last executing test programs: 2m31.03917833s ago: executing program 4 (id=293): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r2, r0, 0x2, 0x0, @void}, 0x10) (fail_nth: 6) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0) io_setup(0xaa, &(0x7f0000000100)=0x0) io_submit(r3, 0x0, 0x0) 2m30.3998598s ago: executing program 4 (id=296): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000c00)=@newtaction={0xbc, 0x30, 0x48b, 0x0, 0x0, {}, [{0xa8, 0x1, [@m_ctinfo={0x50, 0x2, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}, @TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xbc}}, 0x0) 2m29.200863963s ago: executing program 4 (id=299): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000000101040000000000000000020000002400018014000180080001007f00000108000200ac1e00010c0002800500010000000000240002801400018008000100ac"], 0x6c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="80000000", @ANYRES16, @ANYBLOB="100029bd7000fddbcba8b10e04326306dc3ff5df254b0000001300a9002200ca1bdeae69c7d70f12850e14120008000100706369001100020030303030"], 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x4005d) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000280), &(0x7f0000000300)=[r6], &(0x7f00000005c0)}) ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000003c0)={0x3, 0x28, [0x91, 0x3, 0x6, 0x2], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000640)={0x3, 0x0, &(0x7f0000000600)=[0x0, 0x0, 0x0]}) writev(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x840000000002, 0x3, 0x100) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="700000001e00050300000000000000007f0000010000000000000000000000000000000000000000ac1e00010000000000000000000000000000000000000000240009"], 0x70}}, 0x0) connect$inet(r7, &(0x7f0000000900)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r7, &(0x7f0000005240), 0x264e33, 0xfffe) 2m1.268726609s ago: executing program 4 (id=299): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000000101040000000000000000020000002400018014000180080001007f00000108000200ac1e00010c0002800500010000000000240002801400018008000100ac"], 0x6c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="80000000", @ANYRES16, @ANYBLOB="100029bd7000fddbcba8b10e04326306dc3ff5df254b0000001300a9002200ca1bdeae69c7d70f12850e14120008000100706369001100020030303030"], 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x4005d) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000280), &(0x7f0000000300)=[r6], &(0x7f00000005c0)}) ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000003c0)={0x3, 0x28, [0x91, 0x3, 0x6, 0x2], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000640)={0x3, 0x0, &(0x7f0000000600)=[0x0, 0x0, 0x0]}) writev(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x840000000002, 0x3, 0x100) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="700000001e00050300000000000000007f0000010000000000000000000000000000000000000000ac1e00010000000000000000000000000000000000000000240009"], 0x70}}, 0x0) connect$inet(r7, &(0x7f0000000900)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r7, &(0x7f0000005240), 0x264e33, 0xfffe) 1m33.519558864s ago: executing program 4 (id=299): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000000101040000000000000000020000002400018014000180080001007f00000108000200ac1e00010c0002800500010000000000240002801400018008000100ac"], 0x6c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="80000000", @ANYRES16, @ANYBLOB="100029bd7000fddbcba8b10e04326306dc3ff5df254b0000001300a9002200ca1bdeae69c7d70f12850e14120008000100706369001100020030303030"], 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x4005d) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000280), &(0x7f0000000300)=[r6], &(0x7f00000005c0)}) ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000003c0)={0x3, 0x28, [0x91, 0x3, 0x6, 0x2], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000640)={0x3, 0x0, &(0x7f0000000600)=[0x0, 0x0, 0x0]}) writev(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x840000000002, 0x3, 0x100) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="700000001e00050300000000000000007f0000010000000000000000000000000000000000000000ac1e00010000000000000000000000000000000000000000240009"], 0x70}}, 0x0) connect$inet(r7, &(0x7f0000000900)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r7, &(0x7f0000005240), 0x264e33, 0xfffe) 15.585693566s ago: executing program 3 (id=551): pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fsopen(&(0x7f00000000c0)='nilfs2\x00', 0x0) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) io_uring_setup(0xfc2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806e0800000000000000140001800d2a79075827af5aa534d6815c2e93f10c0002"], 0x3c}}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r6 = dup(r5) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)={0x3b, 0x0, [{0x400000f1}]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005001f"], 0x3c}}, 0x0) r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34325842, 0x0, 0x0, [{0x0, 0xfffffffe}]}}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'team0\x00', &(0x7f0000000080)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}) ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000240)=0x1) r8 = dup2(r7, r7) ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000000)={0x6b09, 0x1, 0x0, "adbdeec74e9e4aeabde9eefaff7a78cda902552f08cefca462dda36c7451f8e5"}) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x43, 0x3, 0x1}, 0x10) close(r9) openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0) 13.955794511s ago: executing program 3 (id=555): syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000406a05d000000000000001090224"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = io_uring_setup(0x36b1, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)=[{0x0}], 0x0, 0x1}, 0x20) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x40, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x18, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xff000000}]}]}]}, 0x40}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01080000c582b61bdd04878800080103"], 0x2c}}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e21, @multicast1}}, 0x7, 0xa}, &(0x7f0000000200)=0x90) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000240)={r7, 0xe5}, &(0x7f0000000400)=0x8) sendmsg$BATADV_CMD_GET_GATEWAYS(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x4}, 0x1, 0x0, 0x0, 0x800}, 0x8085) sendfile(r6, r5, 0x0, 0x100000002) r8 = shmget$private(0x0, 0xc000, 0x800, &(0x7f0000ff1000/0xc000)=nil) syz_emit_ethernet(0x4a, &(0x7f0000000340)={@broadcast, @random="000000000400", @void, {@ipv4={0x800, @tipc={{0x7, 0x4, 0x3, 0x3, 0x3c, 0x64, 0x0, 0x5, 0x6, 0x0, @empty, @empty, {[@noop, @ra={0x94, 0x4}]}}, @payload_direct={{{{0x20, 0x0, 0x0, 0x1, 0x0, 0x8, 0x1, 0x2, 0x0, 0x0, 0x2, 0x8, 0x4, 0x3, 0x8000, 0x4936, 0x0, 0x4e23, 0x4e21}, 0x3, 0x3}}}}}}}, 0x0) shmctl$SHM_INFO(r8, 0xe, &(0x7f0000000000)=""/219) 11.305883107s ago: executing program 3 (id=562): setxattr$incfs_size(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400)=0x2, 0x8, 0x2) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000006c0)={0xa, 0x4ea7, 0x0, @mcast1, 0x5}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r1, &(0x7f0000000980)="cf", 0x20000000}, 0x20) connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) r2 = syz_open_dev$evdev(&(0x7f0000000640), 0x7, 0x600000) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000001240)=""/4096) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000680)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x7a}, [@func], {0x95, 0x0, 0x5a5}}, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000180)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa008100000000fe8000000000000000000000000000bbff02000000ed0000000000000000000102009078000005006050835900000000fc010000000000000000000000000000fc0100000000000000000000000000003a00"/122], 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000400), &(0x7f0000000440)=0xc) syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x7, 0x1, 0x7, 0x1, 0x2, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x2, 0xf, 0x12}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x5, 0x7f, 0x18}}]}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x5, 0x8, 0xfb, 0x20, 0x7}, 0x3a, &(0x7f0000000200)={0x5, 0xf, 0x3a, 0x3, [@generic={0x2b, 0x10, 0x1, "2b91851fa35a83ddc4751973d2b4a21bc52346e09ab67288ca5450207a8abaed86842456c156d622"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0xd, 0xa, 0x378}]}, 0x1, [{0xd4, &(0x7f0000000500)=@string={0xd4, 0x3, "28adac658816b1bfbaff7732c15d0502698deabcfdcb25ad21f505afd330bc810b9f5110993529c58d5e78cf179b4602e95920a90bcc0ace9cf001024c6399272ebd4606636979881bdb81a51e1eab6c756c64ec899825abafc8fa4cad7b31be4ce3d4613ca46f0c659f24ab2faa465dc78e0b5ccc8eb955f778ff3067ffe6d0b9414035914cca54685021665f8c37f477a07aa2a774bde56b8779498a1f211c686900e469aa303f0a1cb50d24382eeabf828b6c0206235d5daf412817f3a146d9638a15e06d7a251679c1d04f27856b7005"}}]}) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0x3c, 0x0, 0x9, 0x0, 0x0, 0x0, {}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xffff}}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x16}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x1c) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d041bc700000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="002207000000a1e437"], 0x0}, 0x0) syz_usb_connect$uac1(0x1, 0xb7, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003000000506b1d01014000010203010902a50003010980cf0904000000010100000a240180000002010209040100000102000009040101010102000007240104000200090501092000090c4a8ec90582090a000904020000010200000904020101010200000b24020108040e86afb4f10e2402017701030957d3d1dc2a2a0d240201040407ff50071323c1072401ae0302000b2402016301affe2f5449072401400a011009058209000407810407250180050400"], &(0x7f0000000340)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x1, 0x9, 0x4, 0xff}, 0x3e, &(0x7f0000000140)={0x5, 0xf, 0x3e, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x30, "b94ca73d72a2b5a96a339b7416e122cb"}, @ss_container_id={0x14, 0x10, 0x4, 0x4, "8530a507a8775456020774e033b14116"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x6, 0x2, 0x2}, @ext_cap={0x7, 0x10, 0x2, 0x15c178b7c072790, 0x1, 0x6, 0x6}]}, 0x3, [{0xc8, &(0x7f0000000180)=@string={0xc8, 0x3, "38fcfbffc06328d709940baf8b3fbb1bdd1793ed8b1774beb87835512a398cdcbfe1271bfe6318d1d4c31f3847ee8d40b3c49ee2dbc28d85c17c4acfa4ba46504b27209406b47ab203d7fdfd69afcc4657bd36877de6b9d02751e49ff9d2bc977b00410f7f44ec0d784a40c1876230a3d28ad3146d9cd20060f69920552ae38caddcfbc9b0cfa452382a45c30964d5847f05faa6c02b8860556252f93de7c3d3b4708fdba42b97fde15c096c970bfd188690e35201e768ae9d1f1380f2ffdd37ca4592834151"}}, {0x50, &(0x7f0000000280)=@string={0x50, 0x3, "43ca39bfe3906384c48c48d0545b94949c434721ac7bc8256c2e1f8020a6b98e36436855f425425ef686efb255e16f2c3566853390350b8cf5e19ff077cc936422da0dc8c79606f9d0cc5fc1d887"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41d}}]}) 8.684407306s ago: executing program 4 (id=299): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000000101040000000000000000020000002400018014000180080001007f00000108000200ac1e00010c0002800500010000000000240002801400018008000100ac"], 0x6c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="80000000", @ANYRES16, @ANYBLOB="100029bd7000fddbcba8b10e04326306dc3ff5df254b0000001300a9002200ca1bdeae69c7d70f12850e14120008000100706369001100020030303030"], 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x4005d) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000280), &(0x7f0000000300)=[r6], &(0x7f00000005c0)}) ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000003c0)={0x3, 0x28, [0x91, 0x3, 0x6, 0x2], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000640)={0x3, 0x0, &(0x7f0000000600)=[0x0, 0x0, 0x0]}) writev(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x840000000002, 0x3, 0x100) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="700000001e00050300000000000000007f0000010000000000000000000000000000000000000000ac1e00010000000000000000000000000000000000000000240009"], 0x70}}, 0x0) connect$inet(r7, &(0x7f0000000900)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r7, &(0x7f0000005240), 0x264e33, 0xfffe) 7.188502405s ago: executing program 3 (id=572): r0 = memfd_secret(0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x97e], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_PROPBIT(r1, 0x5501, 0x0) write$input_event(r1, &(0x7f00000005c0), 0x200005d8) ioctl$KVM_CAP_DISABLE_QUIRKS(r0, 0x4068aea3, 0x0) 6.70194071s ago: executing program 2 (id=578): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008bd6000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000c82a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 5.637288803s ago: executing program 2 (id=584): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@setlink={0x30, 0x13, 0xbaa23f3d13f2d1f5, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_GSO_MAX_SEGS={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x16738}]}, 0x30}}, 0x0) 5.579898187s ago: executing program 0 (id=585): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070080000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_free\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r1, 0x0) ftruncate(r1, 0xc17a) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0xfe44, 0x0) 5.403035908s ago: executing program 0 (id=587): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001440)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1010000, 0x6, 0x1, 0xa2e5, 0x3, 0x3ff, 0x7, 0x3, 0x4, 0x2, 0x9, 0xe0, 0x1, 0x9d9, 0xffffffff, 0x1, 0x9, 0x5, 0x80, 0x8, 0x3, 0x4, 0xc, 0x80000000, 0x7f, 0x1, 0x1, 0x4, 0xc0000000, 0x3, 0xc4d, 0x6, 0x1, 0x5, 0xfff, 0x1, 0x3, 0xde71, 0x7fffffff, 0x5, 0x1, 0x5, 0x1, 0x0, 0x3, 0x40, 0xe, 0x0, 0x6, 0x0, 0x9, 0x8, 0x51, 0x6, 0x9, 0xd, 0x0, 0x5, 0x81f, 0x9, 0xa20b, 0x1ff, 0x2, 0x9, 0x401, 0x0, 0x4, 0xfffffff6, 0x7, 0xd, 0x6, 0x9, 0x2800, 0x80000001, 0x1, 0x1d48, 0x200, 0x7, 0xfffffffc, 0x8, 0x1, 0xa, 0x5, 0x3, 0x3, 0x9, 0x4, 0x2, 0x6, 0x6fa, 0xf57, 0x1, 0x26, 0x6, 0x8000, 0x4, 0xfffffffc, 0x1000, 0x3, 0x6, 0x49, 0x3, 0x5, 0x80000000, 0x9, 0x41, 0x6, 0x3, 0x5, 0xfffffff8, 0x2dd, 0x0, 0x1, 0x0, 0x387, 0xa7e, 0xffffffff, 0x80, 0x101, 0x40, 0x9, 0xd74e, 0x1000, 0x0, 0x400, 0xc9, 0x4, 0x3, 0x7cb, 0x2, 0x19, 0xcb, 0x7, 0x5, 0x81, 0x2, 0x3ff, 0x8, 0x3, 0x7, 0x9, 0x7fffffff, 0x1000, 0xf42c, 0x1, 0x0, 0x289, 0x7, 0xf, 0x4, 0x7, 0xfffff001, 0x800, 0x0, 0x3, 0xfffffffd, 0x4, 0x6, 0x3, 0x8, 0x3, 0x1, 0x1, 0x8, 0xfffffff7, 0x1, 0xfffffffb, 0x9, 0x8, 0x7, 0x3, 0x686, 0x2, 0xf, 0x2, 0x8, 0x0, 0xfffffffb, 0x80, 0x7, 0x2, 0xfff, 0x5, 0xffffff01, 0x8, 0x6, 0xffffff80, 0x6, 0x0, 0x401, 0x23, 0xb, 0x6, 0x6, 0x5, 0x7, 0x8, 0x9, 0x7, 0x7f, 0xc, 0x4a1, 0x40, 0xa63, 0x550048ac, 0x5, 0x5, 0x9, 0x6, 0x0, 0x4, 0x2, 0xf7db, 0x7, 0x4, 0x8, 0x7, 0x3, 0x0, 0x71b, 0x90f9, 0x7fff, 0x4, 0x0, 0x5, 0x2, 0x0, 0x7, 0x7, 0x4, 0x21e6, 0x2, 0xffffffff, 0xfb, 0x79, 0x4, 0x9, 0x8, 0x4, 0x9, 0x8, 0x9, 0x883aba1e, 0x22, 0x5c2e, 0x3, 0x0, 0x80, 0x6, 0x9, 0x3ff, 0x8, 0x2, 0xc8, 0x4, 0x7b]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x6, 0x0, 0x1, 0x1, 0xf000, 0x2a112000}, {0x3, 0x0, 0xcd86, 0x10, 0x1, 0x6}, 0x5, 0x80000001, 0x40f}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x40001}, 0x0) 5.268627114s ago: executing program 2 (id=589): open(&(0x7f0000000100)='./bus\x00', 0x1c3142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) lremovexattr(&(0x7f0000001100)='./bus\x00', &(0x7f00000013c0)=@known='system.sockprotoname\x00') 5.198712003s ago: executing program 2 (id=590): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@private1}, {@in6=@loopback, 0x1, 0x2b}, @in=@loopback, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x2, 0x81}, {0x0, 0x0, 0x6}, 0x0, 0x0, 0xa, 0x3, 0x0, 0x8}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}}, 0x0) 5.183099288s ago: executing program 0 (id=591): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) r2 = dup(r1) ioctl$PPPIOCCONNECT(r2, 0x40047435, 0x0) 4.947936878s ago: executing program 1 (id=592): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000180)=ANY=[@ANYBLOB="000000000000000003000000000200"]) 4.947779063s ago: executing program 2 (id=593): openat$nullb(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000240), 0x0, 0x2882) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='stack\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) connect(0xffffffffffffffff, &(0x7f0000000500)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xfffe, @loopback}}}, 0x80) ioctl$FITRIM(r3, 0xc0185879, &(0x7f00000000c0)={0x5, 0x70, 0xffffffff}) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502) 4.945559208s ago: executing program 0 (id=594): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x640c}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x90}}, 0x0) 4.770574396s ago: executing program 1 (id=595): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000406010300000000002000000000000005000100"], 0x1c}}, 0x0) 4.68158248s ago: executing program 2 (id=596): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) r1 = syz_open_dev$vim2m(0x0, 0x7, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) write$evdev(r0, &(0x7f0000000000), 0x100000008) 4.619891381s ago: executing program 0 (id=597): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x4, &(0x7f0000000500)=[{0x6, 0x4, 0x6}, {0xbb46, 0x5, 0x1, 0x6f3e}, {0x3, 0x7, 0x6, 0x90}, {0xff, 0xbf, 0xd5, 0xc24a}]}) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89001) prlimit64(0x0, 0x3, &(0x7f0000000140)={0x0, 0xede8}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x1) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)) io_uring_setup(0xfc2, &(0x7f0000000480)={0x0, 0x0, 0x20, 0x203, 0x4}) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x0, 0x0, 0xd4a4}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@ifindex, 0xffffffffffffffff, 0xe, 0x2020, 0x4000, @prog_fd=r0}, 0x20) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000440)={0xa, 0x4e22, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0xfc26) r2 = socket$qrtr(0x2a, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c00000002030102000000000000000000000010080001000100000016c798a7a8be429f266aaa9fc26d5d401e00572f6bbf0e38b11b74fb052adbead0994c7e8c6a24cc5be3479fc2117ee54cc3b0a38ad3b7f90b31dfae64b66dd684f56214dcdc8185e581b1c371e8ac18454066395c8eec06f484df86911de70a9410dc9f2a63839212062db703bd9a386bb2ca210a712924631d3923da233f43ce65cff9022548853c33ff260bfd4ca4580f8a1c80d4548497e4b492b934d2052345915c29838b78932aa8abe8c36f053711e5dc0b6a0812ed2d5ff80d37f508e95095517256b5930ce8cbd47eb7b305dc8752c858"], 0x1c}}, 0x24000800) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000380)=@assoc_value, &(0x7f00000003c0)=0x8) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000140)={'wg1\x00', 0x2000}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'virt_wifi0\x00'}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000080)=[{0x7, 0x0, 0x2, 0xffffffff}, {0x20}, {0x0, 0x0, 0x0, 0x27}, {0x20, 0x0, 0x0, 0x24}, {0x6, 0x0, 0x0, 0x1}]}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) 4.609324208s ago: executing program 1 (id=598): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000002f00)=ANY=[@ANYBLOB], 0x14}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r3, 0x0, 0x0, r2, r2) process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000500)='./bus\x00') lsetxattr$system_posix_acl(&(0x7f0000000240)='./bus\x00', &(0x7f0000000280)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) pipe2(&(0x7f0000000000), 0x0) r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f0000000040)={0x1, 0x5}, 0x2) 3.506681328s ago: executing program 1 (id=599): mkdir(&(0x7f0000005800)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) semctl$IPC_INFO(0x0, 0x0, 0x3, 0xfffffffffffffffc) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r4}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) socket$inet(0x2, 0x4000000000000001, 0x0) fchownat(r0, &(0x7f0000000580)='./file0\x00', 0xee00, 0x0, 0x100) 2.297662902s ago: executing program 1 (id=600): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x3a}]}}}]}, 0x3c}}, 0x0) 1.091858309s ago: executing program 3 (id=601): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, @private2, @private2, 0x700}}) 93.899889ms ago: executing program 1 (id=602): unshare(0x22020400) setuid(0xee01) r0 = fanotify_init(0x200, 0x0) fanotify_mark(r0, 0x101, 0x48001051, 0xffffffffffffffff, 0x0) 50.598069ms ago: executing program 0 (id=603): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x80, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x40005}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010101, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=604): socket$nl_netfilter(0x10, 0x3, 0xc) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x34002, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'virt_wifi0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x4, 0x0) kernel console output (not intermixed with test programs): 139] [ 149.665154][ T6139] dump_stack_lvl+0x241/0x360 [ 149.669868][ T6139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.675088][ T6139] ? __pfx__printk+0x10/0x10 [ 149.679702][ T6139] ? __kmalloc_node_track_caller_noprof+0xb2/0x440 [ 149.686216][ T6139] ? __pfx___might_resched+0x10/0x10 [ 149.691512][ T6139] ? try_to_wake_up+0x939/0x1470 [ 149.696461][ T6139] should_fail_ex+0x3b0/0x4e0 [ 149.701175][ T6139] should_failslab+0xac/0x100 [ 149.705873][ T6139] __kmalloc_node_track_caller_noprof+0xda/0x440 [ 149.712222][ T6139] ? __kernfs_new_node+0x9d/0x870 [ 149.717287][ T6139] kstrdup+0x3a/0x80 [ 149.721198][ T6139] __kernfs_new_node+0x9d/0x870 [ 149.726083][ T6139] ? __pfx___kernfs_new_node+0x10/0x10 [ 149.731563][ T6139] ? __pfx_lock_acquire+0x10/0x10 [ 149.736612][ T6139] ? sysfs_do_create_link_sd+0x77/0x110 [ 149.742171][ T6139] ? __pfx_lock_release+0x10/0x10 [ 149.747184][ T6139] ? do_raw_spin_lock+0x14f/0x370 [ 149.752213][ T6139] kernfs_new_node+0x137/0x240 [ 149.757030][ T6139] kernfs_create_link+0xa5/0x1f0 [ 149.761966][ T6139] sysfs_do_create_link_sd+0x85/0x110 [ 149.767335][ T6139] device_add_class_symlinks+0x1c5/0x250 [ 149.772964][ T6139] device_add+0x553/0xbf0 [ 149.777299][ T6139] tty_register_device_attr+0x437/0x960 [ 149.782864][ T6139] ? __pfx_tty_register_device_attr+0x10/0x10 [ 149.788928][ T6139] ? tty_port_register_device+0x5b/0x100 [ 149.794570][ T6139] rfcomm_dev_ioctl+0x1a51/0x2220 [ 149.799594][ T6139] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 149.804968][ T6139] ? __local_bh_enable_ip+0x168/0x200 [ 149.810327][ T6139] ? lockdep_hardirqs_on+0x99/0x150 [ 149.815515][ T6139] ? __local_bh_enable_ip+0x168/0x200 [ 149.820880][ T6139] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 149.826585][ T6139] ? do_raw_spin_unlock+0x13c/0x8b0 [ 149.831769][ T6139] rfcomm_sock_ioctl+0x86/0xd0 [ 149.836539][ T6139] sock_do_ioctl+0x158/0x460 [ 149.841114][ T6139] ? __pfx_smack_log+0x10/0x10 [ 149.845857][ T6139] ? __pfx_sock_do_ioctl+0x10/0x10 [ 149.850959][ T6139] ? smk_tskacc+0x300/0x370 [ 149.855453][ T6139] ? smack_file_ioctl+0x2a1/0x3a0 [ 149.860485][ T6139] sock_ioctl+0x629/0x8e0 [ 149.864812][ T6139] ? __pfx_sock_ioctl+0x10/0x10 [ 149.869650][ T6139] ? __fget_files+0x3f6/0x470 [ 149.874307][ T6139] ? __fget_files+0x29/0x470 [ 149.878879][ T6139] ? bpf_lsm_file_ioctl+0x9/0x10 [ 149.883816][ T6139] ? security_file_ioctl+0x87/0xb0 [ 149.888924][ T6139] ? __pfx_sock_ioctl+0x10/0x10 [ 149.893758][ T6139] __se_sys_ioctl+0xfc/0x170 [ 149.898333][ T6139] do_syscall_64+0xf3/0x230 [ 149.902817][ T6139] ? clear_bhb_loop+0x35/0x90 [ 149.907478][ T6139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.913352][ T6139] RIP: 0033:0x7fa8e3b79e79 [ 149.917764][ T6139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.937370][ T6139] RSP: 002b:00007fa8e499f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 149.945879][ T6139] RAX: ffffffffffffffda RBX: 00007fa8e3d15f80 RCX: 00007fa8e3b79e79 [ 149.953846][ T6139] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000009 [ 149.961894][ T6139] RBP: 00007fa8e499f090 R08: 0000000000000000 R09: 0000000000000000 [ 149.969850][ T6139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 149.977806][ T6139] R13: 0000000000000000 R14: 00007fa8e3d15f80 R15: 00007ffcf07e0718 [ 149.985862][ T6139] [ 150.309683][ T6151] netlink: 'syz.2.228': attribute type 21 has an invalid length. [ 150.317547][ T6151] netlink: 'syz.2.228': attribute type 20 has an invalid length. [ 150.325352][ T6151] IPv6: NLM_F_CREATE should be specified when creating new route [ 150.367750][ T29] audit: type=1326 audit(1724654586.790:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6146 comm="syz.2.228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fece1379e79 code=0x0 [ 150.620964][ T5217] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 151.006436][ T6149] netlink: 3 bytes leftover after parsing attributes in process `syz.1.227'. [ 151.259330][ T5217] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 151.306344][ T5217] usb 5-1: config 0 has no interfaces? [ 151.327941][ T5217] usb 5-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 151.356238][ T5217] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.432030][ T5217] usb 5-1: config 0 descriptor?? [ 151.771721][ T6167] sctp: [Deprecated]: syz.3.232 (pid 6167) Use of struct sctp_assoc_value in delayed_ack socket option. [ 151.771721][ T6167] Use struct sctp_sack_info instead [ 152.357535][ T6172] netlink: 830 bytes leftover after parsing attributes in process `syz.0.233'. [ 152.751349][ T8] usb 5-1: USB disconnect, device number 10 [ 152.852648][ T6181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.235'. [ 153.439810][ T6187] delete_channel: no stack [ 153.440471][ T6188] input: syz1 as /devices/virtual/input/input12 [ 153.473803][ C1] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 153.828474][ T6200] netlink: 28 bytes leftover after parsing attributes in process `syz.2.240'. [ 153.865637][ T6200] netlink: 28 bytes leftover after parsing attributes in process `syz.2.240'. [ 154.075788][ T6202] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 155.495199][ T6227] overlayfs: failed to resolve './file0': -2 [ 156.456104][ T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 156.710484][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.721418][ T8] usb 5-1: config 0 has no interfaces? [ 156.731170][ T8] usb 5-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 156.814309][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.746768][ T8] usb 5-1: config 0 descriptor?? [ 157.856798][ T6238] sp0: Synchronizing with TNC [ 158.015570][ T6242] FAULT_INJECTION: forcing a failure. [ 158.015570][ T6242] name failslab, interval 1, probability 0, space 0, times 0 [ 158.050205][ T6242] CPU: 1 UID: 0 PID: 6242 Comm: syz.1.251 Not tainted 6.11.0-rc5-syzkaller #0 [ 158.059062][ T6242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 158.069186][ T6242] Call Trace: [ 158.072448][ T6242] [ 158.075361][ T6242] dump_stack_lvl+0x241/0x360 [ 158.080030][ T6242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.085206][ T6242] ? __pfx__printk+0x10/0x10 [ 158.089800][ T6242] ? fs_reclaim_acquire+0x93/0x140 [ 158.094893][ T6242] ? __pfx___might_resched+0x10/0x10 [ 158.100165][ T6242] should_fail_ex+0x3b0/0x4e0 [ 158.104825][ T6242] ? tomoyo_encode+0x26f/0x540 [ 158.109571][ T6242] should_failslab+0xac/0x100 [ 158.114243][ T6242] ? tomoyo_encode+0x26f/0x540 [ 158.118999][ T6242] __kmalloc_noprof+0xd8/0x400 [ 158.123748][ T6242] tomoyo_encode+0x26f/0x540 [ 158.128326][ T6242] tomoyo_realpath_from_path+0x59e/0x5e0 [ 158.133977][ T6242] tomoyo_path_number_perm+0x23a/0x880 [ 158.139422][ T6242] ? tomoyo_path_number_perm+0x208/0x880 [ 158.145056][ T6242] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 158.151040][ T6242] ? __fget_files+0x29/0x470 [ 158.155620][ T6242] ? __fget_files+0x3f6/0x470 [ 158.160279][ T6242] ? __fget_files+0x29/0x470 [ 158.164854][ T6242] security_file_ioctl+0x75/0xb0 [ 158.169783][ T6242] __se_sys_ioctl+0x47/0x170 [ 158.174354][ T6242] do_syscall_64+0xf3/0x230 [ 158.178844][ T6242] ? clear_bhb_loop+0x35/0x90 [ 158.183506][ T6242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.189384][ T6242] RIP: 0033:0x7efedfd79e79 [ 158.193779][ T6242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.213359][ T6242] RSP: 002b:00007efee0b2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.221758][ T6242] RAX: ffffffffffffffda RBX: 00007efedff16058 RCX: 00007efedfd79e79 [ 158.229715][ T6242] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000005 [ 158.237669][ T6242] RBP: 00007efee0b2d090 R08: 0000000000000000 R09: 0000000000000000 [ 158.245617][ T6242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.253572][ T6242] R13: 0000000000000001 R14: 00007efedff16058 R15: 00007ffd50bacbc8 [ 158.261538][ T6242] [ 158.404186][ T6242] ERROR: Out of memory at tomoyo_realpath_from_path. [ 158.442686][ T6242] block nbd1: shutting down sockets [ 158.617342][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 159.007293][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 159.228178][ T25] usb 3-1: config 0 has no interfaces? [ 159.254171][ T25] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 159.272141][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 159.284173][ T25] usb 3-1: SerialNumber: syz [ 159.404452][ T25] usb 3-1: config 0 descriptor?? [ 159.484615][ T9] usb 5-1: USB disconnect, device number 11 [ 159.678936][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 159.703229][ T6264] macvlan2: entered allmulticast mode [ 159.709119][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 159.732645][ T25] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 159.775757][ T8] usb 3-1: USB disconnect, device number 6 [ 159.913058][ T6266] No such timeout policy "syz1" [ 159.916184][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 159.946612][ T25] usb 4-1: config 0 has no interfaces? [ 159.965388][ T25] usb 4-1: New USB device found, idVendor=1b96, idProduct=0018, bcdDevice= 0.00 [ 159.975503][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.999554][ T25] usb 4-1: config 0 descriptor?? [ 160.421317][ T6287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.501817][ T6287] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.863723][ T29] audit: type=1326 audit(1724654597.230:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.301019][ T29] audit: type=1326 audit(1724654597.240:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.354694][ T29] audit: type=1326 audit(1724654597.640:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.403269][ T29] audit: type=1326 audit(1724654597.640:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.453439][ T6296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.267'. [ 161.476626][ T29] audit: type=1326 audit(1724654597.640:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.511149][ T29] audit: type=1326 audit(1724654597.640:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.589503][ T29] audit: type=1326 audit(1724654597.640:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.631861][ T29] audit: type=1326 audit(1724654597.640:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 161.825427][ T29] audit: type=1326 audit(1724654597.640:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.1.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 162.652358][ T25] usb 4-1: USB disconnect, device number 6 [ 162.880080][ T6309] sctp: [Deprecated]: syz.3.271 (pid 6309) Use of struct sctp_assoc_value in delayed_ack socket option. [ 162.880080][ T6309] Use struct sctp_sack_info instead [ 162.976424][ T5217] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 163.051203][ T6313] vivid-003: disconnect [ 163.402277][ T5217] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.417185][ T5217] usb 5-1: config 0 has no interfaces? [ 163.458196][ T5217] usb 5-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 163.498394][ T5217] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.538092][ T5217] usb 5-1: config 0 descriptor?? [ 163.588759][ T6311] vivid-003: reconnect [ 163.990201][ T6320] No such timeout policy "syz1" [ 164.116717][ T6321] vivid-001: disconnect [ 164.419195][ T6315] vivid-001: reconnect [ 164.643200][ T6327] netlink: 40 bytes leftover after parsing attributes in process `syz.0.276'. [ 164.962592][ T5271] usb 5-1: USB disconnect, device number 12 [ 165.849500][ T29] audit: type=1326 audit(1724654602.030:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6337 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e3b79e79 code=0x7fc00000 [ 166.093981][ T29] audit: type=1326 audit(1724654602.230:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6337 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa8e3b79e79 code=0x7fc00000 [ 166.137528][ T6330] netlink: 'syz.3.277': attribute type 10 has an invalid length. [ 166.255497][ T29] audit: type=1326 audit(1724654602.410:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6337 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e3b79e79 code=0x7fc00000 [ 166.362074][ T6330] team0: Port device netdevsim0 added [ 166.581362][ T6362] netlink: 12 bytes leftover after parsing attributes in process `syz.4.284'. [ 166.878624][ T6365] autofs: Bad value for 'fd' [ 171.192353][ T6372] No such timeout policy "syz1" [ 171.372130][ T6378] FAULT_INJECTION: forcing a failure. [ 171.372130][ T6378] name failslab, interval 1, probability 0, space 0, times 0 [ 171.415334][ T6378] CPU: 1 UID: 0 PID: 6378 Comm: syz.4.293 Not tainted 6.11.0-rc5-syzkaller #0 [ 171.424222][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 171.434284][ T6378] Call Trace: [ 171.437572][ T6378] [ 171.440521][ T6378] dump_stack_lvl+0x241/0x360 [ 171.445217][ T6378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.450435][ T6378] ? __pfx__printk+0x10/0x10 [ 171.455056][ T6378] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 171.460540][ T6378] ? __pfx___might_resched+0x10/0x10 [ 171.465852][ T6378] should_fail_ex+0x3b0/0x4e0 [ 171.470544][ T6378] should_failslab+0xac/0x100 [ 171.475210][ T6378] ? cgroup_bpf_attach+0xbb8/0x1240 [ 171.480401][ T6378] __kmalloc_cache_noprof+0x6c/0x2c0 [ 171.485675][ T6378] cgroup_bpf_attach+0xbb8/0x1240 [ 171.490690][ T6378] ? __pfx_cgroup_bpf_attach+0x10/0x10 [ 171.496135][ T6378] ? bpf_link_prime+0x171/0x240 [ 171.500969][ T6378] cgroup_bpf_link_attach+0x237/0x3c0 [ 171.506346][ T6378] ? __pfx_cgroup_bpf_link_attach+0x10/0x10 [ 171.512232][ T6378] ? bpf_prog_attach_check_attach_type+0x23a/0x4b0 [ 171.518720][ T6378] link_create+0x534/0x8b0 [ 171.523125][ T6378] ? bpf_lsm_bpf+0x9/0x10 [ 171.527444][ T6378] __sys_bpf+0x4bc/0x810 [ 171.531680][ T6378] ? __pfx___sys_bpf+0x10/0x10 [ 171.536567][ T6378] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 171.542538][ T6378] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 171.548853][ T6378] ? do_syscall_64+0x100/0x230 [ 171.553612][ T6378] __x64_sys_bpf+0x7c/0x90 [ 171.558012][ T6378] do_syscall_64+0xf3/0x230 [ 171.562498][ T6378] ? clear_bhb_loop+0x35/0x90 [ 171.567159][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.573037][ T6378] RIP: 0033:0x7fbb99d79e79 [ 171.577435][ T6378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.597039][ T6378] RSP: 002b:00007fbb9ab51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 171.605434][ T6378] RAX: ffffffffffffffda RBX: 00007fbb99f15f80 RCX: 00007fbb99d79e79 [ 171.613388][ T6378] RDX: 0000000000000010 RSI: 0000000020000180 RDI: 000000000000001c [ 171.621342][ T6378] RBP: 00007fbb9ab51090 R08: 0000000000000000 R09: 0000000000000000 [ 171.629305][ T6378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.637274][ T6378] R13: 0000000000000000 R14: 00007fbb99f15f80 R15: 00007fff5e4e0438 [ 171.645255][ T6378] [ 171.648338][ C1] vkms_vblank_simulate: vblank timer overrun [ 171.722630][ T5227] Bluetooth: hci0: Malformed LE Event: 0x1b [ 171.806977][ T5217] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 172.715419][ T29] audit: type=1326 audit(1724654608.830:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 172.736842][ C1] vkms_vblank_simulate: vblank timer overrun [ 172.747898][ T5217] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.776286][ T5217] usb 1-1: config 0 has no interfaces? [ 172.793156][ T29] audit: type=1326 audit(1724654608.840:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 172.816401][ T5217] usb 1-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 172.825509][ T5217] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.842442][ T5217] usb 1-1: config 0 descriptor?? [ 172.859270][ T29] audit: type=1326 audit(1724654609.140:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 172.921562][ T29] audit: type=1326 audit(1724654609.140:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 172.966158][ T29] audit: type=1326 audit(1724654609.140:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 172.987539][ C1] vkms_vblank_simulate: vblank timer overrun [ 172.994149][ T29] audit: type=1326 audit(1724654609.140:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 173.015967][ T29] audit: type=1326 audit(1724654609.140:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 173.037358][ C1] vkms_vblank_simulate: vblank timer overrun [ 173.063274][ T6398] overlayfs: failed to resolve './file0': -2 [ 173.105557][ T29] audit: type=1326 audit(1724654609.140:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 173.205533][ T6399] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 173.236674][ T6398] 9pnet_fd: Insufficient options for proto=fd [ 173.246193][ T29] audit: type=1326 audit(1724654609.140:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 173.315071][ T29] audit: type=1326 audit(1724654609.140:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6389 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x7fc00000 [ 173.336511][ C1] vkms_vblank_simulate: vblank timer overrun [ 173.565813][ T6128] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.847334][ T6128] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.277871][ T6128] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.292766][ T5217] usb 1-1: USB disconnect, device number 7 [ 174.512537][ T6413] netlink: 28 bytes leftover after parsing attributes in process `syz.2.301'. [ 174.523815][ T6413] netlink: 28 bytes leftover after parsing attributes in process `syz.2.301'. [ 174.591726][ T6128] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.691298][ T5218] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 174.702758][ T5218] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 174.715905][ T5218] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 174.744713][ T5218] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 174.753097][ T5218] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 174.765641][ T5218] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 175.148375][ T6128] bridge_slave_1: left allmulticast mode [ 175.158945][ T6128] bridge_slave_1: left promiscuous mode [ 175.166320][ T6128] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.215398][ T6128] bridge_slave_0: left allmulticast mode [ 175.228721][ T6128] bridge_slave_0: left promiscuous mode [ 175.235330][ T6128] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.356148][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 175.564231][ T8] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 175.585050][ T8] usb 1-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3 [ 175.606524][ T8] usb 1-1: Product: syz [ 175.623828][ T8] usb 1-1: Manufacturer: syz [ 175.632151][ T8] usb 1-1: SerialNumber: syz [ 175.643567][ T8] usb 1-1: config 0 descriptor?? [ 175.859225][ T8] usb-storage 1-1:0.0: USB Mass Storage device detected [ 176.064893][ T5266] usb 1-1: USB disconnect, device number 8 [ 176.094799][ T6128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.121000][ T6128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.142847][ T6128] bond0 (unregistering): Released all slaves [ 176.746500][ T6463] netlink: 830 bytes leftover after parsing attributes in process `syz.0.309'. [ 176.805031][ T6417] chnl_net:caif_netlink_parms(): no params data found [ 176.866520][ T5227] Bluetooth: hci4: command tx timeout [ 177.183689][ T6128] hsr_slave_0: left promiscuous mode [ 177.247808][ T6128] hsr_slave_1: left promiscuous mode [ 177.266101][ T5271] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 177.275630][ T6128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.305237][ T6128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.361627][ T6128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.417897][ T6128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.478081][ T5271] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.495196][ T5271] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 177.522648][ T6128] veth1_macvtap: left promiscuous mode [ 177.542779][ T5271] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 177.558531][ T6128] veth0_macvtap: left promiscuous mode [ 177.572710][ T5271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 177.581143][ T6128] veth1_vlan: left promiscuous mode [ 177.604442][ T6128] veth0_vlan: left promiscuous mode [ 177.614575][ T5271] usb 2-1: SerialNumber: syz [ 177.872923][ T5271] usb 2-1: skipping empty audio interface (v1) [ 178.050698][ T5271] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 178.123042][ T5271] usb 2-1: USB disconnect, device number 5 [ 178.206412][ T58] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 178.233739][ T6082] udevd[6082]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 178.455082][ T58] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.501891][ T58] usb 1-1: config 0 has no interfaces? [ 178.530702][ T58] usb 1-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 178.574088][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.618784][ T58] usb 1-1: config 0 descriptor?? [ 178.946337][ T5227] Bluetooth: hci4: command tx timeout [ 179.206714][ T58] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 179.365286][ T6128] team0 (unregistering): Port device team_slave_1 removed [ 179.398846][ T58] usb 2-1: Using ep0 maxpacket: 8 [ 179.436758][ T58] usb 2-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 179.469357][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.485829][ T6128] team0 (unregistering): Port device team_slave_0 removed [ 179.489064][ T58] usb 2-1: config 0 descriptor?? [ 179.512042][ T58] usb 2-1: bad CDC descriptors [ 180.062064][ T6495] netlink: 32 bytes leftover after parsing attributes in process `syz.2.313'. [ 180.748611][ T6506] vivid-000: disconnect [ 180.885444][ T5217] usb 1-1: USB disconnect, device number 9 [ 181.026261][ T5227] Bluetooth: hci4: command tx timeout [ 181.082400][ T6417] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.119406][ T6503] vivid-000: reconnect [ 181.138294][ T6417] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.156954][ T6417] bridge_slave_0: entered allmulticast mode [ 181.164932][ T6417] bridge_slave_0: entered promiscuous mode [ 181.234040][ T6417] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.269909][ T5227] Bluetooth: hci0: command 0x0406 tx timeout [ 181.276187][ T5227] Bluetooth: hci2: command 0x0406 tx timeout [ 181.282204][ T5227] Bluetooth: hci3: command 0x0406 tx timeout [ 181.288298][ T5227] Bluetooth: hci1: command 0x0406 tx timeout [ 181.304665][ T6417] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.354261][ T6417] bridge_slave_1: entered allmulticast mode [ 181.414583][ T6417] bridge_slave_1: entered promiscuous mode [ 181.632153][ T6417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.718227][ T6417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.886897][ T58] usb 2-1: USB disconnect, device number 6 [ 183.034634][ T6535] [U]  [ 183.106079][ T5218] Bluetooth: hci4: command tx timeout [ 183.137386][ T6417] team0: Port device team_slave_0 added [ 183.169124][ T6417] team0: Port device team_slave_1 added [ 183.982797][ T6417] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.004246][ T6417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.030144][ C0] vkms_vblank_simulate: vblank timer overrun [ 184.045699][ T6417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.059074][ T6417] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.066380][ T6417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.066762][ T5266] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 184.092258][ C0] vkms_vblank_simulate: vblank timer overrun [ 184.093503][ T6417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.218337][ T6556] loop0: detected capacity change from 0 to 7 [ 184.253045][ T6556] Dev loop0: unable to read RDB block 7 [ 184.262994][ T6556] loop0: AHDI p2 p3 [ 184.271839][ T6556] loop0: partition table partially beyond EOD, truncated [ 184.274833][ T6554] vivid-002: disconnect [ 184.282468][ T6556] loop0: p2 start 6514546 is beyond EOD, truncated [ 184.421617][ T6417] hsr_slave_0: entered promiscuous mode [ 184.433209][ T6548] vivid-002: reconnect [ 184.461859][ T6417] hsr_slave_1: entered promiscuous mode [ 184.492476][ T6417] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.511005][ T5266] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.515429][ T6417] Cannot create hsr debugfs directory [ 184.546149][ T5266] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 184.575682][ T5266] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 184.605933][ T5266] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 184.616071][ T5266] usb 3-1: SerialNumber: syz [ 184.716482][ T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 184.786912][ T6568] vivid-002: disconnect [ 184.922447][ T5266] usb 3-1: skipping empty audio interface (v1) [ 185.239102][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 185.253071][ T25] usb 2-1: config 0 has no interfaces? [ 185.255189][ T5266] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 185.258737][ T25] usb 2-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 185.277418][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.304332][ T25] usb 2-1: config 0 descriptor?? [ 185.402864][ T5266] usb 3-1: USB disconnect, device number 7 [ 185.419361][ T6565] vivid-002: reconnect [ 185.560800][ T6575] netlink: 40 bytes leftover after parsing attributes in process `syz.3.332'. [ 185.585227][ T6082] udevd[6082]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 185.908670][ T25] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 186.066432][ T25] usb 1-1: device descriptor read/64, error -71 [ 186.346731][ T25] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 186.516354][ T25] usb 1-1: device descriptor read/64, error -71 [ 186.653202][ T25] usb usb1-port1: attempt power cycle [ 186.923371][ T6417] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 187.076268][ T25] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 187.119515][ T25] usb 1-1: device descriptor read/8, error -71 [ 187.387786][ T6417] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 187.426540][ T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 187.467694][ T25] usb 1-1: device descriptor read/8, error -71 [ 187.507490][ T6417] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 187.541948][ T9] usb 2-1: USB disconnect, device number 7 [ 187.564763][ T6417] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 187.606459][ T25] usb usb1-port1: unable to enumerate USB device [ 187.826687][ T6607] loop0: detected capacity change from 0 to 7 [ 187.879285][ T6607] Dev loop0: unable to read RDB block 7 [ 187.901724][ T6607] loop0: AHDI p2 p3 [ 187.914476][ T6607] loop0: partition table partially beyond EOD, truncated [ 187.952619][ T6607] loop0: p2 start 6514546 is beyond EOD, truncated [ 187.970046][ T6417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.999526][ T6417] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.010922][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.018624][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.225091][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.232236][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.397315][ T6616] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 193.204909][ T6624] netlink: 24 bytes leftover after parsing attributes in process `syz.0.342'. [ 193.506206][ T5266] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 193.554945][ T6417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.698460][ T5266] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.710771][ T5266] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 193.729940][ T5266] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 193.739445][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 193.754173][ T5266] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 193.765025][ T5266] usb 2-1: SerialNumber: syz [ 193.940916][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.944488][ T6417] veth0_vlan: entered promiscuous mode [ 193.967287][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 194.010316][ T6417] veth1_vlan: entered promiscuous mode [ 194.011410][ T5266] usb 2-1: skipping empty audio interface (v1) [ 194.036275][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 194.045355][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.087837][ T9] usb 4-1: config 0 descriptor?? [ 194.232411][ T5266] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 194.260141][ T5266] usb 2-1: USB disconnect, device number 8 [ 194.280710][ T6417] veth0_macvtap: entered promiscuous mode [ 196.736836][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.743175][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.769552][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 196.775603][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 196.792562][ T6417] veth1_macvtap: entered promiscuous mode [ 196.806157][ T9] usb 4-1: USB disconnect, device number 7 [ 196.809901][ T6082] udevd[6082]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 196.837046][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 196.869465][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.916225][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 196.933379][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.944063][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 196.955067][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.999802][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.070628][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.366217][ T46] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 197.512728][ T6417] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.726783][ T46] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.741384][ T46] usb 3-1: config 0 has no interfaces? [ 197.744008][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.776441][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.804061][ T46] usb 3-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 197.817669][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.828239][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.840690][ T46] usb 3-1: config 0 descriptor?? [ 197.846348][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.856534][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.869556][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.879625][ T6417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.890397][ T6417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.903005][ T6417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.968111][ T6417] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.016392][ T6417] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.052263][ T6417] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.061626][ T6417] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.180732][ T6673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.200968][ T6673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.213000][ T6690] fuse: Bad value for 'fd' [ 198.375798][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.392235][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.505002][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.513504][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.804280][ T6708] netlink: 4 bytes leftover after parsing attributes in process `syz.1.353'. [ 198.906143][ T25] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 199.068971][ T25] usb 4-1: device descriptor read/64, error -71 [ 199.356824][ T25] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 199.543883][ T25] usb 4-1: device descriptor read/64, error -71 [ 199.721209][ T25] usb usb4-port1: attempt power cycle [ 200.107787][ T5218] Bluetooth: hci3: unexpected event for opcode 0x630d [ 200.115137][ T5218] Bluetooth: hci3: unexpected event for opcode 0x2011 [ 200.692446][ T5266] usb 3-1: USB disconnect, device number 8 [ 200.771291][ T25] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 200.830125][ T25] usb 4-1: device descriptor read/8, error -71 [ 201.184482][ T6744] evm: overlay not supported [ 201.253261][ T25] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 202.097049][ T6745] loop0: detected capacity change from 0 to 7 [ 202.126912][ T6745] Dev loop0: unable to read RDB block 7 [ 202.141001][ T6745] loop0: AHDI p2 p3 [ 202.153837][ T6745] loop0: partition table partially beyond EOD, truncated [ 202.161157][ T25] usb 4-1: device descriptor read/8, error -71 [ 202.214201][ T6745] loop0: p2 start 6514546 is beyond EOD, truncated [ 202.316406][ T25] usb usb4-port1: unable to enumerate USB device [ 202.397642][ T1101] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.723517][ T1101] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.631524][ T1101] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.833609][ T4608] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.843699][ T4608] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 203.852159][ T4608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 203.875906][ T4608] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 203.884012][ T4608] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 203.892533][ T4608] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 203.892638][ T1101] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.953124][ T6789] FAULT_INJECTION: forcing a failure. [ 203.953124][ T6789] name failslab, interval 1, probability 0, space 0, times 0 [ 204.001605][ T6789] CPU: 1 UID: 0 PID: 6789 Comm: syz.1.364 Not tainted 6.11.0-rc5-syzkaller #0 [ 204.010499][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 204.020572][ T6789] Call Trace: [ 204.023860][ T6789] [ 204.026791][ T6789] dump_stack_lvl+0x241/0x360 [ 204.031470][ T6789] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.036660][ T6789] ? __pfx__printk+0x10/0x10 [ 204.041254][ T6789] ? ref_tracker_alloc+0x332/0x490 [ 204.046363][ T6789] should_fail_ex+0x3b0/0x4e0 [ 204.051035][ T6789] ? skb_clone+0x20c/0x390 [ 204.055444][ T6789] should_failslab+0xac/0x100 [ 204.060119][ T6789] ? skb_clone+0x20c/0x390 [ 204.064527][ T6789] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 204.069894][ T6789] skb_clone+0x20c/0x390 [ 204.074129][ T6789] __netlink_deliver_tap+0x3cc/0x7c0 [ 204.079414][ T6789] ? netlink_deliver_tap+0x2e/0x1b0 [ 204.084600][ T6789] netlink_deliver_tap+0x19d/0x1b0 [ 204.089701][ T6789] netlink_unicast+0x7c4/0x990 [ 204.094469][ T6789] ? __pfx_netlink_unicast+0x10/0x10 [ 204.099747][ T6789] ? __virt_addr_valid+0x183/0x530 [ 204.104858][ T6789] ? __check_object_size+0x49c/0x900 [ 204.110167][ T6789] ? bpf_lsm_netlink_send+0x9/0x10 [ 204.115273][ T6789] netlink_sendmsg+0x8e4/0xcb0 [ 204.120040][ T6789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.125318][ T6789] ? __import_iovec+0x536/0x820 [ 204.130166][ T6789] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 204.135461][ T6789] ? security_socket_sendmsg+0x87/0xb0 [ 204.140913][ T6789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.146189][ T6789] __sock_sendmsg+0x221/0x270 [ 204.150865][ T6789] ____sys_sendmsg+0x525/0x7d0 [ 204.155653][ T6789] ? __pfx_____sys_sendmsg+0x10/0x10 [ 204.160950][ T6789] __sys_sendmsg+0x2b0/0x3a0 [ 204.165542][ T6789] ? __pfx___sys_sendmsg+0x10/0x10 [ 204.170729][ T6789] ? vfs_write+0x7c4/0xc90 [ 204.175165][ T6789] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 204.181486][ T6789] ? do_syscall_64+0x100/0x230 [ 204.186247][ T6789] ? do_syscall_64+0xb6/0x230 [ 204.190916][ T6789] do_syscall_64+0xf3/0x230 [ 204.195410][ T6789] ? clear_bhb_loop+0x35/0x90 [ 204.200084][ T6789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.205971][ T6789] RIP: 0033:0x7efedfd79e79 [ 204.210385][ T6789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.229980][ T6789] RSP: 002b:00007efee0b4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.238397][ T6789] RAX: ffffffffffffffda RBX: 00007efedff15f80 RCX: 00007efedfd79e79 [ 204.246357][ T6789] RDX: 0000000000004144 RSI: 00000000200005c0 RDI: 0000000000000003 [ 204.254315][ T6789] RBP: 00007efee0b4e090 R08: 0000000000000000 R09: 0000000000000000 [ 204.262277][ T6789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.270270][ T6789] R13: 0000000000000000 R14: 00007efedff15f80 R15: 00007ffd50bacbc8 [ 204.278252][ T6789] [ 204.337554][ T4608] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 204.346291][ T4608] Bluetooth: hci3: Injecting HCI hardware error event [ 204.355086][ T4608] Bluetooth: hci3: hardware error 0x00 [ 205.170859][ T6784] chnl_net:caif_netlink_parms(): no params data found [ 205.228086][ T1101] bridge_slave_1: left allmulticast mode [ 205.259474][ T1101] bridge_slave_1: left promiscuous mode [ 205.282836][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.369847][ T1101] bridge_slave_0: left allmulticast mode [ 205.386346][ T1101] bridge_slave_0: left promiscuous mode [ 205.537337][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.571499][ T6816] Process accounting resumed [ 205.606657][ T6816] kernel write not supported for file /asound/timers (pid: 6816 comm: syz.3.370) [ 205.993317][ T5218] Bluetooth: hci4: command tx timeout [ 206.322101][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 206.506291][ T9] usb 4-1: device descriptor read/64, error -71 [ 206.550426][ T4608] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 206.782934][ T6832] sctp: [Deprecated]: syz.0.372 (pid 6832) Use of struct sctp_assoc_value in delayed_ack socket option. [ 206.782934][ T6832] Use struct sctp_sack_info instead [ 206.809245][ T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 206.987300][ T9] usb 4-1: device descriptor read/64, error -71 [ 207.132845][ T9] usb usb4-port1: attempt power cycle [ 207.464062][ T6845] netlink: 168 bytes leftover after parsing attributes in process `syz.1.374'. [ 207.727251][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 207.972516][ T9] usb 4-1: device descriptor read/8, error -71 [ 208.066338][ T5218] Bluetooth: hci4: command tx timeout [ 208.300001][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 208.325344][ T5232] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 208.348188][ T9] usb 4-1: device descriptor read/8, error -71 [ 208.375722][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.410407][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.437372][ T1101] bond0 (unregistering): Released all slaves [ 208.486397][ T9] usb usb4-port1: unable to enumerate USB device [ 208.627159][ T4608] Bluetooth: hci3: Opcode 0x2046 failed: -110 [ 209.275176][ T6877] sctp: [Deprecated]: syz.0.379 (pid 6877) Use of struct sctp_assoc_value in delayed_ack socket option. [ 209.275176][ T6877] Use struct sctp_sack_info instead [ 209.378533][ T1101] hsr_slave_0: left promiscuous mode [ 209.398338][ T1101] hsr_slave_1: left promiscuous mode [ 209.453415][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 209.502803][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 209.557772][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 209.580930][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.146220][ T4608] Bluetooth: hci4: command tx timeout [ 210.566366][ T1101] veth1_macvtap: left promiscuous mode [ 210.589991][ T1101] veth0_macvtap: left promiscuous mode [ 210.607538][ T1101] veth1_vlan: left promiscuous mode [ 210.624318][ T6885] Invalid/unusable pipe [ 210.641673][ T1101] veth0_vlan: left promiscuous mode [ 211.655792][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 211.722341][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 212.215201][ T6784] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.223708][ T6784] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.231054][ T6784] bridge_slave_0: entered allmulticast mode [ 212.242705][ T6784] bridge_slave_0: entered promiscuous mode [ 212.257527][ T6784] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.265826][ T6784] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.273579][ T6784] bridge_slave_1: entered allmulticast mode [ 212.280467][ T6784] bridge_slave_1: entered promiscuous mode [ 212.289390][ T6887] FAULT_INJECTION: forcing a failure. [ 212.289390][ T6887] name failslab, interval 1, probability 0, space 0, times 0 [ 212.321673][ T6887] CPU: 0 UID: 0 PID: 6887 Comm: syz.3.382 Not tainted 6.11.0-rc5-syzkaller #0 [ 212.330564][ T6887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 212.340634][ T6887] Call Trace: [ 212.343926][ T6887] [ 212.346871][ T6887] dump_stack_lvl+0x241/0x360 [ 212.351574][ T6887] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.356795][ T6887] ? __pfx__printk+0x10/0x10 [ 212.361410][ T6887] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 212.366881][ T6887] ? __pfx___might_resched+0x10/0x10 [ 212.372168][ T6887] should_fail_ex+0x3b0/0x4e0 [ 212.376841][ T6887] should_failslab+0xac/0x100 [ 212.381510][ T6887] ? rtnl_newlink+0xf2/0x20a0 [ 212.386188][ T6887] __kmalloc_cache_noprof+0x6c/0x2c0 [ 212.391483][ T6887] rtnl_newlink+0xf2/0x20a0 [ 212.395997][ T6887] ? __pfx_lock_acquire+0x10/0x10 [ 212.401013][ T6887] ? __mutex_lock+0x99b/0xd70 [ 212.405679][ T6887] ? __pfx_lock_release+0x10/0x10 [ 212.410696][ T6887] ? do_raw_spin_lock+0x14f/0x370 [ 212.415716][ T6887] ? __pfx_rtnl_newlink+0x10/0x10 [ 212.420733][ T6887] ? do_raw_spin_unlock+0x13c/0x8b0 [ 212.425928][ T6887] ? __mutex_lock+0x9a5/0xd70 [ 212.430605][ T6887] ? __mutex_lock+0x527/0xd70 [ 212.435273][ T6887] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 212.440383][ T6887] ? __pfx___mutex_lock+0x10/0x10 [ 212.445403][ T6887] ? __pfx_rtnl_newlink+0x10/0x10 [ 212.450420][ T6887] rtnetlink_rcv_msg+0x73f/0xcf0 [ 212.455350][ T6887] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 212.460461][ T6887] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 212.466013][ T6887] ? ref_tracker_free+0x643/0x7e0 [ 212.471035][ T6887] netlink_rcv_skb+0x1e3/0x430 [ 212.475788][ T6887] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 212.481241][ T6887] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 212.486533][ T6887] ? netlink_deliver_tap+0x2e/0x1b0 [ 212.491723][ T6887] netlink_unicast+0x7f6/0x990 [ 212.496490][ T6887] ? __pfx_netlink_unicast+0x10/0x10 [ 212.501769][ T6887] ? __virt_addr_valid+0x183/0x530 [ 212.506877][ T6887] ? __check_object_size+0x49c/0x900 [ 212.512154][ T6887] ? bpf_lsm_netlink_send+0x9/0x10 [ 212.517271][ T6887] netlink_sendmsg+0x8e4/0xcb0 [ 212.522035][ T6887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.527311][ T6887] ? __import_iovec+0x536/0x820 [ 212.532159][ T6887] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 212.537468][ T6887] ? security_socket_sendmsg+0x87/0xb0 [ 212.542946][ T6887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.548238][ T6887] __sock_sendmsg+0x221/0x270 [ 212.552925][ T6887] ____sys_sendmsg+0x525/0x7d0 [ 212.557888][ T6887] ? __pfx_____sys_sendmsg+0x10/0x10 [ 212.563190][ T6887] __sys_sendmsg+0x2b0/0x3a0 [ 212.567784][ T6887] ? __pfx___sys_sendmsg+0x10/0x10 [ 212.572896][ T6887] ? vfs_write+0x7c4/0xc90 [ 212.577342][ T6887] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 212.583675][ T6887] ? do_syscall_64+0x100/0x230 [ 212.588443][ T6887] ? do_syscall_64+0xb6/0x230 [ 212.593127][ T6887] do_syscall_64+0xf3/0x230 [ 212.597626][ T6887] ? clear_bhb_loop+0x35/0x90 [ 212.602319][ T6887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.608215][ T6887] RIP: 0033:0x7f08cdd79e79 [ 212.612626][ T6887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.632235][ T6887] RSP: 002b:00007f08cea7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.640651][ T6887] RAX: ffffffffffffffda RBX: 00007f08cdf15f80 RCX: 00007f08cdd79e79 [ 212.648617][ T6887] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 212.656582][ T6887] RBP: 00007f08cea7c090 R08: 0000000000000000 R09: 0000000000000000 [ 212.664548][ T6887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.672509][ T6887] R13: 0000000000000000 R14: 00007f08cdf15f80 R15: 00007ffdfbe994c8 [ 212.680484][ T6887] [ 212.689090][ T4608] Bluetooth: hci4: command 0x0419 tx timeout [ 212.820233][ T6894] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 212.972949][ T6784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.002158][ T6784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.204636][ T6784] team0: Port device team_slave_0 added [ 213.236872][ T6784] team0: Port device team_slave_1 added [ 213.324819][ T6784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.337948][ T6784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.402656][ T6784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.451783][ T6784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.477239][ T6784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.507531][ T6784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.713957][ T6784] hsr_slave_0: entered promiscuous mode [ 213.738358][ T6784] hsr_slave_1: entered promiscuous mode [ 213.775465][ T6784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.811018][ T6784] Cannot create hsr debugfs directory [ 213.813479][ T6926] program syz.3.388 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.177019][ T6932] kAFS: No cell specified [ 214.746332][ T5218] Bluetooth: hci4: command 0x0419 tx timeout [ 215.464415][ T6938] loop0: detected capacity change from 0 to 7 [ 215.485327][ T6938] Dev loop0: unable to read RDB block 7 [ 215.505257][ T6938] loop0: AHDI p2 p3 [ 215.514254][ T6943] netlink: 830 bytes leftover after parsing attributes in process `syz.2.394'. [ 215.525325][ T6938] loop0: partition table partially beyond EOD, truncated [ 215.551281][ T6938] loop0: p2 start 6514546 is beyond EOD, truncated [ 215.706410][ T25] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 216.016308][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 216.031619][ T25] usb 1-1: config 0 has no interfaces? [ 216.063934][ T25] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 216.610503][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.994914][ T25] usb 1-1: config 0 descriptor?? [ 217.265568][ T58] usb 1-1: USB disconnect, device number 14 [ 217.486156][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 217.585596][ T6784] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 217.625096][ T6784] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 217.675702][ T6784] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 217.696112][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 217.710832][ T6784] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 217.734717][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 52, changing to 7 [ 217.784861][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 8241, setting to 1024 [ 217.842616][ T9] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 217.898329][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.937316][ T9] usb 3-1: Product: syz [ 217.948370][ T9] usb 3-1: Manufacturer: syz [ 217.965807][ T9] usb 3-1: SerialNumber: syz [ 218.006987][ T9] usb 3-1: config 0 descriptor?? [ 218.046955][ T9] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 218.095423][ T9] em28xx 3-1:0.0: DVB interface 0 found: isoc [ 218.101188][ T6784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.223924][ T6784] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.265139][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.272301][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.305352][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.312545][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.061313][ T6994] loop0: detected capacity change from 0 to 7 [ 219.074085][ T6997] program syz.0.401 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 219.083977][ T6784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.131624][ T6994] Dev loop0: unable to read RDB block 7 [ 219.155941][ T6994] loop0: AHDI p2 p3 [ 219.167332][ T6994] loop0: partition table partially beyond EOD, truncated [ 219.217032][ T6994] loop0: p2 start 6514546 is beyond EOD, truncated [ 219.276979][ T9] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 219.406139][ T4669] Dev loop0: unable to read RDB block 7 [ 219.511796][ T4669] loop0: AHDI p2 p3 [ 219.523800][ T9] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 219.542449][ T4669] loop0: partition table partially beyond EOD, truncated [ 219.566734][ T9] em28xx 3-1:0.0: board has no eeprom [ 219.577121][ T4669] loop0: p2 start 6514546 is beyond EOD, truncated [ 219.700030][ T9] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 219.718798][ T7013] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.403'. [ 219.772168][ T9] em28xx 3-1:0.0: dvb set to isoc mode. [ 219.792454][ T8] em28xx 3-1:0.0: Binding DVB extension [ 220.554745][ T25] usb 3-1: USB disconnect, device number 9 [ 220.622711][ T25] em28xx 3-1:0.0: Disconnecting em28xx [ 220.666346][ T6784] veth0_vlan: entered promiscuous mode [ 220.701043][ T6784] veth1_vlan: entered promiscuous mode [ 220.724183][ T8] em28xx 3-1:0.0: Registering input extension [ 220.792462][ T7023] kAFS: No cell specified [ 220.813402][ T25] em28xx 3-1:0.0: Closing input extension [ 220.866354][ T6784] veth0_macvtap: entered promiscuous mode [ 220.883412][ T6784] veth1_macvtap: entered promiscuous mode [ 221.496509][ T25] em28xx 3-1:0.0: Freeing device [ 223.233229][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.290266][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.319558][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.350779][ T7035] loop0: detected capacity change from 0 to 7 [ 223.362282][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.381744][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.392464][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.515340][ T7035] Dev loop0: unable to read RDB block 7 [ 223.529681][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.536070][ T7035] loop0: AHDI p2 p3 [ 223.554978][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.563238][ T7035] loop0: partition table partially beyond EOD, truncated [ 223.722763][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 223.722804][ T29] audit: type=1326 audit(1724654660.150:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7033 comm="syz.3.409" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x0 [ 224.258256][ T7035] loop0: p2 start 6514546 is beyond EOD, truncated [ 224.276171][ T6784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.300370][ T7043] netlink: 'syz.3.409': attribute type 21 has an invalid length. [ 224.308270][ T7043] netlink: 'syz.3.409': attribute type 20 has an invalid length. [ 224.407335][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.438306][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.462067][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.664670][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.969937][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.433481][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.446486][ T6784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.459668][ T6784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.485900][ T6784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 225.496711][ T7040] tap0: tun_chr_ioctl cmd 2147767507 [ 225.674363][ T7061] vivid-001: disconnect [ 226.037140][ T7053] vivid-001: reconnect [ 226.042168][ T6784] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.111920][ T6784] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.146469][ T6784] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.155214][ T6784] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.254643][ T7076] FAULT_INJECTION: forcing a failure. [ 226.254643][ T7076] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 226.273460][ T7076] CPU: 1 UID: 0 PID: 7076 Comm: syz.0.415 Not tainted 6.11.0-rc5-syzkaller #0 [ 226.282342][ T7076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 226.292679][ T7076] Call Trace: [ 226.295953][ T7076] [ 226.298879][ T7076] dump_stack_lvl+0x241/0x360 [ 226.303633][ T7076] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.308816][ T7076] ? __pfx__printk+0x10/0x10 [ 226.313403][ T7076] ? snprintf+0xda/0x120 [ 226.317639][ T7076] should_fail_ex+0x3b0/0x4e0 [ 226.322308][ T7076] _copy_to_user+0x2f/0xb0 [ 226.326728][ T7076] simple_read_from_buffer+0xca/0x150 [ 226.332117][ T7076] proc_fail_nth_read+0x1ec/0x260 [ 226.337133][ T7076] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.342667][ T7076] ? rw_verify_area+0x520/0x6b0 [ 226.347503][ T7076] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.353033][ T7076] vfs_read+0x204/0xbc0 [ 226.357192][ T7076] ? __pfx_lock_release+0x10/0x10 [ 226.362206][ T7076] ? __pfx_vfs_read+0x10/0x10 [ 226.366863][ T7076] ? __fget_files+0x29/0x470 [ 226.371432][ T7076] ? __fget_files+0x3f6/0x470 [ 226.376111][ T7076] ksys_read+0x1a0/0x2c0 [ 226.380356][ T7076] ? __pfx_ksys_read+0x10/0x10 [ 226.385111][ T7076] ? do_syscall_64+0x100/0x230 [ 226.389885][ T7076] ? do_syscall_64+0xb6/0x230 [ 226.394545][ T7076] do_syscall_64+0xf3/0x230 [ 226.399031][ T7076] ? clear_bhb_loop+0x35/0x90 [ 226.403693][ T7076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.409566][ T7076] RIP: 0033:0x7fa8e3b788bc [ 226.413967][ T7076] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 226.433559][ T7076] RSP: 002b:00007fa8e499f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 226.441956][ T7076] RAX: ffffffffffffffda RBX: 00007fa8e3d15f80 RCX: 00007fa8e3b788bc [ 226.449908][ T7076] RDX: 000000000000000f RSI: 00007fa8e499f0a0 RDI: 0000000000000003 [ 226.457859][ T7076] RBP: 00007fa8e499f090 R08: 0000000000000000 R09: 0000000000000000 [ 226.465811][ T7076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.473762][ T7076] R13: 0000000000000000 R14: 00007fa8e3d15f80 R15: 00007ffcf07e0718 [ 226.481749][ T7076] [ 226.495395][ T7079] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.414'. [ 226.684647][ T7081] netlink: 244 bytes leftover after parsing attributes in process `syz.1.414'. [ 226.843798][ T6128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.905138][ T6128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.042510][ T6128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.116228][ T7091] kAFS: No cell specified [ 227.161610][ T6128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.124915][ T7099] FAULT_INJECTION: forcing a failure. [ 228.124915][ T7099] name failslab, interval 1, probability 0, space 0, times 0 [ 228.169659][ T7099] CPU: 1 UID: 0 PID: 7099 Comm: syz.0.419 Not tainted 6.11.0-rc5-syzkaller #0 [ 228.178558][ T7099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 228.188598][ T7099] Call Trace: [ 228.191880][ T7099] [ 228.194797][ T7099] dump_stack_lvl+0x241/0x360 [ 228.199575][ T7099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.204757][ T7099] ? __pfx__printk+0x10/0x10 [ 228.209333][ T7099] ? __kmalloc_noprof+0xb0/0x400 [ 228.214257][ T7099] ? __pfx___might_resched+0x10/0x10 [ 228.219526][ T7099] should_fail_ex+0x3b0/0x4e0 [ 228.224194][ T7099] ? fib_create_info+0xa49/0x24e0 [ 228.229218][ T7099] should_failslab+0xac/0x100 [ 228.233919][ T7099] ? fib_create_info+0xa49/0x24e0 [ 228.238997][ T7099] __kmalloc_noprof+0xd8/0x400 [ 228.243795][ T7099] fib_create_info+0xa49/0x24e0 [ 228.248695][ T7099] fib_table_insert+0x1f6/0x1f30 [ 228.253677][ T7099] ? __pfx_fib_table_insert+0x10/0x10 [ 228.259068][ T7099] ? fib_new_table+0x120/0x2d0 [ 228.263857][ T7099] inet_rtm_newroute+0x149/0x290 [ 228.268815][ T7099] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 228.274307][ T7099] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 228.279786][ T7099] rtnetlink_rcv_msg+0x73f/0xcf0 [ 228.284742][ T7099] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 228.289876][ T7099] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 228.295361][ T7099] ? ref_tracker_free+0x643/0x7e0 [ 228.300411][ T7099] netlink_rcv_skb+0x1e3/0x430 [ 228.305188][ T7099] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 228.310666][ T7099] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 228.315978][ T7099] ? netlink_deliver_tap+0x2e/0x1b0 [ 228.321188][ T7099] netlink_unicast+0x7f6/0x990 [ 228.325975][ T7099] ? __pfx_netlink_unicast+0x10/0x10 [ 228.331268][ T7099] ? __virt_addr_valid+0x183/0x530 [ 228.336392][ T7099] ? __check_object_size+0x49c/0x900 [ 228.341693][ T7099] ? bpf_lsm_netlink_send+0x9/0x10 [ 228.346827][ T7099] netlink_sendmsg+0x8e4/0xcb0 [ 228.351618][ T7099] ? __pfx_netlink_sendmsg+0x10/0x10 [ 228.356920][ T7099] ? __import_iovec+0x536/0x820 [ 228.361792][ T7099] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 228.367094][ T7099] ? security_socket_sendmsg+0x87/0xb0 [ 228.372574][ T7099] ? __pfx_netlink_sendmsg+0x10/0x10 [ 228.377871][ T7099] __sock_sendmsg+0x221/0x270 [ 228.382579][ T7099] ____sys_sendmsg+0x525/0x7d0 [ 228.387371][ T7099] ? __pfx_____sys_sendmsg+0x10/0x10 [ 228.392691][ T7099] __sys_sendmsg+0x2b0/0x3a0 [ 228.397303][ T7099] ? __pfx___sys_sendmsg+0x10/0x10 [ 228.402429][ T7099] ? vfs_write+0x7c4/0xc90 [ 228.406901][ T7099] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 228.413249][ T7099] ? do_syscall_64+0x100/0x230 [ 228.418029][ T7099] ? do_syscall_64+0xb6/0x230 [ 228.422720][ T7099] do_syscall_64+0xf3/0x230 [ 228.427237][ T7099] ? clear_bhb_loop+0x35/0x90 [ 228.431932][ T7099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.437841][ T7099] RIP: 0033:0x7fa8e3b79e79 [ 228.442363][ T7099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.461986][ T7099] RSP: 002b:00007fa8e499f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.470421][ T7099] RAX: ffffffffffffffda RBX: 00007fa8e3d15f80 RCX: 00007fa8e3b79e79 [ 228.478408][ T7099] RDX: 0000000000000000 RSI: 0000000020000c00 RDI: 0000000000000003 [ 228.486392][ T7099] RBP: 00007fa8e499f090 R08: 0000000000000000 R09: 0000000000000000 [ 228.494377][ T7099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.502361][ T7099] R13: 0000000000000000 R14: 00007fa8e3d15f80 R15: 00007ffcf07e0718 [ 228.510364][ T7099] [ 229.551906][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.590235][ T7107] netlink: 'syz.2.421': attribute type 21 has an invalid length. [ 229.598257][ T7107] netlink: 'syz.2.421': attribute type 20 has an invalid length. [ 229.990459][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.993084][ T7118] FAULT_INJECTION: forcing a failure. [ 229.993084][ T7118] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 230.097805][ T7120] netlink: 12 bytes leftover after parsing attributes in process `syz.2.425'. [ 230.695871][ T7118] CPU: 1 UID: 0 PID: 7118 Comm: syz.0.424 Not tainted 6.11.0-rc5-syzkaller #0 [ 230.704849][ T7118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 230.714897][ T7118] Call Trace: [ 230.718167][ T7118] [ 230.721083][ T7118] dump_stack_lvl+0x241/0x360 [ 230.725749][ T7118] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.730931][ T7118] ? __pfx__printk+0x10/0x10 [ 230.735532][ T7118] should_fail_ex+0x3b0/0x4e0 [ 230.740196][ T7118] _copy_from_user+0x2f/0xe0 [ 230.744788][ T7118] move_addr_to_kernel+0x82/0x150 [ 230.749819][ T7118] copy_msghdr_from_user+0x43e/0x680 [ 230.755122][ T7118] ? _parse_integer_limit+0x1b5/0x200 [ 230.760510][ T7118] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 230.766355][ T7118] __sys_sendmmsg+0x374/0x740 [ 230.771063][ T7118] ? __pfx___sys_sendmmsg+0x10/0x10 [ 230.776315][ T7118] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 230.782367][ T7118] ? ksys_write+0x23e/0x2c0 [ 230.786879][ T7118] ? __pfx_lock_release+0x10/0x10 [ 230.791896][ T7118] ? vfs_write+0x7c4/0xc90 [ 230.796313][ T7118] ? __mutex_unlock_slowpath+0x21d/0x750 [ 230.801958][ T7118] ? __pfx_vfs_write+0x10/0x10 [ 230.806735][ T7118] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 230.812738][ T7118] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 230.819081][ T7118] ? do_syscall_64+0x100/0x230 [ 230.823855][ T7118] __x64_sys_sendmmsg+0xa0/0xb0 [ 230.828703][ T7118] do_syscall_64+0xf3/0x230 [ 230.833218][ T7118] ? clear_bhb_loop+0x35/0x90 [ 230.837903][ T7118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.843797][ T7118] RIP: 0033:0x7fa8e3b79e79 [ 230.848209][ T7118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.867811][ T7118] RSP: 002b:00007fa8e499f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 230.876220][ T7118] RAX: ffffffffffffffda RBX: 00007fa8e3d15f80 RCX: 00007fa8e3b79e79 [ 230.884182][ T7118] RDX: 0000000000000001 RSI: 0000000020002c00 RDI: 0000000000000003 [ 230.892148][ T7118] RBP: 00007fa8e499f090 R08: 0000000000000000 R09: 0000000000000000 [ 230.900110][ T7118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.908071][ T7118] R13: 0000000000000000 R14: 00007fa8e3d15f80 R15: 00007ffcf07e0718 [ 230.916043][ T7118] [ 231.118937][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.134128][ T7125] FAULT_INJECTION: forcing a failure. [ 231.134128][ T7125] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 231.183903][ T7125] CPU: 1 UID: 0 PID: 7125 Comm: syz.3.427 Not tainted 6.11.0-rc5-syzkaller #0 [ 231.192792][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 231.202839][ T7125] Call Trace: [ 231.206110][ T7125] [ 231.209119][ T7125] dump_stack_lvl+0x241/0x360 [ 231.213792][ T7125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.218981][ T7125] ? __pfx__printk+0x10/0x10 [ 231.223568][ T7125] ? __pfx_lock_release+0x10/0x10 [ 231.228599][ T7125] should_fail_ex+0x3b0/0x4e0 [ 231.233274][ T7125] _copy_from_user+0x2f/0xe0 [ 231.237862][ T7125] copy_msghdr_from_user+0xae/0x680 [ 231.243071][ T7125] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 231.248884][ T7125] __sys_sendmsg+0x23d/0x3a0 [ 231.253474][ T7125] ? __pfx___sys_sendmsg+0x10/0x10 [ 231.258575][ T7125] ? vfs_write+0x7c4/0xc90 [ 231.263013][ T7125] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 231.269342][ T7125] ? do_syscall_64+0x100/0x230 [ 231.274100][ T7125] ? do_syscall_64+0xb6/0x230 [ 231.278768][ T7125] do_syscall_64+0xf3/0x230 [ 231.283260][ T7125] ? clear_bhb_loop+0x35/0x90 [ 231.287934][ T7125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.293820][ T7125] RIP: 0033:0x7f08cdd79e79 [ 231.298227][ T7125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.317823][ T7125] RSP: 002b:00007f08cd7ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.326229][ T7125] RAX: ffffffffffffffda RBX: 00007f08cdf16058 RCX: 00007f08cdd79e79 [ 231.334200][ T7125] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 231.342166][ T7125] RBP: 00007f08cd7ff090 R08: 0000000000000000 R09: 0000000000000000 [ 231.350126][ T7125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.358084][ T7125] R13: 0000000000000000 R14: 00007f08cdf16058 R15: 00007ffdfbe994c8 [ 231.366059][ T7125] [ 231.430897][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.688305][ T7138] kAFS: No cell specified [ 234.569144][ T11] bridge_slave_1: left allmulticast mode [ 234.611762][ T11] bridge_slave_1: left promiscuous mode [ 234.640043][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.713410][ T11] bridge_slave_0: left allmulticast mode [ 234.742439][ T11] bridge_slave_0: left promiscuous mode [ 234.762320][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.948424][ T4608] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 234.959491][ T4608] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 234.969939][ T4608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 235.877569][ T4608] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 235.890446][ T4608] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 235.897932][ T4608] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 238.009528][ T4608] Bluetooth: hci4: command tx timeout [ 238.161348][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.186089][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.221915][ T11] bond0 (unregistering): Released all slaves [ 238.239671][ T7170] vivid-000: disconnect [ 238.405499][ T7167] netlink: 'syz.0.435': attribute type 21 has an invalid length. [ 238.413403][ T7167] netlink: 'syz.0.435': attribute type 20 has an invalid length. [ 238.658046][ T7164] vivid-000: reconnect [ 239.396732][ T29] audit: type=1326 audit(1724654675.830:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7181 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 239.835825][ T29] audit: type=1326 audit(1724654675.830:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7181 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 239.908375][ T29] audit: type=1326 audit(1724654676.090:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7181 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 239.941984][ T11] hsr_slave_0: left promiscuous mode [ 240.742762][ T7208] afs: Unknown parameter 'floc' [ 240.760129][ T4608] Bluetooth: hci4: command tx timeout [ 240.811969][ T11] hsr_slave_1: left promiscuous mode [ 240.847213][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.899256][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.996961][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.029520][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.796939][ T5218] Bluetooth: hci4: command tx timeout [ 245.196955][ T4608] Bluetooth: hci4: command tx timeout [ 245.727014][ T11] veth1_macvtap: left promiscuous mode [ 245.732599][ T11] veth0_macvtap: left promiscuous mode [ 245.796279][ T11] veth1_vlan: left promiscuous mode [ 245.802336][ T11] veth0_vlan: left promiscuous mode [ 246.550684][ T11] team0 (unregistering): Port device team_slave_1 removed [ 246.598897][ T11] team0 (unregistering): Port device team_slave_0 removed [ 247.450184][ T7215] netlink: 28 bytes leftover after parsing attributes in process `syz.0.442'. [ 247.476110][ T7215] netlink: 28 bytes leftover after parsing attributes in process `syz.0.442'. [ 247.522829][ T7221] macvlan2: entered allmulticast mode [ 249.897222][ T7247] netlink: 'syz.2.447': attribute type 21 has an invalid length. [ 249.904993][ T7247] netlink: 'syz.2.447': attribute type 20 has an invalid length. [ 250.918755][ T29] audit: type=1326 audit(1724654687.180:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7251 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fece1379e79 code=0x7fc00000 [ 251.340640][ T29] audit: type=1326 audit(1724654687.180:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7251 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fece1379e79 code=0x7fc00000 [ 251.403543][ T29] audit: type=1326 audit(1724654687.630:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7251 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fece1379e79 code=0x7fc00000 [ 252.334372][ T7148] chnl_net:caif_netlink_parms(): no params data found [ 252.370114][ T7276] afs: Unknown parameter 'floc' [ 254.696117][ T7272] vivid-003: disconnect [ 254.731699][ T7291] FAULT_INJECTION: forcing a failure. [ 254.731699][ T7291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.753386][ T7291] CPU: 0 UID: 0 PID: 7291 Comm: syz.3.457 Not tainted 6.11.0-rc5-syzkaller #0 [ 254.762281][ T7291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 254.772365][ T7291] Call Trace: [ 254.775704][ T7291] [ 254.778660][ T7291] dump_stack_lvl+0x241/0x360 [ 254.783370][ T7291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.788597][ T7291] ? __pfx__printk+0x10/0x10 [ 254.793232][ T7291] ? snprintf+0xda/0x120 [ 254.797506][ T7291] should_fail_ex+0x3b0/0x4e0 [ 254.802216][ T7291] _copy_to_user+0x2f/0xb0 [ 254.806660][ T7291] simple_read_from_buffer+0xca/0x150 [ 254.812116][ T7291] proc_fail_nth_read+0x1ec/0x260 [ 254.817138][ T7291] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 254.822681][ T7291] ? rw_verify_area+0x52a/0x6b0 [ 254.827536][ T7291] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 254.833090][ T7291] vfs_read+0x204/0xbc0 [ 254.837232][ T7291] ? __pfx_lock_release+0x10/0x10 [ 254.842245][ T7291] ? __pfx_vfs_read+0x10/0x10 [ 254.846921][ T7291] ? __fget_files+0x29/0x470 [ 254.851529][ T7291] ? __fget_files+0x3f6/0x470 [ 254.856240][ T7291] ksys_read+0x1a0/0x2c0 [ 254.860508][ T7291] ? __pfx_ksys_read+0x10/0x10 [ 254.865278][ T7291] ? do_syscall_64+0x100/0x230 [ 254.870036][ T7291] ? do_syscall_64+0xb6/0x230 [ 254.874695][ T7291] do_syscall_64+0xf3/0x230 [ 254.879182][ T7291] ? clear_bhb_loop+0x35/0x90 [ 254.883877][ T7291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.889777][ T7291] RIP: 0033:0x7f08cdd788bc [ 254.894177][ T7291] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 254.913773][ T7291] RSP: 002b:00007f08cd7ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 254.922189][ T7291] RAX: ffffffffffffffda RBX: 00007f08cdf16058 RCX: 00007f08cdd788bc [ 254.930149][ T7291] RDX: 000000000000000f RSI: 00007f08cd7ff0a0 RDI: 0000000000000009 [ 254.938106][ T7291] RBP: 00007f08cd7ff090 R08: 0000000000000000 R09: 0000000000000000 [ 254.946066][ T7291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.954026][ T7291] R13: 0000000000000000 R14: 00007f08cdf16058 R15: 00007ffdfbe994c8 [ 254.962002][ T7291] [ 254.991620][ T7148] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.015406][ T7148] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.024952][ T7271] vivid-003: reconnect [ 255.036199][ T7148] bridge_slave_0: entered allmulticast mode [ 255.043746][ T7148] bridge_slave_0: entered promiscuous mode [ 255.087049][ T7148] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.094313][ T7148] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.138306][ T7148] bridge_slave_1: entered allmulticast mode [ 255.145627][ T7148] bridge_slave_1: entered promiscuous mode [ 255.350381][ T7148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 255.390188][ T7148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 255.536196][ T5217] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 255.565264][ T7148] team0: Port device team_slave_0 added [ 255.598966][ T7148] team0: Port device team_slave_1 added [ 255.713012][ T7148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 255.729427][ T5217] usb 2-1: Using ep0 maxpacket: 8 [ 255.738316][ T7148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.774647][ T5217] usb 2-1: unable to get BOS descriptor or descriptor too short [ 255.785543][ T7148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 255.797966][ T5217] usb 2-1: config 8 has an invalid interface number: 255 but max is 0 [ 255.806905][ T5217] usb 2-1: config 8 has no interface number 0 [ 255.813433][ T5217] usb 2-1: config 8 interface 255 has no altsetting 0 [ 255.825004][ T7306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.459'. [ 255.846683][ T5217] usb 2-1: string descriptor 0 read error: -22 [ 255.853037][ T5217] usb 2-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 255.863829][ T7306] macvlan2: entered allmulticast mode [ 255.881876][ T5217] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.909313][ T7148] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 255.933910][ T7148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.008363][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.014975][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.042652][ T7148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.397019][ T7148] hsr_slave_0: entered promiscuous mode [ 256.510432][ T7148] hsr_slave_1: entered promiscuous mode [ 256.536210][ T7148] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 256.554993][ T7148] Cannot create hsr debugfs directory [ 257.991245][ T29] audit: type=1326 audit(1724654694.380:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fece1379e79 code=0x7fc00000 [ 258.495979][ T5217] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.1-1, 00:00:00:00:00:00. [ 258.496498][ T7328] netlink: 'syz.0.462': attribute type 21 has an invalid length. [ 258.513216][ T7328] netlink: 'syz.0.462': attribute type 20 has an invalid length. [ 258.603627][ T29] audit: type=1326 audit(1724654694.420:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fece1379e79 code=0x7fc00000 [ 258.628591][ T29] audit: type=1326 audit(1724654694.480:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.0.462" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8e3b79e79 code=0x0 [ 258.649632][ T29] audit: type=1326 audit(1724654694.540:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fece1379e79 code=0x7fc00000 [ 259.515705][ T5217] usb 2-1: USB disconnect, device number 9 [ 259.847157][ T7348] afs: Unknown parameter 'floc' [ 265.523200][ T7340] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 265.537016][ T7352] ttyS ttyS3: ldisc open failed (-12), clearing slot 3 [ 267.740630][ T29] audit: type=1326 audit(1724654704.140:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7379 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 268.038577][ T29] audit: type=1326 audit(1724654704.180:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7379 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 268.064112][ T29] audit: type=1326 audit(1724654704.450:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7379 comm="syz.1.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 269.220195][ T29] audit: type=1326 audit(1724654705.660:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7389 comm="syz.1.476" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x0 [ 269.663975][ T7390] pim6reg: entered allmulticast mode [ 269.687082][ T7392] pim6reg: left allmulticast mode [ 273.222594][ T7148] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 273.372905][ T7148] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 273.409606][ T7148] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 273.489602][ T7148] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 273.683614][ T7421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.480'. [ 273.697345][ T7421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.480'. [ 274.036374][ T7427] vivid-002: disconnect [ 274.232261][ T7148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.255636][ T7420] vivid-002: reconnect [ 274.382050][ T7148] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.433015][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.440215][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.419028][ T7437] vivid-002: disconnect [ 276.660243][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.667460][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.131252][ T7451] netlink: 12 bytes leftover after parsing attributes in process `syz.2.487'. [ 280.785284][ T29] audit: type=1326 audit(1724654717.220:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7445 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 281.158369][ T7437] vivid-002: reconnect [ 281.250231][ T29] audit: type=1326 audit(1724654717.220:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7445 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 281.349780][ T29] audit: type=1326 audit(1724654717.420:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7445 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 282.318567][ T7473] FAULT_INJECTION: forcing a failure. [ 282.318567][ T7473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.358153][ T7473] CPU: 0 UID: 0 PID: 7473 Comm: syz.0.492 Not tainted 6.11.0-rc5-syzkaller #0 [ 282.367064][ T7473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 282.377140][ T7473] Call Trace: [ 282.380440][ T7473] [ 282.383391][ T7473] dump_stack_lvl+0x241/0x360 [ 282.388095][ T7473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.393325][ T7473] ? __pfx__printk+0x10/0x10 [ 282.397950][ T7473] should_fail_ex+0x3b0/0x4e0 [ 282.402644][ T7473] _copy_from_user+0x2f/0xe0 [ 282.407240][ T7473] move_addr_to_kernel+0x82/0x150 [ 282.412261][ T7473] copy_msghdr_from_user+0x43e/0x680 [ 282.417560][ T7473] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 282.423393][ T7473] __sys_sendmsg+0x23d/0x3a0 [ 282.427981][ T7473] ? __pfx___sys_sendmsg+0x10/0x10 [ 282.433089][ T7473] ? vfs_write+0x7c4/0xc90 [ 282.437532][ T7473] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 282.443853][ T7473] ? do_syscall_64+0x100/0x230 [ 282.448636][ T7473] ? do_syscall_64+0xb6/0x230 [ 282.453303][ T7473] do_syscall_64+0xf3/0x230 [ 282.457795][ T7473] ? clear_bhb_loop+0x35/0x90 [ 282.462465][ T7473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.468352][ T7473] RIP: 0033:0x7fa8e3b79e79 [ 282.472760][ T7473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.492354][ T7473] RSP: 002b:00007fa8e499f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.501021][ T7473] RAX: ffffffffffffffda RBX: 00007fa8e3d15f80 RCX: 00007fa8e3b79e79 [ 282.508982][ T7473] RDX: 0000000020000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 282.517029][ T7473] RBP: 00007fa8e499f090 R08: 0000000000000000 R09: 0000000000000000 [ 282.525007][ T7473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.532976][ T7473] R13: 0000000000000000 R14: 00007fa8e3d15f80 R15: 00007ffcf07e0718 [ 282.540957][ T7473] [ 283.165761][ T7470] qrtr: Invalid version 48 [ 283.248706][ T7148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.330749][ T7477] vivid-000: disconnect [ 283.380745][ T7475] vivid-000: reconnect [ 283.762129][ T7493] program syz.3.496 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 283.984322][ T7491] vivid-001: disconnect [ 284.047762][ T7489] vivid-001: reconnect [ 284.432937][ T7512] netlink: 'syz.3.498': attribute type 21 has an invalid length. [ 284.440898][ T7512] netlink: 'syz.3.498': attribute type 20 has an invalid length. [ 284.464421][ T29] audit: type=1326 audit(1724654720.900:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7505 comm="syz.3.498" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08cdd79e79 code=0x0 [ 285.226811][ T7516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.499'. [ 285.404620][ T7148] veth0_vlan: entered promiscuous mode [ 285.450406][ T7148] veth1_vlan: entered promiscuous mode [ 285.559707][ T5268] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 285.571679][ T7148] veth0_macvtap: entered promiscuous mode [ 285.600245][ T7148] veth1_macvtap: entered promiscuous mode [ 285.606167][ T1169] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 285.652002][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.676449][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.696787][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.721140][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.733904][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.754842][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.776923][ T5268] usb 4-1: Using ep0 maxpacket: 32 [ 285.786055][ T5268] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.801726][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.818237][ T5268] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.838961][ T1169] usb 1-1: Using ep0 maxpacket: 32 [ 285.844258][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.855599][ T5268] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 285.867052][ T1169] usb 1-1: config 33 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 183, changing to 7 [ 285.879954][ T7148] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 285.891313][ T5268] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.900428][ T1169] usb 1-1: config 33 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 59294, setting to 1024 [ 285.915704][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.928137][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.940459][ T5268] usb 4-1: config 0 descriptor?? [ 285.961729][ T1169] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 285.978210][ T1169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.989294][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.004176][ T1169] usb 1-1: Product: syz [ 286.008946][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.020698][ T1169] usb 1-1: Manufacturer: syz [ 286.025451][ T1169] usb 1-1: SerialNumber: syz [ 286.035993][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.086070][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.138695][ T7148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.189271][ T7148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.221955][ T7148] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 286.254160][ T7148] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.298065][ T7148] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.328173][ T7148] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.345642][ T58] usb 1-1: USB disconnect, device number 15 [ 286.596434][ T7148] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.703950][ T7544] fuse: Unknown parameter 'grouð¶¸?i._«Í^¯ìp_id' [ 287.012408][ T29] audit: type=1326 audit(1724654723.430:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7538 comm="syz.1.502" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x0 [ 288.447284][ T7543] netlink: 'syz.1.502': attribute type 21 has an invalid length. [ 288.455142][ T7543] netlink: 'syz.1.502': attribute type 20 has an invalid length. [ 288.687892][ T5268] waltop 0003:172F:0501.0005: item fetching failed at offset 2/5 [ 288.717528][ T5268] waltop 0003:172F:0501.0005: probe with driver waltop failed with error -22 [ 288.785117][ T7552] loop0: detected capacity change from 0 to 7 [ 288.795286][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.828065][ T4669] Dev loop0: unable to read RDB block 7 [ 288.836152][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.847914][ T4669] loop0: AHDI p3 [ 288.860627][ T4669] loop0: partition table partially beyond EOD, truncated [ 288.928346][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.968240][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.074565][ T7552] Dev loop0: unable to read RDB block 7 [ 289.106057][ T7552] loop0: AHDI p3 [ 289.109839][ T7552] loop0: partition table partially beyond EOD, truncated [ 289.202204][ T7558] netlink: 'syz.0.504': attribute type 21 has an invalid length. [ 289.210179][ T7558] netlink: 'syz.0.504': attribute type 20 has an invalid length. [ 289.374253][ T29] audit: type=1326 audit(1724654725.670:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7554 comm="syz.0.504" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8e3b79e79 code=0x0 [ 289.553954][ T4669] Dev loop0: unable to read RDB block 7 [ 289.886077][ T4669] loop0: AHDI p3 [ 289.911517][ T4669] loop0: partition table partially beyond EOD, truncated [ 290.021204][ T5217] usb 4-1: USB disconnect, device number 16 [ 290.416355][ T58] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 290.623158][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.641279][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.652467][ T58] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 290.662040][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.676785][ T58] usb 1-1: config 0 descriptor?? [ 290.693722][ T58] usbhid 1-1:0.0: can't add hid device: -22 [ 290.704077][ T58] usbhid 1-1:0.0: probe with driver usbhid failed with error -22 [ 290.742162][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.815277][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.930661][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.017821][ T7589] program syz.2.508 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 291.067596][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.188942][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 291.322134][ T58] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 291.416475][ T5218] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 291.435246][ T5218] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 291.445802][ T35] bridge_slave_1: left allmulticast mode [ 291.455517][ T5218] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 291.466039][ T5218] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 291.467219][ T35] bridge_slave_1: left promiscuous mode [ 291.479808][ T5218] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 291.487045][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 291.493669][ T5218] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 291.498227][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.522903][ T9] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 291.532781][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.543201][ T9] usb 2-1: Product: syz [ 291.566092][ T58] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.582983][ T9] usb 2-1: Manufacturer: syz [ 291.589236][ T58] usb 4-1: config 0 has no interfaces? [ 291.595457][ T58] usb 4-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 291.595774][ T35] bridge_slave_0: left allmulticast mode [ 291.604885][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.632809][ T9] usb 2-1: SerialNumber: syz [ 291.644066][ T58] usb 4-1: config 0 descriptor?? [ 291.655252][ T35] bridge_slave_0: left promiscuous mode [ 291.675150][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.712695][ T9] usb 2-1: config 0 descriptor?? [ 291.961644][ T7587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.982094][ T7587] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.036339][ T9] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 292.072326][ T9] usb 2-1: USB disconnect, device number 10 [ 292.120517][ T7593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.134258][ T7593] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.377014][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 292.389870][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 292.405383][ T35] bond0 (unregistering): Released all slaves [ 292.966430][ T5217] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 293.136338][ T5217] usb 3-1: device descriptor read/64, error -71 [ 293.167878][ T5265] usb 1-1: USB disconnect, device number 16 [ 293.241188][ T35] hsr_slave_0: left promiscuous mode [ 293.263785][ T35] hsr_slave_1: left promiscuous mode [ 293.297691][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.316190][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.349365][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.384893][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.416995][ T5217] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 293.452035][ T35] veth1_macvtap: left promiscuous mode [ 293.457877][ T35] veth0_macvtap: left promiscuous mode [ 293.463712][ T35] veth1_vlan: left promiscuous mode [ 293.477219][ T35] veth0_vlan: left promiscuous mode [ 293.587783][ T5217] usb 3-1: device descriptor read/64, error -71 [ 293.594133][ T5218] Bluetooth: hci4: command tx timeout [ 293.706438][ T5217] usb usb3-port1: attempt power cycle [ 293.917941][ T5265] usb 4-1: USB disconnect, device number 17 [ 294.126157][ T5217] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 294.177698][ T5217] usb 3-1: device descriptor read/8, error -71 [ 294.897328][ T5217] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 294.973143][ T5217] usb 3-1: device descriptor read/8, error -71 [ 294.982915][ T5265] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 295.120872][ T5217] usb usb3-port1: unable to enumerate USB device [ 295.161435][ T35] team0 (unregistering): Port device team_slave_1 removed [ 295.238918][ T35] team0 (unregistering): Port device team_slave_0 removed [ 295.247422][ T5265] usb 4-1: Using ep0 maxpacket: 16 [ 295.263601][ T5265] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 295.296043][ T5265] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.317404][ T5265] usb 4-1: Product: syz [ 295.321605][ T5265] usb 4-1: Manufacturer: syz [ 295.333062][ T5265] usb 4-1: SerialNumber: syz [ 295.381930][ T5265] r8152-cfgselector 4-1: Unknown version 0x0000 [ 295.394040][ T5265] r8152-cfgselector 4-1: config 0 descriptor?? [ 295.633406][ T5265] r8152-cfgselector 4-1: Unknown version 0x0000 [ 295.648027][ T5265] r8152-cfgselector 4-1: bad CDC descriptors [ 295.668075][ T5218] Bluetooth: hci4: command tx timeout [ 295.769958][ T7646] loop0: detected capacity change from 0 to 7 [ 295.779288][ T7646] Dev loop0: unable to read RDB block 7 [ 295.784901][ T7646] loop0: AHDI p3 [ 295.809755][ T7646] loop0: partition table partially beyond EOD, truncated [ 296.106673][ T7650] program syz.2.520 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 296.175908][ T7623] netlink: 'syz.1.514': attribute type 5 has an invalid length. [ 296.363228][ T7596] chnl_net:caif_netlink_parms(): no params data found [ 297.299179][ T25] r8152-cfgselector 4-1: USB disconnect, device number 18 [ 297.460822][ T7596] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.487978][ T7596] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.574194][ T7674] netlink: 12 bytes leftover after parsing attributes in process `syz.1.523'. [ 297.597300][ T7677] netlink: 'syz.3.524': attribute type 4 has an invalid length. [ 297.605301][ T7677] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.524'. [ 297.747306][ T5218] Bluetooth: hci4: command tx timeout [ 298.336658][ T7596] bridge_slave_0: entered allmulticast mode [ 298.343435][ T7596] bridge_slave_0: entered promiscuous mode [ 298.407851][ T7596] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.461467][ T7596] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.502978][ T7596] bridge_slave_1: entered allmulticast mode [ 298.524753][ T7596] bridge_slave_1: entered promiscuous mode [ 298.546411][ T7686] syz.1.525 (7686): attempted to duplicate a private mapping with mremap. This is not supported. [ 298.621496][ T7686] FAULT_INJECTION: forcing a failure. [ 298.621496][ T7686] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 298.673062][ T7686] CPU: 0 UID: 0 PID: 7686 Comm: syz.1.525 Not tainted 6.11.0-rc5-syzkaller #0 [ 298.681967][ T7686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 298.692034][ T7686] Call Trace: [ 298.695302][ T7686] [ 298.698223][ T7686] dump_stack_lvl+0x241/0x360 [ 298.702889][ T7686] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.708079][ T7686] ? __pfx__printk+0x10/0x10 [ 298.712673][ T7686] should_fail_ex+0x3b0/0x4e0 [ 298.717344][ T7686] prepare_alloc_pages+0x1da/0x5d0 [ 298.722460][ T7686] __alloc_pages_noprof+0x166/0x6c0 [ 298.727648][ T7686] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 298.733379][ T7686] ? __pfx_validate_chain+0x10/0x10 [ 298.738583][ T7686] alloc_pages_mpol_noprof+0x3e8/0x680 [ 298.744033][ T7686] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 298.750040][ T7686] vma_alloc_folio_noprof+0x12e/0x230 [ 298.755402][ T7686] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 298.761307][ T7686] folio_prealloc+0x31/0x170 [ 298.765981][ T7686] handle_pte_fault+0x255e/0x6fc0 [ 298.771038][ T7686] ? __pfx_lock_acquire+0x10/0x10 [ 298.776065][ T7686] ? __pfx_handle_pte_fault+0x10/0x10 [ 298.781451][ T7686] ? follow_page_pte+0x29a/0x1ee0 [ 298.786479][ T7686] ? follow_page_pte+0x83f/0x1ee0 [ 298.791487][ T7686] ? __pfx_lock_release+0x10/0x10 [ 298.796520][ T7686] ? count_memcg_event_mm+0x3c2/0x420 [ 298.801883][ T7686] ? do_raw_spin_unlock+0x13c/0x8b0 [ 298.807066][ T7686] ? folio_mark_accessed+0x6f6/0x11b0 [ 298.812466][ T7686] handle_mm_fault+0xf70/0x1880 [ 298.817329][ T7686] ? __pfx_handle_mm_fault+0x10/0x10 [ 298.822622][ T7686] ? __pfx_find_vma+0x10/0x10 [ 298.827298][ T7686] ? vma_is_secretmem+0xd/0x50 [ 298.832059][ T7686] ? check_vma_flags+0x531/0x5a0 [ 298.836988][ T7686] __get_user_pages+0x6ec/0x16a0 [ 298.841923][ T7686] ? __pfx___get_user_pages+0x10/0x10 [ 298.847328][ T7686] __gup_longterm_locked+0xed7/0x17d0 [ 298.852695][ T7686] ? sanity_check_pinned_pages+0x12bb/0x13c0 [ 298.858849][ T7686] gup_fast_fallback+0x2742/0x2b50 [ 298.863969][ T7686] ? __pfx_gup_fast_fallback+0x10/0x10 [ 298.869413][ T7686] ? __sys_getsockopt+0x271/0x330 [ 298.874425][ T7686] ? do_syscall_64+0xf3/0x230 [ 298.879086][ T7686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.885151][ T7686] ? is_valid_gup_args+0x124/0x200 [ 298.890246][ T7686] pin_user_pages_fast+0xcc/0x160 [ 298.895261][ T7686] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 298.900882][ T7686] ? rds_info_getsockopt+0x20c/0x600 [ 298.906167][ T7686] ? rds_info_getsockopt+0x20c/0x600 [ 298.911473][ T7686] ? rds_info_getsockopt+0x20c/0x600 [ 298.916783][ T7686] ? __kmalloc_noprof+0x21a/0x400 [ 298.921843][ T7686] rds_info_getsockopt+0x22e/0x600 [ 298.926976][ T7686] ? __might_fault+0xaa/0x120 [ 298.931671][ T7686] ? __pfx_lock_release+0x10/0x10 [ 298.936718][ T7686] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 298.942376][ T7686] ? __might_fault+0xc6/0x120 [ 298.947073][ T7686] ? rds_getsockopt+0x2e1/0x530 [ 298.951938][ T7686] ? __pfx_rds_getsockopt+0x10/0x10 [ 298.957151][ T7686] do_sock_getsockopt+0x373/0x850 [ 298.962202][ T7686] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 298.967767][ T7686] ? __fget_files+0x3f6/0x470 [ 298.972481][ T7686] __sys_getsockopt+0x271/0x330 [ 298.977354][ T7686] ? __pfx___sys_getsockopt+0x10/0x10 [ 298.982832][ T7686] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 298.989183][ T7686] ? do_syscall_64+0x100/0x230 [ 298.993968][ T7686] __x64_sys_getsockopt+0xb5/0xd0 [ 298.999024][ T7686] do_syscall_64+0xf3/0x230 [ 299.003640][ T7686] ? clear_bhb_loop+0x35/0x90 [ 299.008353][ T7686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.014270][ T7686] RIP: 0033:0x7efedfd79e79 [ 299.018701][ T7686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.038501][ T7686] RSP: 002b:00007efee0b4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 299.046939][ T7686] RAX: ffffffffffffffda RBX: 00007efedff15f80 RCX: 00007efedfd79e79 [ 299.055053][ T7686] RDX: 0000000000002716 RSI: 0000200000000114 RDI: 0000000000000003 [ 299.063041][ T7686] RBP: 00007efee0b4e090 R08: 0000000020000000 R09: 0000000000000000 [ 299.071029][ T7686] R10: 0000000020000580 R11: 0000000000000246 R12: 0000000000000001 [ 299.079014][ T7686] R13: 0000000000000000 R14: 00007efedff15f80 R15: 00007ffd50bacbc8 [ 299.087115][ T7686] [ 299.164817][ T7689] process 'syz.3.526' launched './file1' with NULL argv: empty string added [ 299.167617][ T7596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.212318][ T7596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.375444][ T7596] team0: Port device team_slave_0 added [ 299.415214][ T7596] team0: Port device team_slave_1 added [ 299.436135][ T25] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 299.586175][ T25] usb 1-1: device descriptor read/64, error -71 [ 299.614935][ T7596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.676272][ T7596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.830970][ T5218] Bluetooth: hci4: command tx timeout [ 299.922573][ T29] audit: type=1326 audit(1724654736.340:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 300.471131][ T7596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 300.505249][ T29] audit: type=1326 audit(1724654736.350:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 300.538115][ T29] audit: type=1326 audit(1724654736.820:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 300.741449][ T25] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 301.654372][ T29] audit: type=1326 audit(1724654736.820:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 301.677716][ T7596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.684663][ T7596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.771153][ T25] usb 1-1: device descriptor read/64, error -71 [ 301.933936][ T29] audit: type=1326 audit(1724654736.820:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 301.961701][ T7596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.973215][ T29] audit: type=1326 audit(1724654736.820:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 302.076380][ T25] usb usb1-port1: attempt power cycle [ 302.127237][ T29] audit: type=1326 audit(1724654736.820:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 302.165596][ T29] audit: type=1326 audit(1724654736.820:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 302.245364][ T29] audit: type=1326 audit(1724654736.820:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 302.284731][ T29] audit: type=1326 audit(1724654736.820:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7696 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 302.406607][ T7734] Bluetooth: MGMT ver 1.23 [ 302.417144][ T7734] ======================================================= [ 302.417144][ T7734] WARNING: The mand mount option has been deprecated and [ 302.417144][ T7734] and is ignored by this kernel. Remove the mand [ 302.417144][ T7734] option from the mount to silence this warning. [ 302.417144][ T7734] ======================================================= [ 302.654590][ T7596] hsr_slave_0: entered promiscuous mode [ 302.695611][ T7596] hsr_slave_1: entered promiscuous mode [ 302.775499][ T7596] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 302.803777][ T7596] Cannot create hsr debugfs directory [ 304.181133][ T7596] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 304.200056][ T7596] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 304.230289][ T7763] macvlan3: entered allmulticast mode [ 304.240282][ T7596] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 304.266591][ T7596] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 304.557256][ T7596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.650132][ T7596] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.707485][ T2971] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.708171][ T4608] Bluetooth: hci0: command 0x0406 tx timeout [ 304.714646][ T2971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.721734][ T5218] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 304.919382][ T2971] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.926595][ T2971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.992903][ T5218] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 305.365524][ T7596] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 305.558054][ T7805] overlay: Bad value for 'index' [ 305.699315][ T7809] netlink: 'syz.1.547': attribute type 27 has an invalid length. [ 305.707225][ T7809] netlink: 'syz.1.547': attribute type 3 has an invalid length. [ 305.714916][ T7809] netlink: 132 bytes leftover after parsing attributes in process `syz.1.547'. [ 306.263605][ T29] audit: type=1326 audit(1724654742.170:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.305595][ T29] audit: type=1326 audit(1724654742.170:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.342212][ T7805] input: syz1 as /devices/virtual/input/input16 [ 306.352828][ T29] audit: type=1326 audit(1724654742.170:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.417001][ T29] audit: type=1326 audit(1724654742.170:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.542076][ T29] audit: type=1326 audit(1724654742.170:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.624414][ T29] audit: type=1326 audit(1724654742.170:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.736571][ T29] audit: type=1326 audit(1724654742.170:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.797986][ T7829] block nbd1: NBD_DISCONNECT [ 306.846118][ T29] audit: type=1326 audit(1724654742.170:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 306.892802][ T29] audit: type=1326 audit(1724654742.170:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 307.795628][ T29] audit: type=1326 audit(1724654742.170:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7801 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7ffc0000 [ 307.994996][ T7596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.326589][ T1169] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 309.548526][ T1169] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 309.584300][ T1169] usb 4-1: config 0 has no interfaces? [ 309.610815][ T1169] usb 4-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 309.649223][ T7596] veth0_vlan: entered promiscuous mode [ 309.676325][ T1169] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.713497][ T7596] veth1_vlan: entered promiscuous mode [ 309.714122][ T1169] usb 4-1: config 0 descriptor?? [ 309.888281][ T7596] veth0_macvtap: entered promiscuous mode [ 309.920167][ T7596] veth1_macvtap: entered promiscuous mode [ 310.017614][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.053114][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.107061][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.115293][ T1169] usb 4-1: USB disconnect, device number 19 [ 310.142260][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.168933][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.226141][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.266001][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.309325][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.353769][ T7596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.389408][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.418619][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.462647][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.480525][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.494236][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.516519][ T4608] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 310.524042][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.561606][ T7596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.575014][ T7596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.603742][ T7596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.693552][ T7596] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.721112][ T7596] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.732680][ T7596] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.743535][ T7596] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.187803][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.206538][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.587207][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.595056][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.116045][ T5265] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 312.326809][ T5265] usb 4-1: Using ep0 maxpacket: 32 [ 312.344505][ T5265] usb 4-1: config 1 interface 0 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16 [ 312.369866][ T5265] usb 4-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 312.418390][ T5265] usb 4-1: config 1 interface 0 has no altsetting 0 [ 312.453453][ T5265] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 312.483101][ T5265] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.516986][ T5265] usb 4-1: Product: syz [ 312.521193][ T5265] usb 4-1: Manufacturer: syz [ 312.618330][ T5265] usb 4-1: SerialNumber: syz [ 313.258818][ T7912] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 313.270493][ T7912] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 313.481706][ T7912] netlink: 'syz.3.562': attribute type 4 has an invalid length. [ 313.583805][ T7917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 313.744879][ T7917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 313.807564][ T7912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.062036][ T7912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.093246][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 314.093285][ T29] audit: type=1326 audit(1724654750.460:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7937 comm="syz.1.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 314.408864][ T6128] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.483075][ T5265] usb 4-1: USB disconnect, device number 20 [ 314.495013][ T29] audit: type=1326 audit(1724654750.470:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7937 comm="syz.1.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 314.522927][ T29] audit: type=1326 audit(1724654750.810:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7937 comm="syz.1.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedfd79e79 code=0x7fc00000 [ 314.642529][ T6128] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.720708][ T6128] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.781655][ T6128] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.895610][ T6128] bridge_slave_1: left allmulticast mode [ 314.912856][ T6128] bridge_slave_1: left promiscuous mode [ 314.922921][ T6128] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.940662][ T6128] bridge_slave_0: left allmulticast mode [ 314.950578][ T6128] bridge_slave_0: left promiscuous mode [ 314.956872][ T6128] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.169197][ T7950] input: syz0 as /devices/virtual/input/input17 [ 315.831311][ T5218] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 315.842233][ T5218] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 315.851573][ T5218] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 315.862263][ T5218] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 315.872389][ T5218] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 315.883171][ T5218] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 316.343958][ T6128] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 316.371264][ T6128] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 316.393961][ T6128] bond0 (unregistering): Released all slaves [ 316.990674][ T7997] sch_tbf: peakrate 6 is lower than or equals to rate 705765376 ! [ 317.417796][ T6128] hsr_slave_0: left promiscuous mode [ 317.441761][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.450147][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.478736][ T8017] ubi1: attaching mtd0 [ 317.490600][ T6128] hsr_slave_1: left promiscuous mode [ 317.565067][ T6128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 317.591334][ T6128] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.667114][ T6128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 317.685547][ T6128] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.768343][ T6128] veth1_macvtap: left promiscuous mode [ 317.774618][ T6128] veth0_macvtap: left promiscuous mode [ 317.806216][ T6128] veth1_vlan: left promiscuous mode [ 317.829754][ T6128] veth0_vlan: left promiscuous mode [ 317.868217][ T8030] netlink: 12 bytes leftover after parsing attributes in process `syz.0.597'. [ 317.986210][ T5218] Bluetooth: hci4: command tx timeout [ 318.122450][ T29] audit: type=1326 audit(1724654754.560:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8024 comm="syz.0.597" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8e3b79e79 code=0x0 [ 318.211797][ T29] audit: type=1804 audit(1724654754.650:166): pid=8032 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.598" name="/newroot/144/bus/file0" dev="overlay" ino=823 res=1 errno=0 [ 320.066302][ T5218] Bluetooth: hci4: command tx timeout [ 320.531376][ T6128] team0 (unregistering): Port device team_slave_1 removed [ 320.633526][ T6128] team0 (unregistering): Port device team_slave_0 removed [ 322.156400][ T5218] Bluetooth: hci4: command tx timeout [ 322.330581][ T7972] chnl_net:caif_netlink_parms(): no params data found [ 427.365867][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 427.372851][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8050/1:b..l [ 427.381152][ C1] rcu: (detected by 1, t=10502 jiffies, g=25769, q=199 ncpus=2) [ 427.388850][ C1] task:dhcpcd-run-hook state:R running task stack:23680 pid:8050 tgid:8050 ppid:4883 flags:0x00000000 [ 427.401461][ C1] Call Trace: [ 427.404733][ C1] [ 427.407654][ C1] __schedule+0x17ae/0x4a10 [ 427.412177][ C1] ? __pfx___schedule+0x10/0x10 [ 427.417105][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 427.423072][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 427.428349][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 427.433445][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 427.439168][ C1] ? mas_preallocate+0xfca/0x1730 [ 427.444182][ C1] ? __split_vma+0x2e5/0xc30 [ 427.448773][ C1] ? do_vmi_align_munmap+0x388/0x18c0 [ 427.454131][ C1] irqentry_exit+0x5e/0x90 [ 427.458537][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 427.464537][ C1] RIP: 0010:__sanitizer_cov_trace_cmp8+0x8/0x90 [ 427.470771][ C1] Code: 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 04 24 <65> 48 8b 0c 25 c0 d6 03 00 65 8b 05 d0 46 70 7e 25 00 01 ff 00 74 [ 427.490369][ C1] RSP: 0018:ffffc9000365f2b8 EFLAGS: 00000246 [ 427.496425][ C1] RAX: ffffffff8ba3f718 RBX: 00007fc9836c4000 RCX: ffff8880207e5a00 [ 427.504378][ C1] RDX: 0000000000000000 RSI: 00007fc9836c4000 RDI: 00007fc983791fff [ 427.512349][ C1] RBP: ffffc9000365f4b0 R08: ffffffff8ba3f750 R09: ffffffff8ba3f552 [ 427.520304][ C1] R10: 0000000000000004 R11: ffff8880207e5a00 R12: 0000000000000001 [ 427.528263][ C1] R13: dffffc0000000000 R14: 1ffff920006cbe84 R15: 00007fc983791fff [ 427.536271][ C1] ? mt_validate+0xd52/0x4aa0 [ 427.540940][ C1] ? mt_validate+0xf50/0x4aa0 [ 427.545598][ C1] ? mt_validate+0xf18/0x4aa0 [ 427.550287][ C1] mt_validate+0xf50/0x4aa0 [ 427.554799][ C1] ? mt_validate+0x1a1/0x4aa0 [ 427.559460][ C1] ? __pfx_mt_validate+0x10/0x10 [ 427.564380][ C1] ? vma_complete+0x543/0xb60 [ 427.569054][ C1] ? __pfx_lock_release+0x10/0x10 [ 427.574077][ C1] ? mas_store_prealloc+0x2db/0x5f0 [ 427.579266][ C1] validate_mm+0xe7/0x530 [ 427.583593][ C1] ? __pfx_validate_mm+0x10/0x10 [ 427.588521][ C1] ? vma_complete+0xaef/0xb60 [ 427.593184][ C1] __split_vma+0xa69/0xc30 [ 427.597582][ C1] ? mark_lock+0x9a/0x350 [ 427.601902][ C1] ? __pfx___split_vma+0x10/0x10 [ 427.606831][ C1] do_vmi_align_munmap+0x388/0x18c0 [ 427.612014][ C1] ? mtree_range_walk+0x6fd/0x8e0 [ 427.617031][ C1] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 427.622647][ C1] ? mtree_range_walk+0x6fd/0x8e0 [ 427.627666][ C1] ? mas_find+0x8c0/0xbb0 [ 427.631988][ C1] do_vmi_munmap+0x261/0x2f0 [ 427.636568][ C1] mmap_region+0x72f/0x2090 [ 427.641074][ C1] ? mark_lock+0x9a/0x350 [ 427.645415][ C1] ? __pfx_mmap_region+0x10/0x10 [ 427.650349][ C1] ? thp_get_unmapped_area_vmflags+0x269/0x380 [ 427.656520][ C1] ? cap_mmap_addr+0x163/0x2c0 [ 427.661275][ C1] ? __get_unmapped_area+0x2f0/0x360 [ 427.666547][ C1] do_mmap+0x8f9/0x1010 [ 427.670693][ C1] ? __pfx_do_mmap+0x10/0x10 [ 427.675351][ C1] ? __pfx_down_write_killable+0x10/0x10 [ 427.680963][ C1] ? __pfx_ima_file_mmap+0x10/0x10 [ 427.686061][ C1] ? security_mmap_file+0x178/0x1a0 [ 427.691247][ C1] vm_mmap_pgoff+0x1dd/0x3d0 [ 427.695922][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 427.701016][ C1] ? __fget_files+0x29/0x470 [ 427.705587][ C1] ? __fget_files+0x3f6/0x470 [ 427.710264][ C1] ksys_mmap_pgoff+0x4f1/0x720 [ 427.715008][ C1] ? __x64_sys_mmap+0x7f/0x140 [ 427.719760][ C1] do_syscall_64+0xf3/0x230 [ 427.724243][ C1] ? clear_bhb_loop+0x35/0x90 [ 427.728904][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.734781][ C1] RIP: 0033:0x7fc9837abb74 [ 427.739185][ C1] RSP: 002b:00007ffd90f32008 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 427.747603][ C1] RAX: ffffffffffffffda RBX: 00007ffd90f32048 RCX: 00007fc9837abb74 [ 427.755557][ C1] RDX: 0000000000000005 RSI: 000000000002c000 RDI: 00007fc983489000 [ 427.763508][ C1] RBP: 00007ffd90f323a0 R08: 0000000000000003 R09: 0000000000002000 [ 427.771550][ C1] R10: 0000000000000812 R11: 0000000000000246 R12: 00007fc983788570 [ 427.779503][ C1] R13: 00007ffd90f32428 R14: 0000000000001fd8 R15: 0000000000000000 [ 427.787495][ C1] [ 427.790523][ C1] rcu: rcu_preempt kthread starved for 10542 jiffies! g25769 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 427.801696][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 427.811661][ C1] rcu: RCU grace-period kthread stack dump: [ 427.817634][ C1] task:rcu_preempt state:R running task stack:25816 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 427.829361][ C1] Call Trace: [ 427.832621][ C1] [ 427.835540][ C1] __schedule+0x17ae/0x4a10 [ 427.840061][ C1] ? __pfx___schedule+0x10/0x10 [ 427.844896][ C1] ? __pfx_lock_release+0x10/0x10 [ 427.849902][ C1] ? __asan_memset+0x23/0x50 [ 427.854474][ C1] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 427.860266][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 427.866579][ C1] ? schedule+0x90/0x320 [ 427.870802][ C1] schedule+0x14b/0x320 [ 427.874940][ C1] schedule_timeout+0x1be/0x310 [ 427.879771][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 427.885123][ C1] ? __pfx_process_timeout+0x10/0x10 [ 427.890393][ C1] ? prepare_to_swait_event+0x32e/0x350 [ 427.895926][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 427.900758][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 427.905940][ C1] ? rcu_gp_init+0x1256/0x1630 [ 427.910689][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 427.915605][ C1] ? __pfx_dyntick_save_progress_counter+0x10/0x10 [ 427.922087][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 427.927355][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 427.933234][ C1] ? finish_swait+0xd4/0x1e0 [ 427.937813][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 427.942390][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 427.947574][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 427.953451][ C1] ? __kthread_parkme+0x169/0x1d0 [ 427.958462][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 427.963641][ C1] kthread+0x2f0/0x390 [ 427.967694][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 427.972872][ C1] ? __pfx_kthread+0x10/0x10 [ 427.977444][ C1] ret_from_fork+0x4b/0x80 [ 427.981848][ C1] ? __pfx_kthread+0x10/0x10 [ 427.986421][ C1] ret_from_fork_asm+0x1a/0x30 [ 427.991177][ C1] [ 427.994178][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 428.000499][ C1] Sending NMI from CPU 1 to CPUs 0: [ 428.005708][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt+0x21/0x30