76a0e4029dad5d37dd77abb1b7d2e2de23a4131e45ed81123ad6fa4f8b92c47e00000000000000774c"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xe80, 0x6000002c, &(0x7f0000000100)="b9ff03316844268cb89e14f008004ce0050000000100008877fbac141416e000030a89079f03b18000440c0511e0845013f2325f004408050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014c0000c0adc043084617d7ecf41effff38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d7da058f6efa6d1f5f7ff400"/254, 0x0, 0xfe, 0x60000000, 0x0, 0xfffffffe}, 0x2c) 41.985652708s ago: executing program 4 (id=158): socket$qrtr(0x2a, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000100)={@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) r3 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r3, 0xab0a, 0x1000001000104) ioctl$NBD_SET_SOCK(r3, 0xab00, 0xffffffffffffffff) ioctl$NBD_DO_IT(r1, 0xab03) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$AUTOFS_IOC_PROTOSUBVER(r4, 0x80049367, &(0x7f0000000180)) ioctl$NBD_SET_SOCK(r3, 0xab00, r4) ioctl$NBD_CLEAR_SOCK(r3, 0xab04) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r6, 0x0, r5, 0x0, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r10 = dup(r9) write$FUSE_BMAP(r10, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r10, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="7472616e733d66642c725c646e6f590bfb0df91e2652833dfe783b859674347c43416b856948f5d0c3b03fab109318a761734acc262c476d7a1ea7b7c32b855028985b7dad0295d5a68c0c9d5605e3d5b7ef56108632095b93885ff158d76659673e1777911a27d6370f79dc656ea27088bbfbb27acedd31bda1e95ae4f80541ccddc4877c2d5f15f30df5ed0764e8bfa5af059c9b3bfdb342821465f1438c75a4fb0c533bb7efc54b92dc42cfc73c5a704961563a25d232ee152143ed667fe5f1418ba5a69d3720313a49605e86c57e1a90b513ec406313", @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB=',cachetag=wfdno,cache=fscache,k']) syz_fuse_handle_req(r7, &(0x7f0000002240)="afaddbba376e1bba12e2f2262ec7a1f5b377313a7bcf2d9b013196c2f0f94bc244fc0dc1c1bfbd4ed45229ce0cb7ca58f4b8d430b30d6ad8e8a56099ff70f31257cbe8710542fbedf009e1a5799fb06a7e0301b43d31008caf089c4a5a49dc50ea4c476f63a8b0aa08dd78d9ff39d8dfafbe2c41ff5d2331dd2e9d784247d5272cdcd13e6d9d7a03fa6b0622e6f130e0489bf9105a2a511d6f5b7da1100ecfe5d6ce64f4aac5c00c26d636ac66f059201a3a790b946da4808f1d665484847b61faab09a5e4b45a17c4c55b64ecf6933705c22c85317cc5edeba3e9260033f6bac869ac3b08ed1c55ae3119c78761be6d934c3757d5f10079243e4f06429907163f81855b74887146d875d0e6ab4d5c7032e84c33ea24bb93b2ab6eaec0feeca93f006a0d2bc2bd601f2ede8f32b5fa2e37e0ad1460b8839676dedef30fb684f6fddfcd9a84f3efd78d076c996d92a186e921e16e5ac7aa1f70c585b3752cc1312876c758219645ad0a5540bc82074a497ffc3717c8e139c09b3d2e21fff27e12db18540448f7ff7b637f87b7a717a60a23934e4be7f55ac10d2c09098fa13c9f1c5ed9ba61cc3ddc320b5409071d2ddd25d5b8f79475e80b3b8257b25fad2c59c31c5855560f2600de1930cb1f2e57aed4fb0b79fa7aac52d54a73d62f424cbad6f82ce5d5749cce356f892488ed149283e51dfdded96136a90b5e0c63d1728a82c324b1dd756b9f9b257a9e7f4b07a007e8ed37274d686e4b1667b315b640cb610d48fbe98c07ddb82250e9399b1e705e3f805969b9a003902e2e7b85cb9e2171f5bd180fbb9bd26805fce0b2c6f87cd7d02a579ac24a5391ad2eec8868425034c5dc19dc7581bc0162ecb37a172175a859b143284e3146dfa01731b6ceca8e458cbdf8d785300d12c50c3bd9ca4b72cbb0480711b2cfe820c31887289b29fed60c04548ee3e24acaeed283a9400cbba31e1317ec6158ece4ce56af53e46e182a6d441ba04520f0e8b45b56eb378ddb17ef5d57b27941032e7c917313f555838ba5397816757da7bedb6c5ac760239455cf09861026920c2ab3119a3257d2eb61e8dac7c39ee5880cdfb7c4fcbcf28dc4fcceb81e81f5fbbc0179fe22fbac014b118ed1ec81652d34a67b53a9a8ee468d8e927a77ae79f381a249501d3055e7da0b7a8847850f4e35aaf5b5dd4338326da84d93091035bf10b80b3e79badd38fd5d2b9fdf0b0923c96193d93ae4d8753980f8c73e980934686f11acb266c161751367dc05e6ae5175bd304ae6b1fc016ff2a01eb05a1ba7ebf1b91cf25dc14852984acdfb008a5df08d5c8619c9211320b87a5f1b3902531050a147af6a7134316a7735ad310f6241258bd9b79e2dee1461840dfdd905bc2e17d55b49694a68f36bf4a64fb2f5a483b633398abaff7917d9f1216d70368ad4c8e4fcfb040040f32e8a6a534d02c4187fbd19b85f35f8c119e06e3dabaa210a649117722816b5a91c5125c84482d414edcd992c79aa80fd568a884c99d43b77a87daa96f662c53fba7367ee147daf620bc6d13d32c3d9cdf8095962a9bcb85a93b6598750cdbbf5925a2a0875afd1e58a568b89815ae420ea9553ed487a55393115a8907aaf3982827be1534576c257b8594b48d0d71fa1f56dd096a6ea3f7fa339b51585d36ef72d0bb0da4c2c84ace8d16be3ead998187df0e59045541b0a1e79e5ee5b1a55d8fcd157d49df504b6fc031c5fd1e01a8ee2ae9f84df78ef03595642a7812d737ad2595b922ee618823b53ae2594dc15193c7206591e9b16689c3d5bd4b4b8d6851c2e7f0550ba0178a64b8d3c08bfa35f064576ccac39e7936e2e10fd27785f66053580b45e9c93d666bb7d4eff042da50774049f0948b150a660e08e82fc352636cfa0fdc9409316e402440aba8ab8944840838d8121a76274a5f929101e25c2a7c0ccf84831c8981258b21679dd92b7c44a78acfd706cd25f8878873683a6f5aebc81d45375aefcb484bf517ec13dc814fdf390cd39f764a008777c9db7b22b1c7eb556a5f51fe9755916f84db7401744c015c1100b3d3cb8264b26c022d7f6441cd0f099681d7d9df8b3c9c6d153d6d0c30fefded15e74c7a9b5832032552ef6bfb3863330edac33a33df4a4839d661bf10ab6aed5d2093b57450ce6dd2fae63096d07e47b8ba3c5225625f6c8d98e007b49b907a4ca511aeefaf8ae3cf10ed63bf3a7dc0f7b0c1e48e6af2b158dc1ea12335ab91acaabacc104e79968f89999aec3b694aecc6783dfeb9a8efc140f18583d113454145bfbe1fe480bfb7de71fb394d08f453926208d5d595e09df3fa216fe78a2693c2c2a29cadb2c2e86ae09e912bd2ed18559a0f8b5f131b780fc8037081aa98eed56795f1bb5b44300f73b7ceb080d7c9b022b7246a93f7784aa3475e05e125d50b3a0cee066c609add2716ec88a70e1f0c79344b0cc80a543c28b970a186aefa24e9246882e790053d652b2175565a12916ce13f1865a40d34a9cc6555a7072b091e6e8b9c2c7137bca71cccc56e33281badaa73a30e67ff5ac9f489ab35bff85aa1daa10b23f4ca0d55f5850e6af0c5ac755364dcbd8c8cbd4bc76bfd220cb12d46361ef68dc9f90601a46a56140d19d05fe5be799c3af81340c9f07e252aa1768a5dfb4a0536481313d985d8ecb36cdbaa6891e0608ae5a842d9580400977d8a855308b85d1bd70e57523ca5c153640a2e7a778c9df5ad48e230d881c06e0222bba818738ee67ddb7cc2034d25a3ca5d259be6ad63f6cd84938be096d2ab5df0fa7249b57c7653a2c6a016d2890dbf6620c52e4594358c0711dea1bc6fbddb44f500bcbe64f269bf17e0c6c5d8e18ec56d3519706efb6c868d34643e48e5d05c91f458f8f3e0c6befc8511dfa508f5c26eafce1077a082abf8a868ddd62206f39e125cdfb52be753ac96f39341b797d23a3d173d783932271996f482fb80d8022700ab96efe2df6c19370fdf2030d784578a05594eb7905ab5125fc543713dad95d4467cd76f35de43e79a6eb5ede4edc8afb04ab682cf282ac865165329688e7a9a181cc42f9bc31c0203d5c4f8583f7f03ce0b69a5e7e5af7a87d8477dfe1ec64ec8e1132d7f36d3ce6c41dcbd347a50ba51c16340376f50f093269266f97a0b3570675d1bd54f7fccc8f99b264dcff9d057df961a6a4dc4268791091cc08208bd62e1088ca07ca5a2fa849978036554806fdfd9dcf231b28872715eb7b6f65b5ef064c49f0ad04e5bf4f50612a5f313b65eecf07c2b79f65a8b03058a043fcf4ca62a71027db9c2e5311febf53e8027d92f14ea0958000d1d388a323bdc70f6a2bffedd7d7697523b0c4add0e1234e35629014afd1789288e9ca6d65b49e5e2d31631da7674376781e7be087b9cdb58098744e4d6b9ffc2dd82d02ebe3886b869aae44f7080252dafd6d00718c5ddd1ef66d5a950ecd79a87ff35d286259e758e0a4bc552abe99a19d0abe5614e5e0474b8552c0b30cff0d44c816c7e23bec85bf466f7ab534b38e6d97fda0f42a3e2ad15d0f242b41818d7d0d99118a0c3230288a4fb7d18b19000cc58f46d26fefc703a00e6b5c592ad7e34caf29b9acf1d6cf3eec647b86ef3c5d5a8151914ec82320c546b92139e5c2ef2c7906413a0755d6bdb53441ef21a0d2d1400b4e024f4fd924a600d098f88649190cdb74a2390e497941743b87ff0d3e3016bc0f149b600232efa3a0403cbb6695520ad6aa4393c4f1cf201ac140e4a5e31bfdc1da895b0f38dd25d126cefd05fcde00f6f2afdb4e93c70cc3a6696c660c497b68072c3cfa7132d71a799cc1222c250df2aecee7d7656b888ccf61e9a572f76ba0a7d287ae7490365bd610bf9df142d131ee4324af19fb451e984a79b43026f516bec5e88a6aae9c6d37e13adfd2c99428dbd3dfab9ea008e15d01a2cada5c1e9482fd6e10de25ad362c83c27e913c6f27bed3dc5515d2e65eca95109c001782715fb897f3e572efda7196f96ec781f1e93201202a9596030d1936b25288dedde240d70dd3d01e5cd91e318a1ae3630d136e8e267deaac70079bf3282f93b08d12c9eb3f0b4617119857af8634531c922c75ca8b674e7cdf51a425fc0bb7f77c6a07e6a98293f991d7ba26e994d63cbb40becf54bdb74805006d55210e04bb31e8f97041cc9c345d8cc4783cf40a3007437872583ce7490a408f9d4d85d0fd063140e33078eb143d001f574ab412d8ab0affd504eacc1cf77ad14e2f3b7e78fb9ee66edb99fd6667e51bc522a6b61c0a7e81456097ce62b79fbf12dea8df4356f205f9ca4c0633aed65a0581952802be787bdbde12cd344f6cd0cd21cc3ce7515407051f61a8d686f25dd7dad9b3c8f9bd5ee578dd636028238eff03906b67751b275cd37d39b9c2458fa6b3bfeb9969ea1471ff982287efe8f31e3d50aa2a357c033691c78b5509c93272d674debc6a3a03a0ba7df7aa929888930de1b6a5aee0f599ea50ad079e183667142884be38b6715dbc6638c83a80f95bf9bad4e18bbd900da87964b7199ef9f49e3a1ae030d42107baba0e1170e48cd1b66d0bc63f1bded9748a2b8bea4a7d4b04e2d8dbd3b174d4a822470c2ffe4103fd2ecf0f9986935ae43cc8f2ed1e48ce542b197e6fee4ec1bd6f600a290d4e882b2fef318412aabd3fd1c9a57c313b81340bcded3505c0edd12fb88ec07e3743aaf48d93a3664a038953a3048f267c8f6b130e0d183f982cb4385dedf41e3dd68b0a00a8deb882476fe38cffce5f04c9dfd55a009051ef0608721d429b1f4731708d1c092eebe88382debdd0be1c6cb59ccf8d1951f350df8ca79972b3d35f420fd68b602ecaf29a94a0efe785042e8101d462a78ee0e215c380e7b115b74fe9b99d0762a0798d7e308d8594a158b28476dc1de2f4fa4bb68b9325d4bfb491212331eba8f2fabf611300d21fa9c7941306098a9ef3b5e66a40c3060bdc8f707956bcd95545db971d573b1cd9e4e9252b97d36a8a505855e8189b85cef25b736add58e74a67695e8f8e59a3bd97ed858a7c355ff674fd8402fa271bd3e50ccf88070408d31e76e9f166bd44f58fdfd682f8bdcc389ea33b4eee566f9a7e6174abcae98c0aacffae73c5b29fc5d210e35f7d42270b265ffde2de3d45439f8d71e371be19b0f2954bb9530ea5cc18f525c9c79990da81aac6c69550120d3c8ee98d82d8b6de6e59f86f41347d206411aa3a1cc39f841e8daf6a78f700170a140432126d3cd7c3b53cb592fd3aaaf7a45d02a8a537704cb5ea8d165315757d9477f0d52006525ef830dd7d16e82f9ef127689501ee55e2f69b79de0bab64b8325aa1f4bcae387fe84ed1baeecaa42413f684a1db7a120cb73853838f03565ade441ee66cb5f648e165fe617c539f6dec4f12a5f738171e8971184a9d6a14a123bf3cf888fc9e1253d6f98c26b3061e6358d36bdfdfdc85924b9114aec973f4d0e2d4b0c8cd66bf32fd208bb7485cb9c730c8d6e368fbf8fac16be225bcc8d320980f8f6d73ab1ed01d3db4a7e2c275da0fa6ee3eac4fb6b3831ce90b9d654a5039d0be542c3341ccae50193954a233b81e54a191e6cf1e0685ada89e21723ea1e836441d6b7d3da1d41e4e04f7cf770fdde3086c6dcc28b2bc4527b03fd5ca3fd5ce90c4ae665c34386d6bd423d391ea4a13bf62395846afd7bc8417889c02fe34373f20621d20d4912f1acef23169e7b45c7656643d1961fd1151a2a0df5b73fcb022a83d1b8b9a3669e00924a5af0d63bafb044eaaf09497f09187511254fe0d7343909f2b11ddea84191cbd14db3636c5458227ef53f8bd17bc933190958edcaf90453525b81cb0a2cc3088ae5c19fc7aa71b531ebf141a16bc11853bb82c320d21bd2ecf6556894fc586e253b659ab1545ee63e8a9a2d31765d07bc8ce446316aaf712cac59fa4e9d92e002c4421d2318e8b8dcbd67d1b9ca688d3d204a764e83e2d9b92cecd794b5f4763f482210165786b2892dd3a84b35c9348965de9f34ea2211d6062746c1053cd7d58cbef089c67209f301122fbcebd7ee15f627a78ccec7541a7b23f1f19f00238edadad3850fadea580aacf3f09261be6fd456d19c6c9b32e27f355178f0f8c4c9783b976a5555a198ad175274cbcf57ea23926fd38db0256ada2207115077ab6f0037c67a27532e68122ac57c990c581754736d72a81f4bba6d7a2ca7805873856a38c137e8a0b5741dcf16f3431d086e28ca138e2e75d129bff24137c930fb1f227083ed7055ad54d59d66fd4ec309b84767595a39d418d763b7f9c603d18d7992b2718cff68ad4975d1130b997a3a1f4fd27f583f95bf24cfdd49da653efe58d9a34703acca628938c8f395c701b1037151a3190d2eb174763fa78395b3e56bd716c8fe28d4e71d313e590561bf133c8a804c0c7f19453e0fcbf7315071120141780cf195ed34560ad38ecc7b81274768f96e37d6e655be2227eee8d0d1eea5e0c22502233377f56dab09a3f404e6216d65987066904c075bf09e39221dfc90f8c843abc9b145b9d5d7addf62d9016b8ee38b3a6c3d74f0656b3dc719782f6ea5cfb924e81e632d408d4b41c1aa56794c9a03c3527c826e2dc125b503d567536efef5c33e63507022f9615a503e52105f1357b8268a586e62a435b89f0aa4577baad3bda26c531e16ff99658f36fa86c2708d6a8142baf8db30db3fde91f51fe0ef9a19c9f4d79b16117ea59b8d92a9eb9cc4291f8fb758eea16dfffe3536ec690c02f767f36d4c1e93612dd09d6072501d5823adaa0183773b8ce6a841c1d78e97b364e527e5f2a5e185b1a9edbe425bb7c690d46fa65132d27834b0f1c06f69890fc5be997f7391da6324a2155b447470071f2435097e2ca46c0ee0dbda72d06dff6ef260934d198bad8a010023f2b8a04512732dcbb0ddc7c93cef9657dc4652789ad846958f9d696bd028d7e7f3b5876c25c01af0d252a2064c3a8663deb4d3f4692904152f758035f1746bbf8af5ced2837363de3a923a1ac1c1fb9d5258158d8f0b44e27a893820deb4f721f8cad92d7bdcfe26c098339719ce02bc54cf93b8760b36b6d8b7e2342e5ce7002dd9f46dc89fab1e878d574937e6969cb51a6f8a347ebcd48ce645aebcc2f7ed8e53c2564cdb80dad1040869650f5e16f334c19a479c4ae387648a372650d25101ba0deff30a944ca5cfefbbfaf0984687e5a2cb736b46f8df2a36784f4671f531c11c921cf4701de5b3395df8d88771326b3d7e2ff41b524abc75b9cdbdf40854f31c6a7e7847aea31900bcfe0b1311657ac591daffa773c6945c8444be06ddc0d5b49a4f713e04c7a78c423ca2177dc8c5ea898f5938105e8d5c560a4120a7d1444d546b09650b611013b9680f710cb843396aac34b91da40240098daad3672c45e35ff9bc804557d5b6ff3a46d455c7c8840e158a301b675de37558c4147c08fed3571af29da4d4a9ed9747f3c44a6f2cdfc7ac2be01b4180feb1997638a6fbd86227a0cec71b47312c0e3db7675f5939278008b93eaee1c09d7df8abf9e4d973c22c2b8a5743bec84fca15c855f231f15427b9e7d23f52b74e95577883322224a9cbdaf312afd780982666848d5e6e3dc403fa1061cc2c8914672e963909c14fb3612bca05aec976495c621f7fdb96ecb6714f966e3a44849ec256dbc9656d2d3166764a9608b6a91c9145367e764749d57a58d8e0b196921aa0e4520d6be238ccf9bdc462b63d02f95b36d62b93783f33bc56cb9cb224fccdadba782363b558985bedc9f079fb7bcb7cf91402bfbd8ece7e2840421fd2c1319728022ed81b4f24a9de307b127e09542fbfdf37e320dcf33c701f07cd1a64dfdf1bb3b34f303dff533b1ffa1abd7babc08395039b0f1165f132f5b131a47f51fab324d9502a3266a35cf6dfff372557b73bfb685ea46d2c38375231300ba10c6e16fcc873dc366f1cb7550659ccba00767bee15485c91aeee4a97d7af962d2f44e96e620bb2208410ef8aeb32c024e289668cad3c4e82e9fb0d76bd8d0343bd6fbd3460818594cca97be3d3140a244089b2ef22414b1fe8a4c1cd337532ed215bd7b73bb03753dbf26ec8e6d664dff003797bd34fc72fb6fcfdc916bd62b2ccb7193aee70869499b2349e6a4fcb35a9cba8dd8998de8afa734b854dc71e47f0103b0ff1c38562190def665509c76f037e393f8fe7ae05d8a4030640d99fda6f6e70d08709277e315e35e51a78dd3e1e47ee9cb06b9279989b97f42dae2cfd85296b570c3fe0f2615fadc33b09176b6e8c41978aa118ae407c3d8d12474d1aaab08b4067615d77c4373ac50715d9e9384461eb373790bbfe1b38976047eabb6ba9ecb4950110ceb95fbd11b32ed0b22b6d0c40bdcb44e9a08cca1e29dcf35da2db25606186a000bf157554ba7c55530dc3281336a272d9bc76814e2335db48c9980246214475f4dbc397e46d0b05cb1387d0551599ee0b67d612c085135f89472e99b275a48f7a90d2c6f377d023bc0f2ec69906856d4d05e94892d8aec469f800a76232f6b60fe170bde18df4702ae94556b976390d6aec61e6d017ebabe20fe7d0469b72207aff967865cc8dec893596449c640f486b2a8829d2973f65aadbd8b001f065b43ad57665887e1919f87a7e4d6e16b9beaf6099afffe31dca58f2869e707fa5f04d581ebcb8af9050a14a5a9fb333884e50a444563282118ab9c843f8152a7765901f392b32b22db3867bef3ef05fa41286bffc556e5357ae22bcde91e5a0d80dab8d0d83aa1d60f25b14dec69dcf15f3dc48e677b684c61d51c124bff09702d8e1e663cb87a7efefdbcf3576178e7dd614e3266b7f83f338250ffcf64260c7ca621c4750fe0345483202adab46eeb42779759e4974707b23e12bcc63371a9c1a39e681dd2bb6d2d304f3baefc9b38e16aeb4b33df166c0e19186b0fc8269bd9cd96d5b3adda68ccb9be58963a3865291d767fd6f8f133f30b9404ed1231cfa93d21d5f16941252650f6684b6499adef0aeae110ba35f9c611a08b57e3f219c2bd7bd5ffff509aa7cddd73bc62e681dabd8f15b24fd924f6ab00fbb2b16cc6af67fbeea2960ab6f5f98f1a6d0a870ccf10e3ba73d48e0ef1b38bfd7463b30309683e65dbf90776ab30cbf0e762c86c9864e27ca9a95e15a7b9d0b902f3dff2c8db81373ab7edc5eaf45a6230ff72837bed6fd2f0b3bcf829b5b75bbfa1b18af3c9f7490381eae64b553921c4da40db5a17afee6658acaf6a2eb1d381e1ccd9ec4e68eeae2f3e0d5de21a453ef99d99d65d6a067dff051822b9cacf5f1110e2972e2724c979b0c6c8bf5295716022c47c8f4af702bcfe1060602ba8f4be94815dd22ba2ee0d76f46eb4fd816d7e7b88a37a9cb65f1ef32e6cc6d101de6e94050eed22f6c0299a7cfb74a5f5f6ef4683f071839943017e0b58c8cc5a77251909888ab6f69b0e18b8ed8905654578f1604c620f7d8bcb0a0010a2b71a1b8d11e34f7c674912fbb61fad795b6fd455cf4feeff71d865d92ae41c3a5935d7ee5c28706de5cd4733a26320bc5e79b4352b63d7d320c69a63d9057187799ae483a6e9dc7ce101851cd598319173ab4ac49bf3b25ec8bd9fe8b664c87722223f1ee8c1b613e78729072ebcd51b7b9e3c5dd22b17b0dccf6a177b9fe279f56644476acb27f5c4a7bff77d0416dead2231d8f8ee44e6618ddcc2b9e34919bf21fa986d9e6b9d54c007e2f15293808b065c62aad7f9f42b0f39361528328071c4b5df273d2b41e2b9881a8c215fbb0280fd79a77570f93855d5d795a89613e0b4be1d8b1f50864637471d694ac417216294b08a4226fe098dee8d410bc3828ef27777489b9e6e3701e6ccf13151070b027fb53b00ee3a5e780348f47d314d04b353c76f920c69d571d7b674d2b1f9ad1597bd6f36e5ff82981d2158990e21b7102b20fbdbcbd2c2c25da51aceff00a1e7a56c8f75f9bf3655d6142ac74cbc8ee70ffec7a45bf1c4a3b6a65f629494670a84088a802598909031871dd576a5d47d911b509b0799e7178657dd66943ddc2666b7cae6b996c8b55b7cf0a6b9ce396cc3e262ebb83c2f640ec6a80538823a83fb3b74c8b51a8cbb18b4925b8045530ce8283c962561e3da3f7843720b4dc6afbe5278fe9a964860b88e33aedb298b61910e5c3ea4971e02cf869d5e68e8a95215e0e207af9b7e48f3452dc9aaf0bf15202932e71552a1f79a6482afc0c104fc70f3ffeb153a249620dafb5ef82308e97113ba4aee10301ea19ec5f0f2d643fba39a4a5f039003187255c1cd9a7d54253ab0c6f8c09cf51ea635d945231386fd891d80483ddb4f4d8e68a62a71b61bbd75b74fdff1610949508d33d740a72c633dde4db6a4cdc92a7de18a7b9ceec93ef8e130fbee0b66d7c4d3eb3d92d41f89b3bc7f276f275f827a5f5d4eee0ed7c0a90ca0a6639a974ed1311422372d7a84305ed6154a80f9cf4dc52a717c5ba57aa2e4fc2adb9da2b5c246706777fce38f6aba54534701314df2bb1725ec00b40bf6281ea0f45f3d085836934a8c884bbc3a89fca0240525fbc58969e7772709a3eb827e4da5035c852be598c14a36f71c78ca002bdc4161da2daf8db5303185b9dc97302a2df8f3adb1acfc5a19faa3066318892b44276606f537475b03d28b01182eba9be649c74b35dca086e4bbe0e9d6c5f3edf6c929e3ace7419cc7b106fe74d1b81eb675dd361a8099f8327cb99a72b1b83e194fd90c92450a6525445b7f2aac705920793ea1e0f1b33c754a0460fc681716fa70a383f81c6cf95f49e54baaae984bf931e9bd28942e5c4e90f57d2d398299669af06e62fcf860dec6158982f80331060f24af75ac27bf05e3652a822d6421c26c2dd33ddf1ce60d4c7a74abba565bec2e18b7a5cf21ac63c8271ac2c00ed736bc14998448dc4c19c5f50f9f9c75b4dc546a33c26e8ea26ab2ab05de5f4a346831bf743abd4119079d42df45b461258cbf1ca05370229802f7e0430c5496cac07658ac3ce55ad783a55b3414c0572dc3632a368c9395af43ad25a0e1fa3569366492bb9063a64b77a4d0001208ad093f98c1c3482e97015dcbae76f173bdce59db0bfd1015de911b3b652bae2dfba64f496e7bab5735fc3b683ffe19750b73ea2491b1f7a2be4db9ca703f11c360d7b2ef8f49b9d262900de5476f682bf7d526497f7825cebf9f136a4d6b347d1874fa6fe441fb95d338080b2a5268cfaea8fed039a1900028c4aecf225e0bb328522c2944f2a7281daebb2dd52d312be1c5824cb19317021d10ba3b89d02763677172ce0ae6ca996b147a934a266e75b2bf35d523b7f9eddf0afe102d4ee9db8926d10be781bbaa25b815ea2dad9a9908a827be0c0e5b6b960e99b702d76b2af58a2afe7eb1e2cf30e660cf6296bd11607c33e85fefbff67b0dd74c5110236048da6d92eabda02925f0816ec048cb1333894aa172ee73d5e3c833e3858a0e219debc74d89bda90c70f88bbe41c943375840ceb55064b2f2b239cfc769582cd410f1bdb26fc78d9728a30899b3460405b157a1dcd33b31fb6e2a4113e4bb41214aae4a037f99f8", 0x2000, &(0x7f0000007080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = socket(0x1d, 0x2, 0x6) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r11, 0x89f1, &(0x7f00000002c0)={'gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x80, 0x2f, 0x0, @remote, @multicast1}}}}) socket$inet6(0xa, 0x2, 0x0) 37.799631229s ago: executing program 4 (id=161): openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bind$can_j1939(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000040), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x6, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "693f6200b8da3af3"}}, 0x48}}, 0x0) 36.289593155s ago: executing program 4 (id=163): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x58}}, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0]) socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x150, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x220, 0xffffff7a, 0xffffffff, 0x220, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00'}, 0x6, 0x130, 0x150, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d30500000000000000490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5cffa56a5e8d7137024c183ebacdf741cea92ded3a9ca54de162d99e000000000000000000ffffff7f00"}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x130, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000000240)=ANY=[@ANYBLOB="600000000206050200000000000000000000000005000400000000000900020073797a300000000014000780080013400000000008000640000019000500050002000000050001000600000012000300686173683a6e6574"], 0x60}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$packet(0x11, 0x2, 0x300) r3 = socket$rxrpc(0x21, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r4, &(0x7f0000000500)="a4", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x9) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f00000003c0), &(0x7f0000000240)=0x8) bind$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) bind$rxrpc(r3, &(0x7f0000000100)=@in4={0x21, 0x400, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) listen(r3, 0x65f) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) syz_open_pts(0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0x7ff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20) 34.975313576s ago: executing program 4 (id=168): syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00') socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000002000000000000000000007700000000000000650000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000080), 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000300), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xfdef}], 0x1, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) mount$9p_fd(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r1, @ANYBLOB=',wfdno=', @ANYRESDEC=r2]) 8.262935939s ago: executing program 0 (id=242): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000540)={@loopback={0x2}, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440), 0x10) socket(0x2a, 0x4, 0x2) socket$inet(0x2, 0x0, 0x84) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x200, 0xb}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x10, 0x9c2, 0xfc, 0xff, 0x9, 0x3, 0x5}, 0x1c) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) io_uring_setup(0x15c7, &(0x7f0000000480)={0x0, 0x1f26, 0x800, 0x0, 0x404}) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x20) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000009, 0x13, r1, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x2000) r2 = socket(0x15, 0x5, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_normal', 0x42, 0x4) memfd_create(0x0, 0x18) sendfile(r3, r3, 0x0, 0xa) ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000000)={0x0, 0x7, [0x8, 0x100000000000003, 0x7, 0x4, 0x1ff, 0x1]}) getsockopt(r2, 0x200000000114, 0x271f, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 7.352226683s ago: executing program 3 (id=243): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x40fd) syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000600)='./file1\x00', 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000a00)='./file1\x00', &(0x7f0000000000)='reiserfs\x00', 0x0, &(0x7f0000000a80)=',\x00') (fail_nth: 4) 6.821724422s ago: executing program 0 (id=245): unshare(0x20000400) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = dup2(r0, r2) sendfile(r3, r1, &(0x7f0000000180)=0xfffffffffffffff9, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000280)={0x2, 0x0, [{0x0, 0x4, 0x0, 0x0, @irqchip={0x1, 0x1}}, {0x6, 0x3, 0x0, 0x0, @adapter={0x9, 0x3, 0x4, 0x8, 0xe}}]}) syz_extract_tcp_res$synack(&(0x7f0000000040)={0x41424344}, 0x1, 0x0) syz_emit_ethernet(0xc7, &(0x7f00000103c0)={@remote, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x91, 0x2c, 0x0, @remote, @mcast1, {[], {{0x0, 0x0, r6, 0x41424344, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, {[@sack={0x5, 0x6, [0x0]}, @exp_fastopen={0xfe, 0x4}]}}, {"d052fd2251cbce6e2b46d01a88d3dba19a29f8d5cd2f6048423dc03141886410db358068b050e41698815108f54d1d3cde7115212e26e0176db06d65f3ca9bebe427ca394a18285cee4493271d868fb047bc00d02c8aaa6cf58da627393901692aac65b417865b245f33a93a86136a414d"}}}}}}}, 0x0) syz_extract_tcp_res(&(0x7f0000000040)={0x41424344}, 0x0, 0x5c3d) syz_emit_ethernet(0x1bb, &(0x7f0000000300)={@empty, @local, @void, {@mpls_mc={0x8848, {[{0x6}, {0x4, 0x0, 0x1}], @ipv6=@tcp={0x9, 0x6, "343ab4", 0x17d, 0x6, 0x0, @loopback, @rand_addr=' \x01\x00', {[@srh={0x2f, 0x6, 0x4, 0x3, 0x0, 0x48, 0x7, [@mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote]}, @dstopts={0x5e, 0x1, '\x00', [@pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @padn={0x1, 0x2, [0x0, 0x0]}]}, @srh={0xc, 0x4, 0x4, 0x2, 0x40, 0x48, 0x1, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0xff}]}], {{0x4e20, 0x4e23, r6, r7, 0x1, 0x0, 0x18, 0x80, 0x1, 0x0, 0x4, {[@sack={0x5, 0x1e, [0xc133, 0x3, 0x2, 0x10, 0x80000000, 0x74, 0xffffffff]}, @nop, @exp_fastopen={0xfe, 0xd, 0xf989, "cdd556f80472851d6c"}, @fastopen={0x22, 0x10, "316d89f814466449501fcabdec1e"}, @nop, @sack={0x5, 0xe, [0x6cb7, 0x4, 0xb9ac]}]}}, {"d645f9d69007aef16d8a37bbee3fd59053af539571a757374b259ad0982e1139c84f3d5144ad84e6d2967eec0f11a6f92ca804cdf9a34c166ced8e35ce5598f55ab3d700cebe270604d5fb53904b7bd58eb1c6ac27b6fdb8270acb268a45eccdbe998d656a851e41247e76c3e8b85e0656884a5caf0cdacc561901cda6a15ba310e4bf2f4c0732e579b6dc8f9387764f55977c7ba7477eb5a7f69ad35113a1432831fc00db"}}}}}}}}, &(0x7f0000000100)={0x1, 0x3, [0xcac, 0xcc3, 0x550, 0xaea]}) 6.695240317s ago: executing program 2 (id=247): socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x80000, 0x8, 0x8}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x62402, 0x110) getpgrp(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x90) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x80000000) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90724fc602f1a04000a740100053582c137153e37024801800af01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_80211_join_ibss(&(0x7f0000000300)='wlan1\x00', 0x0, 0x52, 0x1) 6.620805894s ago: executing program 3 (id=248): madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1a) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x9, 0x6, 0x0, &(0x7f0000000180)='syzkaller\x00', 0xfffffff9, 0xc3, &(0x7f000000cf3d)=""/180, 0x41100, 0x4, '\x00', 0x0, 0x37, 0xffffffffffffffff, 0x6, 0x0, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0xa7) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xc28a) getpid() bpf$ENABLE_STATS(0x20, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x1, 0x4, 0xff, 0x2592, 0x1}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) tkill(0x0, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x3, &(0x7f0000000780)=ANY=[@ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 5.727191387s ago: executing program 1 (id=249): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) (fail_nth: 3) 5.173284783s ago: executing program 2 (id=250): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000480)={0xffffffffffffffff}, 0x2}}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1) openat$null(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r7, 0x80089203, 0x200000000000000) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @mcast1}, r2, 0x10}}, 0x48) 5.057064685s ago: executing program 0 (id=251): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) (fail_nth: 12) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9}}, 0x50) read$FUSE(r0, &(0x7f00000044c0)={0x2020, 0x0, 0x0}, 0xfe63) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000002400)=ANY=[@ANYBLOB="290000000400000000000000000000000100000000000000000000150000000001"], 0x29) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) 4.636664714s ago: executing program 1 (id=252): writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000000)="b86f4aac629f38f846041f2e8152ac1a5b045a3f95046e24fdb5e66ee55df31120c41853e8b06d9561e16ec80fd74d8fb8ef03b546cf906a1a6e232b82330d7cd581ade02c61fe5984c0b72ae04484958f9b0200c4869dfcf53751e8ee9ffef1", 0x60}, {&(0x7f0000000080)}, {&(0x7f00000000c0)="39eaedc119365f43d324c441265623a01f588abf05fa357e6d8849240a55be4715d388bef5dc3306ac0270eb8f884c302226b1ef40c8a3413cae754d800d0c7d990d5054ddade7b3d5ac61712a0096e2024f12917d3afb6c0aac25de6cb4b9924ac606b612927214bb568230f6e718dcab8618d7305a2b4284dc6dbc186f513954861760a09937bd88716514189c7b8309132d864669178fca18cafe709307b67bc0ca42ebb58ddb0e5793cc12a48264e78bdae722b345317eb6eaaab9bc2559ba330548042314f9e5d7e91682db8f81e432fa94b22581a0ee5997ee7b8ca001b89d27839526254794420d144443f6", 0xef}, {&(0x7f00000001c0)="dce68fa3ddd5b9918abef51c8d76c88575a34b28151e3db3c973652a", 0x1c}, {&(0x7f0000000200)="ce1095afe4ae092ea081564c304d295e0bd9f9efabe611e572ca82e4e6b6bf557d2f168c94e7667491a7d4de7fb634eda9c312a0b45722c7187a1c19280238d85d73dbcac71cfbf063d9ef965bc90f169f7ed8bd0d7e54cfad3e389b39be7c1c94b2e7bbafdc1d54723baf49cbdee5e2816ad5ae3e57ed234cc151dba838d74dd502b7e038be6529a0ad02a9a84dcbb9161eef5e1fa18c4e94bbe44e248626ed17d7a1775828136103e5f45abc40f9de769b63d923fd1baaed0a0e", 0xbb}, {&(0x7f00000002c0)="643c014d361312264d849b2265a245cc9b6853a937a7ef10ca7166abe6b59ccb8df6df7d8f47ac5c8fa74db158c0a6e22e1cff21fb1511f68af01495e5fe8b20fc9ac53a5c113185082f5e77e1c64ddac98d1cb07f5dbfbbfb98e790850b9300de947879fc2572def38dbaf478631048b418da3de6406dd96bfb042da9d5a3065431e2e015fa8f545514497b163622173c22c61e8c112a0bef1fb5a50046b9fbe968a15f83d2f38bebdc19d2498e5981d34fa552a8c4", 0xb6}, {&(0x7f0000000380)}, {&(0x7f00000003c0)="ca3796fb010c9470ab9d5180949c989a415fe826d2e59e2adf65c8eb94118b12d8033f8b4f1bcba89c295a8cac397373279807b6d1edf4ceea34ea6de469e433dbdb7299eb7ff74dcbbd056682f817a9237d42eb0aea5361eecf4acfae", 0x5d}], 0x8) r0 = accept4$inet6(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000500)=0x1c, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000540)={@private1, 0x0}, &(0x7f0000000580)=0x14) (async, rerun: 64) r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) (rerun: 64) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f00000005c0)) (async) connect$inet(r2, &(0x7f0000000600)={0x2, 0x1, @remote}, 0x10) read$hiddev(r2, &(0x7f0000000640)=""/136, 0x88) (async) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000700)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, r3, 0x1, &(0x7f0000000740)) (async) ioctl$VIDIOC_ENUMOUTPUT(r2, 0xc0485630, &(0x7f0000000780)={0x10, "2b3d10ad9208ddbde040921ad30a335bce71bf333990a10bf23093e35af4419a", 0x3, 0x7fff, 0x1ff, 0x1000, 0x4}) (async) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000800)={0x200, 0x1, {0x3, 0x0, 0xfffffffb, 0x1, 0xfffffffa}, 0x5}) (async) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r2, 0x8008f513, &(0x7f0000000880)) ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, &(0x7f00000008c0)={{0x7, 0x5}, {0x1, 0xa2b0}, 0x34a, 0x1}) (async) prlimit64(r3, 0xf, &(0x7f0000000900)={0x2, 0x100000000}, &(0x7f0000000940)) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000009c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r4, &(0x7f0000002a00)={0x18, 0x0, r5, {0x1ff}}, 0x18) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002a40)='./cgroup.net/syz0\x00', 0x1ff) geteuid() (async, rerun: 32) ioctl$HIDIOCGRAWPHYS(r2, 0x80404805, &(0x7f0000002a80)) (async, rerun: 32) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r2, 0x8982, &(0x7f0000002ac0)={0x8, 'vlan0\x00', {'veth0_vlan\x00'}, 0x90}) (async) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000002b80)={'erspan0\x00', &(0x7f0000002b00)={'gre0\x00', r1, 0x7, 0x8000, 0x3, 0x2, {{0x14, 0x4, 0x2, 0x6, 0x50, 0x65, 0x0, 0x3, 0x29, 0x0, @multicast2, @remote, {[@ssrr={0x89, 0x17, 0x42, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @empty, @multicast2, @multicast1]}, @generic={0x88, 0x3, "e3"}, @noop, @ssrr={0x89, 0xf, 0x34, [@remote, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @noop, @rr={0x7, 0xf, 0x1f, [@loopback, @broadcast, @broadcast]}]}}}}}) (async) getsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000002bc0), &(0x7f0000002c00)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) lstat(&(0x7f0000002c40)='./file0\x00', &(0x7f0000002c80)) (async) ptrace$getsig(0x4202, r3, 0x8, &(0x7f0000002d00)) (async) socket$nl_route(0x10, 0x3, 0x0) (async) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x15) sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000002e40)={&(0x7f0000002d80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000002e00)={&(0x7f0000002dc0)={0x2c, 0xb, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x4}, [@IPSET_ATTR_LINENO={0x8}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8084}, 0x8004) syz_open_procfs(r6, &(0x7f0000002e80)='net/igmp6\x00') 4.150344244s ago: executing program 2 (id=253): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001080)='dctcp\x00', 0x6) sendto$inet(r1, 0x0, 0x0, 0x24040ffd, &(0x7f0000000440)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000c40)='\x00', 0x1}], 0x1}}], 0x1, 0x0) sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x182, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.net/syz0\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[], &(0x7f0000000240)=""/194, 0x35, 0xc2, 0x0, 0x4}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x1e, 0x0, 0x0, 0x2, 0x0}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) r5 = userfaultfd(0x80801) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) sendmsg$NFC_CMD_ACTIVATE_TARGET(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) syz_open_procfs(r8, &(0x7f0000000080)='net/ip6_mr_vif\x00') pread64(r5, &(0x7f0000000200)=""/274, 0x16f, 0xfffffffffffffffb) 3.817648223s ago: executing program 1 (id=254): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000540)={@loopback={0x2}, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440), 0x10) socket(0x2a, 0x4, 0x2) socket$inet(0x2, 0x0, 0x84) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x200, 0xb}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x10, 0x9c2, 0xfc, 0xff, 0x9, 0x3, 0x5}, 0x1c) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) io_uring_setup(0x15c7, &(0x7f0000000480)={0x0, 0x1f26, 0x800, 0x0, 0x404}) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x20) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000009, 0x13, r1, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x2000) r2 = socket(0x15, 0x5, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_normal', 0x42, 0x4) memfd_create(0x0, 0x18) sendfile(r3, r3, 0x0, 0xa) ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000000)={0x0, 0x7, [0x8, 0x100000000000003, 0x7, 0x4, 0x1ff, 0x1]}) getsockopt(r2, 0x200000000114, 0x271f, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 3.424697792s ago: executing program 0 (id=255): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89001) fchdir(r0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, &(0x7f0000000440)) prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0xfffffffb, 0x2, 0x10000, 0xf6}) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x7, &(0x7f0000000000)={0x0, 0x4, 0xd4a4}) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @private1}, 0x1c) r4 = socket$qrtr(0x2a, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000002030102000000000000000000000010080001000100000016c798a7a8be429f266aaa9fc26d5d401e00572f6bbf0e38b11b74fb052adbead0994c7e8c6a24cc5be3479fc2117ee54cc3b0a38ad3b7f90b31dfae64b66dd684f56214dcdc8185e581b1c33f5ad671e8ac18454066395c8eec06f484df86911de70a9410dc9f2a63839212062db703bd9a386bb2ca210a712924631d3923da233f43ce65cff9022548853c33ff260bfd4ca4580f8a1c80d4548497e4b492b934d2052345915c29838b78932aa8abe8c36f053711e5dc0b6a0812"], 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000380)=@assoc_value, &(0x7f00000003c0)=0x8) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1}) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000000)={'virt_wifi0\x00'}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x5, &(0x7f0000000080)=[{0x4, 0x9, 0x0, 0xffffff7f}, {0xc, 0x9}, {}, {0x20, 0x0, 0xf2}, {0x6}]}) syz_open_dev$vcsn(&(0x7f0000000480), 0x1ff, 0xd05b01) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x4e24, @loopback}, 0x0, 0x0, 0x0, 0x1}}, 0x2e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10065, 0x0) close_range(r5, 0xffffffffffffffff, 0x2) 3.362499832s ago: executing program 1 (id=256): socket$nl_netfilter(0x10, 0x3, 0xc) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bind$can_j1939(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000040), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x6, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "693f6200b8da3af3"}}, 0x48}}, 0x0) 3.18638361s ago: executing program 2 (id=257): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000140), 0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r2, 0x10d, 0x83, 0x0, &(0x7f0000000000)) (fail_nth: 1) 2.568842792s ago: executing program 2 (id=258): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'bond0\x00', 0x800}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='kfree\x00', r0}, 0x10) syz_open_dev$vivid(&(0x7f0000000480), 0x1, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x3c, 0xa, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}]}, 0x3c}}, 0x0) 2.380440599s ago: executing program 2 (id=259): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da24"], 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x1, 0xccb4, 0x9585, 0x122, r1, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) syz_usb_ep_write(r0, 0xfc, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) sendto$inet6(r3, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r5, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r3, 0x0, 0x4000041) sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300), 0x600001, 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a0000dd3c0d022a705f9e93"], 0x17) 2.238415561s ago: executing program 0 (id=260): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x0, @scatter={0x1, 0x3, &(0x7f0000000540)=[{&(0x7f0000000380)=""/204, 0xcc}]}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) 2.116733264s ago: executing program 1 (id=261): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000001640)={0x50, 0x2, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x2, 0x21}}]}]}, 0x50}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x100000000, 0x90}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(r1, 0x1, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x80010, r0, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) close_range(r4, r3, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket(0x2, 0x5, 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r6, &(0x7f0000000300)='1\x00', 0xffffff4a) write$sysctl(r6, &(0x7f0000000000)='2\x00', 0x2) sendmmsg$inet_sctp(r5, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r5, &(0x7f0000000bc0)=[{&(0x7f0000000040)=@in={0x2, 0x4e22, @private=0xa010100}, 0x36, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="3000000000000000840000000100000000000000070200000000000000000000000000000000000000000000125da2620197b60ec4cec729aa91c21b4376f81aa0502693a151f3bf33d812d20fc07d811afb9c1993aba6dd52cc62b5cc9d5c403fa31a53f7ae561a9e37410566a3afe4f8ede5c077da5dd1211e056e252325ddd5194361008fe8129c456fbf47874f6351ecb563aa2479363c1cfb9b00540804b9a69c091815607039d06c6ce634e641e77931c06d3517c088", @ANYRES32=0x0], 0x30}], 0x1, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0x5) 2.11635391s ago: executing program 3 (id=262): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000480)={0xffffffffffffffff}, 0x2}}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1) openat$null(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r7, 0x80089203, 0x200000000000000) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @mcast1}, r2, 0x10}}, 0x48) 2.054211207s ago: executing program 0 (id=263): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000180)={0x0, 0x0, 0x1, "98"}, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x501, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x8}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) 1.196470855s ago: executing program 3 (id=264): r0 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0xfffd, 0x9, @empty, 0xc9f2}, 0x1c) 1.009896894s ago: executing program 3 (id=265): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000540)={@loopback={0x2}, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440), 0x10) socket(0x2a, 0x4, 0x2) socket$inet(0x2, 0x0, 0x84) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x200, 0xb}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x10, 0x9c2, 0xfc, 0xff, 0x9, 0x3, 0x5}, 0x1c) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0) io_uring_setup(0x15c7, &(0x7f0000000480)={0x0, 0x1f26, 0x800, 0x0, 0x404}) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x20) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000009, 0x13, r1, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x2000) r2 = socket(0x15, 0x5, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_normal', 0x42, 0x4) memfd_create(0x0, 0x18) sendfile(r3, r3, 0x0, 0xa) ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000000)={0x0, 0x7, [0x8, 0x100000000000003, 0x7, 0x4, 0x1ff, 0x1]}) getsockopt(r2, 0x200000000114, 0x271f, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 456.781613ms ago: executing program 1 (id=266): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001080)='dctcp\x00', 0x6) sendto$inet(r1, 0x0, 0x0, 0x24040ffd, &(0x7f0000000440)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000c40)='\x00', 0x1}], 0x1}}], 0x1, 0x0) sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x182, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.net/syz0\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[], &(0x7f0000000240)=""/194, 0x35, 0xc2, 0x0, 0x4}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x1e, 0x0, 0x0, 0x2, 0x0}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) r5 = userfaultfd(0x80801) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) sendmsg$NFC_CMD_ACTIVATE_TARGET(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) syz_open_procfs(r8, &(0x7f0000000080)='net/ip6_mr_vif\x00') pread64(r5, &(0x7f0000000200)=""/274, 0x16f, 0xfffffffffffffffb) 398.525705ms ago: executing program 3 (id=267): socket$nl_netfilter(0x10, 0x3, 0xc) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bind$can_j1939(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000040), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x6, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "693f6200b8da3af3"}}, 0x48}}, 0x0) 0s ago: executing program 4 (id=196): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x505}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000002c0), 0xa79, r0}, 0x38) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x9, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_clone(0x84001100, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000016c0)={0x5, &(0x7f0000000380)=[{0x4cc, 0x0, 0x0, 0x2}, {0x9, 0xe, 0x2, 0x5}, {0xff, 0x4, 0x82, 0xfffffff8}, {0x3, 0x3, 0x7, 0x5}, {0x5, 0x43, 0x6, 0xf}]}) r5 = socket(0xf, 0x6, 0xfffffffe) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r5) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir(0x0, 0x8) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) kernel console output (not intermixed with test programs): ed BSSID 50:50:50:50:50:50 [ 62.220600][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.239339][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.254110][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.264338][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.275504][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.285384][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.298699][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.313369][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.324790][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.351843][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.455778][ T5213] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.488688][ T5213] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.500910][ T5213] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.525067][ T5213] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.615180][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.659644][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.690422][ T5330] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 62.805565][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.843860][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.972975][ T1295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.980821][ T1295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.059545][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.088371][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.214399][ T5225] Bluetooth: hci4: command tx timeout [ 63.220099][ T5225] Bluetooth: hci2: command tx timeout [ 63.231540][ T5225] Bluetooth: hci1: command tx timeout [ 63.237378][ T5225] Bluetooth: hci3: command tx timeout [ 63.243186][ T5225] Bluetooth: hci0: command tx timeout [ 64.232099][ T5349] netlink: 'syz.3.15': attribute type 4 has an invalid length. [ 64.241645][ T5349] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.15'. [ 64.349007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 64.520933][ T5353] syz.4.17 uses obsolete (PF_INET,SOCK_PACKET) [ 65.128355][ T5366] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.147431][ T5367] FAULT_INJECTION: forcing a failure. [ 65.147431][ T5367] name failslab, interval 1, probability 0, space 0, times 0 [ 65.160198][ T5367] CPU: 0 UID: 0 PID: 5367 Comm: syz.0.19 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 65.170797][ T5367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 65.180853][ T5367] Call Trace: [ 65.184136][ T5367] [ 65.187081][ T5367] dump_stack_lvl+0x241/0x360 [ 65.191782][ T5367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.196997][ T5367] ? __pfx__printk+0x10/0x10 [ 65.201603][ T5367] ? __kmalloc_node_noprof+0xb7/0x440 [ 65.206986][ T5367] ? __pfx___might_resched+0x10/0x10 [ 65.212285][ T5367] should_fail_ex+0x3b0/0x4e0 [ 65.216977][ T5367] should_failslab+0xac/0x100 [ 65.221667][ T5367] __kmalloc_node_noprof+0xdf/0x440 [ 65.226880][ T5367] ? alloc_slab_obj_exts+0x3a/0xa0 [ 65.232007][ T5367] alloc_slab_obj_exts+0x3a/0xa0 [ 65.236953][ T5367] __memcg_slab_post_alloc_hook+0x31c/0x7e0 [ 65.242869][ T5367] ? alloc_empty_file+0x9e/0x1d0 [ 65.247815][ T5367] kmem_cache_alloc_noprof+0x1de/0x2a0 [ 65.253287][ T5367] alloc_empty_file+0x9e/0x1d0 [ 65.258067][ T5367] alloc_file_pseudo+0x1da/0x290 [ 65.263022][ T5367] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 65.268489][ T5367] ? alloc_fd+0x5a1/0x640 [ 65.272835][ T5367] anon_inode_getfd+0xce/0x1e0 [ 65.277616][ T5367] map_create+0xe5b/0x1200 [ 65.282045][ T5367] ? security_bpf+0x87/0xb0 [ 65.286561][ T5367] __sys_bpf+0x6d1/0x810 [ 65.290812][ T5367] ? __pfx___sys_bpf+0x10/0x10 [ 65.295592][ T5367] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 65.301585][ T5367] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.307923][ T5367] ? do_syscall_64+0x100/0x230 [ 65.312702][ T5367] __x64_sys_bpf+0x7c/0x90 [ 65.317128][ T5367] do_syscall_64+0xf3/0x230 [ 65.321640][ T5367] ? clear_bhb_loop+0x35/0x90 [ 65.326331][ T5367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.332236][ T5367] RIP: 0033:0x7f81b17779f9 [ 65.336656][ T5367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.356269][ T5367] RSP: 002b:00007f81b254e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 65.364696][ T5367] RAX: ffffffffffffffda RBX: 00007f81b1906130 RCX: 00007f81b17779f9 [ 65.372675][ T5367] RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000000 [ 65.380652][ T5367] RBP: 00007f81b254e090 R08: 0000000000000000 R09: 0000000000000000 [ 65.388628][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.396600][ T5367] R13: 0000000000000000 R14: 00007f81b1906130 R15: 00007ffe1b094168 [ 65.404592][ T5367] [ 66.031496][ T5370] nbd: must specify at least one socket [ 66.329304][ T5381] sctp: [Deprecated]: syz.2.23 (pid 5381) Use of int in max_burst socket option deprecated. [ 66.329304][ T5381] Use struct sctp_assoc_value instead [ 67.903348][ T5407] nbd: must specify at least one socket [ 67.970787][ T5410] netlink: 8 bytes leftover after parsing attributes in process `syz.2.37'. [ 68.179507][ T5416] sctp: [Deprecated]: syz.2.39 (pid 5416) Use of int in max_burst socket option deprecated. [ 68.179507][ T5416] Use struct sctp_assoc_value instead [ 68.190037][ T5418] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 69.412498][ T5308] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 69.497631][ T29] audit: type=1326 audit(1723139492.981:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.501255][ T5444] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 925 (only 8 groups) [ 69.522274][ T29] audit: type=1326 audit(1723139492.981:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.552407][ T29] audit: type=1326 audit(1723139492.981:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.575709][ T29] audit: type=1326 audit(1723139492.981:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.602800][ T29] audit: type=1326 audit(1723139492.981:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.630009][ T29] audit: type=1326 audit(1723139492.981:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.657518][ T29] audit: type=1326 audit(1723139492.981:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.698440][ T5308] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 69.716312][ T29] audit: type=1326 audit(1723139492.981:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.742210][ T5308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 69.770330][ T29] audit: type=1326 audit(1723139492.981:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.771318][ T5308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 69.830156][ T29] audit: type=1326 audit(1723139492.981:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5443 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494c1779f9 code=0x7ffc0000 [ 69.852152][ T5308] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 69.883989][ T5308] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 69.893656][ T5308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.901782][ T5449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.49'. [ 69.914907][ T5308] usb 2-1: config 0 descriptor?? [ 70.517601][ T5464] fuse: Bad value for 'fd' [ 70.821780][ T5308] usbhid 2-1:0.0: can't add hid device: -71 [ 70.840046][ T5308] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 70.883156][ T5308] usb 2-1: USB disconnect, device number 2 [ 70.942577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.542493][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.723441][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.838983][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.029297][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 72.124276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 72.133868][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 72.174189][ T5301] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 72.382267][ T5301] usb 5-1: Using ep0 maxpacket: 32 [ 72.389933][ T5301] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 72.409514][ T5301] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 72.419140][ T5301] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.430550][ T5301] usb 5-1: Product: syz [ 72.432254][ T5270] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 72.435288][ T5301] usb 5-1: Manufacturer: syz [ 72.448727][ T5301] usb 5-1: SerialNumber: syz [ 72.469420][ T5301] usb 5-1: config 0 descriptor?? [ 72.481602][ T5477] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 72.494898][ T5301] hub 5-1:0.0: bad descriptor, ignoring hub [ 72.501139][ T5301] hub 5-1:0.0: probe with driver hub failed with error -5 [ 72.530411][ T5301] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5 [ 72.664317][ T5270] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 72.686500][ T5270] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.720034][ T5270] usb 4-1: config 0 descriptor?? [ 72.817808][ T5477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.856847][ T5477] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.960787][ T5489] netlink: 'syz.4.61': attribute type 10 has an invalid length. [ 73.085175][ T5489] batman_adv: batadv0: Adding interface: team0 [ 73.091586][ T5489] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.235881][ T5489] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 73.249460][ T5491] netlink: 'syz.4.61': attribute type 10 has an invalid length. [ 73.259885][ T5491] netlink: 2 bytes leftover after parsing attributes in process `syz.4.61'. [ 73.269548][ T5491] team0: entered promiscuous mode [ 73.274881][ T5491] team_slave_0: entered promiscuous mode [ 73.281571][ T5491] team_slave_1: entered promiscuous mode [ 73.293509][ T5491] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.300922][ T5491] batman_adv: batadv0: Interface activated: team0 [ 73.307756][ T5491] batman_adv: batadv0: Interface deactivated: team0 [ 73.314794][ T5491] batman_adv: batadv0: Removing interface: team0 [ 73.416558][ T5270] usb 4-1: Cannot read MAC address [ 73.429737][ T5270] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 73.766403][ T5491] bridge0: port 3(team0) entered blocking state [ 73.776180][ T5491] bridge0: port 3(team0) entered disabled state [ 73.783325][ T5491] team0: entered allmulticast mode [ 73.787188][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 73.788697][ T5491] team_slave_0: entered allmulticast mode [ 73.802863][ T5491] team_slave_1: entered allmulticast mode [ 73.812192][ T5318] usb 4-1: USB disconnect, device number 2 [ 73.814540][ T5491] bridge0: port 3(team0) entered blocking state [ 73.825037][ T5491] bridge0: port 3(team0) entered forwarding state [ 74.307445][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 74.345463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 78.198735][ T1171] cfg80211: failed to load regulatory.db [ 78.475308][ T5501] fuse: Bad value for 'fd' [ 78.680915][ T5318] usb 5-1: USB disconnect, device number 2 [ 78.681063][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 78.997113][ T5507] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 79.527686][ T5520] netlink: 28 bytes leftover after parsing attributes in process `syz.2.72'. [ 80.086913][ T5531] netlink: 12 bytes leftover after parsing attributes in process `syz.1.73'. [ 80.211467][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 80.211862][ T29] audit: type=1326 audit(1723139503.691:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5528 comm="syz.1.73" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46c63779f9 code=0x0 [ 80.241821][ T5225] Bluetooth: hci4: command 0x0405 tx timeout [ 80.401524][ T5535] netlink: 12 bytes leftover after parsing attributes in process `syz.4.74'. [ 80.615917][ T29] audit: type=1326 audit(1723139504.101:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5533 comm="syz.4.74" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90ad779f9 code=0x0 [ 81.241005][ T5267] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 81.705845][ T5547] FAULT_INJECTION: forcing a failure. [ 81.705845][ T5547] name failslab, interval 1, probability 0, space 0, times 0 [ 81.749731][ T5547] CPU: 1 UID: 0 PID: 5547 Comm: syz.1.77 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 81.760261][ T5547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 81.770328][ T5547] Call Trace: [ 81.773616][ T5547] [ 81.776553][ T5547] dump_stack_lvl+0x241/0x360 [ 81.781250][ T5547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.786464][ T5547] ? __pfx__printk+0x10/0x10 [ 81.791073][ T5547] ? ref_tracker_alloc+0x332/0x490 [ 81.796197][ T5547] should_fail_ex+0x3b0/0x4e0 [ 81.800885][ T5547] ? skb_clone+0x20c/0x390 [ 81.805318][ T5547] should_failslab+0xac/0x100 [ 81.810010][ T5547] ? skb_clone+0x20c/0x390 [ 81.814443][ T5547] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 81.819833][ T5547] skb_clone+0x20c/0x390 [ 81.824096][ T5547] __netlink_deliver_tap+0x3cc/0x7c0 [ 81.829413][ T5547] ? netlink_deliver_tap+0x2e/0x1b0 [ 81.834636][ T5547] netlink_deliver_tap+0x19d/0x1b0 [ 81.839767][ T5547] netlink_unicast+0x7be/0x990 [ 81.844561][ T5547] ? __pfx_netlink_unicast+0x10/0x10 [ 81.849856][ T5547] ? __virt_addr_valid+0x183/0x530 [ 81.854977][ T5547] ? __check_object_size+0x49c/0x900 [ 81.860270][ T5547] ? bpf_lsm_netlink_send+0x9/0x10 [ 81.865389][ T5547] netlink_sendmsg+0x8e4/0xcb0 [ 81.870149][ T5547] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.875421][ T5547] ? __import_iovec+0x536/0x820 [ 81.880263][ T5547] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 81.885537][ T5547] ? security_socket_sendmsg+0x87/0xb0 [ 81.891003][ T5547] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.896287][ T5547] __sock_sendmsg+0x221/0x270 [ 81.900966][ T5547] ____sys_sendmsg+0x525/0x7d0 [ 81.905732][ T5547] ? __pfx_____sys_sendmsg+0x10/0x10 [ 81.911018][ T5547] __sys_sendmsg+0x2b0/0x3a0 [ 81.915602][ T5547] ? __pfx___sys_sendmsg+0x10/0x10 [ 81.920720][ T5547] ? vfs_write+0x7c4/0xc90 [ 81.925159][ T5547] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.931481][ T5547] ? do_syscall_64+0x100/0x230 [ 81.936247][ T5547] ? do_syscall_64+0xb6/0x230 [ 81.940922][ T5547] do_syscall_64+0xf3/0x230 [ 81.945420][ T5547] ? clear_bhb_loop+0x35/0x90 [ 81.950093][ T5547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.955980][ T5547] RIP: 0033:0x7f46c63779f9 [ 81.960385][ T5547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.980076][ T5547] RSP: 002b:00007f46c71fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.988492][ T5547] RAX: ffffffffffffffda RBX: 00007f46c6505f80 RCX: 00007f46c63779f9 [ 81.996450][ T5547] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 82.004408][ T5547] RBP: 00007f46c71fc090 R08: 0000000000000000 R09: 0000000000000000 [ 82.012370][ T5547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.020327][ T5547] R13: 0000000000000000 R14: 00007f46c6505f80 R15: 00007ffead819768 [ 82.028298][ T5547] [ 82.087813][ T5267] usb 3-1: Using ep0 maxpacket: 32 [ 82.106929][ T5267] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 82.126210][ T5267] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 82.140065][ T5267] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.282356][ T5267] usb 3-1: Product: syz [ 82.289150][ T5267] usb 3-1: Manufacturer: syz [ 82.307098][ T5267] usb 3-1: SerialNumber: syz [ 83.029049][ T5267] usb 3-1: config 0 descriptor?? [ 83.040443][ T5541] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 83.107188][ T5267] hub 3-1:0.0: bad descriptor, ignoring hub [ 83.121847][ T5267] hub 3-1:0.0: probe with driver hub failed with error -5 [ 83.132447][ T5267] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 84.032933][ T5541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.041583][ T5541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.476131][ T5270] usb 3-1: USB disconnect, device number 2 [ 92.476265][ C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 92.672023][ T5566] netlink: 'syz.2.75': attribute type 10 has an invalid length. [ 92.704358][ T5566] netlink: 2 bytes leftover after parsing attributes in process `syz.2.75'. [ 92.781464][ T5566] team0: entered promiscuous mode [ 92.807236][ T5566] team_slave_0: entered promiscuous mode [ 92.832058][ T5577] netlink: 12 bytes leftover after parsing attributes in process `syz.4.83'. [ 92.852647][ T5566] team_slave_1: entered promiscuous mode [ 92.858519][ T5566] bridge0: port 3(team0) entered blocking state [ 92.887897][ T5566] bridge0: port 3(team0) entered disabled state [ 92.900752][ T5566] team0: entered allmulticast mode [ 92.933264][ T5566] team_slave_0: entered allmulticast mode [ 92.938999][ T5566] team_slave_1: entered allmulticast mode [ 92.993122][ T5566] bridge0: port 3(team0) entered blocking state [ 92.999520][ T5566] bridge0: port 3(team0) entered forwarding state [ 93.072460][ T29] audit: type=1326 audit(1723139516.551:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5571 comm="syz.4.83" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90ad779f9 code=0x0 [ 93.806045][ T5584] netlink: 12 bytes leftover after parsing attributes in process `syz.1.87'. [ 93.931489][ T29] audit: type=1326 audit(1723139517.401:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5582 comm="syz.1.87" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46c63779f9 code=0x0 [ 94.039872][ T5216] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.050911][ T5216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.059142][ T5216] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.067514][ T5216] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.075565][ T5216] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 94.085258][ T5216] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.134645][ T5216] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 94.142738][ T5216] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 94.150891][ T5216] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 94.160067][ T5216] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 94.181283][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 94.188876][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 94.262228][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 94.270775][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 94.279001][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 94.287291][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 94.295140][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 94.302632][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.600146][ T1295] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.647772][ T1295] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.054303][ T1295] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.210387][ T1295] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.233297][ T5232] Bluetooth: hci5: command tx timeout [ 96.233314][ T5225] Bluetooth: hci0: command tx timeout [ 96.392761][ T5232] Bluetooth: hci4: command tx timeout [ 96.412854][ T47] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 96.507676][ T1295] bridge_slave_1: left allmulticast mode [ 96.517324][ T1295] bridge_slave_1: left promiscuous mode [ 96.523911][ T1295] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.539481][ T1295] bridge_slave_0: left allmulticast mode [ 96.546274][ T1295] bridge_slave_0: left promiscuous mode [ 96.552195][ T1295] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.602268][ T47] usb 5-1: Using ep0 maxpacket: 32 [ 96.615793][ T47] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 96.634639][ T47] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 96.644602][ T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.653096][ T47] usb 5-1: Product: syz [ 96.657820][ T47] usb 5-1: Manufacturer: syz [ 96.665045][ T47] usb 5-1: SerialNumber: syz [ 96.675820][ T47] usb 5-1: config 0 descriptor?? [ 96.682438][ T5616] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 96.695396][ T47] hub 5-1:0.0: bad descriptor, ignoring hub [ 96.701546][ T47] hub 5-1:0.0: probe with driver hub failed with error -5 [ 96.721414][ T47] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input7 [ 97.051966][ T1295] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.330363][ T1295] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.390473][ T1295] bond0 (unregistering): Released all slaves [ 98.115423][ T5633] netlink: 'syz.4.94': attribute type 10 has an invalid length. [ 98.123494][ T5633] netlink: 2 bytes leftover after parsing attributes in process `syz.4.94'. [ 98.312303][ T5232] Bluetooth: hci5: command tx timeout [ 98.317903][ T5232] Bluetooth: hci0: command tx timeout [ 98.532747][ T5225] Bluetooth: hci4: command tx timeout [ 98.820715][ T1295] IPVS: stopping backup sync thread 5418 ... [ 98.873216][ T5630] netlink: 'syz.4.94': attribute type 10 has an invalid length. [ 99.004758][ T5630] bridge0: port 3(team0) entered disabled state [ 99.075311][ T5630] team0: left allmulticast mode [ 99.080358][ T5630] team_slave_0: left allmulticast mode [ 99.086183][ T5630] team_slave_1: left allmulticast mode [ 99.091739][ T5630] team0: left promiscuous mode [ 99.096606][ T5630] team_slave_0: left promiscuous mode [ 99.103107][ T5630] team_slave_1: left promiscuous mode [ 99.109869][ T5630] bridge0: port 3(team0) entered disabled state [ 99.238586][ T5630] batman_adv: batadv0: Adding interface: team0 [ 99.245084][ T5630] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.273316][ T5630] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 99.405493][ T5593] chnl_net:caif_netlink_parms(): no params data found [ 99.513584][ T5588] chnl_net:caif_netlink_parms(): no params data found [ 101.382448][ T5225] Bluetooth: hci0: command tx timeout [ 101.388021][ T5225] Bluetooth: hci5: command tx timeout [ 101.393682][ T5225] Bluetooth: hci4: command tx timeout [ 101.920927][ T1769] usb 5-1: USB disconnect, device number 3 [ 101.926775][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 102.302363][ T5267] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.982350][ T5589] chnl_net:caif_netlink_parms(): no params data found [ 103.044612][ T5593] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.051899][ T5593] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.061048][ T5593] bridge_slave_0: entered allmulticast mode [ 103.068487][ T5593] bridge_slave_0: entered promiscuous mode [ 103.078178][ T5593] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.085338][ T5593] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.093058][ T5593] bridge_slave_1: entered allmulticast mode [ 103.100706][ T5593] bridge_slave_1: entered promiscuous mode [ 103.112119][ T5588] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.119958][ T5588] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.127234][ T5588] bridge_slave_0: entered allmulticast mode [ 103.134617][ T5588] bridge_slave_0: entered promiscuous mode [ 103.157911][ T5267] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.171109][ T5267] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 103.180534][ T5267] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.210297][ T5267] usb 2-1: config 0 descriptor?? [ 103.218730][ T5588] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.225302][ T5267] pwc: Askey VC010 type 2 USB webcam detected. [ 103.226302][ T5588] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.239875][ T5588] bridge_slave_1: entered allmulticast mode [ 103.247426][ T5588] bridge_slave_1: entered promiscuous mode [ 103.264155][ T1295] hsr_slave_0: left promiscuous mode [ 103.270665][ T1295] hsr_slave_1: left promiscuous mode [ 103.277983][ T1295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.285597][ T1295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.295345][ T1295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.302923][ T1295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.326644][ T1295] veth1_macvtap: left promiscuous mode [ 103.332492][ T1295] veth0_macvtap: left promiscuous mode [ 103.338047][ T1295] veth1_vlan: left promiscuous mode [ 103.344078][ T1295] veth0_vlan: left promiscuous mode [ 103.432704][ T5232] Bluetooth: hci4: command tx timeout [ 103.438135][ T5232] Bluetooth: hci5: command tx timeout [ 103.443598][ T5225] Bluetooth: hci0: command tx timeout [ 103.450793][ T5267] pwc: send_video_command error -71 [ 103.468533][ T5267] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 103.487265][ T5267] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 103.512575][ T5267] usb 2-1: USB disconnect, device number 3 [ 103.778080][ T1295] team0 (unregistering): Port device team_slave_1 removed [ 103.808991][ T1295] team0 (unregistering): Port device team_slave_0 removed [ 104.024088][ T5267] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 104.105955][ T5593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.160719][ T5593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.227801][ T5267] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 104.242671][ T5267] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 104.252980][ T5267] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.276018][ T5588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.286428][ T5267] usb 2-1: config 0 descriptor?? [ 104.295299][ T5267] pwc: Askey VC010 type 2 USB webcam detected. [ 104.321775][ T5593] team0: Port device team_slave_0 added [ 104.353386][ T5589] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.360646][ T5589] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.368058][ T5589] bridge_slave_0: entered allmulticast mode [ 104.375767][ T5589] bridge_slave_0: entered promiscuous mode [ 104.390169][ T5588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.410037][ T5593] team0: Port device team_slave_1 added [ 104.421219][ T5589] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.432704][ T5589] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.440349][ T5589] bridge_slave_1: entered allmulticast mode [ 104.451285][ T5589] bridge_slave_1: entered promiscuous mode [ 104.625574][ T5589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.641655][ T5588] team0: Port device team_slave_0 added [ 104.651051][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.670804][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.698766][ T5267] pwc: recv_control_msg error -32 req 02 val 2b00 [ 104.705776][ T5593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.718108][ T5640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.726651][ T5267] pwc: recv_control_msg error -32 req 02 val 2700 [ 104.734576][ T5640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.749229][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.758170][ T5640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.767940][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.794370][ T5640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.813936][ T5267] pwc: recv_control_msg error -71 req 02 val 2c00 [ 104.820605][ T5593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.832326][ T5267] pwc: recv_control_msg error -71 req 04 val 1000 [ 104.837723][ T5589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.842668][ T5267] pwc: recv_control_msg error -71 req 04 val 1300 [ 104.857718][ T5267] pwc: recv_control_msg error -71 req 04 val 1400 [ 104.864688][ T5267] pwc: recv_control_msg error -71 req 02 val 2000 [ 104.871520][ T5267] pwc: recv_control_msg error -71 req 02 val 2100 [ 104.878704][ T5267] pwc: recv_control_msg error -71 req 04 val 1500 [ 104.880888][ T5588] team0: Port device team_slave_1 added [ 104.885687][ T5267] pwc: recv_control_msg error -71 req 02 val 2500 [ 104.898054][ T5267] pwc: recv_control_msg error -71 req 02 val 2400 [ 104.906046][ T5267] pwc: recv_control_msg error -71 req 02 val 2600 [ 104.913334][ T5267] pwc: recv_control_msg error -71 req 02 val 2900 [ 104.920168][ T5267] pwc: recv_control_msg error -71 req 02 val 2800 [ 104.983193][ T5267] pwc: recv_control_msg error -71 req 04 val 1100 [ 104.990784][ T5267] pwc: recv_control_msg error -71 req 04 val 1200 [ 105.005588][ T5267] pwc: Registered as video71. [ 105.014512][ T5267] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input8 [ 105.050437][ T5267] usb 2-1: USB disconnect, device number 4 [ 105.209033][ T5589] team0: Port device team_slave_0 added [ 105.228134][ T5588] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.240914][ T5588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.268367][ T5588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.307131][ T5673] sctp: [Deprecated]: syz.4.98 (pid 5673) Use of int in max_burst socket option deprecated. [ 105.307131][ T5673] Use struct sctp_assoc_value instead [ 105.307213][ T5588] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.334330][ T5588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.360752][ T5588] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.422731][ T5589] team0: Port device team_slave_1 added [ 105.527793][ T5593] hsr_slave_0: entered promiscuous mode [ 105.550132][ T5593] hsr_slave_1: entered promiscuous mode [ 105.628949][ T5676] netlink: 'syz.1.99': attribute type 4 has an invalid length. [ 105.636796][ T5676] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.99'. [ 106.417286][ T5593] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.472593][ T5593] Cannot create hsr debugfs directory [ 109.085230][ T5589] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.143328][ T5589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.254253][ T5589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.431746][ T1295] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.450321][ T5589] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.466997][ T5589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.494753][ T5589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.580101][ T1295] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.664272][ T5588] hsr_slave_0: entered promiscuous mode [ 109.674013][ T5588] hsr_slave_1: entered promiscuous mode [ 109.683964][ T5588] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.691627][ T5588] Cannot create hsr debugfs directory [ 109.746122][ T1295] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.904744][ T1295] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.930351][ T5589] hsr_slave_0: entered promiscuous mode [ 109.940257][ T5589] hsr_slave_1: entered promiscuous mode [ 109.960164][ T5589] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.969244][ T5589] Cannot create hsr debugfs directory [ 110.537573][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 110.741156][ T1295] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.752491][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 110.763552][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 110.786942][ T9] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 110.797369][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.809815][ T9] usb 5-1: Product: syz [ 110.814068][ T9] usb 5-1: Manufacturer: syz [ 110.819797][ T9] usb 5-1: SerialNumber: syz [ 110.842469][ T5308] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 110.856122][ T9] usb 5-1: config 0 descriptor?? [ 110.864497][ T5710] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 110.873396][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 110.879632][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 110.897447][ T1295] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.898220][ T9] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input9 [ 110.983595][ T1295] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.065761][ T5308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.089860][ T5308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.100390][ T5308] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.09 [ 111.109996][ T5308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.153488][ T5308] usb 2-1: config 0 descriptor?? [ 111.180336][ T1295] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.243212][ T5710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.260020][ T5710] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.515218][ T5718] netlink: 'syz.4.104': attribute type 10 has an invalid length. [ 111.524095][ T5718] netlink: 2 bytes leftover after parsing attributes in process `syz.4.104'. [ 111.533144][ T5718] team0: entered promiscuous mode [ 111.538217][ T5718] team_slave_0: entered promiscuous mode [ 111.544233][ T5718] team_slave_1: entered promiscuous mode [ 111.552087][ T5718] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.560161][ T5718] batman_adv: batadv0: Interface activated: team0 [ 111.566704][ T5718] batman_adv: batadv0: Interface deactivated: team0 [ 111.573442][ T5718] batman_adv: batadv0: Removing interface: team0 [ 111.596344][ T5718] bridge0: port 3(team0) entered blocking state [ 111.605114][ T5718] bridge0: port 3(team0) entered disabled state [ 111.611553][ T5718] team0: entered allmulticast mode [ 111.616800][ T5718] team_slave_0: entered allmulticast mode [ 111.622607][ T5718] team_slave_1: entered allmulticast mode [ 111.630723][ T5718] bridge0: port 3(team0) entered blocking state [ 111.637187][ T5718] bridge0: port 3(team0) entered forwarding state [ 111.648968][ T5719] netlink: 'syz.4.104': attribute type 10 has an invalid length. [ 111.684427][ T5719] bridge0: port 3(team0) entered disabled state [ 111.692851][ T5719] team0: left allmulticast mode [ 111.697879][ T5719] team_slave_0: left allmulticast mode [ 111.703520][ T5719] team_slave_1: left allmulticast mode [ 111.709376][ T5719] team0: left promiscuous mode [ 111.714518][ T5719] team_slave_0: left promiscuous mode [ 111.717185][ T5308] logitech-hidpp-device 0003:046D:C086.0001: item fetching failed at offset 1/5 [ 111.729688][ T5719] team_slave_1: left promiscuous mode [ 111.730881][ T5308] logitech-hidpp-device 0003:046D:C086.0001: hidpp_probe:parse failed [ 111.744231][ T5719] bridge0: port 3(team0) entered disabled state [ 111.744560][ T5308] logitech-hidpp-device 0003:046D:C086.0001: probe with driver logitech-hidpp-device failed with error -22 [ 112.171713][ T5719] batman_adv: batadv0: Adding interface: team0 [ 112.178449][ T5719] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.203761][ T5719] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 114.795458][ T5301] usb 5-1: USB disconnect, device number 4 [ 114.795594][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 115.341153][ T5271] usb 2-1: USB disconnect, device number 5 [ 115.510791][ T1295] bridge_slave_1: left allmulticast mode [ 115.531735][ T1295] bridge_slave_1: left promiscuous mode [ 115.548524][ T1295] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.791900][ T1295] bridge_slave_0: left allmulticast mode [ 116.054304][ T1295] bridge_slave_0: left promiscuous mode [ 116.444344][ T1295] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.529092][ T1295] team0: left allmulticast mode [ 116.553479][ T1295] team_slave_0: left allmulticast mode [ 116.559161][ T1295] team_slave_1: left allmulticast mode [ 116.624037][ T1295] bridge0: port 3(team0) entered disabled state [ 116.666783][ T1295] bridge_slave_1: left allmulticast mode [ 116.681532][ T1295] bridge_slave_1: left promiscuous mode [ 116.694126][ T1295] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.723798][ T1295] bridge_slave_0: left allmulticast mode [ 116.729465][ T1295] bridge_slave_0: left promiscuous mode [ 116.751545][ T1295] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.197170][ T5761] netlink: 4 bytes leftover after parsing attributes in process `syz.1.110'. [ 118.602646][ T1295] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.631613][ T1295] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.649349][ T1295] bond0 (unregistering): Released all slaves [ 118.809516][ T1295] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.840528][ T1295] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.870646][ T1295] bond0 (unregistering): Released all slaves [ 118.994123][ T5588] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 119.061768][ T5588] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 119.121664][ T5588] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 119.160795][ T5588] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 120.333837][ T5588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.387497][ T5588] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.600436][ T5318] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.607619][ T5318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.784588][ T5318] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.791780][ T5318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.452263][ T5301] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 121.536482][ T1295] hsr_slave_0: left promiscuous mode [ 121.546565][ T1295] hsr_slave_1: left promiscuous mode [ 121.553902][ T1295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.565605][ T1295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.575288][ T1295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.583158][ T1295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.595070][ T1295] hsr_slave_0: left promiscuous mode [ 121.600902][ T1295] hsr_slave_1: left promiscuous mode [ 121.608325][ T1295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.615873][ T1295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.624444][ T1295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.664094][ T1295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.675701][ T5301] usb 2-1: Using ep0 maxpacket: 32 [ 121.737608][ T5301] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 124.062404][ T5301] usb 2-1: string descriptor 0 read error: -71 [ 124.078155][ T1295] veth1_macvtap: left promiscuous mode [ 124.094131][ T5301] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 124.111465][ T1295] veth0_macvtap: left promiscuous mode [ 124.120748][ T5301] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.140571][ T1295] veth1_vlan: left promiscuous mode [ 124.162081][ T1295] veth0_vlan: left promiscuous mode [ 124.186178][ T5301] usb 2-1: config 0 descriptor?? [ 124.191781][ T5301] usb 2-1: can't set config #0, error -71 [ 124.199289][ T1295] veth1_macvtap: left promiscuous mode [ 124.207649][ T5301] usb 2-1: USB disconnect, device number 6 [ 124.209392][ T1295] veth0_macvtap: left promiscuous mode [ 124.219144][ T1295] veth1_vlan: left promiscuous mode [ 124.226123][ T1295] veth0_vlan: left promiscuous mode [ 124.311369][ T5811] netlink: 12 bytes leftover after parsing attributes in process `syz.4.119'. [ 124.441611][ T29] audit: type=1326 audit(1723139803.926:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5808 comm="syz.4.119" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90ad779f9 code=0x0 [ 124.473571][ T5232] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 124.482621][ T5232] Bluetooth: hci3: Injecting HCI hardware error event [ 124.498763][ T5225] Bluetooth: hci3: hardware error 0x00 [ 125.062786][ T1295] team0 (unregistering): Port device team_slave_1 removed [ 125.133368][ T1295] team0 (unregistering): Port device team_slave_0 removed [ 125.701137][ T1295] team_slave_1 (unregistering): left promiscuous mode [ 125.714721][ T1295] team0 (unregistering): Port device team_slave_1 removed [ 125.748226][ T1295] team_slave_0 (unregistering): left promiscuous mode [ 125.756708][ T1295] team0 (unregistering): Port device team_slave_0 removed [ 126.124763][ T5589] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 126.150793][ T5589] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 126.208790][ T5588] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 126.238795][ T5589] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 126.286400][ T5589] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 126.376640][ T29] audit: type=1326 audit(1723139805.856:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5819 comm="syz.4.122" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90ad779f9 code=0x0 [ 126.501361][ T5828] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 126.508026][ T5828] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 126.526871][ T5828] vhci_hcd vhci_hcd.0: Device attached [ 126.552485][ T5225] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 126.569152][ T5593] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 126.587349][ T5593] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 126.609619][ T5593] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 126.666291][ T5593] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 126.733610][ T1769] vhci_hcd: vhci_device speed not set [ 126.809008][ T5821] netlink: 'syz.4.122': attribute type 1 has an invalid length. [ 126.819845][ T5821] netlink: 4 bytes leftover after parsing attributes in process `syz.4.122'. [ 126.829296][ T1769] usb 17-1: new full-speed USB device number 2 using vhci_hcd [ 126.854021][ T5821] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 126.865899][ T5821] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 126.875020][ T5821] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 126.885095][ T5821] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 127.104362][ T5589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.123354][ T5588] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.200871][ T5830] vhci_hcd: connection closed [ 127.207391][ T62] vhci_hcd: stop threads [ 127.226305][ T62] vhci_hcd: release socket [ 127.231688][ T62] vhci_hcd: disconnect device [ 127.238614][ T5589] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.309621][ T5588] veth0_vlan: entered promiscuous mode [ 127.365611][ T5593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.384532][ T5270] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.391642][ T5270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.449466][ T5270] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.456632][ T5270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.513798][ T5588] veth1_vlan: entered promiscuous mode [ 127.618028][ T5593] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.659876][ T5589] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 127.672233][ T5589] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 127.741363][ T5270] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.748496][ T5270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.776691][ T5270] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.783882][ T5270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.866205][ T5588] veth0_macvtap: entered promiscuous mode [ 127.954959][ T5588] veth1_macvtap: entered promiscuous mode [ 128.033529][ T5588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.066330][ T5588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.088647][ T5588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.103824][ T5588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.115786][ T5588] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.140155][ T5588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.173243][ T5588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.193105][ T5588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.209563][ T5588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.223708][ T5588] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.257420][ T5588] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.277434][ T5588] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.291506][ T5588] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.306725][ T5588] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.352310][ T5267] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 128.377338][ T5589] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.438910][ T5593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.500094][ T5636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.524923][ T5636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.554155][ T5267] usb 5-1: Using ep0 maxpacket: 32 [ 128.591068][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.595182][ T5589] veth0_vlan: entered promiscuous mode [ 128.604860][ T5267] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 128.622117][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.629300][ T5267] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 128.653696][ T5267] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.671907][ T5593] veth0_vlan: entered promiscuous mode [ 128.680054][ T5267] usb 5-1: Product: syz [ 128.686994][ T5267] usb 5-1: Manufacturer: syz [ 128.699520][ T5267] usb 5-1: SerialNumber: syz [ 128.716828][ T5267] usb 5-1: config 0 descriptor?? [ 128.723148][ T5865] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 128.761045][ T5593] veth1_vlan: entered promiscuous mode [ 128.785905][ T5267] hub 5-1:0.0: bad descriptor, ignoring hub [ 128.793018][ T5589] veth1_vlan: entered promiscuous mode [ 128.799641][ T5267] hub 5-1:0.0: probe with driver hub failed with error -5 [ 128.812899][ T5267] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input10 [ 128.840314][ T5881] netlink: 'syz.0.84': attribute type 10 has an invalid length. [ 128.851716][ T5881] netlink: 55 bytes leftover after parsing attributes in process `syz.0.84'. [ 129.011241][ T5589] veth0_macvtap: entered promiscuous mode [ 129.116047][ T5589] veth1_macvtap: entered promiscuous mode [ 129.165063][ T5593] veth0_macvtap: entered promiscuous mode [ 129.199545][ T5593] veth1_macvtap: entered promiscuous mode [ 129.221317][ T5865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.262066][ T5865] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.301460][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.332570][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.343676][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.358048][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.370031][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.444567][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.050385][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.992382][ T5225] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 132.002081][ T5225] Bluetooth: hci2: Injecting HCI hardware error event [ 132.011545][ T5225] Bluetooth: hci2: hardware error 0x00 [ 133.120840][ T1769] vhci_hcd: vhci_device speed not set [ 133.251049][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.255418][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.273061][ T5271] usb 5-1: USB disconnect, device number 5 [ 133.278902][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 133.288404][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.297746][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.307644][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.318142][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.328366][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.340245][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.352017][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.363667][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.387518][ T5589] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.409091][ T5892] netlink: 'syz.4.124': attribute type 10 has an invalid length. [ 133.442024][ T5892] netlink: 2 bytes leftover after parsing attributes in process `syz.4.124'. [ 133.498474][ T5892] team0: entered promiscuous mode [ 133.517306][ T5892] team_slave_0: entered promiscuous mode [ 133.553915][ T5892] team_slave_1: entered promiscuous mode [ 133.620117][ T5892] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.631716][ T5892] batman_adv: batadv0: Interface activated: team0 [ 133.640734][ T5892] batman_adv: batadv0: Interface deactivated: team0 [ 133.652601][ T5892] batman_adv: batadv0: Removing interface: team0 [ 133.679573][ T5892] bridge0: port 3(team0) entered blocking state [ 133.706027][ T5892] bridge0: port 3(team0) entered disabled state [ 133.732346][ T5892] team0: entered allmulticast mode [ 133.737452][ T5892] team_slave_0: entered allmulticast mode [ 133.759254][ T5892] team_slave_1: entered allmulticast mode [ 133.775369][ T5892] bridge0: port 3(team0) entered blocking state [ 133.781661][ T5892] bridge0: port 3(team0) entered forwarding state [ 133.800182][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.851223][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.866243][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.883845][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.897317][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.910470][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.938006][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.963474][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 133.992458][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.022215][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.124290][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.176001][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.236230][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.279957][ T5589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.286492][ T5904] sched: RT throttling activated [ 135.289709][ T5225] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 135.316897][ T5589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.953094][ T5589] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 136.005311][ T5593] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.075123][ T5593] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.122099][ T5593] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.152723][ T5593] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.208526][ T5589] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.248590][ T5589] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.274238][ T5589] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.308723][ T5589] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.354603][ T5914] netlink: 'syz.0.129': attribute type 4 has an invalid length. [ 136.362475][ T5914] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.129'. [ 136.671823][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.704970][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.820935][ T1295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.858184][ T1295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.918661][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.963516][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.987339][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 137.005710][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 137.166083][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 137.177323][ T5232] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 137.190709][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 137.204397][ T5232] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 137.212040][ T5232] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 137.219316][ T5232] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 137.762873][ T5959] netlink: 'syz.4.133': attribute type 10 has an invalid length. [ 137.786804][ T5959] netlink: 55 bytes leftover after parsing attributes in process `syz.4.133'. [ 138.278768][ T5926] chnl_net:caif_netlink_parms(): no params data found [ 139.352632][ T5225] Bluetooth: hci1: command tx timeout [ 139.584096][ T5995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.138'. [ 139.650291][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.660053][ T5926] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.270906][ T5926] bridge_slave_0: entered allmulticast mode [ 140.300241][ T5926] bridge_slave_0: entered promiscuous mode [ 140.334376][ T29] audit: type=1326 audit(1723139819.826:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5987 comm="syz.0.138" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f260a5779f9 code=0x0 [ 140.358614][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.382717][ T5267] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 140.412432][ T5926] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.438000][ T5926] bridge_slave_1: entered allmulticast mode [ 140.472450][ T5926] bridge_slave_1: entered promiscuous mode [ 140.602341][ T5267] usb 5-1: Using ep0 maxpacket: 32 [ 140.624832][ T5267] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 140.659732][ T5926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.686499][ T5267] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 140.700804][ T5267] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.714407][ T5267] usb 5-1: Product: syz [ 140.719508][ T5267] usb 5-1: Manufacturer: syz [ 140.737652][ T5926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.748256][ T5267] usb 5-1: SerialNumber: syz [ 140.768015][ T5267] usb 5-1: config 0 descriptor?? [ 140.788853][ T6000] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 140.817019][ T5267] hub 5-1:0.0: bad descriptor, ignoring hub [ 140.955032][ T5267] hub 5-1:0.0: probe with driver hub failed with error -5 [ 141.059137][ T5267] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input11 [ 141.182753][ T6000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.208707][ T6000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.438705][ T5225] Bluetooth: hci1: command tx timeout [ 141.444307][ T5225] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 141.472902][ T5225] Bluetooth: hci0: Injecting HCI hardware error event [ 141.483265][ T5232] Bluetooth: hci0: hardware error 0x00 [ 141.603979][ T5926] team0: Port device team_slave_0 added [ 141.954281][ T5926] team0: Port device team_slave_1 added [ 142.317818][ T5225] Bluetooth: hci0: unexpected event for opcode 0x2031 [ 143.107149][ T6032] netlink: 'syz.4.139': attribute type 10 has an invalid length. [ 143.116814][ T6032] netlink: 2 bytes leftover after parsing attributes in process `syz.4.139'. [ 143.522487][ T5225] Bluetooth: hci1: command tx timeout [ 145.602253][ T5225] Bluetooth: hci1: command tx timeout [ 145.937368][ T25] usb 5-1: USB disconnect, device number 6 [ 145.937416][ C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 145.942173][ T5232] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 146.020288][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.040933][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.077651][ T5926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.099705][ T6036] netlink: 'syz.4.144': attribute type 10 has an invalid length. [ 146.108784][ T6036] netlink: 55 bytes leftover after parsing attributes in process `syz.4.144'. [ 146.169385][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.188401][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.215646][ T5926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.265232][ T6042] bridge0: port 3(vlan2) entered blocking state [ 146.290550][ T6042] bridge0: port 3(vlan2) entered disabled state [ 146.302948][ T6042] vlan2: entered allmulticast mode [ 146.311238][ T6042] vlan2: left allmulticast mode [ 146.332180][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:172.20.20.170]:2. Sending cookies. [ 146.379917][ T6046] TCP: out of memory -- consider tuning tcp_mem [ 146.400834][ T5926] hsr_slave_0: entered promiscuous mode [ 146.410933][ T5926] hsr_slave_1: entered promiscuous mode [ 146.420318][ T5926] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 146.429125][ T5926] Cannot create hsr debugfs directory [ 146.669577][ T6054] sctp: [Deprecated]: syz.4.149 (pid 6054) Use of int in max_burst socket option deprecated. [ 146.669577][ T6054] Use struct sctp_assoc_value instead [ 146.818090][ T5926] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.908527][ T5926] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.056316][ T5926] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.187728][ T5926] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.212690][ T6061] sctp: [Deprecated]: syz.0.150 (pid 6061) Use of int in max_burst socket option deprecated. [ 147.212690][ T6061] Use struct sctp_assoc_value instead [ 147.355629][ T6064] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 147.376950][ T6064] syzkaller0: linktype set to 0 [ 147.409608][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz.2.151'. [ 147.466558][ T5926] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 147.481176][ T5926] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 147.517597][ T5926] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 147.534408][ T5926] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 147.748443][ T5926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.799291][ T5926] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.844153][ T5308] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.851304][ T5308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.890927][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.898107][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.002301][ T1171] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 148.080687][ T5926] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 148.212465][ T1171] usb 3-1: Using ep0 maxpacket: 32 [ 148.242804][ T1171] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 148.281006][ T1171] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 148.325539][ T1171] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.339260][ T1171] usb 3-1: Product: syz [ 148.344559][ T1171] usb 3-1: Manufacturer: syz [ 148.349499][ T1171] usb 3-1: SerialNumber: syz [ 148.378208][ T1171] usb 3-1: config 0 descriptor?? [ 148.389431][ T6068] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 148.407554][ T1171] hub 3-1:0.0: bad descriptor, ignoring hub [ 148.428488][ T1171] hub 3-1:0.0: probe with driver hub failed with error -5 [ 148.468591][ T1171] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input12 [ 148.540925][ T5926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.757074][ T6080] netlink: 'syz.0.156': attribute type 10 has an invalid length. [ 148.769307][ T6080] netlink: 55 bytes leftover after parsing attributes in process `syz.0.156'. [ 148.811292][ T6068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.823505][ T6068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.842002][ T5926] veth0_vlan: entered promiscuous mode [ 148.884892][ T5926] veth1_vlan: entered promiscuous mode [ 148.984206][ T5926] veth0_macvtap: entered promiscuous mode [ 149.005954][ T5926] veth1_macvtap: entered promiscuous mode [ 149.289320][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.955477][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.972211][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.994103][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.006919][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.021544][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.036721][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.062253][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.069431][ T1171] usb 3-1: USB disconnect, device number 3 [ 153.072079][ C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 153.105802][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.145698][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.185066][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.206084][ T6086] netlink: 'syz.2.153': attribute type 10 has an invalid length. [ 153.261038][ T6086] batman_adv: batadv0: Adding interface: team0 [ 153.288171][ T6086] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.373077][ T6086] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 153.399357][ T6085] netlink: 'syz.2.153': attribute type 10 has an invalid length. [ 153.411914][ T6098] sctp: [Deprecated]: syz.4.161 (pid 6098) Use of int in max_burst socket option deprecated. [ 153.411914][ T6098] Use struct sctp_assoc_value instead [ 153.431011][ T6085] netlink: 2 bytes leftover after parsing attributes in process `syz.2.153'. [ 153.444661][ T6085] team0: entered promiscuous mode [ 153.456031][ T6085] team_slave_0: entered promiscuous mode [ 153.472918][ T6085] team_slave_1: entered promiscuous mode [ 153.480164][ T6085] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.507887][ T6085] batman_adv: batadv0: Interface activated: team0 [ 153.545606][ T6085] batman_adv: batadv0: Interface deactivated: team0 [ 153.565487][ T6085] batman_adv: batadv0: Removing interface: team0 [ 153.590207][ T6085] bridge0: port 3(team0) entered blocking state [ 153.753683][ T6085] bridge0: port 3(team0) entered disabled state [ 153.834906][ T6085] team0: entered allmulticast mode [ 153.856545][ T6085] team_slave_0: entered allmulticast mode [ 153.866895][ T6085] team_slave_1: entered allmulticast mode [ 153.879597][ T6085] bridge0: port 3(team0) entered blocking state [ 153.886095][ T6085] bridge0: port 3(team0) entered forwarding state [ 154.593766][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.661228][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.707987][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.742181][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.747245][ T5232] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 154.752091][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.772713][ T5232] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 154.782683][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.791117][ T5216] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 154.794154][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.806383][ T5216] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 154.820322][ T5216] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 154.828684][ T5216] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 154.848234][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.914647][ T5926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.931576][ T5926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.166988][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.837714][ T5926] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.856354][ T5926] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.867175][ T5926] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.880485][ T5926] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.908696][ T6123] netlink: 'syz.2.167': attribute type 10 has an invalid length. [ 155.932878][ T6123] netlink: 55 bytes leftover after parsing attributes in process `syz.2.167'. [ 156.273834][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.282533][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.312499][ T5270] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 156.350840][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.358806][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.439569][ T6106] chnl_net:caif_netlink_parms(): no params data found [ 156.492547][ T5270] usb 1-1: Using ep0 maxpacket: 32 [ 156.503694][ T5270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.525817][ T5270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.564603][ T5270] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 156.612411][ T5270] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.625861][ T6106] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.640818][ T6106] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.649471][ T29] audit: type=1326 audit(1723139836.136:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6138 comm="syz.1.127" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x0 [ 156.673595][ T6147] sctp: [Deprecated]: syz.2.171 (pid 6147) Use of int in max_burst socket option deprecated. [ 156.673595][ T6147] Use struct sctp_assoc_value instead [ 156.689356][ T6106] bridge_slave_0: entered allmulticast mode [ 156.707080][ T5270] usb 1-1: config 0 descriptor?? [ 156.718101][ T6106] bridge_slave_0: entered promiscuous mode [ 156.730688][ T5270] hub 1-1:0.0: USB hub found [ 156.748330][ T6106] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.756845][ T6106] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.769757][ T6106] bridge_slave_1: entered allmulticast mode [ 156.805274][ T6151] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 156.811811][ T6151] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 156.822850][ T6106] bridge_slave_1: entered promiscuous mode [ 156.830057][ T6151] vhci_hcd vhci_hcd.0: Device attached [ 156.906174][ T6151] netlink: 'syz.1.127': attribute type 1 has an invalid length. [ 156.914582][ T6151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'. [ 156.939180][ T5270] hub 1-1:0.0: 1 port detected [ 156.943246][ T6151] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 156.953226][ T6151] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 156.964472][ T5216] Bluetooth: hci6: command tx timeout [ 156.964969][ T6151] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 156.985397][ T6151] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 157.038974][ T6106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.048453][ T5301] vhci_hcd: vhci_device speed not set [ 157.087333][ T6106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.132554][ T5301] usb 11-1: new full-speed USB device number 2 using vhci_hcd [ 157.209462][ T6106] team0: Port device team_slave_0 added [ 157.233742][ T6106] team0: Port device team_slave_1 added [ 157.308158][ T6106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.319538][ T6106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.392207][ T6106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.439492][ T6106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.454359][ T6152] vhci_hcd: connection closed [ 157.467291][ T6106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.498348][ T11] vhci_hcd: stop threads [ 157.504071][ T11] vhci_hcd: release socket [ 157.518217][ T11] vhci_hcd: disconnect device [ 157.529049][ T6106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.613675][ T5270] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 157.614015][ T25] usb 1-1: USB disconnect, device number 2 [ 157.830093][ T6106] hsr_slave_0: entered promiscuous mode [ 157.865493][ T6106] hsr_slave_1: entered promiscuous mode [ 157.874475][ T6106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.883211][ T6106] Cannot create hsr debugfs directory [ 158.093081][ T6161] tipc: Started in network mode [ 158.098097][ T6161] tipc: Node identity 8eb2288da1d6, cluster identity 4711 [ 158.107141][ T6161] tipc: Enabled bearer , priority 0 [ 158.127281][ T6161] €Â: renamed from syzkaller0 [ 158.135166][ T6161] tipc: Disabling bearer [ 158.214266][ T6106] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.444843][ T6106] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.793570][ T5216] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 158.802352][ T5216] Bluetooth: hci5: Injecting HCI hardware error event [ 158.810885][ T5225] Bluetooth: hci5: hardware error 0x00 [ 159.033151][ T5216] Bluetooth: hci6: command tx timeout [ 159.241771][ T6106] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.320392][ T6171] tipc: Started in network mode [ 159.327308][ T6171] tipc: Node identity 2626330b4d76, cluster identity 4711 [ 159.336462][ T6171] tipc: Enabled bearer , priority 0 [ 159.391830][ T6106] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.421808][ T6168] €Â: renamed from syzkaller0 [ 159.441504][ T6168] tipc: Disabling bearer [ 159.467315][ T6176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.177'. [ 159.488033][ T6181] netlink: 'syz.0.177': attribute type 1 has an invalid length. [ 159.499393][ T6181] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.177'. [ 159.791869][ T6186] netlink: 'syz.2.178': attribute type 10 has an invalid length. [ 159.800245][ T6186] netlink: 55 bytes leftover after parsing attributes in process `syz.2.178'. [ 159.809437][ T6106] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 159.845724][ T6106] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.897636][ T6106] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.958101][ T6106] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 160.306800][ T6106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.381805][ T6106] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.408235][ T6201] netlink: 'syz.0.181': attribute type 4 has an invalid length. [ 160.416058][ T6201] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.181'. [ 160.954137][ T5225] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 161.123068][ T5225] Bluetooth: hci6: command tx timeout [ 161.171086][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.178476][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.188743][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.195932][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.242910][ T6200] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 161.299201][ T6200] input: syz0 as /devices/virtual/input/input13 [ 162.555959][ T5301] vhci_hcd: vhci_device speed not set [ 162.587009][ T6106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.609360][ T6216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.185'. [ 162.809814][ T29] audit: type=1326 audit(1723139842.296:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6211 comm="syz.2.185" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f30ad7779f9 code=0x0 [ 162.846703][ T6106] veth0_vlan: entered promiscuous mode [ 162.967825][ T6106] veth1_vlan: entered promiscuous mode [ 163.108348][ T6106] veth0_macvtap: entered promiscuous mode [ 163.180919][ T6106] veth1_macvtap: entered promiscuous mode [ 163.192602][ T5225] Bluetooth: hci6: command tx timeout [ 163.248052][ T6229] FAULT_INJECTION: forcing a failure. [ 163.248052][ T6229] name failslab, interval 1, probability 0, space 0, times 0 [ 163.312248][ T6229] CPU: 0 UID: 0 PID: 6229 Comm: syz.1.187 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 163.322877][ T6229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 163.323197][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.332925][ T6229] Call Trace: [ 163.332936][ T6229] [ 163.332945][ T6229] dump_stack_lvl+0x241/0x360 [ 163.332996][ T6229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.333021][ T6229] ? __pfx__printk+0x10/0x10 [ 163.333047][ T6229] ? kmem_cache_alloc_lru_noprof+0x49/0x2b0 [ 163.358308][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.359505][ T6229] ? __pfx___might_resched+0x10/0x10 [ 163.359533][ T6229] ? __asan_memset+0x23/0x50 [ 163.365924][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.369967][ T6229] should_fail_ex+0x3b0/0x4e0 [ 163.369995][ T6229] ? __d_alloc+0x31/0x700 [ 163.370017][ T6229] should_failslab+0xac/0x100 [ 163.370039][ T6229] ? __d_alloc+0x31/0x700 [ 163.370062][ T6229] kmem_cache_alloc_lru_noprof+0x71/0x2b0 [ 163.370090][ T6229] __d_alloc+0x31/0x700 [ 163.370118][ T6229] d_alloc_pseudo+0x1f/0xb0 [ 163.370141][ T6229] alloc_file_pseudo+0x123/0x290 [ 163.370169][ T6229] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 163.370190][ T6229] ? tipc_node_get_capabilities+0xef/0x130 [ 163.370224][ T6229] sock_alloc_file+0xb8/0x290 [ 163.370251][ T6229] __sys_socketpair+0x4f9/0x720 [ 163.370282][ T6229] ? __pfx___sys_socketpair+0x10/0x10 [ 163.370306][ T6229] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 163.370333][ T6229] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 163.370358][ T6229] ? do_syscall_64+0x100/0x230 [ 163.370386][ T6229] __x64_sys_socketpair+0x9b/0xb0 [ 163.370414][ T6229] do_syscall_64+0xf3/0x230 [ 163.370439][ T6229] ? clear_bhb_loop+0x35/0x90 [ 163.370461][ T6229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.370487][ T6229] RIP: 0033:0x7fb72cf779f9 [ 163.370505][ T6229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.370528][ T6229] RSP: 002b:00007fb72dd63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 163.370550][ T6229] RAX: ffffffffffffffda RBX: 00007fb72d105f80 RCX: 00007fb72cf779f9 [ 163.370564][ T6229] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 163.370576][ T6229] RBP: 00007fb72dd63090 R08: 0000000000000000 R09: 0000000000000000 [ 163.370588][ T6229] R10: 0000000020000940 R11: 0000000000000246 R12: 0000000000000002 [ 163.370600][ T6229] R13: 0000000000000000 R14: 00007fb72d105f80 R15: 00007ffd4c471fb8 [ 163.370630][ T6229] [ 163.593585][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.603760][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.614594][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.624768][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.635790][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.658874][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.748679][ T6232] trusted_key: syz.0.188 sent an empty control message without MSG_MORE. [ 163.753089][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.781174][ T6235] netlink: 'syz.1.189': attribute type 4 has an invalid length. [ 163.782086][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.797448][ T6235] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.189'. [ 163.799428][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.157688][ T6106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.533728][ T6236] capability: warning: `syz.0.188' uses deprecated v2 capabilities in a way that may be insecure [ 164.547427][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.579519][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.589767][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.601762][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.613435][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.652973][ T6236] netlink: 72 bytes leftover after parsing attributes in process `syz.0.188'. [ 164.662156][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.662170][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.662185][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.662195][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.662207][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.662220][ T6106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.728539][ T6106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.761344][ T6106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.833475][ T6242] netlink: 'syz.1.191': attribute type 10 has an invalid length. [ 164.866975][ T6242] netlink: 55 bytes leftover after parsing attributes in process `syz.1.191'. [ 164.959204][ T6106] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.992543][ T6106] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.001278][ T6106] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.019978][ T6106] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.844579][ T5636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.858391][ T5636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.902570][ T1295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.064170][ T1295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.424198][ T6263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'. [ 166.701628][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'. [ 166.919219][ T6259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.197'. [ 167.232981][ T6274] netlink: 'syz.2.200': attribute type 4 has an invalid length. [ 167.240751][ T6274] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.200'. [ 167.294370][ T5308] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 167.980450][ T6273] netlink: 12 bytes leftover after parsing attributes in process `syz.1.199'. [ 168.226986][ T29] audit: type=1326 audit(1723139847.716:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6268 comm="syz.1.199" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x0 [ 168.291546][ T5308] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.302548][ T5216] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 168.316492][ T5216] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 168.325967][ T5216] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 168.334167][ T5216] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 168.341955][ T5216] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 168.349548][ T5216] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 168.414324][ T5308] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 168.456080][ T5308] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 168.466544][ T6283] netlink: 'syz.2.201': attribute type 10 has an invalid length. [ 168.476349][ T6283] netlink: 55 bytes leftover after parsing attributes in process `syz.2.201'. [ 168.533324][ T5308] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 168.606910][ T5308] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 168.622478][ T5308] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.690275][ T5308] usb 4-1: config 0 descriptor?? [ 168.701761][ T6292] FAULT_INJECTION: forcing a failure. [ 168.701761][ T6292] name failslab, interval 1, probability 0, space 0, times 0 [ 168.791070][ T6292] CPU: 1 UID: 0 PID: 6292 Comm: syz.1.204 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 168.801706][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 168.811770][ T6292] Call Trace: [ 168.815062][ T6292] [ 168.818006][ T6292] dump_stack_lvl+0x241/0x360 [ 168.822713][ T6292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.827936][ T6292] ? __pfx__printk+0x10/0x10 [ 168.832551][ T6292] ? ref_tracker_alloc+0x332/0x490 [ 168.837685][ T6292] should_fail_ex+0x3b0/0x4e0 [ 168.842378][ T6292] ? skb_clone+0x20c/0x390 [ 168.846810][ T6292] should_failslab+0xac/0x100 [ 168.850675][ T6299] 9pnet_fd: Insufficient options for proto=fd [ 168.851487][ T6292] ? skb_clone+0x20c/0x390 [ 168.851531][ T6292] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 168.867361][ T6292] skb_clone+0x20c/0x390 [ 168.871622][ T6292] __netlink_deliver_tap+0x3cc/0x7c0 [ 168.876937][ T6292] ? netlink_deliver_tap+0x2e/0x1b0 [ 168.882154][ T6292] netlink_deliver_tap+0x19d/0x1b0 [ 168.887287][ T6292] netlink_sendskb+0x68/0x140 [ 168.891985][ T6292] netlink_unicast+0x39d/0x990 [ 168.896767][ T6292] ? __asan_memcpy+0x40/0x70 [ 168.901379][ T6292] ? __pfx_netlink_unicast+0x10/0x10 [ 168.906694][ T6292] netlink_rcv_skb+0x262/0x430 [ 168.911480][ T6292] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 168.916957][ T6292] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 168.922277][ T6292] ? safesetid_security_capable+0xb2/0x1d0 [ 168.928106][ T6292] ? bpf_lsm_capable+0x9/0x10 [ 168.932793][ T6292] ? security_capable+0x90/0xb0 [ 168.937671][ T6292] nfnetlink_rcv+0x297/0x2a90 [ 168.942368][ T6292] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 168.948109][ T6292] ? __dev_queue_xmit+0x2da/0x3e90 [ 168.953235][ T6292] ? __dev_queue_xmit+0x1763/0x3e90 [ 168.958449][ T6292] ? kasan_save_track+0x51/0x80 [ 168.963320][ T6292] ? do_syscall_64+0xf3/0x230 [ 168.968020][ T6292] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 168.973146][ T6292] ? __dev_queue_xmit+0x2da/0x3e90 [ 168.978278][ T6292] ? __pfx___dev_queue_xmit+0x10/0x10 [ 168.983682][ T6292] ? ref_tracker_free+0x643/0x7e0 [ 168.988723][ T6292] ? __asan_memcpy+0x40/0x70 [ 168.993325][ T6292] ? __pfx_ref_tracker_free+0x10/0x10 [ 168.998729][ T6292] ? netlink_deliver_tap+0x2e/0x1b0 [ 169.003948][ T6292] ? skb_clone+0x240/0x390 [ 169.008380][ T6292] ? __pfx_lock_release+0x10/0x10 [ 169.008991][ T6278] chnl_net:caif_netlink_parms(): no params data found [ 169.013403][ T6292] ? __netlink_deliver_tap+0x77e/0x7c0 [ 169.013442][ T6292] ? netlink_deliver_tap+0x2e/0x1b0 [ 169.013470][ T6292] netlink_unicast+0x7f0/0x990 [ 169.035619][ T6292] ? __pfx_netlink_unicast+0x10/0x10 [ 169.040923][ T6292] ? __virt_addr_valid+0x183/0x530 [ 169.046055][ T6292] ? __check_object_size+0x49c/0x900 [ 169.051356][ T6292] ? bpf_lsm_netlink_send+0x9/0x10 [ 169.056486][ T6292] netlink_sendmsg+0x8e4/0xcb0 [ 169.061288][ T6292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 169.066586][ T6292] ? __import_iovec+0x536/0x820 [ 169.071457][ T6292] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 169.076757][ T6292] ? security_socket_sendmsg+0x87/0xb0 [ 169.082225][ T6292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 169.087524][ T6292] __sock_sendmsg+0x221/0x270 [ 169.092224][ T6292] ____sys_sendmsg+0x525/0x7d0 [ 169.097015][ T6292] ? __pfx_____sys_sendmsg+0x10/0x10 [ 169.102333][ T6292] __sys_sendmsg+0x2b0/0x3a0 [ 169.106943][ T6292] ? __pfx___sys_sendmsg+0x10/0x10 [ 169.112070][ T6292] ? vfs_write+0x7c4/0xc90 [ 169.116518][ T6292] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 169.122856][ T6292] ? do_syscall_64+0x100/0x230 [ 169.127626][ T6292] ? do_syscall_64+0xb6/0x230 [ 169.132313][ T6292] do_syscall_64+0xf3/0x230 [ 169.136837][ T6292] ? clear_bhb_loop+0x35/0x90 [ 169.141535][ T6292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.147450][ T6292] RIP: 0033:0x7fb72cf779f9 [ 169.151885][ T6292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.155113][ T5308] usbhid 4-1:0.0: can't add hid device: -71 [ 169.171483][ T6292] RSP: 002b:00007fb72dd63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 169.171515][ T6292] RAX: ffffffffffffffda RBX: 00007fb72d105f80 RCX: 00007fb72cf779f9 [ 169.171530][ T6292] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 169.171541][ T6292] RBP: 00007fb72dd63090 R08: 0000000000000000 R09: 0000000000000000 [ 169.171552][ T6292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 169.171564][ T6292] R13: 0000000000000000 R14: 00007fb72d105f80 R15: 00007ffd4c471fb8 [ 169.171592][ T6292] [ 169.182784][ T5308] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 170.122948][ T6305] netlink: 16 bytes leftover after parsing attributes in process `syz.0.206'. [ 170.132759][ T6305] netlink: 52 bytes leftover after parsing attributes in process `syz.0.206'. [ 170.141633][ T6305] netlink: 24 bytes leftover after parsing attributes in process `syz.0.206'. [ 170.151110][ T6305] vlan0: entered allmulticast mode [ 170.158194][ T6305] veth0_vlan: entered allmulticast mode [ 170.310611][ T5308] usb 4-1: USB disconnect, device number 3 [ 170.392436][ T5225] Bluetooth: hci7: command tx timeout [ 170.498428][ T6320] netlink: 'syz.3.210': attribute type 4 has an invalid length. [ 170.506301][ T6320] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.210'. [ 171.955949][ T6318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.208'. [ 171.983985][ T6324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.208'. [ 172.039061][ T6324] netlink: 20 bytes leftover after parsing attributes in process `syz.0.208'. [ 172.088594][ T6278] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.122346][ T6278] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.148887][ T6278] bridge_slave_0: entered allmulticast mode [ 172.163578][ T6337] netlink: 12 bytes leftover after parsing attributes in process `syz.1.213'. [ 172.192080][ T6278] bridge_slave_0: entered promiscuous mode [ 172.211441][ T6278] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.245526][ T6278] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.273692][ T6278] bridge_slave_1: entered allmulticast mode [ 172.482227][ T5225] Bluetooth: hci7: command tx timeout [ 173.133068][ T6278] bridge_slave_1: entered promiscuous mode [ 173.181533][ T29] audit: type=1326 audit(1723139852.666:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6333 comm="syz.1.213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x0 [ 173.329050][ T6278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.378918][ T6278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.649829][ T6278] team0: Port device team_slave_0 added [ 173.783057][ T6278] team0: Port device team_slave_1 added [ 174.512222][ T5308] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 174.606842][ T5225] Bluetooth: hci7: command tx timeout [ 174.653339][ T6278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.660294][ T6278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.227645][ T6278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.457137][ T6278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.608284][ T6278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.709276][ T6278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.524472][ T5308] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 176.538507][ T5308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 176.557682][ T5308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 176.567495][ T5308] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 176.584870][ T6385] netlink: 'syz.1.221': attribute type 4 has an invalid length. [ 176.584908][ T5308] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 176.601783][ T6385] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.221'. [ 176.602146][ T5308] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.652863][ T5225] Bluetooth: hci7: command tx timeout [ 176.732067][ T5308] usb 1-1: config 0 descriptor?? [ 176.833544][ T6278] hsr_slave_0: entered promiscuous mode [ 176.853042][ T6278] hsr_slave_1: entered promiscuous mode [ 176.862890][ T5308] usbhid 1-1:0.0: can't add hid device: -71 [ 176.868901][ T5308] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 176.898715][ T6278] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.913367][ T6278] Cannot create hsr debugfs directory [ 176.950898][ T5308] usb 1-1: USB disconnect, device number 3 [ 178.208103][ T6404] netlink: 12 bytes leftover after parsing attributes in process `syz.3.229'. [ 178.217157][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 178.252833][ T5308] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 178.972311][ T9] usb 2-1: device descriptor read/64, error -71 [ 179.001091][ T6278] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.012949][ T6278] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 179.044850][ T29] audit: type=1326 audit(1723139858.536:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6402 comm="syz.3.229" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4485779f9 code=0x0 [ 179.170632][ T6278] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.182292][ T5308] usb 1-1: Using ep0 maxpacket: 16 [ 179.197004][ T6278] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 179.199186][ T5308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.248879][ T5308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.286556][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 179.310213][ T5308] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 179.333240][ T5308] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.381074][ T5308] usb 1-1: config 0 descriptor?? [ 179.396068][ T6278] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.430068][ T6278] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 179.669297][ T6422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.704834][ T6278] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.714392][ T9] usb 2-1: device descriptor read/64, error -71 [ 179.717271][ T6422] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.770231][ T6278] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 179.836352][ T9] usb usb2-port1: attempt power cycle [ 180.530958][ T5308] usbhid 1-1:0.0: can't add hid device: -71 [ 180.541029][ T5308] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 180.561451][ T5308] usb 1-1: USB disconnect, device number 4 [ 180.592286][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 180.671704][ T9] usb 2-1: device descriptor read/8, error -71 [ 180.765746][ T6433] netlink: 'syz.0.234': attribute type 4 has an invalid length. [ 180.773780][ T6433] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.234'. [ 181.024674][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 181.532248][ T9] usb 2-1: device descriptor read/8, error -71 [ 181.594692][ T6278] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 181.657012][ T6278] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 181.678255][ T6278] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 181.702611][ T9] usb usb2-port1: unable to enumerate USB device [ 181.703348][ T6278] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 182.436342][ T6278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.511610][ T6278] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.842747][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.849952][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.464938][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.472052][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.483199][ T6462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.241'. [ 183.750719][ T29] audit: type=1326 audit(1723139863.236:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6453 comm="syz.1.241" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x0 [ 183.808230][ T6473] FAULT_INJECTION: forcing a failure. [ 183.808230][ T6473] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 183.895034][ T6473] CPU: 0 UID: 0 PID: 6473 Comm: syz.3.243 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 183.905636][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 183.915681][ T6473] Call Trace: [ 183.918949][ T6473] [ 183.921867][ T6473] dump_stack_lvl+0x241/0x360 [ 183.926547][ T6473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.931738][ T6473] ? __pfx__printk+0x10/0x10 [ 183.936325][ T6473] ? __pfx_lock_release+0x10/0x10 [ 183.941344][ T6473] should_fail_ex+0x3b0/0x4e0 [ 183.946015][ T6473] _copy_from_user+0x2f/0xe0 [ 183.950599][ T6473] memdup_user+0x64/0xc0 [ 183.954833][ T6473] strndup_user+0x68/0xc0 [ 183.959325][ T6473] __se_sys_mount+0xe2/0x3c0 [ 183.964003][ T6473] ? __pfx_bpf_trace_run2+0x10/0x10 [ 183.969193][ T6473] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 183.975169][ T6473] ? __pfx___se_sys_mount+0x10/0x10 [ 183.980358][ T6473] ? rcu_is_watching+0x15/0xb0 [ 183.985117][ T6473] ? __x64_sys_mount+0x20/0xc0 [ 183.989871][ T6473] do_syscall_64+0xf3/0x230 [ 183.994368][ T6473] ? clear_bhb_loop+0x35/0x90 [ 183.999038][ T6473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.004927][ T6473] RIP: 0033:0x7fd4485779f9 [ 184.009345][ T6473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.028944][ T6473] RSP: 002b:00007fd44932a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 184.037362][ T6473] RAX: ffffffffffffffda RBX: 00007fd448705f80 RCX: 00007fd4485779f9 [ 184.045326][ T6473] RDX: 0000000020000000 RSI: 0000000020000a00 RDI: 0000000020000040 [ 184.053287][ T6473] RBP: 00007fd44932a090 R08: 0000000020000a80 R09: 0000000000000000 [ 184.061248][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.069210][ T6473] R13: 0000000000000000 R14: 00007fd448705f80 R15: 00007ffd06fcbe48 [ 184.077184][ T6473] [ 184.445329][ T6491] netlink: 'syz.2.247': attribute type 4 has an invalid length. [ 184.453238][ T6491] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.247'. [ 185.630423][ T6496] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 185.638272][ T6496] audit: out of memory in audit_log_start [ 185.642235][ T29] audit: type=1326 audit(1723139865.096:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 185.747730][ T29] audit: type=1326 audit(1723139865.096:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 185.802344][ T29] audit: type=1326 audit(1723139865.096:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 185.820212][ T6278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.871004][ T29] audit: type=1326 audit(1723139865.096:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 186.431705][ T29] audit: type=1326 audit(1723139865.096:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 186.663962][ T29] audit: type=1326 audit(1723139865.096:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 186.692220][ T29] audit: type=1326 audit(1723139865.106:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb72cf779f9 code=0x7ffc0000 [ 186.782366][ T29] audit: type=1326 audit(1723139865.116:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6492 comm="syz.1.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb72cf76390 code=0x7ffc0000 [ 186.808542][ T6505] FAULT_INJECTION: forcing a failure. [ 186.808542][ T6505] name failslab, interval 1, probability 0, space 0, times 0 [ 186.852077][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz.0.251 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 186.862713][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 186.872780][ T6505] Call Trace: [ 186.876075][ T6505] [ 186.879018][ T6505] dump_stack_lvl+0x241/0x360 [ 186.883723][ T6505] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.888943][ T6505] ? __pfx__printk+0x10/0x10 [ 186.893565][ T6505] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 186.899047][ T6505] ? __pfx___might_resched+0x10/0x10 [ 186.904360][ T6505] should_fail_ex+0x3b0/0x4e0 [ 186.909060][ T6505] should_failslab+0xac/0x100 [ 186.913786][ T6505] ? ima_calc_file_hash+0xab7/0x1b30 [ 186.919160][ T6505] __kmalloc_cache_noprof+0x6c/0x2c0 [ 186.924449][ T6505] ima_calc_file_hash+0xab7/0x1b30 [ 186.929568][ T6505] ? __pfx_fuse_update_get_attr+0x10/0x10 [ 186.935293][ T6505] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 186.940872][ T6505] ? __pfx_fuse_simple_request+0x10/0x10 [ 186.946497][ T6505] ? __pfx_autoremove_wake_function+0x10/0x10 [ 186.952562][ T6505] ? __lock_acquire+0x137a/0x2040 [ 186.957582][ T6505] ? fuse_allow_current_process+0x1eb/0x3c0 [ 186.963472][ T6505] ima_collect_measurement+0x526/0xb20 [ 186.968934][ T6505] ? __pfx_ima_collect_measurement+0x10/0x10 [ 186.974904][ T6505] ? __mutex_trylock_common+0x183/0x2e0 [ 186.980448][ T6505] ? trace_contention_end+0x3c/0x120 [ 186.985717][ T6505] ? __mutex_lock+0x2ef/0xd70 [ 186.990395][ T6505] ? ima_get_hash_algo+0x156/0x4d0 [ 186.995495][ T6505] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 187.000950][ T6505] process_measurement+0x1357/0x1fb0 [ 187.006246][ T6505] ? __pfx_process_measurement+0x10/0x10 [ 187.011866][ T6505] ? fuse_file_open+0x791/0xb30 [ 187.016732][ T6505] ? fuse_file_io_open+0xf9/0x250 [ 187.021767][ T6505] ? smack_current_getsecid_subj+0x22/0xf0 [ 187.027569][ T6505] ima_file_check+0xf2/0x170 [ 187.032153][ T6505] ? do_dentry_open+0xe3f/0x1440 [ 187.037092][ T6505] ? __pfx_ima_file_check+0x10/0x10 [ 187.042287][ T6505] security_file_post_open+0x6d/0xa0 [ 187.047565][ T6505] path_openat+0x2b91/0x3470 [ 187.052162][ T6505] ? __pfx_stack_trace_save+0x10/0x10 [ 187.057536][ T6505] ? __lock_acquire+0x137a/0x2040 [ 187.062562][ T6505] ? __pfx_path_openat+0x10/0x10 [ 187.067505][ T6505] do_filp_open+0x235/0x490 [ 187.072001][ T6505] ? __pfx_do_filp_open+0x10/0x10 [ 187.077032][ T6505] ? _raw_spin_unlock+0x28/0x50 [ 187.081870][ T6505] ? alloc_fd+0x5a1/0x640 [ 187.086200][ T6505] do_sys_openat2+0x13e/0x1d0 [ 187.090867][ T6505] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 187.096861][ T6505] ? __pfx_do_sys_openat2+0x10/0x10 [ 187.102060][ T6505] ? __fget_files+0x3f6/0x470 [ 187.106738][ T6505] __x64_sys_open+0x225/0x270 [ 187.111408][ T6505] ? __pfx___x64_sys_open+0x10/0x10 [ 187.116602][ T6505] ? do_syscall_64+0x100/0x230 [ 187.121368][ T6505] ? do_syscall_64+0xb6/0x230 [ 187.126044][ T6505] do_syscall_64+0xf3/0x230 [ 187.130549][ T6505] ? clear_bhb_loop+0x35/0x90 [ 187.135224][ T6505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.141123][ T6505] RIP: 0033:0x7f260a5779f9 [ 187.145536][ T6505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.165135][ T6505] RSP: 002b:00007f260b288038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 187.173541][ T6505] RAX: ffffffffffffffda RBX: 00007f260a705f80 RCX: 00007f260a5779f9 [ 187.181500][ T6505] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 187.189458][ T6505] RBP: 00007f260b288090 R08: 0000000000000000 R09: 0000000000000000 [ 187.197416][ T6505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 187.205375][ T6505] R13: 0000000000000000 R14: 00007f260a705f80 R15: 00007ffe6cfd77b8 [ 187.213346][ T6505] [ 187.590749][ T6278] veth0_vlan: entered promiscuous mode [ 187.657270][ T6278] veth1_vlan: entered promiscuous mode [ 187.703186][ T6531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.255'. [ 187.737472][ T6532] sctp: [Deprecated]: syz.1.256 (pid 6532) Use of int in max_burst socket option deprecated. [ 187.737472][ T6532] Use struct sctp_assoc_value instead [ 187.776409][ T6278] veth0_macvtap: entered promiscuous mode [ 187.821759][ T6278] veth1_macvtap: entered promiscuous mode [ 187.924344][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.939000][ T6540] FAULT_INJECTION: forcing a failure. [ 187.939000][ T6540] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 187.984328][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.011474][ T6540] CPU: 1 UID: 0 PID: 6540 Comm: syz.2.257 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 188.022074][ T6540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 188.032111][ T6540] Call Trace: [ 188.035381][ T6540] [ 188.038293][ T6540] dump_stack_lvl+0x241/0x360 [ 188.042964][ T6540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.048158][ T6540] ? __pfx__printk+0x10/0x10 [ 188.052757][ T6540] ? snprintf+0xda/0x120 [ 188.056984][ T6540] should_fail_ex+0x3b0/0x4e0 [ 188.061641][ T6540] _copy_to_user+0x2f/0xb0 [ 188.066044][ T6540] simple_read_from_buffer+0xca/0x150 [ 188.071401][ T6540] proc_fail_nth_read+0x1e9/0x250 [ 188.076410][ T6540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 188.081939][ T6540] ? rw_verify_area+0x520/0x6b0 [ 188.086773][ T6540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 188.092304][ T6540] vfs_read+0x204/0xbc0 [ 188.096435][ T6540] ? __pfx_lock_release+0x10/0x10 [ 188.101441][ T6540] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 188.107325][ T6540] ? __pfx_vfs_read+0x10/0x10 [ 188.111981][ T6540] ? __fget_files+0x29/0x470 [ 188.116552][ T6540] ? __fget_files+0x3f6/0x470 [ 188.121218][ T6540] ksys_read+0x1a0/0x2c0 [ 188.125444][ T6540] ? __pfx_ksys_read+0x10/0x10 [ 188.130184][ T6540] ? do_syscall_64+0x100/0x230 [ 188.134936][ T6540] ? do_syscall_64+0xb6/0x230 [ 188.139594][ T6540] do_syscall_64+0xf3/0x230 [ 188.144080][ T6540] ? clear_bhb_loop+0x35/0x90 [ 188.148736][ T6540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.154617][ T6540] RIP: 0033:0x7f30ad77643c [ 188.159016][ T6540] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 188.178597][ T6540] RSP: 002b:00007f30ad1de030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 188.186988][ T6540] RAX: ffffffffffffffda RBX: 00007f30ad906058 RCX: 00007f30ad77643c [ 188.194939][ T6540] RDX: 000000000000000f RSI: 00007f30ad1de0a0 RDI: 0000000000000007 [ 188.202893][ T6540] RBP: 00007f30ad1de090 R08: 0000000000000000 R09: 0000000000000000 [ 188.210845][ T6540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.218795][ T6540] R13: 0000000000000000 R14: 00007f30ad906058 R15: 00007ffefc077008 [ 188.226753][ T6540] [ 188.304532][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.343067][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.370805][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.391940][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.402562][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.413641][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.423905][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.486194][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.512188][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.553113][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.595730][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.633342][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.654194][ T6278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.716539][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.741139][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.781838][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.822170][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.846643][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.892146][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.912269][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 188.939553][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.340423][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 189.362090][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 189.404908][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.691141][ T9] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 189.705232][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.755684][ T9] usb 3-1: Product: syz [ 189.756118][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.770830][ T9] usb 3-1: Manufacturer: syz [ 189.777587][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.780179][ T9] usb 3-1: SerialNumber: syz [ 189.787943][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.807174][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.817878][ T6278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.828842][ T6278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.850281][ T9] usb 3-1: config 0 descriptor?? [ 189.852242][ T6278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.868512][ T6547] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 189.887875][ T6278] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.902754][ T9] hub 3-1:0.0: bad descriptor, ignoring hub [ 189.913354][ T6278] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.918383][ T9] hub 3-1:0.0: probe with driver hub failed with error -5 [ 189.952922][ T6278] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.954930][ T9] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input14 [ 189.967342][ T6278] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.002301][ T5220] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 190.216211][ T5220] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 190.259010][ T5220] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 190.303133][ T5220] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.361855][ T5220] usb 1-1: config 0 descriptor?? [ 190.383753][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.422183][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.453310][ T5220] pwc: Askey VC010 type 2 USB webcam detected. [ 190.553930][ T6547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.568007][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.572708][ T6547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.627959][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.665488][ T6547] netlink: 'syz.2.259': attribute type 10 has an invalid length. [ 190.687644][ T6547] bridge0: port 3(team0) entered disabled state [ 190.733228][ T5220] pwc: send_video_command error -71 [ 190.741592][ T5220] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 190.757737][ T6547] team0: left allmulticast mode [ 190.763125][ T6547] team_slave_0: left allmulticast mode [ 190.768613][ T6547] team_slave_1: left allmulticast mode [ 190.774145][ T6547] team0: left promiscuous mode [ 190.778928][ T6547] team_slave_0: left promiscuous mode [ 190.784669][ T6547] team_slave_1: left promiscuous mode [ 190.791190][ T6547] bridge0: port 3(team0) entered disabled state [ 190.820768][ T6547] batman_adv: batadv0: Adding interface: team0 [ 190.827020][ T6547] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.852236][ T6547] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 190.874087][ T5220] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 190.901582][ T6578] sctp: [Deprecated]: syz.3.267 (pid 6578) Use of int in max_burst socket option deprecated. [ 190.901582][ T6578] Use struct sctp_assoc_value instead [ 190.912497][ T5220] usb 1-1: USB disconnect, device number 5 [ 190.962215][ T6573] netlink: 'syz.2.259': attribute type 10 has an invalid length. [ 191.008480][ T6573] netlink: 2 bytes leftover after parsing attributes in process `syz.2.259'. [ 191.037495][ T6573] team0: entered promiscuous mode [ 191.044656][ T6573] team_slave_0: entered promiscuous mode [ 191.089476][ T6573] team_slave_1: entered promiscuous mode [ 191.156215][ T6573] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.180899][ T6573] batman_adv: batadv0: Interface activated: team0 [ 191.188853][ T6573] batman_adv: batadv0: Interface deactivated: team0 [ 191.198509][ T6573] batman_adv: batadv0: Removing interface: team0 [ 191.209768][ T6573] bridge0: port 3(team0) entered blocking state [ 191.217278][ T6573] bridge0: port 3(team0) entered disabled state [ 191.238145][ T6573] team0: entered allmulticast mode [ 191.281911][ T6573] team_slave_0: entered allmulticast mode [ 191.285853][ T6584] netlink: 4 bytes leftover after parsing attributes in process `syz.4.196'. [ 191.346018][ T6573] team_slave_1: entered allmulticast mode [ 191.404697][ T6573] bridge0: port 3(team0) entered blocking state [ 191.411076][ T6573] bridge0: port 3(team0) entered forwarding state [ 191.434164][ C0] ------------[ cut here ]------------ [ 191.440106][ C0] WARNING: CPU: 0 PID: 6584 at kernel/kcov.c:871 kcov_remote_start+0x5a2/0x7e0 [ 191.449081][ C0] Modules linked in: [ 191.452966][ C0] CPU: 0 UID: 0 PID: 6584 Comm: syz.4.196 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 191.463538][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 191.473578][ C0] RIP: 0010:kcov_remote_start+0x5a2/0x7e0 [ 191.479292][ C0] Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 96 d2 19 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40 [ 191.498882][ C0] RSP: 0018:ffffc90000006470 EFLAGS: 00010002 [ 191.504935][ C0] RAX: 0000000080010303 RBX: ffff888023783c00 RCX: 0000000000000002 [ 191.512892][ C0] RDX: dffffc0000000000 RSI: ffffffff8beae6e0 RDI: ffffffff8c3f8b40 [ 191.520843][ C0] RBP: 0100000000000003 R08: ffffffff934ee877 R09: 1ffffffff269dd0e [ 191.528797][ C0] R10: dffffc0000000000 R11: fffffbfff269dd0f R12: ffffffff81937ffe [ 191.536757][ C0] R13: ffff88802d4c1000 R14: 0000000000000006 R15: ffff8880b922d4c8 [ 191.544714][ C0] FS: 00007f72f90c66c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 191.553624][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.560187][ C0] CR2: 0000000000000000 CR3: 000000007fdb2000 CR4: 00000000003506f0 [ 191.568144][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.576102][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 191.584054][ C0] Call Trace: [ 191.587315][ C0] [ 191.590140][ C0] ? __warn+0x163/0x4e0 [ 191.594281][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 191.599378][ C0] ? report_bug+0x2b3/0x500 [ 191.603865][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 191.608960][ C0] ? handle_bug+0x3e/0x70 [ 191.613267][ C0] ? exc_invalid_op+0x1a/0x50 [ 191.617923][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 191.622931][ C0] ? kcov_remote_start+0x9e/0x7e0 [ 191.627940][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 191.633038][ C0] ? usb_unanchor_urb+0xa3/0xc0 [ 191.637868][ C0] ? usb_anchor_suspend_wakeups+0x3a/0x40 [ 191.643575][ C0] __usb_hcd_giveback_urb+0x405/0x6e0 [ 191.648939][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 191.654820][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 191.660005][ C0] dummy_timer+0x830/0x45a0 [ 191.664500][ C0] ? __pfx_lock_release+0x10/0x10 [ 191.669517][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 191.675829][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 191.681181][ C0] ? __pfx_lock_release+0x10/0x10 [ 191.686194][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 191.691376][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 191.696299][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 191.701218][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 191.706397][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 191.712372][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 191.718077][ C0] hrtimer_interrupt+0x396/0x990 [ 191.723009][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 191.728972][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 191.734608][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 191.740600][ C0] RIP: 0010:___slab_alloc+0x4f7/0x14b0 [ 191.746048][ C0] Code: e9 78 fb ff ff e8 09 28 c1 09 f7 c3 00 02 00 00 74 18 e9 8e fe ff ff 48 c7 43 10 00 00 00 00 4c 89 ff 48 89 de e8 f9 15 00 00 <49> 83 7c 24 18 00 0f 84 89 06 00 00 48 c7 44 24 60 00 00 00 00 9c [ 191.765635][ C0] RSP: 0018:ffffc90000006c08 EFLAGS: 00000206 [ 191.771681][ C0] RAX: 09d4614a61cef000 RBX: 0000000000000246 RCX: ffffffff81702e4a [ 191.779634][ C0] RDX: dffffc0000000000 RSI: ffffffff8bead560 RDI: ffffffff8c3f8b40 [ 191.787594][ C0] RBP: ffff8880b9242c80 R08: ffffffff934ee8c7 R09: 1ffffffff269dd18 [ 191.795547][ C0] R10: dffffc0000000000 R11: fffffbfff269dd19 R12: ffff8880b9242c60 [ 191.803503][ C0] R13: ffff888023783c00 R14: 00000000ffffffff R15: ffff888015442140 [ 191.811459][ C0] ? mark_lock+0x9a/0x350 [ 191.815783][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 191.820964][ C0] ? ieee802_11_parse_elems_full+0xdb/0x2880 [ 191.826933][ C0] ? ieee802_11_parse_elems_full+0xdb/0x2880 [ 191.832909][ C0] __slab_alloc+0x58/0xa0 [ 191.837253][ C0] ? ieee802_11_parse_elems_full+0xdb/0x2880 [ 191.843255][ C0] __kmalloc_noprof+0x25a/0x400 [ 191.848097][ C0] ? stack_depot_save_flags+0x6e4/0x830 [ 191.853629][ C0] ieee802_11_parse_elems_full+0xdb/0x2880 [ 191.859425][ C0] ? kasan_save_track+0x51/0x80 [ 191.864259][ C0] ? kasan_save_track+0x3f/0x80 [ 191.869091][ C0] ? __kmalloc_noprof+0x1fc/0x400 [ 191.874098][ C0] ? __cfg80211_bss_update+0x1a5/0x2170 [ 191.879629][ C0] ? cfg80211_inform_single_bss_data+0xd51/0x2030 [ 191.886028][ C0] ? cfg80211_inform_bss_data+0x3dd/0x5a70 [ 191.891819][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 191.898055][ C0] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 191.903855][ C0] ? ieee80211_scan_rx+0x526/0x9c0 [ 191.908947][ C0] ? ieee80211_rx_list+0x2b02/0x3780 [ 191.914235][ C0] ? ieee80211_rx_napi+0x18a/0x3c0 [ 191.919364][ C0] ? ieee80211_handle_queued_frames+0xe7/0x1e0 [ 191.925504][ C0] ? tasklet_action_common+0x321/0x4d0 [ 191.930958][ C0] ? handle_softirqs+0x2c4/0x970 [ 191.935876][ C0] ? do_softirq+0x11b/0x1e0 [ 191.940366][ C0] ? __local_bh_enable_ip+0x1bb/0x200 [ 191.945721][ C0] ? ieee80211_tx_skb_tid+0x264/0x420 [ 191.951075][ C0] ? ieee80211_mgmt_tx+0x1b46/0x2180 [ 191.956345][ C0] ? cfg80211_mlme_mgmt_tx+0x950/0x16a0 [ 191.961886][ C0] ? nl80211_tx_mgmt+0xb0d/0x1190 [ 191.966907][ C0] ? genl_rcv_msg+0xb14/0xec0 [ 191.971566][ C0] ? netlink_rcv_skb+0x1e3/0x430 [ 191.976489][ C0] ? genl_rcv+0x28/0x40 [ 191.980626][ C0] ? netlink_unicast+0x7f0/0x990 [ 191.985550][ C0] ? netlink_sendmsg+0x8e4/0xcb0 [ 191.990465][ C0] ? __sock_sendmsg+0x221/0x270 [ 191.995300][ C0] ? ____sys_sendmsg+0x525/0x7d0 [ 192.000231][ C0] ? __sys_sendmsg+0x2b0/0x3a0 [ 192.004976][ C0] ? do_syscall_64+0xf3/0x230 [ 192.009638][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.015700][ C0] ? __pfx_ieee802_11_parse_elems_full+0x10/0x10 [ 192.022032][ C0] ? cmp_bss+0x2eb/0xea0 [ 192.026273][ C0] ieee80211_inform_bss+0x15f/0x1080 [ 192.031576][ C0] ? __cfg80211_bss_update+0x1202/0x2170 [ 192.037198][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 192.042909][ C0] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 192.049309][ C0] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 192.055714][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 192.061418][ C0] cfg80211_inform_single_bss_data+0xe93/0x2030 [ 192.067652][ C0] ? __pfx_lock_release+0x10/0x10 [ 192.072665][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 192.079340][ C0] ? __pfx_validate_chain+0x10/0x10 [ 192.084522][ C0] ? kernel_text_address+0xa7/0xe0 [ 192.089636][ C0] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 192.095440][ C0] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 192.101077][ C0] ? __pfx_validate_chain+0x10/0x10 [ 192.106261][ C0] ? validate_chain+0x11e/0x5900 [ 192.111194][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 192.117248][ C0] ? __pfx_validate_chain+0x10/0x10 [ 192.122428][ C0] ? mark_lock+0x9a/0x350 [ 192.126745][ C0] ? mark_lock+0x9a/0x350 [ 192.131060][ C0] ? __lock_acquire+0x137a/0x2040 [ 192.136086][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 192.141094][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 192.146894][ C0] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 192.152957][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 192.158745][ C0] ieee80211_bss_info_update+0x8a7/0xbc0 [ 192.164366][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 192.170512][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 192.176823][ C0] ? ieee80211_get_channel_khz+0x173/0x920 [ 192.182617][ C0] ieee80211_scan_rx+0x526/0x9c0 [ 192.187545][ C0] ieee80211_rx_list+0x2b02/0x3780 [ 192.192643][ C0] ? __lock_acquire+0x137a/0x2040 [ 192.197663][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 192.203112][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 192.208121][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 192.214086][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 192.220418][ C0] ? ieee80211_rx_napi+0xd6/0x3c0 [ 192.225434][ C0] ieee80211_rx_napi+0x18a/0x3c0 [ 192.230356][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 192.236672][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 192.242131][ C0] ? skb_dequeue+0x113/0x150 [ 192.246751][ C0] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 192.252755][ C0] tasklet_action_common+0x321/0x4d0 [ 192.258033][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 192.263838][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 192.270158][ C0] ? workqueue_softirq_action+0xce/0x140 [ 192.275784][ C0] handle_softirqs+0x2c4/0x970 [ 192.280541][ C0] ? do_softirq+0x11b/0x1e0 [ 192.285033][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 192.290306][ C0] do_softirq+0x11b/0x1e0 [ 192.294628][ C0] [ 192.297544][ C0] [ 192.300456][ C0] ? __pfx_do_softirq+0x10/0x10 [ 192.305290][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 192.310906][ C0] ? rcu_is_watching+0x15/0xb0 [ 192.315662][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 192.320846][ C0] ? ieee80211_xmit+0x30f/0x3f0 [ 192.325682][ C0] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 192.331643][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 192.337346][ C0] ? __ieee80211_tx_skb_tid_band+0x4e2/0x610 [ 192.343313][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 192.348591][ C0] ieee80211_tx_skb_tid+0x264/0x420 [ 192.353804][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 192.359075][ C0] ieee80211_mgmt_tx+0x1b46/0x2180 [ 192.364179][ C0] ? ieee80211_mgmt_tx+0xa2e/0x2180 [ 192.369364][ C0] cfg80211_mlme_mgmt_tx+0x950/0x16a0 [ 192.374730][ C0] nl80211_tx_mgmt+0xb0d/0x1190 [ 192.379572][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 192.384841][ C0] ? __pfx_netdev_run_todo+0x10/0x10 [ 192.390120][ C0] genl_rcv_msg+0xb14/0xec0 [ 192.394605][ C0] ? mark_lock+0x9a/0x350 [ 192.398926][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 192.403945][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 192.408951][ C0] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 192.414304][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 192.419569][ C0] ? __pfx_nl80211_post_doit+0x10/0x10 [ 192.425013][ C0] ? __pfx___might_resched+0x10/0x10 [ 192.430287][ C0] netlink_rcv_skb+0x1e3/0x430 [ 192.435038][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 192.440047][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 192.445327][ C0] ? __netlink_deliver_tap+0x77e/0x7c0 [ 192.450779][ C0] genl_rcv+0x28/0x40 [ 192.454749][ C0] netlink_unicast+0x7f0/0x990 [ 192.459505][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 192.464776][ C0] ? __virt_addr_valid+0x183/0x530 [ 192.469866][ C0] ? __check_object_size+0x49c/0x900 [ 192.475133][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 192.480227][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 192.484978][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.490240][ C0] ? __import_iovec+0x536/0x820 [ 192.495077][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 192.500344][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 192.505785][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.511045][ C0] __sock_sendmsg+0x221/0x270 [ 192.515711][ C0] ____sys_sendmsg+0x525/0x7d0 [ 192.520462][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 192.525742][ C0] __sys_sendmsg+0x2b0/0x3a0 [ 192.530314][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 192.535405][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 192.541308][ C0] ? __secure_computing+0x125/0x370 [ 192.546496][ C0] do_syscall_64+0xf3/0x230 [ 192.550985][ C0] ? clear_bhb_loop+0x35/0x90 [ 192.555652][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.561536][ C0] RIP: 0033:0x7f72f83779f9 [ 192.565934][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.585521][ C0] RSP: 002b:00007f72f90c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.593918][ C0] RAX: ffffffffffffffda RBX: 00007f72f8506130 RCX: 00007f72f83779f9 [ 192.601868][ C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000005 [ 192.609819][ C0] RBP: 00007f72f83e58ee R08: 0000000000000000 R09: 0000000000000000 [ 192.617770][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.625723][ C0] R13: 0000000000000000 R14: 00007f72f8506130 R15: 00007ffe81508808 [ 192.633685][ C0] [ 192.636697][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 192.643954][ C0] CPU: 0 UID: 0 PID: 6584 Comm: syz.4.196 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 192.654515][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 192.664556][ C0] Call Trace: [ 192.667815][ C0] [ 192.670636][ C0] dump_stack_lvl+0x241/0x360 [ 192.675304][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.680489][ C0] ? __pfx__printk+0x10/0x10 [ 192.685059][ C0] ? _printk+0xd5/0x120 [ 192.689201][ C0] ? vscnprintf+0x5d/0x90 [ 192.693512][ C0] panic+0x349/0x860 [ 192.697391][ C0] ? __warn+0x172/0x4e0 [ 192.701522][ C0] ? __pfx_panic+0x10/0x10 [ 192.705921][ C0] ? show_trace_log_lvl+0x4e6/0x520 [ 192.711111][ C0] __warn+0x346/0x4e0 [ 192.715072][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 192.720168][ C0] report_bug+0x2b3/0x500 [ 192.724498][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 192.729593][ C0] handle_bug+0x3e/0x70 [ 192.733726][ C0] exc_invalid_op+0x1a/0x50 [ 192.738205][ C0] asm_exc_invalid_op+0x1a/0x20 [ 192.743036][ C0] RIP: 0010:kcov_remote_start+0x5a2/0x7e0 [ 192.748737][ C0] Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 96 d2 19 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40 [ 192.768323][ C0] RSP: 0018:ffffc90000006470 EFLAGS: 00010002 [ 192.774375][ C0] RAX: 0000000080010303 RBX: ffff888023783c00 RCX: 0000000000000002 [ 192.782326][ C0] RDX: dffffc0000000000 RSI: ffffffff8beae6e0 RDI: ffffffff8c3f8b40 [ 192.790276][ C0] RBP: 0100000000000003 R08: ffffffff934ee877 R09: 1ffffffff269dd0e [ 192.798230][ C0] R10: dffffc0000000000 R11: fffffbfff269dd0f R12: ffffffff81937ffe [ 192.806182][ C0] R13: ffff88802d4c1000 R14: 0000000000000006 R15: ffff8880b922d4c8 [ 192.814136][ C0] ? kcov_remote_start+0x9e/0x7e0 [ 192.819151][ C0] ? usb_unanchor_urb+0xa3/0xc0 [ 192.823983][ C0] ? usb_anchor_suspend_wakeups+0x3a/0x40 [ 192.829680][ C0] __usb_hcd_giveback_urb+0x405/0x6e0 [ 192.835039][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 192.840916][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 192.846102][ C0] dummy_timer+0x830/0x45a0 [ 192.850593][ C0] ? __pfx_lock_release+0x10/0x10 [ 192.855610][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 192.861923][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 192.867283][ C0] ? __pfx_lock_release+0x10/0x10 [ 192.872317][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 192.877530][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 192.882455][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 192.887375][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 192.892554][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 192.898525][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 192.904230][ C0] hrtimer_interrupt+0x396/0x990 [ 192.909160][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 192.915126][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 192.920739][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 192.926698][ C0] RIP: 0010:___slab_alloc+0x4f7/0x14b0 [ 192.932152][ C0] Code: e9 78 fb ff ff e8 09 28 c1 09 f7 c3 00 02 00 00 74 18 e9 8e fe ff ff 48 c7 43 10 00 00 00 00 4c 89 ff 48 89 de e8 f9 15 00 00 <49> 83 7c 24 18 00 0f 84 89 06 00 00 48 c7 44 24 60 00 00 00 00 9c [ 192.951750][ C0] RSP: 0018:ffffc90000006c08 EFLAGS: 00000206 [ 192.957799][ C0] RAX: 09d4614a61cef000 RBX: 0000000000000246 RCX: ffffffff81702e4a [ 192.965754][ C0] RDX: dffffc0000000000 RSI: ffffffff8bead560 RDI: ffffffff8c3f8b40 [ 192.973707][ C0] RBP: ffff8880b9242c80 R08: ffffffff934ee8c7 R09: 1ffffffff269dd18 [ 192.981658][ C0] R10: dffffc0000000000 R11: fffffbfff269dd19 R12: ffff8880b9242c60 [ 192.989608][ C0] R13: ffff888023783c00 R14: 00000000ffffffff R15: ffff888015442140 [ 192.997565][ C0] ? mark_lock+0x9a/0x350 [ 193.001883][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 193.007065][ C0] ? ieee802_11_parse_elems_full+0xdb/0x2880 [ 193.013031][ C0] ? ieee802_11_parse_elems_full+0xdb/0x2880 [ 193.018990][ C0] __slab_alloc+0x58/0xa0 [ 193.023309][ C0] ? ieee802_11_parse_elems_full+0xdb/0x2880 [ 193.029269][ C0] __kmalloc_noprof+0x25a/0x400 [ 193.034103][ C0] ? stack_depot_save_flags+0x6e4/0x830 [ 193.039629][ C0] ieee802_11_parse_elems_full+0xdb/0x2880 [ 193.045421][ C0] ? kasan_save_track+0x51/0x80 [ 193.050252][ C0] ? kasan_save_track+0x3f/0x80 [ 193.055083][ C0] ? __kmalloc_noprof+0x1fc/0x400 [ 193.060088][ C0] ? __cfg80211_bss_update+0x1a5/0x2170 [ 193.065629][ C0] ? cfg80211_inform_single_bss_data+0xd51/0x2030 [ 193.072063][ C0] ? cfg80211_inform_bss_data+0x3dd/0x5a70 [ 193.077858][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 193.084082][ C0] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 193.089867][ C0] ? ieee80211_scan_rx+0x526/0x9c0 [ 193.095045][ C0] ? ieee80211_rx_list+0x2b02/0x3780 [ 193.100309][ C0] ? ieee80211_rx_napi+0x18a/0x3c0 [ 193.105402][ C0] ? ieee80211_handle_queued_frames+0xe7/0x1e0 [ 193.111551][ C0] ? tasklet_action_common+0x321/0x4d0 [ 193.117004][ C0] ? handle_softirqs+0x2c4/0x970 [ 193.121937][ C0] ? do_softirq+0x11b/0x1e0 [ 193.126434][ C0] ? __local_bh_enable_ip+0x1bb/0x200 [ 193.131787][ C0] ? ieee80211_tx_skb_tid+0x264/0x420 [ 193.137142][ C0] ? ieee80211_mgmt_tx+0x1b46/0x2180 [ 193.142412][ C0] ? cfg80211_mlme_mgmt_tx+0x950/0x16a0 [ 193.147941][ C0] ? nl80211_tx_mgmt+0xb0d/0x1190 [ 193.152949][ C0] ? genl_rcv_msg+0xb14/0xec0 [ 193.157606][ C0] ? netlink_rcv_skb+0x1e3/0x430 [ 193.162530][ C0] ? genl_rcv+0x28/0x40 [ 193.166665][ C0] ? netlink_unicast+0x7f0/0x990 [ 193.171592][ C0] ? netlink_sendmsg+0x8e4/0xcb0 [ 193.176525][ C0] ? __sock_sendmsg+0x221/0x270 [ 193.181368][ C0] ? ____sys_sendmsg+0x525/0x7d0 [ 193.186287][ C0] ? __sys_sendmsg+0x2b0/0x3a0 [ 193.191029][ C0] ? do_syscall_64+0xf3/0x230 [ 193.195696][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.201756][ C0] ? __pfx_ieee802_11_parse_elems_full+0x10/0x10 [ 193.208080][ C0] ? cmp_bss+0x2eb/0xea0 [ 193.212309][ C0] ieee80211_inform_bss+0x15f/0x1080 [ 193.217580][ C0] ? __cfg80211_bss_update+0x1202/0x2170 [ 193.223202][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 193.228911][ C0] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 193.235318][ C0] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 193.241731][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 193.247442][ C0] cfg80211_inform_single_bss_data+0xe93/0x2030 [ 193.253676][ C0] ? __pfx_lock_release+0x10/0x10 [ 193.258684][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 193.265353][ C0] ? __pfx_validate_chain+0x10/0x10 [ 193.270544][ C0] ? kernel_text_address+0xa7/0xe0 [ 193.275666][ C0] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 193.281462][ C0] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 193.287093][ C0] ? __pfx_validate_chain+0x10/0x10 [ 193.292276][ C0] ? validate_chain+0x11e/0x5900 [ 193.297202][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 193.303253][ C0] ? __pfx_validate_chain+0x10/0x10 [ 193.308429][ C0] ? mark_lock+0x9a/0x350 [ 193.312747][ C0] ? mark_lock+0x9a/0x350 [ 193.317060][ C0] ? __lock_acquire+0x137a/0x2040 [ 193.322079][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 193.327088][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 193.332881][ C0] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 193.338937][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 193.344726][ C0] ieee80211_bss_info_update+0x8a7/0xbc0 [ 193.350346][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 193.356489][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.362805][ C0] ? ieee80211_get_channel_khz+0x173/0x920 [ 193.368597][ C0] ieee80211_scan_rx+0x526/0x9c0 [ 193.373546][ C0] ieee80211_rx_list+0x2b02/0x3780 [ 193.378672][ C0] ? __lock_acquire+0x137a/0x2040 [ 193.383689][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 193.389133][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 193.394147][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 193.400110][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.406426][ C0] ? ieee80211_rx_napi+0xd6/0x3c0 [ 193.411429][ C0] ieee80211_rx_napi+0x18a/0x3c0 [ 193.416349][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 193.422661][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 193.428103][ C0] ? skb_dequeue+0x113/0x150 [ 193.432680][ C0] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 193.438647][ C0] tasklet_action_common+0x321/0x4d0 [ 193.443920][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 193.449708][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.456022][ C0] ? workqueue_softirq_action+0xce/0x140 [ 193.461640][ C0] handle_softirqs+0x2c4/0x970 [ 193.466389][ C0] ? do_softirq+0x11b/0x1e0 [ 193.470878][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 193.476170][ C0] do_softirq+0x11b/0x1e0 [ 193.480514][ C0] [ 193.483428][ C0] [ 193.486341][ C0] ? __pfx_do_softirq+0x10/0x10 [ 193.491171][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 193.496789][ C0] ? rcu_is_watching+0x15/0xb0 [ 193.501534][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 193.506714][ C0] ? ieee80211_xmit+0x30f/0x3f0 [ 193.511547][ C0] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 193.517511][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 193.523213][ C0] ? __ieee80211_tx_skb_tid_band+0x4e2/0x610 [ 193.529174][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 193.534440][ C0] ieee80211_tx_skb_tid+0x264/0x420 [ 193.539622][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 193.544894][ C0] ieee80211_mgmt_tx+0x1b46/0x2180 [ 193.549999][ C0] ? ieee80211_mgmt_tx+0xa2e/0x2180 [ 193.555185][ C0] cfg80211_mlme_mgmt_tx+0x950/0x16a0 [ 193.560549][ C0] nl80211_tx_mgmt+0xb0d/0x1190 [ 193.565392][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 193.570659][ C0] ? __pfx_netdev_run_todo+0x10/0x10 [ 193.575937][ C0] genl_rcv_msg+0xb14/0xec0 [ 193.580427][ C0] ? mark_lock+0x9a/0x350 [ 193.584748][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.589768][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 193.594773][ C0] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 193.600124][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 193.605392][ C0] ? __pfx_nl80211_post_doit+0x10/0x10 [ 193.610834][ C0] ? __pfx___might_resched+0x10/0x10 [ 193.616105][ C0] netlink_rcv_skb+0x1e3/0x430 [ 193.620854][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.625860][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 193.631135][ C0] ? __netlink_deliver_tap+0x77e/0x7c0 [ 193.636584][ C0] genl_rcv+0x28/0x40 [ 193.640544][ C0] netlink_unicast+0x7f0/0x990 [ 193.645295][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 193.650559][ C0] ? __virt_addr_valid+0x183/0x530 [ 193.655651][ C0] ? __check_object_size+0x49c/0x900 [ 193.660919][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 193.666013][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 193.670761][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.676029][ C0] ? __import_iovec+0x536/0x820 [ 193.680885][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 193.686183][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 193.691624][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.696888][ C0] __sock_sendmsg+0x221/0x270 [ 193.701549][ C0] ____sys_sendmsg+0x525/0x7d0 [ 193.706304][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.711575][ C0] __sys_sendmsg+0x2b0/0x3a0 [ 193.716146][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 193.721236][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 193.727135][ C0] ? __secure_computing+0x125/0x370 [ 193.732318][ C0] do_syscall_64+0xf3/0x230 [ 193.736808][ C0] ? clear_bhb_loop+0x35/0x90 [ 193.741465][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.747348][ C0] RIP: 0033:0x7f72f83779f9 [ 193.751742][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.771331][ C0] RSP: 002b:00007f72f90c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.779729][ C0] RAX: ffffffffffffffda RBX: 00007f72f8506130 RCX: 00007f72f83779f9 [ 193.787684][ C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000005 [ 193.795638][ C0] RBP: 00007f72f83e58ee R08: 0000000000000000 R09: 0000000000000000 [ 193.803591][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.811543][ C0] R13: 0000000000000000 R14: 00007f72f8506130 R15: 00007ffe81508808 [ 193.819506][ C0] [ 193.822743][ C0] Kernel Offset: disabled [ 193.827116][ C0] Rebooting in 86400 seconds..