last executing test programs: 2m36.687462799s ago: executing program 0 (id=2716): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$can_raw(0x1d, 0x3, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfea7) sendfile(r6, 0xffffffffffffffff, &(0x7f0000000000), 0x11) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getegid() socket(0x0, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 2m24.082350026s ago: executing program 2 (id=2602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m10.488079666s ago: executing program 0 (id=2716): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$can_raw(0x1d, 0x3, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfea7) sendfile(r6, 0xffffffffffffffff, &(0x7f0000000000), 0x11) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getegid() socket(0x0, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 2m1.301815967s ago: executing program 2 (id=2602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m43.245095425s ago: executing program 0 (id=2716): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$can_raw(0x1d, 0x3, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfea7) sendfile(r6, 0xffffffffffffffff, &(0x7f0000000000), 0x11) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getegid() socket(0x0, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 1m34.804429193s ago: executing program 2 (id=2602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m13.398636793s ago: executing program 0 (id=2716): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$can_raw(0x1d, 0x3, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfea7) sendfile(r6, 0xffffffffffffffff, &(0x7f0000000000), 0x11) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getegid() socket(0x0, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 1m8.978955109s ago: executing program 2 (id=2602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 46.58532024s ago: executing program 0 (id=2716): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$can_raw(0x1d, 0x3, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfea7) sendfile(r6, 0xffffffffffffffff, &(0x7f0000000000), 0x11) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getegid() socket(0x0, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 45.397173802s ago: executing program 2 (id=2602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16.242756258s ago: executing program 0 (id=2716): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$can_raw(0x1d, 0x3, 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfea7) sendfile(r6, 0xffffffffffffffff, &(0x7f0000000000), 0x11) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getegid() socket(0x0, 0x5, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @loopback, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 15.238157683s ago: executing program 2 (id=2602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10.249330485s ago: executing program 1 (id=3052): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) lseek(r0, 0x59, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x401) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x10000009}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000d00), 0x4) ioperm(0x0, 0x40, 0x80) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) 10.119516516s ago: executing program 1 (id=3053): r0 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=0xffffffffffffff40, 0xc0000) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_channels={0x11, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100000}}) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000180), &(0x7f0000000340)=0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000740)=ANY=[@ANYRESOCT], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) open$dir(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffffffffffa) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x54) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x4, 0xdfd3}, 0x48) 8.645374273s ago: executing program 4 (id=3055): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [], {0x14, 0x10}}, 0x28}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2a, 0x4, 0x0, 0x0, 0xa8, 0x67, 0x0, 0x0, 0x0, 0x0, @loopback, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0xf}}, {@remote}, {@multicast2, 0xb}, {@private=0xa010100}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @end, @rr={0x7, 0x13, 0x0, [@dev, @remote, @multicast1, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 8.423882048s ago: executing program 1 (id=3056): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) r1 = getpid() r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298) syz_emit_ethernet(0xce, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES8=r2], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4c001) syz_emit_ethernet(0x4a, &(0x7f0000000340)=ANY=[], 0x0) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$key(0xf, 0x3, 0x2) set_mempolicy(0x4005, &(0x7f0000000040)=0x1001, 0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0) setfsgid(0xee00) r5 = dup(r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0xe501, 0x3, 0x2c0, 0x150, 0xa, 0x2, 0x150, 0x0, 0x228, 0x230, 0x230, 0x228, 0x223, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'veth0_vlan\x00', 'ip_vti0\x00'}, 0x0, 0xe8, 0x150, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x2, 0x2}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x32, 0xffff, 0x5, 'snmp\x00', 'syz0\x00', {0xffffffffffffffc0}}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x19}, @rand_addr=0x64010102, 0x0, 0x0, 'ipvlan0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x12, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) sched_setscheduler(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000100600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e6400000000140002800600190000000000050001"], 0x44}}, 0x0) 7.80532913s ago: executing program 4 (id=3058): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000280)={{0x2, 0x0, @loopback}, {0x306, @broadcast}, 0x6c, {0x2, 0x0, @broadcast}, 'syz_tun\x00'}) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x5, 0x8b}, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x803a, 0xf03, {0xffffffffffffffff}, {0xee00}, 0x1}) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000b00)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190880"], 0x0, 0x0, 0x0, 0x0}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000000000/0x4000)=nil) mlock2(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x5, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getnexthop={0x20, 0x6a, 0xe976912f002a1383, 0x0, 0x0, {}, [@NHA_MASTER={0x8, 0xe}]}, 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'}) setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000c) sched_setscheduler(0x0, 0x0, &(0x7f0000000040)=0x9) r5 = socket$netlink(0x10, 0x3, 0xf) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a01040000000000000000020000002400048020000180080001006f73660014000280080003400000000108000140000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a2207b5b4f30d3c614c75426a27f543ed404e43977f1532b60f7a436381cd3dfeab036d5afd31fb57e128e0f37c9af5ca756722aa34d5cd09713aeb49058fe9905df6f63c7d0a7fbf43e82db6a3141f378f3316553a11543e95b8ba47cff31bd34fe5897515be648682ef48997d728b29c487"], 0x78}}, 0x0) 7.705129827s ago: executing program 3 (id=3059): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x5, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getrlimit(0x7, &(0x7f0000000040)) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5}, @IFLA_GRE_FWMARK={0x8}]}}}]}, 0x44}}, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c052033a7e741faf71cdcfd3a010000000000", @ANYRES32=0x0, @ANYBLOB="00030000000000001c00128009000100766c616e000000000c00028006000100c7f40000"], 0x3c}}, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) unshare(0x8000400) r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="00000021007b560000000000400000ac8f6e5080024a0095"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r6, 0x11, 0x0, 0x0, @prog_id}, 0x20) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0xd, 0x1, 0x0, "bb1e000064000080007f28becf0500063475de71000077a16c80b6db943400"}) syz_open_dev$tty1(0xc, 0x4, 0x4) 7.27140204s ago: executing program 3 (id=3060): ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000280)={0x2, "610f"}) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009240300000003020009040100000102000009040101010102000008240201000000000905010900000003100725018001010109040200000103000009040201"], 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600a8435001c0600000000000000000000a652ff00000000fe80000000aa000004"], 0x0) r0 = syz_open_dev$vivid(&(0x7f0000000200), 0x2, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000780)={0xa, @sdr={0x39565559}}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x2a, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7e9, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000100)={0x6, 0x1, 0x0, "abd657bebbdd23613cfda38214fc0e59299e701cef6329784aa62d2f521ee9cc"}) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r3, &(0x7f0000000880)="5cba91ff890d4027881b2e39e14c40157713f9036c5373e68c35e68bebedbddfe1db69f38db5cd3d780bd3841c9cdb1634ca8c32f434c922e86592f720d36a6615cd30bb922ce9fb64a44060956549a9ba672bf5d97a0de23f92da6b75a7167d2acc0b56e0470b5d5c3a0a3399b82fe4401bf4c7ff2e14497f1f14df8dd195449e7510f1456e835ac5b18da9bbccd6f691d080c1329eeb03e4", 0xfffffffffffffc17) ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) io_uring_setup(0x4e83, &(0x7f00000002c0)={0x0, 0x20, 0x0, 0x2, 0x40000000}) ioctl$SNDCTL_DSP_STEREO(r3, 0x40045010, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000180)=0xfffffff9) ioctl$SNDCTL_DSP_GETOSPACE(r3, 0x8010500c, &(0x7f0000000240)) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r6 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@ipv4, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x3c}, 0x2, @in=@multicast1, 0x0, 0x1}}, 0xe8) socket(0xa, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000000010000000000000000000000000000180001801400018008000100ac1414bb08000200ac0314bb240002801400018008b2a6eb93c60a14bd000100ac1414aa08000200ac"], 0x50}}, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000003"], 0x24d8}], 0x1}, 0x0) 4.173851312s ago: executing program 4 (id=3061): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r0, 0x800) 4.162191353s ago: executing program 3 (id=3062): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000a00)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000900), 0x111}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000009c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 4.094683334s ago: executing program 1 (id=3063): r0 = socket$l2tp(0x2, 0x2, 0x73) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYRES64=r1], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000300)=[{&(0x7f0000033a80)=""/102380, 0x18fec}, {&(0x7f0000000540)=""/4102, 0x1006}], 0x2, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="0a001800030303031c030000"], 0x28}}, 0x0) r4 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001640)={r5, 0x2000, 0x0}, 0x10) ioctl$VIDIOC_S_SELECTION(r4, 0xc0405668, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) socket$packet(0x11, 0x0, 0x300) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'caif0\x00'}) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x624822, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000006540000000c0a01010000000000000000010000000900020073797a32000000002800038024000080090026400000000018000b80140001800a0001006c696d697400000004fe02800900010073797a30"], 0xd8}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1830000000000000000000000300000095000000000000006715691a3c661cfcb9d6e149e2d3f5a053651be785b12eaf18c193f6c3ae56a81e00ccd9a32f870f33e3875c886752617e9605cf275ae525265420c946e3b59027b13d9cf30d05eedf206baff947bc7a95b4fab049c0ad9624bb356bb8c78dde17e1fc9cb1a2c351f178cb0e82317f4a194aaca6f903c4275ee83922e8d17be4414c4937a11ae659cf99c8607e9325f902bca510fd7458c1da87b6ee4cdae59fbe090046815ed86151381ae98ddc0d443bf67450535f2be5ac04b41321dd40dd692a0372015e858c5ca1395e7fdde61114025e1129308605a9d69215b3ea14b06df29e06c47aa70144dd8b356014ab5d4b799387"], &(0x7f0000000080)='syzkaller\x00'}, 0x90) recvfrom$l2tp(r0, 0x0, 0x0, 0x20000160, 0x0, 0x0) 4.010997403s ago: executing program 3 (id=3064): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x1d, r1}, 0x10, &(0x7f0000000580)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {}, {0x0, 0xea60}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "8eece253840ca4bc"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x1d, r1}, 0x10, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYBLOB="0300000001"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000740)={&(0x7f00000004c0)={0x1d, r1}, 0x10, &(0x7f0000000700)={&(0x7f0000000500)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000005"], 0x48}}, 0x0) 3.932262937s ago: executing program 4 (id=3065): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x1d, r1}, 0x10, &(0x7f0000000580)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {}, {0x0, 0xea60}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "8eece253840ca4bc"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x1d, r1}, 0x10, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYBLOB="0300000001"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000740)={&(0x7f00000004c0)={0x1d, r1}, 0x10, &(0x7f0000000700)={&(0x7f0000000500)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000005"], 0x48}}, 0x0) (fail_nth: 1) 3.823620062s ago: executing program 3 (id=3066): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) r2 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)=@newqdisc={0x1fc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0x4, 0x3}}, [@TCA_RATE={0x6, 0x5, {0xff, 0x5}}, @qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x5, "44d3b1ea565a375bc0456819dfdbbfac"}}}, @TCA_INGRESS_BLOCK={0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0xb}}, @qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x10001, 0x4, 0x101, 0x8f, 0xfffff4ae, 0x40}, [@TCA_NETEM_RATE={0x14, 0x6, {0x1, 0x7, 0x6, 0x800}}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x3, 0xc}}, @TCA_NETEM_REORDER={0xc, 0x3, {0x7, 0x9}}]}}}, @TCA_STAB={0xf8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x10, 0x6, 0x3, 0x3, 0x2, 0x8, 0x3}}, {0xa, 0x2, [0x3, 0x2, 0x1]}}, {{0x1c, 0x1, {0x4e, 0x1, 0x5, 0x9, 0x2, 0x7, 0x200, 0x5}}, {0xe, 0x2, [0x8, 0x3, 0xfff, 0x7, 0x1]}}, {{0x1c, 0x1, {0xce, 0xcb, 0x5, 0x40000000, 0x2, 0x5, 0x9, 0xa}}, {0x18, 0x2, [0xfffa, 0x400, 0x7, 0x2, 0xfe00, 0x7, 0x5d38, 0x0, 0x5, 0xfffe]}}, {{0x1c, 0x1, {0xd5, 0x4, 0x30, 0x9, 0x2, 0x3, 0x7, 0x2}}, {0x8, 0x2, [0xcec, 0x1ad]}}, {{0x1c, 0x1, {0x3, 0x0, 0x3, 0x1, 0x1, 0x10000, 0x7, 0x2}}, {0x8, 0x2, [0x1d9, 0x40]}}, {{0x1c, 0x1, {0x34, 0xfd, 0x6, 0x81, 0x1, 0xffffff1a, 0x3, 0x1}}, {0x6, 0x2, [0x4]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfffffffc}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @qdisc_kind_options=@q_pie={{0x8}, {0x3c, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0x7}, @TCA_PIE_TARGET={0x8, 0x1, 0x3}, @TCA_PIE_BYTEMODE={0x8, 0x7, 0x1}, @TCA_PIE_TARGET={0x8, 0x1, 0xb}, @TCA_PIE_BYTEMODE={0x8, 0x7, 0x1}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x4}, @TCA_PIE_BETA={0x8, 0x5, 0xd}]}}]}, 0x1fc}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) bind$inet(r2, &(0x7f0000000140)={0x2, 0x4e24, @private=0xa010102}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007880)=@newtfilter={0x2c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x5}, {0xb}, {0x2, 0x6}}, [@TCA_CHAIN={0x8, 0xb, 0x100}]}, 0x2c}}, 0x4a8d5) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000003c0)=""/75, 0x0}) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000000c0)=0x4000000) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x7, 0x0, 0x0, &(0x7f0000ff9000/0x7000)=nil, 0x7000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000001c0)={0x48}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000340)={0x48}) sendto$rxrpc(r2, &(0x7f0000000440)="b39e72033130eef4d46fdf8638f402c960c470e9731de9293779b53e791aef4c14f3b7c60be26d5ad90430ca42591c8b666f298b56660ad4320ef69b6904e77e8dfe98394afb27e130bcfe0dfe7501d814e24f9ac00e683cc44943bb91a6b81527c8e5db4eb4", 0x66, 0x800, &(0x7f0000000080)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0xc69, @private2, 0xc}}, 0x24) dup(r5) mount(&(0x7f00000000c0)=@sg0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000240)='cramfs\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x1e, 0x4, 0x0) 3.375452085s ago: executing program 1 (id=3067): r0 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=0xffffffffffffff40, 0xc0000) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_channels={0x11, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100000}}) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000180), &(0x7f0000000340)=0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000740)=ANY=[@ANYRESOCT], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) open$dir(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffffffffffa) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x54) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x4, 0xdfd3}, 0x48) 3.320051138s ago: executing program 4 (id=3068): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [], {0x14, 0x10}}, 0x28}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2a, 0x4, 0x0, 0x0, 0xa8, 0x67, 0x0, 0x0, 0x0, 0x0, @loopback, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0xf}}, {@remote}, {@multicast2, 0xb}, {@private=0xa010100}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @end, @rr={0x7, 0x13, 0x0, [@dev, @remote, @multicast1, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2.166244743s ago: executing program 1 (id=3069): socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) getpgid(0x0) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000021c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1e}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) r5 = syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r7}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r8, 0x0, 0x0}, 0x10) ioctl$AUTOFS_DEV_IOCTL_FAIL(r5, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r6, {0x6, 0x1}}, './file0\x00'}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x26, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000006000000000000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b782000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000308a00106502000000000018420000ffffffff000000000000000018110000bda82de089d2f10ccaf1f6", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000180000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000ac900c0010000000185600000d0000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000001000008500000006000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3e, '\x00', 0x0, 0x1b, r9, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x16}, 0x90) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r10 = socket$inet6(0xa, 0x3, 0x3) ioctl$sock_inet6_SIOCSIFADDR(r10, 0x89a1, 0x0) getrlimit(0x4, &(0x7f0000000180)) 2.088233868s ago: executing program 3 (id=3070): bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000b40)="4a29bd560f", 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r3 = userfaultfd(0x80001) shmdt(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000340)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r6, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r4, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = socket$inet6(0xa, 0x3, 0x39) connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) 0s ago: executing program 4 (id=3071): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[], 0xc0}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) setrlimit(0xe, &(0x7f00000001c0)={0x5, 0xb56}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r3 = fcntl$dupfd(r2, 0x0, r2) write$sndseq(r3, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x4, @tick, {}, {}, @time=@time={0x80000001, 0xc}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{}, 0xe909}}], 0x38) write$sndseq(r3, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @raw8={"13e661fefa8c7d0d9a4be91e"}}, {0x0, 0x3f, 0x0, 0x0, @tick, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}], 0x70) ioctl$SG_GET_REQUEST_TABLE(r3, 0x2286, &(0x7f00000018c0)) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0x14c}}, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) r5 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00fbff", 0x18, 0x6, 0x0, @dev, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x0, 0x0, 0x0, {[@eol]}}}}}}}}, 0x0) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000280)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendto$packet(r5, &(0x7f0000000140)="03000300000000000000ab5d71acedd7c956946ecd0f37cf8ba788a8a24d", 0x1e, 0x0, &(0x7f0000000000)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="e131b6ac9c26"}, 0x14) sendmsg$can_bcm(r4, 0x0, 0x0) gettid() syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000006c0)=ANY=[@ANYBLOB="34000000110001000000000000000000fc00000000000000002052000000000000000000000033000c0015"], 0x34}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000100)={r4, 0x0, 0x7, 0x5}) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r9}, 0x10) kernel console output (not intermixed with test programs): etdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1320.242954][T17476] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1320.282742][T17618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1320.427688][ T46] microsoft 0003:045E:07DA.000D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1320.439715][ T2565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1320.454648][ T2565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1320.472190][ T46] microsoft 0003:045E:07DA.000D: no inputs found [ 1320.484192][ T46] microsoft 0003:045E:07DA.000D: could not initialize ff, continuing anyway [ 1320.572171][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.583179][ T5295] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1320.662512][T13474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1320.691452][T13474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1320.747694][T17618] veth0_vlan: entered promiscuous mode [ 1320.773110][T17618] veth1_vlan: entered promiscuous mode [ 1320.785061][ T5295] usb 2-1: Using ep0 maxpacket: 16 [ 1320.796516][ T5295] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1320.824442][ T5295] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1320.846454][ T5295] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1320.859964][T17618] veth0_macvtap: entered promiscuous mode [ 1320.866599][ T5295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1320.874824][ T5295] usb 2-1: Product: syz [ 1320.879001][ T5295] usb 2-1: Manufacturer: syz [ 1320.879574][T17618] veth1_macvtap: entered promiscuous mode [ 1320.883582][ T5295] usb 2-1: SerialNumber: syz [ 1320.948718][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.977588][ T5354] usb 4-1: USB disconnect, device number 76 [ 1320.982712][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1321.002756][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.013893][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1321.033917][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.044033][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1321.055250][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.065166][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1321.076024][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.097389][T17618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1321.115084][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1321.129317][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.140362][ T5295] usb 2-1: 0:2 : does not exist [ 1321.145583][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1321.184302][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.205012][ T5295] usb 2-1: USB disconnect, device number 98 [ 1321.206352][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1321.242503][T17688] udevd[17688]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1321.262330][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.280764][T17618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1321.310737][T17618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1321.349773][T17618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1321.429354][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1321.486411][T17618] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1321.504667][T17618] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1321.532393][T17618] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1321.555990][T17618] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1322.376742][T17829] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1322.382712][T17829] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1322.397571][T17829] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1322.403539][T17829] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1322.550915][T16020] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1322.564775][T16020] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1322.577164][T16020] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1322.589729][T16020] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1322.600781][T16020] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1322.618181][T16020] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1322.651077][T13007] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1322.665158][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1322.674328][ T46] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1322.683343][T13007] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1322.692502][T13007] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1322.705775][T13007] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1322.715953][T13007] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1322.725772][T13007] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1322.891347][ T46] usb 4-1: config index 0 descriptor too short (expected 38, got 36) [ 1322.902038][ T46] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1322.930010][ T46] usb 4-1: config 0 has no interfaces? [ 1322.930865][T14851] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 1322.939915][ T46] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1322.968046][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1322.987670][ T46] usb 4-1: config 0 descriptor?? [ 1323.057978][ T2575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1323.090576][ T2575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1323.114726][T14851] usb 5-1: Using ep0 maxpacket: 16 [ 1323.128886][T14851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1323.145344][ T62] bridge_slave_1: left allmulticast mode [ 1323.151019][ T62] bridge_slave_1: left promiscuous mode [ 1323.162899][T14851] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1323.172644][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1323.180872][T14851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1323.191356][ T62] bridge_slave_0: left allmulticast mode [ 1323.199628][T14851] usb 5-1: config 0 descriptor?? [ 1323.204903][ T62] bridge_slave_0: left promiscuous mode [ 1323.210681][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1323.426402][T17853] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 1323.626798][T17840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1323.650202][T17840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1323.673128][T14851] usbhid 5-1:0.0: can't add hid device: -71 [ 1323.686649][T14851] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1323.704475][T14851] usb 5-1: USB disconnect, device number 89 [ 1323.739178][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1323.750480][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1323.763028][ T62] bond0 (unregistering): Released all slaves [ 1323.814086][ T7857] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1323.841960][ T7857] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1324.207329][T17832] chnl_net:caif_netlink_parms(): no params data found [ 1324.290467][T17871] FAULT_INJECTION: forcing a failure. [ 1324.290467][T17871] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1324.316257][T12863] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1324.327934][T17871] CPU: 1 UID: 0 PID: 17871 Comm: syz.4.2909 Not tainted 6.11.0-rc5-syzkaller #0 [ 1324.337009][T17871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1324.347101][T17871] Call Trace: [ 1324.350400][T17871] [ 1324.353352][T17871] dump_stack_lvl+0x241/0x360 [ 1324.358059][T17871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1324.363291][T17871] ? __pfx__printk+0x10/0x10 [ 1324.368000][T17871] ? __pfx_lock_release+0x10/0x10 [ 1324.373068][T17871] should_fail_ex+0x3b0/0x4e0 [ 1324.377785][T17871] _copy_from_user+0x2f/0xe0 [ 1324.382409][T17871] copy_msghdr_from_user+0xae/0x680 [ 1324.387637][T17871] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1324.393461][T17871] __sys_sendmsg+0x23d/0x3a0 [ 1324.398056][T17871] ? __pfx___sys_sendmsg+0x10/0x10 [ 1324.403159][T17871] ? vfs_write+0x7c4/0xc90 [ 1324.407598][T17871] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1324.413919][T17871] ? do_syscall_64+0x100/0x230 [ 1324.418676][T17871] ? do_syscall_64+0xb6/0x230 [ 1324.423348][T17871] do_syscall_64+0xf3/0x230 [ 1324.427842][T17871] ? clear_bhb_loop+0x35/0x90 [ 1324.432517][T17871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.438499][T17871] RIP: 0033:0x7f0d32979e79 [ 1324.442907][T17871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1324.462508][T17871] RSP: 002b:00007f0d337ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1324.470920][T17871] RAX: ffffffffffffffda RBX: 00007f0d32b15f80 RCX: 00007f0d32979e79 [ 1324.478883][T17871] RDX: 0000000000000000 RSI: 0000000020001640 RDI: 0000000000000003 [ 1324.486858][T17871] RBP: 00007f0d337ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1324.494825][T17871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1324.502798][T17871] R13: 0000000000000000 R14: 00007f0d32b15f80 R15: 00007ffc3209eb48 [ 1324.510782][T17871] [ 1324.525740][ T62] hsr_slave_0: left promiscuous mode [ 1324.532287][ T62] hsr_slave_1: left promiscuous mode [ 1324.548863][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1324.569756][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1324.608415][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1324.625465][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1324.693340][ T62] veth1_macvtap: left promiscuous mode [ 1324.703842][ T62] veth0_macvtap: left promiscuous mode [ 1324.704452][T12863] usb 2-1: Using ep0 maxpacket: 8 [ 1324.719931][ T62] veth1_vlan: left promiscuous mode [ 1324.725518][T12863] usb 2-1: no configurations [ 1324.733542][ T62] veth0_vlan: left promiscuous mode [ 1324.748241][T12863] usb 2-1: can't read configurations, error -22 [ 1324.754813][T16020] Bluetooth: hci0: command tx timeout [ 1324.924316][T12863] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1325.024306][ T5266] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 1325.114283][T12863] usb 2-1: Using ep0 maxpacket: 8 [ 1325.115632][ T5295] usb 4-1: USB disconnect, device number 77 [ 1325.133351][T12863] usb 2-1: no configurations [ 1325.148062][T12863] usb 2-1: can't read configurations, error -22 [ 1325.170935][T12863] usb usb2-port1: attempt power cycle [ 1325.334367][ T5266] usb 5-1: Using ep0 maxpacket: 32 [ 1325.358194][ T5266] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1325.390249][ T5266] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1325.400951][ T5266] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1325.410765][ T5266] usb 5-1: Product: syz [ 1325.415679][ T5266] usb 5-1: Manufacturer: syz [ 1325.420501][ T5266] usb 5-1: SerialNumber: syz [ 1325.441380][ T5266] usb 5-1: config 0 descriptor?? [ 1325.453785][ T5266] hub 5-1:0.0: bad descriptor, ignoring hub [ 1325.469542][ T5266] hub 5-1:0.0: probe with driver hub failed with error -5 [ 1325.497185][ T5266] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input82 [ 1325.528140][ T5266] usbtouchscreen 5-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -22 [ 1325.585240][T12863] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1325.601573][ T5266] usbtouchscreen 5-1:0.0: probe with driver usbtouchscreen failed with error -22 [ 1325.620029][T12863] usb 2-1: Using ep0 maxpacket: 8 [ 1325.647536][T12863] usb 2-1: no configurations [ 1325.674134][T12863] usb 2-1: can't read configurations, error -22 [ 1325.856310][T12863] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1325.894937][T12863] usb 2-1: Using ep0 maxpacket: 8 [ 1325.911964][T12863] usb 2-1: no configurations [ 1325.923215][T12863] usb 2-1: can't read configurations, error -22 [ 1325.938327][T12863] usb usb2-port1: unable to enumerate USB device [ 1326.061732][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1326.185941][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1326.336537][ T5295] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1326.442371][T13007] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1326.461982][T13007] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1326.478662][T13007] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1326.487320][T13007] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1326.495653][T13007] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1326.503003][T13007] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1326.536785][ T5295] usb 4-1: Using ep0 maxpacket: 16 [ 1326.559427][ T5295] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1326.597576][ T5295] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1326.622692][ T5295] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1326.642260][ T5295] usb 4-1: Product: syz [ 1326.651642][ T5295] usb 4-1: Manufacturer: syz [ 1326.668979][ T5295] usb 4-1: SerialNumber: syz [ 1326.718643][ T5295] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1326.837268][T13007] Bluetooth: hci0: command tx timeout [ 1327.168821][T12863] r8152-cfgselector 4-1: USB disconnect, device number 78 [ 1327.386248][T17832] bridge0: port 1(bridge_slave_0) entered blocking state [ 1327.427511][T17832] bridge0: port 1(bridge_slave_0) entered disabled state [ 1327.451123][T17832] bridge_slave_0: entered allmulticast mode [ 1327.473190][T17832] bridge_slave_0: entered promiscuous mode [ 1327.491548][T17832] bridge0: port 2(bridge_slave_1) entered blocking state [ 1327.500263][T17832] bridge0: port 2(bridge_slave_1) entered disabled state [ 1327.511610][T17832] bridge_slave_1: entered allmulticast mode [ 1327.522298][T17832] bridge_slave_1: entered promiscuous mode [ 1327.665001][T17832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1327.726343][T17832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1327.937135][T17832] team0: Port device team_slave_0 added [ 1328.021760][T17914] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf [ 1328.059573][T17832] team0: Port device team_slave_1 added [ 1328.315585][T17832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1328.354596][T17832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1328.388476][T17832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1328.504811][ T5266] usb 5-1: USB disconnect, device number 90 [ 1328.541167][T17832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1328.550419][T17832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1328.577275][T17832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1328.595092][T13007] Bluetooth: hci2: command tx timeout [ 1328.753613][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1328.887921][T17832] hsr_slave_0: entered promiscuous mode [ 1328.896128][T17832] hsr_slave_1: entered promiscuous mode [ 1328.907069][T17832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1328.915141][T13007] Bluetooth: hci0: command tx timeout [ 1328.916458][T17832] Cannot create hsr debugfs directory [ 1329.069650][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.108771][T17895] chnl_net:caif_netlink_parms(): no params data found [ 1329.256713][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.496956][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1330.304004][T17969] FAULT_INJECTION: forcing a failure. [ 1330.304004][T17969] name failslab, interval 1, probability 0, space 0, times 0 [ 1330.371411][T17969] CPU: 1 UID: 0 PID: 17969 Comm: syz.4.2921 Not tainted 6.11.0-rc5-syzkaller #0 [ 1330.380505][T17969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1330.390593][T17969] Call Trace: [ 1330.393891][T17969] [ 1330.396841][T17969] dump_stack_lvl+0x241/0x360 [ 1330.401546][T17969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1330.406774][T17969] ? __pfx__printk+0x10/0x10 [ 1330.411398][T17969] ? fs_reclaim_acquire+0x93/0x140 [ 1330.416543][T17969] ? __pfx___might_resched+0x10/0x10 [ 1330.421861][T17969] should_fail_ex+0x3b0/0x4e0 [ 1330.426560][T17969] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1330.432401][T17969] should_failslab+0xac/0x100 [ 1330.437100][T17969] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1330.442842][T17969] __kmalloc_noprof+0xd8/0x400 [ 1330.447629][T17969] ? kfree+0x4e/0x360 [ 1330.451638][T17969] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1330.457223][T17969] tomoyo_path_number_perm+0x23a/0x880 [ 1330.462716][T17969] ? tomoyo_path_number_perm+0x208/0x880 [ 1330.468382][T17969] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1330.474438][T17969] ? __fget_files+0x29/0x470 [ 1330.479057][T17969] ? __fget_files+0x3f6/0x470 [ 1330.483758][T17969] ? __fget_files+0x29/0x470 [ 1330.488384][T17969] security_file_ioctl+0x75/0xb0 [ 1330.493358][T17969] __se_sys_ioctl+0x47/0x170 [ 1330.497975][T17969] do_syscall_64+0xf3/0x230 [ 1330.502504][T17969] ? clear_bhb_loop+0x35/0x90 [ 1330.507212][T17969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.513138][T17969] RIP: 0033:0x7f0d32979e79 [ 1330.517585][T17969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1330.537213][T17969] RSP: 002b:00007f0d337ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1330.545661][T17969] RAX: ffffffffffffffda RBX: 00007f0d32b15f80 RCX: 00007f0d32979e79 [ 1330.553660][T17969] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 1330.561741][T17969] RBP: 00007f0d337ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1330.569733][T17969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1330.577722][T17969] R13: 0000000000000000 R14: 00007f0d32b15f80 R15: 00007ffc3209eb48 [ 1330.585738][T17969] [ 1330.610907][T17969] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1330.642920][T17895] bridge0: port 1(bridge_slave_0) entered blocking state [ 1330.665204][T17895] bridge0: port 1(bridge_slave_0) entered disabled state [ 1330.672495][T17895] bridge_slave_0: entered allmulticast mode [ 1330.678830][T13007] Bluetooth: hci2: command tx timeout [ 1330.704316][T17895] bridge_slave_0: entered promiscuous mode [ 1330.727558][T17895] bridge0: port 2(bridge_slave_1) entered blocking state [ 1330.734966][T17895] bridge0: port 2(bridge_slave_1) entered disabled state [ 1330.742267][T17895] bridge_slave_1: entered allmulticast mode [ 1330.749653][T17895] bridge_slave_1: entered promiscuous mode [ 1330.932218][T17895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1330.976851][T17895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1330.996558][T13007] Bluetooth: hci0: command tx timeout [ 1331.209026][ T62] bridge_slave_1: left allmulticast mode [ 1331.224408][ T62] bridge_slave_1: left promiscuous mode [ 1331.251616][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1331.305229][ T62] bridge_slave_0: left allmulticast mode [ 1331.310943][ T62] bridge_slave_0: left promiscuous mode [ 1331.345326][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1331.524098][T18018] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2924'. [ 1332.345771][T18043] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1332.400507][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1332.448046][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1332.469980][T18043] syz.3.2925: attempt to access beyond end of device [ 1332.469980][T18043] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1332.485004][T18043] SQUASHFS error: Failed to read block 0x0: -5 [ 1332.493895][ T62] bond0 (unregistering): Released all slaves [ 1332.503931][T18043] unable to read squashfs_super_block [ 1332.513706][T17895] team0: Port device team_slave_0 added [ 1332.528409][T17895] team0: Port device team_slave_1 added [ 1332.764425][T13007] Bluetooth: hci2: command tx timeout [ 1334.257727][T17895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1334.288951][T17895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1334.327665][T17895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1334.638457][T18067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2929'. [ 1334.658189][T17895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1334.666612][T17895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1334.716184][T17895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1334.832890][ T62] hsr_slave_0: left promiscuous mode [ 1334.834326][T13007] Bluetooth: hci2: command tx timeout [ 1334.900671][ T62] hsr_slave_1: left promiscuous mode [ 1334.909739][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1334.943268][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1334.983534][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1335.001179][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1335.058881][ T62] veth1_macvtap: left promiscuous mode [ 1335.070930][ T62] veth0_macvtap: left promiscuous mode [ 1335.109462][ T62] veth1_vlan: left promiscuous mode [ 1335.121452][ T62] veth0_vlan: left promiscuous mode [ 1335.127432][T12863] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1335.324346][T12863] usb 5-1: Using ep0 maxpacket: 16 [ 1335.338567][T12863] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1335.372577][T12863] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1335.412903][T12863] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1335.456495][T12863] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1335.779638][T12863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1335.846304][T12863] usb 5-1: Product: syz [ 1335.864644][T12863] usb 5-1: Manufacturer: syz [ 1335.891097][T12863] usb 5-1: SerialNumber: syz [ 1336.433091][T12863] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 1336.455813][T12863] usb 5-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 1336.558507][T12863] usb 5-1: USB disconnect, device number 91 [ 1337.256462][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1337.361273][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1338.121482][T18101] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 1338.363788][T18119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2940'. [ 1338.464295][T14851] usb 4-1: new full-speed USB device number 79 using dummy_hcd [ 1338.669086][T14851] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1338.688478][T14851] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1338.705532][T14851] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1338.728613][T14851] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1338.993519][T17895] hsr_slave_0: entered promiscuous mode [ 1339.035889][T14851] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 1339.054861][T17895] hsr_slave_1: entered promiscuous mode [ 1339.065870][T14851] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input84 [ 1339.077845][T17895] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1339.094452][T14851] input: failed to attach handler kbd to device input84, error: -5 [ 1339.114427][T17895] Cannot create hsr debugfs directory [ 1339.130882][T14851] usb 4-1: USB disconnect, device number 79 [ 1339.234752][T13007] Bluetooth: hci0: command 0x0401 tx timeout [ 1339.556748][T17832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1339.585227][T17832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1339.592466][ T5266] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1339.897753][T17832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1339.989798][ T5266] usb 5-1: Using ep0 maxpacket: 16 [ 1340.053771][ T5266] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1340.192429][T17832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1340.328886][ T5266] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1340.564281][ T5266] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1340.577924][ T5266] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1340.588434][ T5266] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1340.619334][ T5266] usb 5-1: Product: syz [ 1340.664226][ T5266] usb 5-1: Manufacturer: syz [ 1340.671334][ T5266] usb 5-1: SerialNumber: syz [ 1341.099126][T17832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1341.177260][T17832] 8021q: adding VLAN 0 to HW filter on device team0 [ 1341.384173][ T7857] bridge0: port 1(bridge_slave_0) entered blocking state [ 1341.391482][ T7857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1341.629078][ T7857] bridge0: port 2(bridge_slave_1) entered blocking state [ 1341.636374][ T7857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1341.749605][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 1341.757119][ T5266] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 1341.774822][ T5266] usb 5-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 1341.820950][ T5266] usb 5-1: USB disconnect, device number 92 [ 1342.090371][T17895] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1342.140376][T17895] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1342.153717][T17895] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1342.175170][T17895] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1342.373869][T17895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1342.384647][ T9] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1342.459202][T17832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1342.488641][T17895] 8021q: adding VLAN 0 to HW filter on device team0 [ 1342.511767][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 1342.518972][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1342.546094][ T7857] bridge0: port 2(bridge_slave_1) entered blocking state [ 1342.553356][ T7857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1342.607601][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1342.632561][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1342.637315][T18184] FAULT_INJECTION: forcing a failure. [ 1342.637315][T18184] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1342.658568][ T9] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 1342.658600][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1342.658621][ T9] usb 4-1: Product: syz [ 1342.658635][ T9] usb 4-1: Manufacturer: syz [ 1342.658650][ T9] usb 4-1: SerialNumber: syz [ 1342.699831][ T9] usb 4-1: config 0 descriptor?? [ 1342.708952][T18184] CPU: 0 UID: 0 PID: 18184 Comm: syz.4.2955 Not tainted 6.11.0-rc5-syzkaller #0 [ 1342.718052][T18184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1342.728108][T18184] Call Trace: [ 1342.731378][T18184] [ 1342.734307][T18184] dump_stack_lvl+0x241/0x360 [ 1342.739019][T18184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1342.744223][T18184] ? __pfx__printk+0x10/0x10 [ 1342.748826][T18184] ? snprintf+0xda/0x120 [ 1342.753063][T18184] should_fail_ex+0x3b0/0x4e0 [ 1342.757741][T18184] _copy_to_user+0x2f/0xb0 [ 1342.762154][T18184] simple_read_from_buffer+0xca/0x150 [ 1342.767715][T18184] proc_fail_nth_read+0x1ec/0x260 [ 1342.772850][T18184] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1342.778432][T18184] ? rw_verify_area+0x520/0x6b0 [ 1342.783317][T18184] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1342.788894][T18184] vfs_read+0x204/0xbc0 [ 1342.793059][T18184] ? __pfx_current_check_access_socket+0x10/0x10 [ 1342.799389][T18184] ? __pfx_vfs_read+0x10/0x10 [ 1342.804064][T18184] ? bpf_lsm_socket_connect+0x9/0x10 [ 1342.809434][T18184] ? security_socket_connect+0x87/0xb0 [ 1342.814897][T18184] ? sock_no_connect+0x9/0x20 [ 1342.819565][T18184] ? __sys_connect+0x15c/0x310 [ 1342.824328][T18184] ksys_read+0x1a0/0x2c0 [ 1342.828566][T18184] ? __pfx_ksys_read+0x10/0x10 [ 1342.833317][T18184] ? do_syscall_64+0x100/0x230 [ 1342.838163][T18184] ? do_syscall_64+0xb6/0x230 [ 1342.842830][T18184] do_syscall_64+0xf3/0x230 [ 1342.847321][T18184] ? clear_bhb_loop+0x35/0x90 [ 1342.851993][T18184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1342.857879][T18184] RIP: 0033:0x7f0d329788bc [ 1342.862376][T18184] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1342.881976][T18184] RSP: 002b:00007f0d337ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1342.890384][T18184] RAX: ffffffffffffffda RBX: 00007f0d32b15f80 RCX: 00007f0d329788bc [ 1342.898350][T18184] RDX: 000000000000000f RSI: 00007f0d337ff0a0 RDI: 0000000000000004 [ 1342.906318][T18184] RBP: 00007f0d337ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1342.914300][T18184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1342.922300][T18184] R13: 0000000000000000 R14: 00007f0d32b15f80 R15: 00007ffc3209eb48 [ 1342.930278][T18184] [ 1342.933426][ C0] vkms_vblank_simulate: vblank timer overrun [ 1342.984815][T18188] syz.1.2954 uses obsolete (PF_INET,SOCK_PACKET) [ 1342.985959][ T9] hub 4-1:0.0: bad descriptor, ignoring hub [ 1342.997364][T17832] veth0_vlan: entered promiscuous mode [ 1343.003779][T17832] veth1_vlan: entered promiscuous mode [ 1343.010373][ T9] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1343.048286][T18186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2954'. [ 1343.074621][T18186] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1343.130287][T18186] batman_adv: batadv1: Adding interface: netdevsim0 [ 1343.155049][T18186] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1343.168064][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 1343.168082][ T29] audit: type=1326 audit(1724619575.309:1803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18193 comm="syz.4.2957" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x0 [ 1343.192030][T18186] batman_adv: batadv1: Interface activated: netdevsim0 [ 1343.245965][ T9] kaweth 4-1:0.0: Firmware present in device. [ 1343.256994][T17832] veth0_macvtap: entered promiscuous mode [ 1343.280855][T17832] veth1_macvtap: entered promiscuous mode [ 1343.350447][T17832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.367183][T18198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2957'. [ 1343.391221][T17832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.402676][T17832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.416328][T17832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.427219][T17832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.438483][T17832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.451881][ T9] kaweth 4-1:0.0: Statistics collection: 0 [ 1343.453537][T17832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1343.479590][ T9] kaweth 4-1:0.0: Multicast filter limit: 0 [ 1343.492616][ T9] kaweth 4-1:0.0: MTU: 0 [ 1343.499186][T17832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.510963][T17832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.516411][ T9] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 1343.521330][T17832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.544552][T17832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.558059][T17832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.574713][T17832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.588649][T17832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1343.602556][T17832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1343.612914][T17832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1343.623108][T17832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1343.634718][T17832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1343.857599][T17895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1344.401506][T18202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1344.525871][T18202] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1344.558835][ T9] kaweth 4-1:0.0: kaweth interface created at eth1 [ 1344.693620][T17895] veth0_vlan: entered promiscuous mode [ 1344.734494][T17895] veth1_vlan: entered promiscuous mode [ 1344.758900][ T7857] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1344.774081][ T7857] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1344.852372][ T2565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1344.881104][ T2565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1344.906397][T17895] veth0_macvtap: entered promiscuous mode [ 1344.963429][T17895] veth1_macvtap: entered promiscuous mode [ 1345.090036][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.100960][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.114684][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.127084][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.140241][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.159078][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.171904][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.190640][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.203390][T17895] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1345.222873][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.234079][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.256283][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.272296][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.289038][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.302326][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.320097][T17895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.331474][T17895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.346630][T17895] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1345.358090][T17895] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.368686][T17895] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.382436][T17895] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.391916][T17895] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.488415][T18034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1345.502021][T18034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1345.549535][ T2565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1345.561471][ T2565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1346.474004][ T25] usb 4-1: USB disconnect, device number 80 [ 1347.382314][ T148] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.141554][ T148] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.257071][ T148] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.337815][ T148] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.625785][ T148] bridge_slave_1: left allmulticast mode [ 1348.646662][ T148] bridge_slave_1: left promiscuous mode [ 1348.674664][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 1348.736428][ T148] bridge_slave_0: left allmulticast mode [ 1348.753431][ T148] bridge_slave_0: left promiscuous mode [ 1348.773512][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 1348.939021][T16020] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1348.950894][T16020] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1348.965294][T16020] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1348.976410][T16020] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1348.986594][T16020] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1348.996070][T16020] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1349.441498][ T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1349.452537][ T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1349.463245][ T148] bond0 (unregistering): Released all slaves [ 1349.742983][T18275] FAULT_INJECTION: forcing a failure. [ 1349.742983][T18275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1349.940733][T18275] CPU: 0 UID: 0 PID: 18275 Comm: syz.1.2967 Not tainted 6.11.0-rc5-syzkaller #0 [ 1349.949774][T18275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1349.959840][T18275] Call Trace: [ 1349.963143][T18275] [ 1349.966097][T18275] dump_stack_lvl+0x241/0x360 [ 1349.970804][T18275] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1349.976036][T18275] ? __pfx__printk+0x10/0x10 [ 1349.980656][T18275] ? __pfx_lock_release+0x10/0x10 [ 1349.985691][T18275] should_fail_ex+0x3b0/0x4e0 [ 1349.990365][T18275] _copy_from_user+0x2f/0xe0 [ 1349.994946][T18275] copy_msghdr_from_user+0xae/0x680 [ 1350.000153][T18275] ? _parse_integer_limit+0x1b5/0x200 [ 1350.005522][T18275] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1350.011326][T18275] __sys_sendmmsg+0x374/0x740 [ 1350.015994][T18275] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1350.021219][T18275] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1350.027102][T18275] ? ksys_write+0x23e/0x2c0 [ 1350.031588][T18275] ? __pfx_lock_release+0x10/0x10 [ 1350.036608][T18275] ? vfs_write+0x7c4/0xc90 [ 1350.041012][T18275] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1350.046629][T18275] ? __pfx_vfs_write+0x10/0x10 [ 1350.051399][T18275] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1350.057367][T18275] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1350.063697][T18275] ? do_syscall_64+0x100/0x230 [ 1350.068463][T18275] __x64_sys_sendmmsg+0xa0/0xb0 [ 1350.073317][T18275] do_syscall_64+0xf3/0x230 [ 1350.077824][T18275] ? clear_bhb_loop+0x35/0x90 [ 1350.082501][T18275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1350.088816][T18275] RIP: 0033:0x7f87d1979e79 [ 1350.093215][T18275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1350.112907][T18275] RSP: 002b:00007f87d2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1350.121438][T18275] RAX: ffffffffffffffda RBX: 00007f87d1b15f80 RCX: 00007f87d1979e79 [ 1350.129399][T18275] RDX: 04000000000001f0 RSI: 0000000020000080 RDI: 0000000000000003 [ 1350.137359][T18275] RBP: 00007f87d2821090 R08: 0000000000000000 R09: 0000000000000000 [ 1350.145315][T18275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1350.153266][T18275] R13: 0000000000000000 R14: 00007f87d1b15f80 R15: 00007ffcc0c31fd8 [ 1350.161252][T18275] [ 1350.164267][ C0] vkms_vblank_simulate: vblank timer overrun [ 1350.282067][ T29] audit: type=1326 audit(1724619582.389:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.082144][T13007] Bluetooth: hci0: command tx timeout [ 1351.163572][ T29] audit: type=1326 audit(1724619582.389:1805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.251733][ T29] audit: type=1326 audit(1724619582.399:1806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.285569][T18278] netlink: 'syz.4.2969': attribute type 10 has an invalid length. [ 1351.293493][T18278] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2969'. [ 1351.320234][ T29] audit: type=1326 audit(1724619582.399:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.347775][T18278] team0: entered promiscuous mode [ 1351.352828][T18278] team_slave_0: entered promiscuous mode [ 1351.374826][T18278] team_slave_1: entered promiscuous mode [ 1351.380183][ T29] audit: type=1326 audit(1724619582.399:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.416266][T18278] bridge0: port 3(team0) entered blocking state [ 1351.427276][T18278] bridge0: port 3(team0) entered disabled state [ 1351.446773][T18278] team0: entered allmulticast mode [ 1351.453207][T18278] team_slave_0: entered allmulticast mode [ 1351.459334][ T29] audit: type=1326 audit(1724619582.399:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.481001][ C0] vkms_vblank_simulate: vblank timer overrun [ 1351.489439][T18278] team_slave_1: entered allmulticast mode [ 1351.503681][T18278] bridge0: port 3(team0) entered blocking state [ 1351.510125][T18278] bridge0: port 3(team0) entered forwarding state [ 1351.524817][T18289] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1351.529576][ T29] audit: type=1326 audit(1724619582.399:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.562084][ T29] audit: type=1326 audit(1724619582.399:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.585337][ T29] audit: type=1326 audit(1724619582.409:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.607887][ T29] audit: type=1326 audit(1724619582.409:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18274 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e83b79e79 code=0x7ffc0000 [ 1351.608445][T16020] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1351.629562][ C0] vkms_vblank_simulate: vblank timer overrun [ 1351.657543][T16020] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1351.674725][T16020] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1351.693091][T16020] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1351.702099][T16020] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1351.711146][T16020] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1351.973581][ T148] hsr_slave_0: left promiscuous mode [ 1352.021236][ T148] hsr_slave_1: left promiscuous mode [ 1352.084024][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1352.095427][ T148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1352.110458][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1352.119849][ T148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1352.162373][ T148] veth1_macvtap: left promiscuous mode [ 1352.217033][ T148] veth0_macvtap: left promiscuous mode [ 1352.232871][ T148] veth1_vlan: left promiscuous mode [ 1352.244360][ T148] veth0_vlan: left promiscuous mode [ 1352.433926][T18324] FAULT_INJECTION: forcing a failure. [ 1352.433926][T18324] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1352.480273][T18324] CPU: 1 UID: 0 PID: 18324 Comm: syz.4.2976 Not tainted 6.11.0-rc5-syzkaller #0 [ 1352.489373][T18324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1352.499449][T18324] Call Trace: [ 1352.502743][T18324] [ 1352.505677][T18324] dump_stack_lvl+0x241/0x360 [ 1352.510473][T18324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1352.515689][T18324] ? __pfx__printk+0x10/0x10 [ 1352.520322][T18324] ? __pfx_lock_release+0x10/0x10 [ 1352.525361][T18324] ? vfs_write+0x7c4/0xc90 [ 1352.529866][T18324] should_fail_ex+0x3b0/0x4e0 [ 1352.534649][T18324] _copy_from_user+0x2f/0xe0 [ 1352.539293][T18324] __sys_bpf+0x1a4/0x810 [ 1352.543562][T18324] ? __pfx___sys_bpf+0x10/0x10 [ 1352.548354][T18324] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1352.554339][T18324] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1352.560678][T18324] ? do_syscall_64+0x100/0x230 [ 1352.565460][T18324] __x64_sys_bpf+0x7c/0x90 [ 1352.569893][T18324] do_syscall_64+0xf3/0x230 [ 1352.574395][T18324] ? clear_bhb_loop+0x35/0x90 [ 1352.579090][T18324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1352.584985][T18324] RIP: 0033:0x7f0d32979e79 [ 1352.589396][T18324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1352.609084][T18324] RSP: 002b:00007f0d337bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1352.617492][T18324] RAX: ffffffffffffffda RBX: 00007f0d32b16130 RCX: 00007f0d32979e79 [ 1352.625456][T18324] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a [ 1352.633417][T18324] RBP: 00007f0d337bd090 R08: 0000000000000000 R09: 0000000000000000 [ 1352.641383][T18324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1352.649347][T18324] R13: 0000000000000000 R14: 00007f0d32b16130 R15: 00007ffc3209eb48 [ 1352.657324][T18324] [ 1353.154742][T16020] Bluetooth: hci0: command tx timeout [ 1353.500931][ T148] team0 (unregistering): Port device team_slave_1 removed [ 1353.560835][ T148] team0 (unregistering): Port device team_slave_0 removed [ 1353.797078][T16020] Bluetooth: hci2: command tx timeout [ 1354.221119][T18264] chnl_net:caif_netlink_parms(): no params data found [ 1355.204858][ T5266] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1355.237770][T16020] Bluetooth: hci0: command tx timeout [ 1355.280336][T18264] bridge0: port 1(bridge_slave_0) entered blocking state [ 1355.298598][T18264] bridge0: port 1(bridge_slave_0) entered disabled state [ 1355.313444][T18264] bridge_slave_0: entered allmulticast mode [ 1355.324006][T18264] bridge_slave_0: entered promiscuous mode [ 1355.356899][T18264] bridge0: port 2(bridge_slave_1) entered blocking state [ 1355.364093][T18264] bridge0: port 2(bridge_slave_1) entered disabled state [ 1355.400164][T18264] bridge_slave_1: entered allmulticast mode [ 1355.416147][T18264] bridge_slave_1: entered promiscuous mode [ 1355.431781][ T5266] usb 4-1: Using ep0 maxpacket: 32 [ 1355.469194][ T5266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1355.483852][T18368] FAULT_INJECTION: forcing a failure. [ 1355.483852][T18368] name failslab, interval 1, probability 0, space 0, times 0 [ 1355.493193][ T5266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1355.505730][T18368] CPU: 1 UID: 0 PID: 18368 Comm: syz.4.2985 Not tainted 6.11.0-rc5-syzkaller #0 [ 1355.515597][T18368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1355.525780][T18368] Call Trace: [ 1355.529079][T18368] [ 1355.531776][ T5266] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1355.532007][T18368] dump_stack_lvl+0x241/0x360 [ 1355.545255][ T5266] usb 4-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 1355.549397][T18368] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1355.558748][ T5266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1355.563658][T18368] ? __pfx__printk+0x10/0x10 [ 1355.563692][T18368] ? fs_reclaim_acquire+0x93/0x140 [ 1355.581403][T18368] ? __pfx___might_resched+0x10/0x10 [ 1355.586717][T18368] should_fail_ex+0x3b0/0x4e0 [ 1355.591496][T18368] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1355.597232][T18368] should_failslab+0xac/0x100 [ 1355.601918][T18368] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1355.607647][T18368] __kmalloc_noprof+0xd8/0x400 [ 1355.612423][T18368] ? kfree+0x4e/0x360 [ 1355.616412][T18368] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1355.621968][T18368] tomoyo_path_number_perm+0x23a/0x880 [ 1355.627426][T18368] ? tomoyo_path_number_perm+0x208/0x880 [ 1355.633053][T18368] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1355.639057][T18368] ? __fget_files+0x29/0x470 [ 1355.643717][T18368] ? __fget_files+0x3f6/0x470 [ 1355.648390][T18368] ? __fget_files+0x29/0x470 [ 1355.652979][T18368] security_file_ioctl+0x75/0xb0 [ 1355.657916][T18368] __se_sys_ioctl+0x47/0x170 [ 1355.662497][T18368] do_syscall_64+0xf3/0x230 [ 1355.666991][T18368] ? clear_bhb_loop+0x35/0x90 [ 1355.671671][T18368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.677555][T18368] RIP: 0033:0x7f0d32979e79 [ 1355.681969][T18368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1355.701563][T18368] RSP: 002b:00007f0d337de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1355.709972][T18368] RAX: ffffffffffffffda RBX: 00007f0d32b16058 RCX: 00007f0d32979e79 [ 1355.717942][T18368] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 1355.725905][T18368] RBP: 00007f0d337de090 R08: 0000000000000000 R09: 0000000000000000 [ 1355.733870][T18368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1355.741839][T18368] R13: 0000000000000000 R14: 00007f0d32b16058 R15: 00007ffc3209eb48 [ 1355.749819][T18368] [ 1355.771820][T18368] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1355.773619][ T5266] usb 4-1: config 0 descriptor?? [ 1355.871745][T18264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1355.885798][T16020] Bluetooth: hci2: command tx timeout [ 1355.901998][T18264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1356.032461][T18264] team0: Port device team_slave_0 added [ 1356.057504][T18343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1356.105140][T18343] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1356.204445][T14851] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1356.219316][ T148] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1356.313476][T18264] team0: Port device team_slave_1 added [ 1356.342746][T18296] chnl_net:caif_netlink_parms(): no params data found [ 1356.357253][ T5266] hid (null): report_id 0 is invalid [ 1356.384417][ T5266] redragon 0003:0C45:760B.000E: report_id 0 is invalid [ 1356.403335][ T5266] redragon 0003:0C45:760B.000E: item 0 1 1 8 parsing failed [ 1356.404638][T14851] usb 2-1: Using ep0 maxpacket: 32 [ 1356.427387][ T5266] redragon 0003:0C45:760B.000E: probe with driver redragon failed with error -22 [ 1356.468473][T14851] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1356.510100][T14851] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1356.520566][T14851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1356.530555][T14851] usb 2-1: Product: syz [ 1356.535948][T14851] usb 2-1: Manufacturer: syz [ 1356.542777][T14851] usb 2-1: SerialNumber: syz [ 1356.553827][T14851] usb 2-1: config 0 descriptor?? [ 1356.576816][ T5266] usb 4-1: USB disconnect, device number 81 [ 1356.596425][T14851] hub 2-1:0.0: bad descriptor, ignoring hub [ 1356.611770][T14851] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1356.637575][T14851] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input85 [ 1356.662658][T14851] usbtouchscreen 2-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8 [ 1356.693118][ T148] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1356.743820][T14851] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -8 [ 1356.778852][T18264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1356.792340][T18264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1356.818690][ C0] vkms_vblank_simulate: vblank timer overrun [ 1356.850618][T18264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1356.901255][T18264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1356.924332][T18264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1356.950268][ C0] vkms_vblank_simulate: vblank timer overrun [ 1356.970466][T18264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1357.072587][ T148] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.245322][ T148] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1357.314244][T16020] Bluetooth: hci0: command tx timeout [ 1357.521002][T18264] hsr_slave_0: entered promiscuous mode [ 1357.535787][T18264] hsr_slave_1: entered promiscuous mode [ 1357.551132][T18264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1357.579380][T18264] Cannot create hsr debugfs directory [ 1357.596219][T18296] bridge0: port 1(bridge_slave_0) entered blocking state [ 1357.617905][T18296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1357.633058][T18296] bridge_slave_0: entered allmulticast mode [ 1357.648027][T18399] FAULT_INJECTION: forcing a failure. [ 1357.648027][T18399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1357.648305][T18296] bridge_slave_0: entered promiscuous mode [ 1357.661269][T18399] CPU: 0 UID: 0 PID: 18399 Comm: syz.4.2989 Not tainted 6.11.0-rc5-syzkaller #0 [ 1357.661298][T18399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1357.661311][T18399] Call Trace: [ 1357.661320][T18399] [ 1357.661328][T18399] dump_stack_lvl+0x241/0x360 [ 1357.661357][T18399] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1357.702159][T18399] ? __pfx__printk+0x10/0x10 [ 1357.706743][T18399] ? __pfx_lock_release+0x10/0x10 [ 1357.711756][T18399] ? vfs_write+0x7c4/0xc90 [ 1357.716160][T18399] should_fail_ex+0x3b0/0x4e0 [ 1357.720827][T18399] _copy_from_user+0x2f/0xe0 [ 1357.725406][T18399] __sys_bpf+0x1a4/0x810 [ 1357.729634][T18399] ? __pfx___sys_bpf+0x10/0x10 [ 1357.734387][T18399] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1357.740370][T18399] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1357.746681][T18399] ? do_syscall_64+0x100/0x230 [ 1357.751429][T18399] __x64_sys_bpf+0x7c/0x90 [ 1357.755831][T18399] do_syscall_64+0xf3/0x230 [ 1357.760317][T18399] ? clear_bhb_loop+0x35/0x90 [ 1357.764978][T18399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.770855][T18399] RIP: 0033:0x7f0d32979e79 [ 1357.775255][T18399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1357.795119][T18399] RSP: 002b:00007f0d337ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1357.803568][T18399] RAX: ffffffffffffffda RBX: 00007f0d32b15f80 RCX: 00007f0d32979e79 [ 1357.811535][T18399] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000002 [ 1357.819499][T18399] RBP: 00007f0d337ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1357.827458][T18399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1357.835502][T18399] R13: 0000000000000000 R14: 00007f0d32b15f80 R15: 00007ffc3209eb48 [ 1357.843486][T18399] [ 1357.846619][ C0] vkms_vblank_simulate: vblank timer overrun [ 1357.867191][T18296] bridge0: port 2(bridge_slave_1) entered blocking state [ 1357.875188][T18296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1357.882836][T18296] bridge_slave_1: entered allmulticast mode [ 1357.890504][T18296] bridge_slave_1: entered promiscuous mode [ 1357.954292][T16020] Bluetooth: hci2: command tx timeout [ 1358.147669][T18296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1358.276170][T18296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1358.467628][ T148] bridge_slave_1: left allmulticast mode [ 1358.493637][ T148] bridge_slave_1: left promiscuous mode [ 1358.513984][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 1358.585494][ T148] bridge_slave_0: left allmulticast mode [ 1358.591190][ T148] bridge_slave_0: left promiscuous mode [ 1358.625994][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 1358.664723][ T9] usb 2-1: USB disconnect, device number 103 [ 1359.766023][T18434] FAULT_INJECTION: forcing a failure. [ 1359.766023][T18434] name failslab, interval 1, probability 0, space 0, times 0 [ 1359.797051][T18434] CPU: 1 UID: 0 PID: 18434 Comm: syz.3.2996 Not tainted 6.11.0-rc5-syzkaller #0 [ 1359.806142][T18434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1359.816226][T18434] Call Trace: [ 1359.819518][T18434] [ 1359.822456][T18434] dump_stack_lvl+0x241/0x360 [ 1359.827251][T18434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1359.832465][T18434] ? __pfx__printk+0x10/0x10 [ 1359.837062][T18434] ? fs_reclaim_acquire+0x93/0x140 [ 1359.842175][T18434] ? __pfx___might_resched+0x10/0x10 [ 1359.847460][T18434] should_fail_ex+0x3b0/0x4e0 [ 1359.852153][T18434] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1359.857884][T18434] should_failslab+0xac/0x100 [ 1359.862558][T18434] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1359.868279][T18434] __kmalloc_noprof+0xd8/0x400 [ 1359.873126][T18434] ? kfree+0x4e/0x360 [ 1359.877102][T18434] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1359.882655][T18434] tomoyo_path_number_perm+0x23a/0x880 [ 1359.888210][T18434] ? tomoyo_path_number_perm+0x208/0x880 [ 1359.893842][T18434] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1359.899842][T18434] ? __fget_files+0x29/0x470 [ 1359.904429][T18434] ? __fget_files+0x3f6/0x470 [ 1359.909094][T18434] ? __fget_files+0x29/0x470 [ 1359.913689][T18434] security_file_ioctl+0x75/0xb0 [ 1359.918640][T18434] __se_sys_ioctl+0x47/0x170 [ 1359.923239][T18434] do_syscall_64+0xf3/0x230 [ 1359.927742][T18434] ? clear_bhb_loop+0x35/0x90 [ 1359.932418][T18434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1359.938304][T18434] RIP: 0033:0x7f3e83b79e79 [ 1359.942713][T18434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1359.962309][T18434] RSP: 002b:00007f3e8494d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1359.970802][T18434] RAX: ffffffffffffffda RBX: 00007f3e83d15f80 RCX: 00007f3e83b79e79 [ 1359.978852][T18434] RDX: 0000000000000000 RSI: 0000000040049366 RDI: 0000000000000006 [ 1359.986911][T18434] RBP: 00007f3e8494d090 R08: 0000000000000000 R09: 0000000000000000 [ 1359.994870][T18434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1360.002828][T18434] R13: 0000000000000000 R14: 00007f3e83d15f80 R15: 00007ffc4afdd758 [ 1360.010808][T18434] [ 1360.030806][T18437] sg_write: data in/out 196608/1 bytes for SCSI command 0xf2-- guessing data in; [ 1360.030806][T18437] program syz.1.2997 not setting count and/or reply_len properly [ 1360.064348][T16020] Bluetooth: hci2: command tx timeout [ 1360.069234][T18434] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1360.518542][ T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1360.548212][ T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1360.563231][ T148] bond0 (unregistering): Released all slaves [ 1360.633368][T18296] team0: Port device team_slave_0 added [ 1360.761984][T18296] team0: Port device team_slave_1 added [ 1360.964446][ T5354] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1360.997676][T18296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1361.022842][T18296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1361.060553][T18296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1361.194963][ T5354] usb 4-1: Using ep0 maxpacket: 32 [ 1361.213646][ T5354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1361.261814][ T5354] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1361.292737][ T5354] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1361.306269][ T148] hsr_slave_0: left promiscuous mode [ 1361.326058][ T5354] usb 4-1: Product: syz [ 1361.330271][ T5354] usb 4-1: Manufacturer: syz [ 1361.337942][ T148] hsr_slave_1: left promiscuous mode [ 1361.344333][ T5354] usb 4-1: SerialNumber: syz [ 1361.360188][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1361.499453][ T5354] usb 4-1: config 0 descriptor?? [ 1361.520394][ T5354] hub 4-1:0.0: bad descriptor, ignoring hub [ 1361.525095][ T148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1361.547723][ T5354] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1361.665284][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 1361.665310][ T29] audit: type=1326 audit(1724619593.769:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1361.785436][ T5354] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input86 [ 1361.826309][ T5354] usbtouchscreen 4-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8 [ 1361.866161][ T29] audit: type=1326 audit(1724619593.779:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1362.242037][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.249801][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.172656][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1363.317702][ T148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1363.324297][ T29] audit: type=1326 audit(1724619593.779:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1363.326364][ T5354] usbtouchscreen 4-1:0.0: probe with driver usbtouchscreen failed with error -8 [ 1363.385267][ T29] audit: type=1326 audit(1724619593.779:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1363.514789][T18482] FAULT_INJECTION: forcing a failure. [ 1363.514789][T18482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1363.553257][ T29] audit: type=1326 audit(1724619593.779:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1363.558574][ T148] veth1_macvtap: left promiscuous mode [ 1363.597642][T18482] CPU: 1 UID: 0 PID: 18482 Comm: syz.1.3006 Not tainted 6.11.0-rc5-syzkaller #0 [ 1363.606682][T18482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1363.616727][T18482] Call Trace: [ 1363.619992][T18482] [ 1363.622905][T18482] dump_stack_lvl+0x241/0x360 [ 1363.627568][T18482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1363.632746][T18482] ? __pfx__printk+0x10/0x10 [ 1363.637320][T18482] ? __pfx_lock_release+0x10/0x10 [ 1363.642333][T18482] should_fail_ex+0x3b0/0x4e0 [ 1363.646999][T18482] _copy_from_user+0x2f/0xe0 [ 1363.651597][T18482] ucma_write+0x183/0x430 [ 1363.655914][T18482] ? __import_iovec+0x361/0x820 [ 1363.660772][T18482] ? __pfx_ucma_write+0x10/0x10 [ 1363.665605][T18482] ? bpf_lsm_file_permission+0x9/0x10 [ 1363.670962][T18482] ? rw_verify_area+0x1d2/0x6b0 [ 1363.675846][T18482] vfs_writev+0x5af/0xbb0 [ 1363.680196][T18482] ? __pfx_ucma_write+0x10/0x10 [ 1363.685069][T18482] ? __pfx_vfs_writev+0x10/0x10 [ 1363.689925][T18482] ? vfs_write+0x7c4/0xc90 [ 1363.694334][T18482] ? __fget_files+0x29/0x470 [ 1363.699010][T18482] do_writev+0x1b1/0x350 [ 1363.703241][T18482] ? __pfx_do_writev+0x10/0x10 [ 1363.707994][T18482] ? do_syscall_64+0x100/0x230 [ 1363.712756][T18482] ? do_syscall_64+0xb6/0x230 [ 1363.717423][T18482] do_syscall_64+0xf3/0x230 [ 1363.721922][T18482] ? clear_bhb_loop+0x35/0x90 [ 1363.726603][T18482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1363.732483][T18482] RIP: 0033:0x7f87d1979e79 [ 1363.736885][T18482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1363.756482][T18482] RSP: 002b:00007f87d2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1363.764882][T18482] RAX: ffffffffffffffda RBX: 00007f87d1b15f80 RCX: 00007f87d1979e79 [ 1363.772836][T18482] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 1363.780812][T18482] RBP: 00007f87d2821090 R08: 0000000000000000 R09: 0000000000000000 [ 1363.788765][T18482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1363.796728][T18482] R13: 0000000000000000 R14: 00007f87d1b15f80 R15: 00007ffcc0c31fd8 [ 1363.804695][T18482] [ 1363.838239][ T148] veth0_macvtap: left promiscuous mode [ 1363.843281][ T29] audit: type=1326 audit(1724619593.789:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1363.873188][ T148] veth1_vlan: left promiscuous mode [ 1363.902069][ T29] audit: type=1326 audit(1724619593.789:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1363.927823][ T148] veth0_vlan: left promiscuous mode [ 1363.948316][ T29] audit: type=1326 audit(1724619593.789:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1364.019144][ T29] audit: type=1326 audit(1724619593.789:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1364.102507][ T29] audit: type=1326 audit(1724619593.789:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18470 comm="syz.1.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1364.584809][T14851] usb 4-1: USB disconnect, device number 82 [ 1364.586036][T18498] FAULT_INJECTION: forcing a failure. [ 1364.586036][T18498] name failslab, interval 1, probability 0, space 0, times 0 [ 1364.604979][T18498] CPU: 0 UID: 0 PID: 18498 Comm: syz.3.3010 Not tainted 6.11.0-rc5-syzkaller #0 [ 1364.614039][T18498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1364.624094][T18498] Call Trace: [ 1364.627376][T18498] [ 1364.630303][T18498] dump_stack_lvl+0x241/0x360 [ 1364.634980][T18498] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1364.640172][T18498] ? __pfx__printk+0x10/0x10 [ 1364.644765][T18498] ? fs_reclaim_acquire+0x93/0x140 [ 1364.649918][T18498] ? __pfx___might_resched+0x10/0x10 [ 1364.655200][T18498] should_fail_ex+0x3b0/0x4e0 [ 1364.659874][T18498] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1364.665595][T18498] should_failslab+0xac/0x100 [ 1364.670267][T18498] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1364.675985][T18498] __kmalloc_noprof+0xd8/0x400 [ 1364.680740][T18498] ? kfree+0x4e/0x360 [ 1364.684720][T18498] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1364.690269][T18498] tomoyo_path_number_perm+0x23a/0x880 [ 1364.695747][T18498] ? tomoyo_path_number_perm+0x208/0x880 [ 1364.701371][T18498] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1364.707374][T18498] ? __fget_files+0x29/0x470 [ 1364.711965][T18498] ? __fget_files+0x3f6/0x470 [ 1364.716635][T18498] ? __fget_files+0x29/0x470 [ 1364.721220][T18498] security_file_ioctl+0x75/0xb0 [ 1364.726156][T18498] __se_sys_ioctl+0x47/0x170 [ 1364.730737][T18498] do_syscall_64+0xf3/0x230 [ 1364.735232][T18498] ? clear_bhb_loop+0x35/0x90 [ 1364.739909][T18498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1364.745792][T18498] RIP: 0033:0x7f3e83b79e79 [ 1364.750206][T18498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1364.769801][T18498] RSP: 002b:00007f3e8494d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1364.778731][T18498] RAX: ffffffffffffffda RBX: 00007f3e83d15f80 RCX: 00007f3e83b79e79 [ 1364.786784][T18498] RDX: 00000000200006c0 RSI: 0000000000005412 RDI: 0000000000000003 [ 1364.794744][T18498] RBP: 00007f3e8494d090 R08: 0000000000000000 R09: 0000000000000000 [ 1364.802708][T18498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1364.810671][T18498] R13: 0000000000000000 R14: 00007f3e83d15f80 R15: 00007ffc4afdd758 [ 1364.818647][T18498] [ 1364.834412][T18498] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1365.905299][ T148] team0 (unregistering): Port device team_slave_1 removed [ 1365.951248][ T148] team0 (unregistering): Port device team_slave_0 removed [ 1366.367323][T18296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1366.378502][T18296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1366.405508][T18296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1366.495245][T18505] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1366.508071][T18505] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1366.517199][T18505] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1366.526261][T18505] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1366.535663][T18505] geneve2: entered promiscuous mode [ 1366.540889][T18505] geneve2: entered allmulticast mode [ 1366.790470][T18515] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1367.438436][T12863] IPVS: starting estimator thread 0... [ 1368.041892][T18521] FAULT_INJECTION: forcing a failure. [ 1368.041892][T18521] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1368.056813][T18521] CPU: 0 UID: 0 PID: 18521 Comm: syz.3.3016 Not tainted 6.11.0-rc5-syzkaller #0 [ 1368.065977][T18521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1368.076142][T18521] Call Trace: [ 1368.079445][T18521] [ 1368.082391][T18521] dump_stack_lvl+0x241/0x360 [ 1368.087095][T18521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1368.092398][T18521] ? __pfx__printk+0x10/0x10 [ 1368.097017][T18521] ? __pfx_lock_release+0x10/0x10 [ 1368.102080][T18521] should_fail_ex+0x3b0/0x4e0 [ 1368.106786][T18521] _copy_from_user+0x2f/0xe0 [ 1368.111405][T18521] copy_msghdr_from_user+0xae/0x680 [ 1368.114385][T18519] IPVS: using max 19 ests per chain, 45600 per kthread [ 1368.116614][T18521] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1368.116660][T18521] __sys_sendmsg+0x23d/0x3a0 [ 1368.133901][T18521] ? __pfx___sys_sendmsg+0x10/0x10 [ 1368.139022][T18521] ? vfs_write+0x7c4/0xc90 [ 1368.143461][T18521] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1368.149790][T18521] ? do_syscall_64+0x100/0x230 [ 1368.154550][T18521] ? do_syscall_64+0xb6/0x230 [ 1368.159218][T18521] do_syscall_64+0xf3/0x230 [ 1368.163801][T18521] ? clear_bhb_loop+0x35/0x90 [ 1368.168504][T18521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1368.174406][T18521] RIP: 0033:0x7f3e83b79e79 [ 1368.178825][T18521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1368.198454][T18521] RSP: 002b:00007f3e8494d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1368.206885][T18521] RAX: ffffffffffffffda RBX: 00007f3e83d15f80 RCX: 00007f3e83b79e79 [ 1368.214849][T18521] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 1368.222895][T18521] RBP: 00007f3e8494d090 R08: 0000000000000000 R09: 0000000000000000 [ 1368.230856][T18521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1368.238839][T18521] R13: 0000000000000000 R14: 00007f3e83d15f80 R15: 00007ffc4afdd758 [ 1368.246901][T18521] [ 1368.338003][T18524] FAULT_INJECTION: forcing a failure. [ 1368.338003][T18524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1368.352062][T18524] CPU: 1 UID: 0 PID: 18524 Comm: syz.3.3018 Not tainted 6.11.0-rc5-syzkaller #0 [ 1368.361143][T18524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1368.371223][T18524] Call Trace: [ 1368.374520][T18524] [ 1368.377444][T18524] dump_stack_lvl+0x241/0x360 [ 1368.382108][T18524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1368.387308][T18524] ? __pfx__printk+0x10/0x10 [ 1368.391904][T18524] ? __pfx_lock_release+0x10/0x10 [ 1368.396935][T18524] should_fail_ex+0x3b0/0x4e0 [ 1368.401799][T18524] _copy_from_user+0x2f/0xe0 [ 1368.406415][T18524] copy_msghdr_from_user+0xae/0x680 [ 1368.411744][T18524] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1368.417570][T18524] __sys_sendmsg+0x23d/0x3a0 [ 1368.422156][T18524] ? __pfx___sys_sendmsg+0x10/0x10 [ 1368.427255][T18524] ? vfs_write+0x7c4/0xc90 [ 1368.431681][T18524] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1368.438025][T18524] ? do_syscall_64+0x100/0x230 [ 1368.442877][T18524] ? do_syscall_64+0xb6/0x230 [ 1368.447539][T18524] do_syscall_64+0xf3/0x230 [ 1368.452047][T18524] ? clear_bhb_loop+0x35/0x90 [ 1368.456726][T18524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1368.462629][T18524] RIP: 0033:0x7f3e83b79e79 [ 1368.467041][T18524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1368.486658][T18524] RSP: 002b:00007f3e8494d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1368.495073][T18524] RAX: ffffffffffffffda RBX: 00007f3e83d15f80 RCX: 00007f3e83b79e79 [ 1368.503031][T18524] RDX: 0000000004044000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1368.510992][T18524] RBP: 00007f3e8494d090 R08: 0000000000000000 R09: 0000000000000000 [ 1368.518952][T18524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1368.526914][T18524] R13: 0000000000000000 R14: 00007f3e83d15f80 R15: 00007ffc4afdd758 [ 1368.534890][T18524] [ 1368.558437][T18296] hsr_slave_0: entered promiscuous mode [ 1368.584679][T18296] hsr_slave_1: entered promiscuous mode [ 1368.601361][T18296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1368.612836][T18296] Cannot create hsr debugfs directory [ 1368.686093][T12863] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1369.104964][T18538] binder: Bad value for 'stats' [ 1369.169413][T12863] usb 2-1: Using ep0 maxpacket: 16 [ 1369.197841][T12863] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1369.243009][T18541] netlink: 'syz.4.3021': attribute type 10 has an invalid length. [ 1369.253545][T12863] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1369.273555][T12863] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1369.311552][T18541] bridge0: port 3(team0) entered disabled state [ 1369.323368][T12863] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1369.336736][T18541] team0: left allmulticast mode [ 1369.348760][T12863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1369.366592][T18541] team_slave_0: left allmulticast mode [ 1369.373041][T12863] usb 2-1: Product: syz [ 1369.379356][T18541] team_slave_1: left allmulticast mode [ 1369.387057][T18541] team0: left promiscuous mode [ 1369.392167][T18541] team_slave_0: left promiscuous mode [ 1369.399437][T18541] team_slave_1: left promiscuous mode [ 1369.405668][T18541] bridge0: port 3(team0) entered disabled state [ 1369.413176][T12863] usb 2-1: Manufacturer: syz [ 1369.418141][T12863] usb 2-1: SerialNumber: syz [ 1369.444098][T18541] batman_adv: batadv0: Adding interface: team0 [ 1369.457146][T18541] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1369.500955][T18541] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1369.706748][T18545] netlink: 'syz.4.3021': attribute type 10 has an invalid length. [ 1369.726305][T18545] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3021'. [ 1369.742152][T18545] team0: entered promiscuous mode [ 1369.749011][T18545] team_slave_0: entered promiscuous mode [ 1369.757377][T18545] team_slave_1: entered promiscuous mode [ 1369.767034][T18545] 8021q: adding VLAN 0 to HW filter on device team0 [ 1369.787716][T18545] batman_adv: batadv0: Interface activated: team0 [ 1369.800241][T18545] batman_adv: batadv0: Interface deactivated: team0 [ 1369.807598][T18545] batman_adv: batadv0: Removing interface: team0 [ 1369.822956][T18545] bridge0: port 3(team0) entered blocking state [ 1369.829968][T18545] bridge0: port 3(team0) entered disabled state [ 1369.843500][T18545] team0: entered allmulticast mode [ 1369.849092][T18545] team_slave_0: entered allmulticast mode [ 1369.861982][T18545] team_slave_1: entered allmulticast mode [ 1369.869881][T18545] bridge0: port 3(team0) entered blocking state [ 1369.876313][T18545] bridge0: port 3(team0) entered forwarding state [ 1369.933720][T12863] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 1369.958910][T12863] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 1370.038131][T12863] usb 2-1: USB disconnect, device number 104 [ 1370.101134][T17426] udevd[17426]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1370.260567][T18264] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1370.304412][ T5354] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1370.325874][T18264] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1370.358465][T18264] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1370.420530][T18264] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1370.504319][ T5354] usb 5-1: Using ep0 maxpacket: 8 [ 1370.523529][ T5354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1370.541784][ T5354] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1370.575244][ T5354] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1370.607506][ T5354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1370.645186][ T5354] usb 5-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 1370.662398][ T5354] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1370.689040][ T5354] usb 5-1: Product: syz [ 1370.716252][ T5354] usb 5-1: Manufacturer: syz [ 1370.727037][T18264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1370.737505][ T5354] usb 5-1: SerialNumber: syz [ 1370.767491][ T5354] usb 5-1: config 0 descriptor?? [ 1370.789770][ T5354] smsusb:smsusb_probe: board id=2, interface number 0 [ 1370.822507][ T5354] smsusb:smsusb_probe: Device initialized with return code -19 [ 1370.837573][T18264] 8021q: adding VLAN 0 to HW filter on device team0 [ 1370.863438][T18033] bridge0: port 1(bridge_slave_0) entered blocking state [ 1370.870671][T18033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1370.947984][T18033] bridge0: port 2(bridge_slave_1) entered blocking state [ 1370.955181][T18033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1371.020838][ T46] usb 5-1: USB disconnect, device number 93 [ 1371.059693][T18564] tmpfs: Cannot retroactively limit inodes [ 1371.088950][T18296] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1371.115879][T18564] netlink: 4544 bytes leftover after parsing attributes in process `syz.1.3024'. [ 1371.144533][T18564] netlink: 4544 bytes leftover after parsing attributes in process `syz.1.3024'. [ 1371.196224][T18296] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1371.243372][T18296] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1371.288366][T18296] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1371.520012][T18296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1371.555552][ T9] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1371.583070][T18296] 8021q: adding VLAN 0 to HW filter on device team0 [ 1371.612203][ T7857] bridge0: port 1(bridge_slave_0) entered blocking state [ 1371.619438][ T7857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1371.666252][ T7857] bridge0: port 2(bridge_slave_1) entered blocking state [ 1371.673502][ T7857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1371.760727][T18264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1371.779407][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1371.792746][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 895 [ 1371.823824][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1371.867248][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 1024 [ 1371.904666][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 1024 [ 1371.926319][ T46] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1371.940697][T18264] veth0_vlan: entered promiscuous mode [ 1371.955410][ T9] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice= 0.00 [ 1371.976440][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1372.000877][T18264] veth1_vlan: entered promiscuous mode [ 1372.010908][ T9] usb 2-1: SerialNumber: syz [ 1372.028701][ T9] usb 2-1: config 0 descriptor?? [ 1372.058723][T18564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1372.104829][T18564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1372.132046][ C0] port100 2-1:0.0: NFC: Urb failure (status -71) [ 1372.153779][T18264] veth0_macvtap: entered promiscuous mode [ 1372.160927][ T46] usb 5-1: Using ep0 maxpacket: 8 [ 1372.164505][ C0] port100 2-1:0.0: NFC: Urb failure (status -71) [ 1372.181535][T18264] veth1_macvtap: entered promiscuous mode [ 1372.199048][ T9] port100 2-1:0.0: NFC: Could not get supported command types [ 1372.212687][ T46] usb 5-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 1372.235228][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1372.255224][T18264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1372.266492][ T46] usb 5-1: Product: syz [ 1372.270694][ T46] usb 5-1: Manufacturer: syz [ 1372.275654][T18264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.275680][T18264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1372.275697][T18264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.275715][T18264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1372.275728][T18264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.279577][T18264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1372.399095][ T9] usb 2-1: USB disconnect, device number 105 [ 1372.402829][ T46] usb 5-1: SerialNumber: syz [ 1372.464572][ T46] usb 5-1: config 0 descriptor?? [ 1372.476495][ T46] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 1372.506132][T18296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1372.531582][T18264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1372.564039][T18264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.601136][T18264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1372.622123][T18264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.652667][T18264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1372.681876][ T46] gspca_sn9c2028: read1 error -32 [ 1372.693723][T18264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.699142][ T46] gspca_sn9c2028: read1 error -32 [ 1372.724071][ T46] gspca_sn9c2028: read1 error 0 [ 1372.730495][T18264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1372.739459][ T46] sn9c2028 5-1:0.0: probe with driver sn9c2028 failed with error -5 [ 1372.785493][T18264] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.814441][T18264] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.831994][T18264] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1372.842350][T18264] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1373.064434][T18296] veth0_vlan: entered promiscuous mode [ 1373.095540][T18600] FAULT_INJECTION: forcing a failure. [ 1373.095540][T18600] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1373.118634][T18600] CPU: 0 UID: 0 PID: 18600 Comm: syz.1.3026 Not tainted 6.11.0-rc5-syzkaller #0 [ 1373.127714][T18600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1373.137795][T18600] Call Trace: [ 1373.141089][T18600] [ 1373.144039][T18600] dump_stack_lvl+0x241/0x360 [ 1373.148833][T18600] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1373.154050][T18600] ? __pfx__printk+0x10/0x10 [ 1373.158688][T18600] ? snprintf+0xda/0x120 [ 1373.162972][T18600] should_fail_ex+0x3b0/0x4e0 [ 1373.167771][T18600] _copy_to_user+0x2f/0xb0 [ 1373.172224][T18600] simple_read_from_buffer+0xca/0x150 [ 1373.177889][T18600] proc_fail_nth_read+0x1ec/0x260 [ 1373.182943][T18600] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1373.188533][T18600] ? rw_verify_area+0x520/0x6b0 [ 1373.193409][T18600] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1373.198985][T18600] vfs_read+0x204/0xbc0 [ 1373.203155][T18600] ? __pfx_lock_release+0x10/0x10 [ 1373.208209][T18600] ? __pfx_vfs_read+0x10/0x10 [ 1373.212904][T18600] ? __fget_files+0x29/0x470 [ 1373.217507][T18600] ? __fget_files+0x3f6/0x470 [ 1373.222218][T18600] ksys_read+0x1a0/0x2c0 [ 1373.226492][T18600] ? __pfx_ksys_read+0x10/0x10 [ 1373.231527][T18600] ? do_syscall_64+0x100/0x230 [ 1373.236309][T18600] ? do_syscall_64+0xb6/0x230 [ 1373.241002][T18600] do_syscall_64+0xf3/0x230 [ 1373.245522][T18600] ? clear_bhb_loop+0x35/0x90 [ 1373.250324][T18600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1373.256241][T18600] RIP: 0033:0x7f87d19788bc [ 1373.260673][T18600] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1373.280314][T18600] RSP: 002b:00007f87d2821030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1373.288780][T18600] RAX: ffffffffffffffda RBX: 00007f87d1b15f80 RCX: 00007f87d19788bc [ 1373.296785][T18600] RDX: 000000000000000f RSI: 00007f87d28210a0 RDI: 0000000000000004 [ 1373.304821][T18600] RBP: 00007f87d2821090 R08: 0000000000000000 R09: 0000000000000000 [ 1373.312816][T18600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1373.320813][T18600] R13: 0000000000000000 R14: 00007f87d1b15f80 R15: 00007ffcc0c31fd8 [ 1373.328828][T18600] [ 1373.421502][T18033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1373.443036][T18033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1373.471474][T18296] veth1_vlan: entered promiscuous mode [ 1373.703295][T18034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1373.734920][T18034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1374.084833][T18296] veth0_macvtap: entered promiscuous mode [ 1374.364616][T18296] veth1_macvtap: entered promiscuous mode [ 1374.482332][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1374.545285][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.579546][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1374.610128][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.628501][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1374.642157][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.660716][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1374.673044][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.678982][T18618] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 1374.692326][T18296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1374.702402][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1374.707388][ T9] usb 5-1: USB disconnect, device number 94 [ 1374.740113][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.761321][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1374.780318][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.801643][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1374.819360][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.833642][T18296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1374.852819][T18296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1374.902096][T18296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1374.971988][T18296] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1374.992422][T18296] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1375.001652][T18296] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1375.017848][T18296] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1376.071556][T18634] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 1376.135808][T18634] FAULT_INJECTION: forcing a failure. [ 1376.135808][T18634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1376.177529][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1376.198657][T18634] CPU: 0 UID: 0 PID: 18634 Comm: syz.1.3031 Not tainted 6.11.0-rc5-syzkaller #0 [ 1376.207727][T18634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1376.217814][T18634] Call Trace: [ 1376.219326][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1376.221094][T18634] [ 1376.231305][T18634] dump_stack_lvl+0x241/0x360 [ 1376.236008][T18634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1376.241234][T18634] ? __pfx__printk+0x10/0x10 [ 1376.245860][T18634] ? __pfx_lock_release+0x10/0x10 [ 1376.250910][T18634] ? __fget_files+0x3f6/0x470 [ 1376.255630][T18634] should_fail_ex+0x3b0/0x4e0 [ 1376.260329][T18634] _copy_from_user+0x2f/0xe0 [ 1376.264941][T18634] __se_sys_sendfile64+0xcd/0x1e0 [ 1376.270028][T18634] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1376.275678][T18634] ? do_syscall_64+0x100/0x230 [ 1376.280469][T18634] ? do_syscall_64+0xb6/0x230 [ 1376.285168][T18634] do_syscall_64+0xf3/0x230 [ 1376.289683][T18634] ? clear_bhb_loop+0x35/0x90 [ 1376.294407][T18634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1376.300319][T18634] RIP: 0033:0x7f87d1979e79 [ 1376.304749][T18634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1376.324378][T18634] RSP: 002b:00007f87d2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1376.332828][T18634] RAX: ffffffffffffffda RBX: 00007f87d1b15f80 RCX: 00007f87d1979e79 [ 1376.339918][T18033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1376.340815][T18634] RDX: 0000000020002700 RSI: 0000000000000009 RDI: 000000000000000a [ 1376.356624][T18634] RBP: 00007f87d2821090 R08: 0000000000000000 R09: 0000000000000000 [ 1376.356644][T18634] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1376.356657][T18634] R13: 0000000000000000 R14: 00007f87d1b15f80 R15: 00007ffcc0c31fd8 [ 1376.356690][T18634] [ 1376.443706][T18033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1376.508122][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 1376.508140][ T29] audit: type=1326 audit(1724619608.659:1846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18642 comm="syz.1.3033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x0 [ 1376.808044][T18650] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3033'. [ 1376.999148][ T5214] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1377.194369][ T5214] usb 5-1: Using ep0 maxpacket: 8 [ 1377.215792][ T5214] usb 5-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 1377.248183][ T5214] usb 5-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 1377.258156][ T5214] usb 5-1: Product: syz [ 1377.262317][ T5214] usb 5-1: Manufacturer: syz [ 1377.270548][ T5214] usb 5-1: SerialNumber: syz [ 1377.284082][ T5214] usb 5-1: config 0 descriptor?? [ 1377.299697][ T5214] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 1377.733487][T18033] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.768212][T18673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1377.812556][T18673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1377.848024][ T5214] gspca_zc3xx: reg_r err -71 [ 1377.854010][ T5214] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 1377.893867][ T5214] usb 5-1: USB disconnect, device number 95 [ 1377.927683][T18033] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.098030][T18033] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.218917][T18033] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.396426][T18033] bridge_slave_1: left allmulticast mode [ 1378.402131][T18033] bridge_slave_1: left promiscuous mode [ 1378.444562][T18033] bridge0: port 2(bridge_slave_1) entered disabled state [ 1378.486102][T18033] bridge_slave_0: left allmulticast mode [ 1378.491804][T18033] bridge_slave_0: left promiscuous mode [ 1378.514636][T18033] bridge0: port 1(bridge_slave_0) entered disabled state [ 1379.025617][T13007] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1379.052237][T13007] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1379.064570][T13007] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1379.101353][T13007] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1379.114045][T13007] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1379.129747][T13007] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1379.309491][T18033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1379.323917][T18033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1379.339835][T18033] bond0 (unregistering): Released all slaves [ 1379.939152][T18744] netlink: 209840 bytes leftover after parsing attributes in process `syz.4.3039'. [ 1381.155256][T13007] Bluetooth: hci0: command tx timeout [ 1381.211453][T18744] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3039'. [ 1381.465198][T16020] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1381.476189][T16020] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1381.488508][T16020] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1381.509855][T16020] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1381.524546][T16020] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1381.531879][T16020] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1381.580316][T18033] hsr_slave_0: left promiscuous mode [ 1381.622733][T18033] hsr_slave_1: left promiscuous mode [ 1381.643646][T18033] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1381.657803][T18033] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1381.664220][ T29] audit: type=1326 audit(1724619613.809:1847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18766 comm="syz.4.3045" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x0 [ 1381.688641][T18033] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1381.696404][T18033] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1381.719941][T18033] veth1_macvtap: left promiscuous mode [ 1381.725559][T18033] veth0_macvtap: left promiscuous mode [ 1381.731163][T18033] veth1_vlan: left promiscuous mode [ 1381.736711][T18033] veth0_vlan: left promiscuous mode [ 1381.822374][T18770] input: syz1 as /devices/virtual/input/input87 [ 1382.530587][T18773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3045'. [ 1382.843860][T18779] FAULT_INJECTION: forcing a failure. [ 1382.843860][T18779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1382.864398][T18779] CPU: 1 UID: 0 PID: 18779 Comm: syz.1.3047 Not tainted 6.11.0-rc5-syzkaller #0 [ 1382.873470][T18779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1382.883555][T18779] Call Trace: [ 1382.886849][T18779] [ 1382.889788][T18779] dump_stack_lvl+0x241/0x360 [ 1382.894461][T18779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1382.899671][T18779] ? __pfx__printk+0x10/0x10 [ 1382.904288][T18779] ? __pfx_lock_release+0x10/0x10 [ 1382.909330][T18779] should_fail_ex+0x3b0/0x4e0 [ 1382.914030][T18779] _copy_to_user+0x2f/0xb0 [ 1382.918463][T18779] snd_pcm_oss_read2+0x340/0x440 [ 1382.923431][T18779] ? __pfx___up_read+0x10/0x10 [ 1382.928197][T18779] ? __pfx_snd_pcm_oss_read2+0x10/0x10 [ 1382.933726][T18779] ? snd_pcm_action_nonatomic+0x2a1/0x300 [ 1382.939474][T18779] snd_pcm_oss_read+0x6b7/0x940 [ 1382.944352][T18779] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 1382.949746][T18779] vfs_read+0x204/0xbc0 [ 1382.953931][T18779] ? __pfx_lock_release+0x10/0x10 [ 1382.958989][T18779] ? __pfx_vfs_read+0x10/0x10 [ 1382.963701][T18779] ? __fget_files+0x29/0x470 [ 1382.968317][T18779] ? __fget_files+0x3f6/0x470 [ 1382.973016][T18779] ? __fget_files+0x29/0x470 [ 1382.977641][T18779] ksys_read+0x1a0/0x2c0 [ 1382.981909][T18779] ? __pfx_ksys_read+0x10/0x10 [ 1382.986689][T18779] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1382.993031][T18779] ? __irq_exit_rcu+0x100/0x1c0 [ 1382.997880][T18779] ? do_syscall_64+0xb6/0x230 [ 1383.002550][T18779] do_syscall_64+0xf3/0x230 [ 1383.007049][T18779] ? clear_bhb_loop+0x35/0x90 [ 1383.011723][T18779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1383.017604][T18779] RIP: 0033:0x7f87d1979e79 [ 1383.022011][T18779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1383.041619][T18779] RSP: 002b:00007f87d2800038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1383.050039][T18779] RAX: ffffffffffffffda RBX: 00007f87d1b16058 RCX: 00007f87d1979e79 [ 1383.058005][T18779] RDX: 00000000200021d5 RSI: 00000000200011c0 RDI: 0000000000000004 [ 1383.065967][T18779] RBP: 00007f87d2800090 R08: 0000000000000000 R09: 0000000000000000 [ 1383.073930][T18779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1383.081897][T18779] R13: 0000000000000000 R14: 00007f87d1b16058 R15: 00007ffcc0c31fd8 [ 1383.089974][T18779] [ 1383.234615][T13007] Bluetooth: hci0: command tx timeout [ 1383.274233][T18784] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3048'. [ 1383.398001][ T29] audit: type=1326 audit(1724619615.549:1848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18793 comm="syz.1.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1383.453792][ T29] audit: type=1326 audit(1724619615.579:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18793 comm="syz.1.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1383.506564][ T29] audit: type=1326 audit(1724619615.579:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18793 comm="syz.1.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1383.554329][T13007] Bluetooth: hci2: command tx timeout [ 1383.561859][ T29] audit: type=1326 audit(1724619615.579:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18793 comm="syz.1.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87d1979e79 code=0x7ffc0000 [ 1383.901295][T18033] team0 (unregistering): Port device team_slave_1 removed [ 1384.047292][T18033] team0 (unregistering): Port device team_slave_0 removed [ 1385.028913][T18708] chnl_net:caif_netlink_parms(): no params data found [ 1385.314248][T13007] Bluetooth: hci0: command tx timeout [ 1385.670021][T13007] Bluetooth: hci2: command tx timeout [ 1385.693185][T18708] bridge0: port 1(bridge_slave_0) entered blocking state [ 1385.707508][T18708] bridge0: port 1(bridge_slave_0) entered disabled state [ 1385.846780][T18836] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1385.864433][T18708] bridge_slave_0: entered allmulticast mode [ 1385.911714][T18708] bridge_slave_0: entered promiscuous mode [ 1385.943190][T18708] bridge0: port 2(bridge_slave_1) entered blocking state [ 1385.986652][T18708] bridge0: port 2(bridge_slave_1) entered disabled state [ 1385.994001][T18708] bridge_slave_1: entered allmulticast mode [ 1386.005332][T18708] bridge_slave_1: entered promiscuous mode [ 1386.507422][T18708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1386.549717][T18708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1386.705412][T18708] team0: Port device team_slave_0 added [ 1386.721991][T18708] team0: Port device team_slave_1 added [ 1386.761551][T18760] chnl_net:caif_netlink_parms(): no params data found [ 1386.877594][T14851] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1386.881738][ T25] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1389.559732][T13007] Bluetooth: hci0: command tx timeout [ 1389.559761][T16020] Bluetooth: hci2: command tx timeout [ 1389.674642][T14851] usb 4-1: device descriptor read/all, error -71 [ 1389.775405][ T29] audit: type=1326 audit(1724619621.929:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1389.807259][ T29] audit: type=1326 audit(1724619621.929:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1389.844418][ T29] audit: type=1326 audit(1724619621.949:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1389.890272][ T29] audit: type=1326 audit(1724619621.949:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1389.937411][T18033] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1389.957117][ T29] audit: type=1326 audit(1724619621.949:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1390.046900][T18868] FAULT_INJECTION: forcing a failure. [ 1390.046900][T18868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1390.060454][ T29] audit: type=1326 audit(1724619621.969:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1390.103105][T18868] CPU: 0 UID: 0 PID: 18868 Comm: syz.4.3065 Not tainted 6.11.0-rc5-syzkaller #0 [ 1390.112196][T18868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1390.122257][T18868] Call Trace: [ 1390.125538][T18868] [ 1390.128465][T18868] dump_stack_lvl+0x241/0x360 [ 1390.133146][T18868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1390.138337][T18868] ? __pfx__printk+0x10/0x10 [ 1390.142925][T18868] ? __pfx_lock_release+0x10/0x10 [ 1390.147956][T18868] should_fail_ex+0x3b0/0x4e0 [ 1390.152637][T18868] _copy_from_user+0x2f/0xe0 [ 1390.157223][T18868] copy_msghdr_from_user+0xae/0x680 [ 1390.162420][T18868] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1390.168235][T18868] __sys_sendmsg+0x23d/0x3a0 [ 1390.172822][T18868] ? __pfx___sys_sendmsg+0x10/0x10 [ 1390.178015][T18868] ? vfs_write+0x7c4/0xc90 [ 1390.182454][T18868] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1390.188865][T18868] ? do_syscall_64+0x100/0x230 [ 1390.193621][T18868] ? do_syscall_64+0xb6/0x230 [ 1390.198296][T18868] do_syscall_64+0xf3/0x230 [ 1390.202789][T18868] ? clear_bhb_loop+0x35/0x90 [ 1390.207462][T18868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1390.213347][T18868] RIP: 0033:0x7f0d32979e79 [ 1390.217760][T18868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1390.237372][T18868] RSP: 002b:00007f0d337de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1390.245785][T18868] RAX: ffffffffffffffda RBX: 00007f0d32b16058 RCX: 00007f0d32979e79 [ 1390.253751][T18868] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 1390.261711][T18868] RBP: 00007f0d337de090 R08: 0000000000000000 R09: 0000000000000000 [ 1390.269674][T18868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1390.277638][T18868] R13: 0000000000000000 R14: 00007f0d32b16058 R15: 00007ffc3209eb48 [ 1390.285616][T18868] [ 1390.290666][T18708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1390.292880][ T29] audit: type=1326 audit(1724619621.969:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1390.309285][T18708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1390.323738][ T29] audit: type=1326 audit(1724619621.969:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18856 comm="syz.4.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d32979e79 code=0x7ffc0000 [ 1390.418756][T18708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1390.459598][T18708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1390.625075][T18708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1390.656799][T18708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1391.360427][T18875] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1391.406766][T18033] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1391.433808][T18875] MTD: Couldn't look up '/dev/sg0': -15 [ 1391.488390][T18875] /dev/sg0: Can't lookup blockdev [ 1391.644304][T16020] Bluetooth: hci2: command tx timeout [ 1391.703914][T18033] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1392.423666][T18708] hsr_slave_0: entered promiscuous mode [ 1393.802402][T18708] hsr_slave_1: entered promiscuous mode [ 1394.789879][T18708] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1395.794681][T18708] Cannot create hsr debugfs directory [ 1396.765414][T18760] bridge0: port 1(bridge_slave_0) entered blocking state [ 1396.779796][T18760] bridge0: port 1(bridge_slave_0) entered disabled state [ 1396.789437][T18760] bridge_slave_0: entered allmulticast mode [ 1396.799763][T18760] bridge_slave_0: entered promiscuous mode [ 1397.796841][T18760] bridge0: port 2(bridge_slave_1) entered blocking state [ 1398.774647][T18760] bridge0: port 2(bridge_slave_1) entered disabled state [ 1398.781980][T18760] bridge_slave_1: entered allmulticast mode [ 1398.793806][T18760] bridge_slave_1: entered promiscuous mode [ 1403.805281][T18760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1405.809809][T18760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1411.798303][T18760] team0: Port device team_slave_0 added [ 1412.769898][T18760] team0: Port device team_slave_1 added [ 1417.776496][T18760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1417.783489][T18760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1419.792274][T18760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1419.815018][T10913] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1420.802632][T18760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1420.810621][T10913] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1421.776658][T18760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1421.777417][T18919] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1421.804213][T18760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1422.782398][T18919] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1422.790941][T18919] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1422.799172][T10913] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1422.810604][T18919] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1423.775719][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.782119][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.790365][T18919] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1423.802995][T18919] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1423.811065][T18920] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1424.789264][T18920] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1424.797139][T18920] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1424.804983][T18920] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1424.814863][T18919] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1425.774777][T18919] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1425.810738][T18919] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1426.794780][T18919] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1426.802764][T18919] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1427.794617][T10913] Bluetooth: hci5: command tx timeout [ 1428.774340][T10913] Bluetooth: hci6: command tx timeout [ 1430.774345][T10913] Bluetooth: hci7: command tx timeout [ 1430.780662][T10913] Bluetooth: hci5: command tx timeout [ 1430.797117][T18760] hsr_slave_0: entered promiscuous mode [ 1430.803494][T18760] hsr_slave_1: entered promiscuous mode [ 1431.774276][T10913] Bluetooth: hci6: command tx timeout [ 1432.778731][T18760] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1432.786635][T18760] Cannot create hsr debugfs directory [ 1433.774371][T18919] Bluetooth: hci7: command tx timeout [ 1433.780108][T10913] Bluetooth: hci5: command tx timeout [ 1433.804200][T10913] Bluetooth: hci6: command tx timeout [ 1435.795033][T10913] Bluetooth: hci5: command tx timeout [ 1435.800520][T10913] Bluetooth: hci7: command tx timeout [ 1436.764273][T18919] Bluetooth: hci6: command tx timeout [ 1438.784396][T18919] Bluetooth: hci7: command tx timeout [ 1449.786483][T10913] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1449.796947][T10913] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1450.788405][T10913] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1450.810768][T10913] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1451.784584][T10913] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1451.792230][T10913] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1453.796198][T18919] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1453.808518][T18919] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1454.776580][T18919] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1454.786604][T18919] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1454.795187][T18919] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1454.802560][T18919] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1455.777784][T18919] Bluetooth: hci8: command tx timeout [ 1457.774695][T18919] Bluetooth: hci9: command tx timeout [ 1457.794425][T18919] Bluetooth: hci8: command tx timeout [ 1459.794272][T18919] Bluetooth: hci9: command tx timeout [ 1460.774895][T18919] Bluetooth: hci8: command tx timeout [ 1460.811260][T18930] chnl_net:caif_netlink_parms(): no params data found [ 1462.774618][T18919] Bluetooth: hci9: command tx timeout [ 1463.777562][T18919] Bluetooth: hci8: command tx timeout [ 1465.777444][T18919] Bluetooth: hci9: command tx timeout [ 1471.786040][T18930] bridge0: port 1(bridge_slave_0) entered blocking state [ 1471.793242][T18930] bridge0: port 1(bridge_slave_0) entered disabled state [ 1472.794578][T18930] bridge_slave_0: entered allmulticast mode [ 1473.784860][T18930] bridge_slave_0: entered promiscuous mode [ 1474.783336][T18930] bridge0: port 2(bridge_slave_1) entered blocking state [ 1474.790637][T18930] bridge0: port 2(bridge_slave_1) entered disabled state [ 1474.798023][T18930] bridge_slave_1: entered allmulticast mode [ 1474.805806][T18930] bridge_slave_1: entered promiscuous mode [ 1475.805213][T10913] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1476.779185][T10913] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1476.804243][T10913] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1477.785177][T10913] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1477.793610][T10913] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1477.805005][T10913] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1478.809841][T18930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1479.783071][T18930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1480.801209][T10913] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1481.779693][T10913] Bluetooth: hci10: command tx timeout [ 1481.795143][T10913] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1481.804921][T10913] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1482.777877][T10913] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1482.787170][T10913] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1482.794839][T10913] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1483.800103][T18919] Bluetooth: hci10: command tx timeout [ 1484.798936][T10913] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1484.812417][T10913] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1485.775727][T10913] Bluetooth: hci11: command tx timeout [ 1485.783521][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.793557][T10913] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1485.794343][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.810080][T10913] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1486.774447][T18920] Bluetooth: hci10: command tx timeout [ 1486.786036][T18920] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 1486.793576][T18920] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1487.783702][T18930] team0: Port device team_slave_0 added [ 1487.792833][T18930] team0: Port device team_slave_1 added [ 1487.805139][T18920] Bluetooth: hci11: command tx timeout [ 1489.775357][T18920] Bluetooth: hci10: command tx timeout [ 1489.804613][T18920] Bluetooth: hci12: command tx timeout [ 1490.774241][T18920] Bluetooth: hci11: command tx timeout [ 1491.787746][T18930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1491.794905][T18930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1492.784367][T18920] Bluetooth: hci12: command tx timeout [ 1492.791303][T18930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1492.803410][T18930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1492.810424][T18930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1493.797898][T18920] Bluetooth: hci11: command tx timeout [ 1493.803522][T18930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1495.784275][T18920] Bluetooth: hci12: command tx timeout [ 1496.773446][T18930] hsr_slave_0: entered promiscuous mode [ 1497.779233][T18930] hsr_slave_1: entered promiscuous mode [ 1497.794373][T18920] Bluetooth: hci12: command tx timeout [ 1498.777366][T18930] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1498.789161][T18930] Cannot create hsr debugfs directory [ 1503.782720][T18920] Bluetooth: hci0: command 0x0406 tx timeout [ 1507.807577][T18919] Bluetooth: hci2: command 0x0406 tx timeout [ 1515.786025][T18919] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 1515.798696][T18919] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1515.806985][T18919] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1516.782513][T18919] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1516.791807][T18919] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 1516.800105][T18919] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1519.789161][T18919] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1519.796577][T10913] Bluetooth: hci13: command tx timeout [ 1519.813463][T18919] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1520.786265][T18919] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1520.795737][T18919] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1520.803874][T18919] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1520.813520][T18919] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1522.774766][T18919] Bluetooth: hci13: command tx timeout [ 1523.794316][T18919] Bluetooth: hci8: command tx timeout [ 1525.774299][T18919] Bluetooth: hci13: command tx timeout [ 1526.778146][T18919] Bluetooth: hci8: command tx timeout [ 1527.794330][T18919] Bluetooth: hci13: command tx timeout [ 1529.786383][T18919] Bluetooth: hci8: command tx timeout [ 1531.779343][T18960] chnl_net:caif_netlink_parms(): no params data found [ 1531.794378][T18920] Bluetooth: hci8: command tx timeout [ 1540.784670][T18919] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 1540.797446][T18919] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 1540.805899][T18919] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 1541.794957][T18919] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 1541.804027][T18919] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 1541.812348][T18919] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 1543.774317][ T30] INFO: task kworker/u8:1:13474 blocked for more than 147 seconds. [ 1543.783632][ T30] Not tainted 6.11.0-rc5-syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1544.776937][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1544.787628][ T30] task:kworker/u8:1 state:D stack:21008 pid:13474 tgid:13474 ppid:2 flags:0x00004000 [ 1544.798303][ T30] Workqueue: events_unbound linkwatch_event [ 1544.804457][ T30] Call Trace: [ 1544.807764][ T30] [ 1544.810713][ T30] __schedule+0x17ae/0x4a10 [ 1545.781412][T18920] Bluetooth: hci14: command tx timeout [ 1545.798259][ T30] ? __pfx___schedule+0x10/0x10 [ 1545.803183][ T30] ? __pfx_lock_release+0x10/0x10 [ 1546.784824][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.791197][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.802200][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1547.794231][ T30] ? kthread_data+0x52/0xd0 [ 1547.798815][ T30] ? schedule+0x90/0x320 [ 1547.803107][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1548.774289][T13007] Bluetooth: hci14: command tx timeout [ 1548.814359][ T30] ? schedule+0x90/0x320 [ 1549.780609][T13007] Bluetooth: hci5: command 0x0406 tx timeout [ 1549.785676][T10913] Bluetooth: hci6: command 0x0406 tx timeout [ 1549.787007][ T30] schedule+0x14b/0x320 [ 1550.777002][ T30] schedule_preempt_disabled+0x13/0x30 [ 1550.782549][ T30] __mutex_lock+0x6a4/0xd70 [ 1550.792643][ T30] ? __mutex_lock+0x527/0xd70 [ 1550.797618][ T30] ? linkwatch_event+0xe/0x60 [ 1550.802621][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1551.777439][T10913] Bluetooth: hci14: command tx timeout [ 1551.804149][ T30] ? process_scheduled_works+0x945/0x1830 [ 1551.810287][ T30] linkwatch_event+0xe/0x60 [ 1552.813716][ T30] process_scheduled_works+0xa2c/0x1830