last executing test programs: 10m34.689077963s ago: executing program 3 (id=4): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000180)='./bus\x00', 0x400, &(0x7f0000000440)=ANY=[], 0x1, 0x63a, &(0x7f0000000840)="$eJzs3c1vHGcdB/DvbDZONpTUTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVoia92sP/QPKwTdOSNwjlQsXuPXqYyUkLr1gTotmdna98VvtNvGu288nmn2eZ5+ZZ37Pb2Z2dteKNsCX1sJkmg9TZGHylfWyvbU5297anL3fqyc5l2QjaSZpJCn+2+l0PkxuJkV/mGJXucf7y/OvffTJ1sfdVrNeqvUbh213NBv1kokkZ+rycY1363OPV/RneDPJtbqEoTubpPOIX/zjqX7PgNZ+W58/kRiBJ6vo3jf3GE8u1Bd6+T6ge1fs3rNPtY1hBwAAAAAn4OntbGe9uDjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC02Nj5/f+iXhq9+kSK3u//j9XPpa6PlhePt/rDJxUHAAAAAAAAAJygF7eznfVc7LU7RfU3/5eqxuXq8St5K6tZykquZz2LWctaVjKdZHxgoLH1xbW1lekjbDmz75YznxLoubpsPZ55AwAAAAAAAMAXzG+zsPP3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAVFcqZbVMvlXn08jWaS80nGyvU2kn/16qfZw2EHAAAAACfg6e1sZz0Xe+1OUX3mf6763H8+b+VB1rKctbSzlNvVdwHdT/2Nrc3Z9tbm7P1y2TvuD/9zrDCqEdP97mH/PV+t1mjlTparZ67nVt5IO7fTqLYsXa3j6Y26K67flDEVP6gdMbLbdVnO/L263OPdY032IMf8MmW8ysjZfkam6tjKbDzTOzL7H6FjHp3de5pOox/s5V172jWJz5TzC3VZzuePB+V8KHZnYmbg7Hvu8Jwn3/zbX35+t/3g3t07q5OjM6WjOVOXneqxtTcTswOZeP6LnIk9pqpMXOm3F/KT/CyTmcirWclyfpnFrGUpE/lxVVusz+di4JI/IFM3H2m9+mmRjNVnaPdgHS+ml6ptL2Y5P80buZ2lvFz9m8l0vpu5zGV+4AhfOfwIV1d944CrvvPVfYO/9q260kryp7ocDWVenxnI6+Br7njVN/jMTpYuHSFLx3xtbH69rpT7+F1djobdmZgeyMSzh2fiz9XLymr7wb2Vu4tvHm13l96rK+V19IeRukuU58ul8mBVrUfPjrLv2X37pqu+y/2+xp6+K/2+7pW6ceCVOla/h9s70kzV9/y+fbNV39WBvv3ebwEw8i58+8JY69+tf7Y+aP2+dbf1yvkfnfveuRfGcvbvZ7/fnDrzjcYLxV/zQX698/kfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD47FbffufeYru9tLKr0ul03j2g6zRXej9ndoI7/dpTyUjMfaiV/3U6nfqZYhTiObzSqY1KPMOoDPmFCXjibqzdf/PG6tvvfGf5/uLrS68vPZifm5ufmp97efbGneX20lT3cdhRAk/Czk1/2JEAAAAAAAAAAAAAR3US/51g2HMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATreFyTQfpsj01PWpsr21Odsul159Z81mkkaS4ldJ8WFyM90l4wPDFQft5/3l+dc++mTr452xmr31G4dtdzQb9ZKJJGfq8nGNd+tzj1f0Z1gm7FovcTBs/w8AAP//JggO2w==") r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x41, 0x0) fcntl$setlease(r2, 0x400, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) linkat(r3, &(0x7f0000000180)='./file1\x00', r3, &(0x7f0000000640)='./bus\x00', 0x0) unlink(&(0x7f00000003c0)='./bus\x00') r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'team_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000008000700010000000c", @ANYRES32=r5, @ANYBLOB="080006000002"], 0x30}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r9 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r9, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x2c}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000000b80)=ANY=[@ANYBLOB='part=0x0000000000000004,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c73657373696f6e3d3078666666666666666666666666666637662c626172726965722c63726561746f723dddf2bd6c2c6e6c733d69736f383835392d312c6e6c733d69736f383835392d31332c756d61736b3d30303030303030303030303030303030303030303030332c63726561746f723d85f194712c6e6f626172726965722c63726561746f723d65fe04c22c756d61736b3d30303030303030303030303030303030303030323030312c6465636f6d706f73652c666f7263652c6465636f6d706f73652c63726561746f0000178aa0d42c666f7263652c6e6f626172726965722c00", @ANYRES16, @ANYRESOCT, @ANYRES16], 0x0, 0x6e4, &(0x7f0000000340)="$eJzs3UtoHOcdAPD/rFarXRccOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsimN0se9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdnZ1Wg1+5CtV9LfT8zMN99rvvnPzsw+EBPA/62lmag+jSSWZt7cTNd3tufbE9vzU3lxOyJqEVGJqHYWkaxGWjrR6+LbaWaeTgZt58OVxbc//2rni85aNZ+y+pVh7UrUDmdt5VM085E1S1tODujxk/7NH+jvzsD+xpX09vB2RFzPlxF/ea5e4bntHbLVK/v4P9l8WPOjnLfAOZUU7+gF0xEXIqIekd31I786VE53dMdv66wHAAAAAEfVOHqTF3ZjNzbj4kkMBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL6p8uf/J/lU6aabkXSf/1/L8yJPn0OjH4T42VRn+fTkBwMAAAAAAAAAJ+7V3diNzbjYXd9Lst/8Xyv8xv+teC/WYznW4kZsRis2YiPWYi4ipgsd1TZbGxtrc1nLiMtDWt6KT0ta3ho8xtvHvM8AAAAAAAAAcM7VR5Q/mDyc9/tY2v/9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzoMkYqKzyKbL3fR0VKoRUY+IWlpvK+LTbvprIinLfHr64wAAAIDnUj+4mtTHaPPC+7Ebm3Gxu76XZJ/5r2afl+vxXqzGRqzERrRjOe7mn6HTT/2Vne359s72/MN0OtzvT7880tCzHqPz3UP5ll/OajTiXqxkOTfiTiSxl6nkvby8sz2fLh+Wj+uDdEzJT3JDRjNRSN9NZ9c+ydJ/PvgtQvVIu/iMKgNLprPSyV5EZvOxpS0udSNQHomRR6c6dEtzUel983N5+JbKY/7B8K1f6KtV+s3NmeiPxK2o9I7Q1eGRiPjuPz7+9f326oP799Znzs8ulXp/ZI3+SMwXInHtGxSJ0WazSFzprS/FL+JXMRNfTr0Va7ESv4lWbMRys1veyl/P6Xx6eKQ+u1Bce2vUSNJzstm7fpWNqRkHxhTN+HmWasVr2TG9GCuRxKOIWI43sr9bMde7Guwf4StjnPWVMa60Bde/ly16YYrG4Lp/G6/L45LG9VIhrsVr7nRWVszZj9KLpVHq3uvGvx8VVL+TJ9Ie/jD0/nDa+iMxV4jES4NeL52Q/nUvna+3Vx+s3W+9O+b2Xs+X6Xn0p3N1l0iP8ItRz3fuUjZPsnNqNit7qXeHPRivWv6LS0flUNmVXrvOmfrLeBR3D5ypP4yFWIjFrPbVrPbkoTtWWnat19PBa3halr7TqvZ+2Cm+33oU7c77IQDOtwvfv1Br/Lfx78ZHjT827jferP9s6kdTr9Ri8l+TP67OTrxeeSX5e3wUv9v//A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy79cdPHrTa7eW18kSlvCgZ3qrV3us+SKy8ThzKSfJH5YwYT5pI1h8/2RtRpz8RfTlT+fDGbH6Sie7TGkdXbp7gMJKt/uNVH30suk95ynOG7UVyKOBp42cec3fL+zmT5+BQ9ieax9dh9wVbPImO/OptHDxenaKJiCg9ZYabOIaLD3Cmbm48fPfm+uMnP1h52Hpn+Z3l1cmFhcXZxYU35m/eW2kvz3bmhQan8vBb4DQU30701CLi1dFthzyoFQAAAAAAAAAAADhBp/G/EGe9jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDX29JMVJ9GEnOzN2bT9Z3t+XY6ddP7NasRUYmI5LcRyT8jbkdniulCd8mg7Xy4svj251/tfLHfV7VbvxKxNbDdeLbyKZoRMZEvj6u/O6P7q+0np0qKk15k0oBd7wYOztr/AgAA//94PumP") 10m28.869591905s ago: executing program 3 (id=15): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x400a, &(0x7f00000003c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@lazytime}, {@noblock_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") socket$inet_tcp(0x2, 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x803, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$sndctrl(&(0x7f0000001440), 0x400, 0x105000) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000006c0)) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x6) open(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20000, 0x105) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) write$P9_RXATTRCREATE(r2, &(0x7f0000000300)={0x7, 0x21, 0x2}, 0x7) openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x1080, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000680)=[@window={0x3, 0x4, 0x6bf}], 0x1) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) getresuid(&(0x7f0000000000), 0x0, 0x0) 10m13.387509717s ago: executing program 32 (id=15): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x400a, &(0x7f00000003c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@lazytime}, {@noblock_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") socket$inet_tcp(0x2, 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x803, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$sndctrl(&(0x7f0000001440), 0x400, 0x105000) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000006c0)) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x6) open(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20000, 0x105) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) write$P9_RXATTRCREATE(r2, &(0x7f0000000300)={0x7, 0x21, 0x2}, 0x7) openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x1080, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000680)=[@window={0x3, 0x4, 0x6bf}], 0x1) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) getresuid(&(0x7f0000000000), 0x0, 0x0) 8.230277014s ago: executing program 5 (id=3001): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000190001000000000000000000021800400000000000000000080001"], 0x24}}, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0) 8.109834747s ago: executing program 5 (id=3003): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x36, 0x701, 0xfffffffd, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0xc800}, 0x40090) 8.030084681s ago: executing program 5 (id=3005): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=@delchain={0x8c, 0x65, 0x8, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffe0, 0xd}}, [@TCA_CHAIN={0x8, 0xb, 0xba41}, @filter_kind_options=@f_bpf={{0x8}, {0x58, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x1, 0x9, 0xb1, 0x7f}]}}, @TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x1e0b, 0x1, 0x9, 0x10, 0xcf1, {0x3, 0x0, 0x7c2, 0x0, 0x6, 0xffffffff}, {0x6, 0x1, 0x7, 0x79, 0x3, 0x4064}, 0x1, 0x80, 0x3341}}]}]}}]}, 0x8c}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001c40)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x1, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000540)={0xa, 0x4e23, 0x1000000080000, @remote, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000029000000360000002c0000000000000018000000000000002900000036000000000000000000000089c2a872f3b7894eaa6782a5ab5b74804f3051de70917193ec338a18c20a560f2662ae8f93e486749450d0ef718d5a865d3f23d4356b3bf25955396eb5e5c0db77489cf4c55b7876fe734aff31c4cde5d02268e6f672cbe5532999bb20184d95eb97b40a43e910c1b32688ef41786977c9d29ff54a39cc41ac195a07b66f8744ce56bed09fd6eaabc24c9cdd5b0c702d306e4f212d9face8400dda66c89ae0d89af6a4e397e1bc3eba3ead0de32b2338025bfb10af339d15b2678595"], 0x30}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r3, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4, 0xec22}]}}}}}}}}, 0x0) 7.884929611s ago: executing program 5 (id=3008): connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) close(0xffffffffffffffff) 7.637168115s ago: executing program 5 (id=3015): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3000000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x4000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x10}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x900}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0x2, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0x3, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 7.575340518s ago: executing program 5 (id=3018): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1.073044976s ago: executing program 0 (id=3101): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000)={0x0, 0xdf}, 0xb) 1.007929617s ago: executing program 0 (id=3103): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, 0x0, 0xffe) 995.311843ms ago: executing program 2 (id=3104): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000)={0x0, 0xdf}, 0xb) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x10, 0x2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20181, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f00000003c0)={0x0, 0x4a00}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x20004) 928.027625ms ago: executing program 1 (id=3105): bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x10, 0x2}, 0x10) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x28, &(0x7f0000000280)={0x1, [0x0]}, &(0x7f00000002c0)=0x8) 857.098811ms ago: executing program 2 (id=3106): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000006a00000f0007000000", @ANYRES32=r1, @ANYBLOB="800202000a000200"], 0x48}}, 0x0) 829.234341ms ago: executing program 1 (id=3107): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r2, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x20000400) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r0, r2}, 0xc) 806.762767ms ago: executing program 2 (id=3108): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x806000) ioctl$FS_IOC_RESVSP(r0, 0x4030582a, &(0x7f0000000380)={0x0, 0x0, 0x10, 0x80000000}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000800000000"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10) 775.137492ms ago: executing program 0 (id=3109): r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x8002, &(0x7f0000000340), 0x98) 705.205001ms ago: executing program 1 (id=3110): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x40000001000}) 656.369244ms ago: executing program 1 (id=3112): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) close(r0) 579.863079ms ago: executing program 4 (id=3113): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0) 521.279769ms ago: executing program 0 (id=3114): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000002c00)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000300000000020000000200000001000000000000000000000105da73a240000000000000000000"], 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 489.991603ms ago: executing program 4 (id=3115): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5}]}}}]}, 0x3c}}, 0x41) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000000) 429.480664ms ago: executing program 4 (id=3116): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r3}, &(0x7f0000000180), &(0x7f00000006c0)}, 0x20) 403.434179ms ago: executing program 0 (id=3117): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x3, &(0x7f0000000340)={0x8003, 0x0, 0x0, 0x8}, 0x8) connect$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20104, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x1, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000040)={0x0, 0x4720}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 370.294546ms ago: executing program 1 (id=3118): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, 0x0, 0xffe) 313.191882ms ago: executing program 4 (id=3119): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 270.611322ms ago: executing program 0 (id=3120): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r0, 0x0, 0x0) pipe(&(0x7f0000000080)) socket$igmp(0x2, 0x3, 0x2) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3000}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 248.136913ms ago: executing program 2 (id=3121): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x40000001000}) 182.732677ms ago: executing program 4 (id=3122): r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000300)="827be7271019b3fe048765ad", 0xc}, {&(0x7f00000005c0)="b8", 0x1}], 0x2, &(0x7f0000000080)=ANY=[@ANYBLOB="3800000000000000000000000700000000442400037f000001000000007f000001000000", @ANYRES32=0x0, @ANYBLOB="ac141427"], 0x58}, 0x0) 126.520131ms ago: executing program 1 (id=3123): r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) mknodat(r1, &(0x7f0000000400)='./file0\x00', 0xfff, 0x0) execveat(r1, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) 43.353909ms ago: executing program 2 (id=3124): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0) 42.792157ms ago: executing program 4 (id=3125): r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) close(r0) io_setup(0x7f, &(0x7f0000000100)=0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}]) 0s ago: executing program 2 (id=3126): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)=ANY=[@ANYBLOB="000100006d00010000000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400350064756d6d793000000000000000000000cc0034"], 0x100}, 0x1, 0x0, 0x0, 0x20041094}, 0x8000) kernel console output (not intermixed with test programs): ef0 R14: 00007feee42ebeb0 R15: 0000000020000ac0 [ 501.827731][T10930] [ 501.884005][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.258662][T10938] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1259'. [ 502.408984][T10944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1258'. [ 502.443095][T10944] FAULT_INJECTION: forcing a failure. [ 502.443095][T10944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 502.513449][T10944] CPU: 0 UID: 0 PID: 10944 Comm: syz.0.1258 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 502.523754][T10944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 502.533841][T10944] Call Trace: [ 502.537152][T10944] [ 502.540115][T10944] dump_stack_lvl+0x241/0x360 [ 502.544826][T10944] ? __pfx_dump_stack_lvl+0x10/0x10 [ 502.550052][T10944] ? __pfx__printk+0x10/0x10 [ 502.554683][T10944] ? snprintf+0xda/0x120 [ 502.558957][T10944] should_fail_ex+0x3b0/0x4e0 [ 502.563664][T10944] _copy_to_user+0x31/0xb0 [ 502.568111][T10944] simple_read_from_buffer+0xca/0x150 [ 502.573520][T10944] proc_fail_nth_read+0x1e9/0x250 [ 502.578575][T10944] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 502.584150][T10944] ? rw_verify_area+0x568/0x6f0 [ 502.589028][T10944] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 502.594603][T10944] vfs_read+0x1fc/0xb70 [ 502.598792][T10944] ? __pfx___mutex_lock+0x10/0x10 [ 502.603839][T10944] ? __pfx_vfs_read+0x10/0x10 [ 502.608554][T10944] ? __fget_files+0x2a/0x410 [ 502.613169][T10944] ? __fget_files+0x395/0x410 [ 502.617870][T10944] ? __fget_files+0x2a/0x410 [ 502.622492][T10944] ksys_read+0x18f/0x2b0 [ 502.626765][T10944] ? __pfx_ksys_read+0x10/0x10 [ 502.631562][T10944] ? do_syscall_64+0x100/0x230 [ 502.636451][T10944] ? do_syscall_64+0xb6/0x230 [ 502.641166][T10944] do_syscall_64+0xf3/0x230 [ 502.645700][T10944] ? clear_bhb_loop+0x35/0x90 [ 502.650407][T10944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.656337][T10944] RIP: 0033:0x7feee357d15c [ 502.660773][T10944] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 502.680410][T10944] RSP: 002b:00007feee42ec030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 502.688859][T10944] RAX: ffffffffffffffda RBX: 00007feee3735f80 RCX: 00007feee357d15c [ 502.696856][T10944] RDX: 000000000000000f RSI: 00007feee42ec0a0 RDI: 0000000000000004 [ 502.704842][T10944] RBP: 00007feee42ec090 R08: 0000000000000000 R09: 0000000000000000 [ 502.712828][T10944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 502.720826][T10944] R13: 0000000000000000 R14: 00007feee3735f80 R15: 00007fff951678f8 [ 502.728841][T10944] [ 502.812315][ T5900] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 503.009796][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 503.113562][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 503.167779][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 503.268444][ T5900] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 503.292955][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.351921][ T5900] usb 5-1: Product: syz [ 503.368638][ T5900] usb 5-1: Manufacturer: syz [ 503.388244][ T5900] usb 5-1: SerialNumber: syz [ 503.401913][ T5900] usb 5-1: config 0 descriptor?? [ 503.430978][T10947] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 503.441165][ T5900] imon_raw 5-1:0.0: IR endpoint missing [ 503.448617][T10959] FAULT_INJECTION: forcing a failure. [ 503.448617][T10959] name failslab, interval 1, probability 0, space 0, times 0 [ 503.469638][T10959] CPU: 0 UID: 0 PID: 10959 Comm: syz.1.1267 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 503.479951][T10959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 503.490048][T10959] Call Trace: [ 503.493344][T10959] [ 503.496290][T10959] dump_stack_lvl+0x241/0x360 [ 503.501004][T10959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 503.506239][T10959] ? __pfx__printk+0x10/0x10 [ 503.510859][T10959] ? kmem_cache_alloc_noprof+0x48/0x380 [ 503.516431][T10959] ? __pfx___might_resched+0x10/0x10 [ 503.521752][T10959] should_fail_ex+0x3b0/0x4e0 [ 503.526466][T10959] should_failslab+0xac/0x100 [ 503.531181][T10959] ? vm_area_alloc+0x10e/0x1d0 [ 503.535985][T10959] kmem_cache_alloc_noprof+0x70/0x380 [ 503.541401][T10959] vm_area_alloc+0x10e/0x1d0 [ 503.546027][T10959] __mmap_region+0x196e/0x2cd0 [ 503.550884][T10959] ? __pfx___mmap_region+0x10/0x10 [ 503.556038][T10959] ? vm_unmapped_area+0x4fa/0xdb0 [ 503.561135][T10959] ? kernel_text_address+0xa7/0xe0 [ 503.566307][T10959] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 503.572948][T10959] ? mm_get_unmapped_area_vmflags+0xb9/0xf0 [ 503.578884][T10959] ? thp_get_unmapped_area_vmflags+0x341/0x380 [ 503.585085][T10959] ? cap_mmap_addr+0x163/0x2c0 [ 503.589887][T10959] mmap_region+0x1d0/0x2c0 [ 503.594336][T10959] ? security_mmap_addr+0x6f/0x250 [ 503.599499][T10959] do_mmap+0x8f0/0x1000 [ 503.603708][T10959] ? __pfx_do_mmap+0x10/0x10 [ 503.608325][T10959] ? __pfx_down_write_killable+0x10/0x10 [ 503.613989][T10959] ? apparmor_mmap_file+0xc3/0xe0 [ 503.619051][T10959] vm_mmap_pgoff+0x214/0x430 [ 503.623685][T10959] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 503.628824][T10959] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 503.635191][T10959] ? do_syscall_64+0x100/0x230 [ 503.639982][T10959] ? ksys_mmap_pgoff+0xdf/0x720 [ 503.644859][T10959] ? __x64_sys_mmap+0x7f/0x140 [ 503.649646][T10959] do_syscall_64+0xf3/0x230 [ 503.654183][T10959] ? clear_bhb_loop+0x35/0x90 [ 503.658899][T10959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.664834][T10959] RIP: 0033:0x7f177b97e753 [ 503.669285][T10959] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 503.688926][T10959] RSP: 002b:00007f177c71ce18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 503.697400][T10959] RAX: ffffffffffffffda RBX: 000000000001f34a RCX: 00007f177b97e753 [ 503.699340][ T5900] usb 5-1: USB disconnect, device number 22 [ 503.705384][T10959] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 503.705407][T10959] RBP: 000000002001f442 R08: 00000000ffffffff R09: 0000000000000000 [ 503.705419][T10959] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 503.705430][T10959] R13: 00007f177c71cef0 R14: 00007f177c71ceb0 R15: 000000002001f400 [ 503.705459][T10959] [ 503.861419][T10971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1270'. [ 504.312081][T10978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1271'. [ 504.327079][T10978] netlink: 691 bytes leftover after parsing attributes in process `syz.0.1271'. [ 505.148830][T10984] netlink: 14072 bytes leftover after parsing attributes in process `syz.4.1274'. [ 506.228036][ T6991] Bluetooth: hci0: Frame reassembly failed (-84) [ 506.254489][T11006] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1281'. [ 506.363201][T11006] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1281'. [ 506.607341][T11011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1279'. [ 506.658841][T11011] overlayfs: failed to resolve './file0': -2 [ 507.762635][T11016] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1282'. [ 508.104997][T11026] FAULT_INJECTION: forcing a failure. [ 508.104997][T11026] name failslab, interval 1, probability 0, space 0, times 0 [ 508.119011][T11026] CPU: 0 UID: 0 PID: 11026 Comm: syz.5.1285 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 508.129303][T11026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 508.139391][T11026] Call Trace: [ 508.142684][T11026] [ 508.145624][T11026] dump_stack_lvl+0x241/0x360 [ 508.150329][T11026] ? __pfx_dump_stack_lvl+0x10/0x10 [ 508.155540][T11026] ? __pfx__printk+0x10/0x10 [ 508.160144][T11026] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 508.166147][T11026] ? __pfx___might_resched+0x10/0x10 [ 508.171459][T11026] should_fail_ex+0x3b0/0x4e0 [ 508.176162][T11026] should_failslab+0xac/0x100 [ 508.180860][T11026] kmem_cache_alloc_node_noprof+0x77/0x380 [ 508.186684][T11026] ? __alloc_skb+0x1c3/0x440 [ 508.191297][T11026] __alloc_skb+0x1c3/0x440 [ 508.195737][T11026] ? __pfx___alloc_skb+0x10/0x10 [ 508.200694][T11026] ? rcu_is_watching+0x15/0xb0 [ 508.205476][T11026] nl80211_send_scan_start+0x2f/0x170 [ 508.210870][T11026] nl80211_trigger_scan+0x19a3/0x1e20 [ 508.216282][T11026] genl_rcv_msg+0xb14/0xec0 [ 508.220820][T11026] ? __pfx_genl_rcv_msg+0x10/0x10 [ 508.225890][T11026] ? __pfx_lock_acquire+0x10/0x10 [ 508.230929][T11026] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 508.236313][T11026] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 508.242041][T11026] ? __pfx_nl80211_post_doit+0x10/0x10 [ 508.247519][T11026] ? __pfx___might_resched+0x10/0x10 [ 508.252834][T11026] netlink_rcv_skb+0x1e3/0x430 [ 508.257621][T11026] ? __pfx_genl_rcv_msg+0x10/0x10 [ 508.262661][T11026] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 508.267974][T11026] ? __netlink_deliver_tap+0x77e/0x7c0 [ 508.273471][T11026] genl_rcv+0x28/0x40 [ 508.277472][T11026] netlink_unicast+0x7f6/0x990 [ 508.282267][T11026] ? __pfx_netlink_unicast+0x10/0x10 [ 508.287564][T11026] ? __virt_addr_valid+0x183/0x530 [ 508.292685][T11026] ? __check_object_size+0x48e/0x900 [ 508.297987][T11026] netlink_sendmsg+0x8e4/0xcb0 [ 508.302781][T11026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.308085][T11026] ? aa_sock_msg_perm+0x91/0x160 [ 508.313044][T11026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.318351][T11026] __sock_sendmsg+0x221/0x270 [ 508.323047][T11026] ____sys_sendmsg+0x52a/0x7e0 [ 508.327835][T11026] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.333129][T11026] ? __fget_files+0x2a/0x410 [ 508.337741][T11026] ? __fget_files+0x2a/0x410 [ 508.342354][T11026] __sys_sendmsg+0x269/0x350 [ 508.346954][T11026] ? __pfx_lock_release+0x10/0x10 [ 508.351994][T11026] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.357132][T11026] ? __pfx_vfs_write+0x10/0x10 [ 508.361944][T11026] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 508.368295][T11026] ? do_syscall_64+0x100/0x230 [ 508.373081][T11026] ? do_syscall_64+0xb6/0x230 [ 508.377799][T11026] do_syscall_64+0xf3/0x230 [ 508.382316][T11026] ? clear_bhb_loop+0x35/0x90 [ 508.387009][T11026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.392915][T11026] RIP: 0033:0x7f591cd7e719 [ 508.397342][T11026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.416970][T11026] RSP: 002b:00007f591dbbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.425403][T11026] RAX: ffffffffffffffda RBX: 00007f591cf35f80 RCX: 00007f591cd7e719 [ 508.433385][T11026] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 508.441375][T11026] RBP: 00007f591dbbc090 R08: 0000000000000000 R09: 0000000000000000 [ 508.443665][T11024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1283'. [ 508.449350][T11026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.461321][T11024] netlink: 691 bytes leftover after parsing attributes in process `syz.0.1283'. [ 508.466143][T11026] R13: 0000000000000000 R14: 00007f591cf35f80 R15: 00007ffd0d82c588 [ 508.466178][T11026] [ 508.501389][ T5853] Bluetooth: hci0: command 0x1003 tx timeout [ 508.507212][T11026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.509440][ T5846] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 508.572856][T11026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.061290][T11052] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1295'. [ 510.072371][T11052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1295'. [ 510.192820][ T5900] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 510.297602][T11058] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.321179][T11058] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.377019][ T5900] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 510.386238][ T5900] usb 5-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 510.406984][ T5900] usb 5-1: Manufacturer: syz [ 510.433496][ T5900] usb 5-1: config 0 descriptor?? [ 510.755761][ T29] audit: type=1326 audit(1730807834.523:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11060 comm="syz.2.1298" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3809d7e719 code=0x0 [ 510.855527][ T5900] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 511.127429][T11067] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1299'. [ 511.143060][T11067] netlink: 691 bytes leftover after parsing attributes in process `syz.0.1299'. [ 511.860904][ T5900] usb 5-1: USB disconnect, device number 23 [ 512.643479][T11095] evm: overlay not supported [ 512.654227][T11095] input: syz1 as /devices/virtual/input/input17 [ 513.896887][ T5900] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 514.262781][ T5900] usb 2-1: Using ep0 maxpacket: 16 [ 514.271746][ T5900] usb 2-1: config 180 has an invalid interface number: 201 but max is 1 [ 514.285780][ T5900] usb 2-1: config 180 has an invalid interface number: 139 but max is 1 [ 514.295769][ T5900] usb 2-1: config 180 contains an unexpected descriptor of type 0x1, skipping [ 514.306173][ T5900] usb 2-1: config 180 has no interface number 0 [ 514.312532][ T5900] usb 2-1: config 180 has no interface number 1 [ 514.362603][T11120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1314'. [ 514.968868][ T5844] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 515.037056][ T5900] usb 2-1: config 180 interface 201 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 515.048527][ T5900] usb 2-1: config 180 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 515.157300][ T5900] usb 2-1: New USB device found, idVendor=5e24, idProduct=ab02, bcdDevice=d0.92 [ 515.166455][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.174816][ T5900] usb 2-1: Product: syz [ 515.175531][ T5844] usb 6-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 515.178989][ T5900] usb 2-1: Manufacturer: syz [ 515.179009][ T5900] usb 2-1: SerialNumber: syz [ 515.210153][ T5844] usb 6-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 515.224714][ T5844] usb 6-1: Manufacturer: syz [ 515.240385][ T5844] usb 6-1: config 0 descriptor?? [ 515.864134][ T5844] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 516.329389][T10903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 516.338587][T10903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 516.341086][ T5844] usb 6-1: USB disconnect, device number 21 [ 516.705941][T11149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 516.740720][T11149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 517.484336][ T3071] usb 2-1: USB disconnect, device number 22 [ 517.968188][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1327'. [ 519.238358][T11176] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 519.250569][T11176] x_tables: ip_tables: osf match: only valid for protocol 6 [ 519.459503][T11171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1330'. [ 519.705130][T11176] team0: Port device macvlan1 added [ 519.737963][T11181] netlink: 691 bytes leftover after parsing attributes in process `syz.1.1330'. [ 519.867548][T11183] block nbd5: shutting down sockets [ 520.223230][ T29] audit: type=1326 audit(1730807843.983:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.1.1338" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177b97e719 code=0x0 [ 520.402903][ T5896] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 520.565436][ T5896] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 520.574888][ T5896] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 520.599135][ T5896] usb 3-1: Manufacturer: syz [ 520.617830][ T5896] usb 3-1: config 0 descriptor?? [ 520.891083][T11220] À: renamed from syztnl0 [ 521.047640][ T5896] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 521.701104][T11237] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1346'. [ 521.953789][ T5896] usb 3-1: USB disconnect, device number 15 [ 521.984326][T11238] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1349'. [ 523.358556][ T29] audit: type=1326 audit(1730807847.123:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11261 comm="syz.0.1357" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feee357e719 code=0x0 [ 523.487248][T11266] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 524.215352][T11286] FAULT_INJECTION: forcing a failure. [ 524.215352][T11286] name failslab, interval 1, probability 0, space 0, times 0 [ 524.243685][T11286] CPU: 1 UID: 0 PID: 11286 Comm: syz.4.1362 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 524.254001][T11286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 524.264086][T11286] Call Trace: [ 524.267392][T11286] [ 524.270388][T11286] dump_stack_lvl+0x241/0x360 [ 524.275102][T11286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 524.280332][T11286] ? __pfx__printk+0x10/0x10 [ 524.284970][T11286] ? ref_tracker_alloc+0x332/0x490 [ 524.290122][T11286] should_fail_ex+0x3b0/0x4e0 [ 524.294838][T11286] should_failslab+0xac/0x100 [ 524.299553][T11286] ? skb_clone+0x20c/0x390 [ 524.304001][T11286] kmem_cache_alloc_noprof+0x70/0x380 [ 524.309412][T11286] skb_clone+0x20c/0x390 [ 524.313696][T11286] __netlink_deliver_tap+0x3cc/0x7c0 [ 524.319030][T11286] ? netlink_deliver_tap+0x2e/0x1b0 [ 524.324273][T11286] netlink_deliver_tap+0x19d/0x1b0 [ 524.329426][T11286] netlink_sendskb+0x68/0x140 [ 524.334142][T11286] netlink_unicast+0x39d/0x990 [ 524.338937][T11286] ? __asan_memcpy+0x40/0x70 [ 524.343621][T11286] ? __pfx_netlink_unicast+0x10/0x10 [ 524.348949][T11286] netlink_rcv_skb+0x262/0x430 [ 524.353751][T11286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 524.358806][T11286] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 524.364143][T11286] ? __netlink_deliver_tap+0x77e/0x7c0 [ 524.369646][T11286] genl_rcv+0x28/0x40 [ 524.373650][T11286] netlink_unicast+0x7f6/0x990 [ 524.378454][T11286] ? __pfx_netlink_unicast+0x10/0x10 [ 524.383766][T11286] ? __virt_addr_valid+0x183/0x530 [ 524.388910][T11286] ? __check_object_size+0x48e/0x900 [ 524.394239][T11286] netlink_sendmsg+0x8e4/0xcb0 [ 524.399101][T11286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 524.404426][T11286] ? aa_sock_msg_perm+0x91/0x160 [ 524.409523][T11286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 524.414836][T11286] __sock_sendmsg+0x221/0x270 [ 524.419549][T11286] ____sys_sendmsg+0x52a/0x7e0 [ 524.424355][T11286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 524.429667][T11286] ? __fget_files+0x2a/0x410 [ 524.434290][T11286] ? __fget_files+0x2a/0x410 [ 524.438921][T11286] __sys_sendmsg+0x269/0x350 [ 524.443548][T11286] ? __pfx_lock_release+0x10/0x10 [ 524.448603][T11286] ? __pfx___sys_sendmsg+0x10/0x10 [ 524.453756][T11286] ? __pfx_vfs_write+0x10/0x10 [ 524.458583][T11286] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 524.464973][T11286] ? do_syscall_64+0x100/0x230 [ 524.469769][T11286] ? do_syscall_64+0xb6/0x230 [ 524.474474][T11286] do_syscall_64+0xf3/0x230 [ 524.479000][T11286] ? clear_bhb_loop+0x35/0x90 [ 524.483703][T11286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.489619][T11286] RIP: 0033:0x7f129cb7e719 [ 524.494059][T11286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.513700][T11286] RSP: 002b:00007f129d8f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 524.522156][T11286] RAX: ffffffffffffffda RBX: 00007f129cd35f80 RCX: 00007f129cb7e719 [ 524.530158][T11286] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000007 [ 524.538160][T11286] RBP: 00007f129d8f3090 R08: 0000000000000000 R09: 0000000000000000 [ 524.546168][T11286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 524.554166][T11286] R13: 0000000000000000 R14: 00007f129cd35f80 R15: 00007fffc06826a8 [ 524.562180][T11286] [ 524.653805][T11299] kAFS: No cell specified [ 524.938850][T11308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1367'. [ 524.951886][T11308] overlayfs: failed to resolve './file0': -2 [ 525.046240][ T3071] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 525.232828][ T3071] usb 6-1: Using ep0 maxpacket: 16 [ 525.254198][ T3071] usb 6-1: config 0 has an invalid interface number: 68 but max is 0 [ 525.315715][ T3071] usb 6-1: config 0 has no interface number 0 [ 525.423585][ T3071] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 525.508816][ T3071] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.625651][ T3071] usb 6-1: Product: syz [ 525.657888][ T3071] usb 6-1: Manufacturer: syz [ 525.662555][ T3071] usb 6-1: SerialNumber: syz [ 525.676124][ T3071] usb 6-1: config 0 descriptor?? [ 525.709603][ T3071] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 526.050880][T10897] usb 6-1: Failed to submit usb control message: -71 [ 526.060601][T10897] usb 6-1: unable to send the bmi data to the device: -71 [ 526.068448][ T3071] usb 6-1: USB disconnect, device number 22 [ 526.072002][ T29] audit: type=1326 audit(1730807849.833:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11329 comm="syz.0.1377" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feee357e719 code=0x0 [ 526.075574][T10897] usb 6-1: unable to get target info from device [ 526.110649][T10897] usb 6-1: could not get target info (-71) [ 526.116636][T10897] usb 6-1: could not probe fw (-71) [ 526.181777][T11331] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 526.193847][ T5844] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 526.342882][ T5844] usb 3-1: Using ep0 maxpacket: 16 [ 526.350915][ T5844] usb 3-1: config 180 has an invalid interface number: 201 but max is 1 [ 526.359604][ T5844] usb 3-1: config 180 has an invalid interface number: 139 but max is 1 [ 526.368055][ T5844] usb 3-1: config 180 contains an unexpected descriptor of type 0x1, skipping [ 526.377274][ T5844] usb 3-1: config 180 has no interface number 0 [ 526.383615][ T5844] usb 3-1: config 180 has no interface number 1 [ 526.390016][ T5844] usb 3-1: config 180 interface 201 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 526.401273][ T5844] usb 3-1: config 180 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 526.414960][ T5844] usb 3-1: New USB device found, idVendor=5e24, idProduct=ab02, bcdDevice=d0.92 [ 526.424168][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.432199][ T5844] usb 3-1: Product: syz [ 526.436543][ T5844] usb 3-1: Manufacturer: syz [ 526.456465][ T5844] usb 3-1: SerialNumber: syz [ 527.671240][ T5844] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 529.594227][ T5844] usb 5-1: Using ep0 maxpacket: 16 [ 529.757237][ T5844] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 529.767895][ T5844] usb 5-1: can't read configurations, error -71 [ 529.862072][T11357] FAULT_INJECTION: forcing a failure. [ 529.862072][T11357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 529.974923][ T3071] usb 3-1: USB disconnect, device number 16 [ 530.013460][T11357] CPU: 1 UID: 0 PID: 11357 Comm: syz.5.1385 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 530.023765][T11357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 530.033841][T11357] Call Trace: [ 530.037134][T11357] [ 530.040077][T11357] dump_stack_lvl+0x241/0x360 [ 530.044785][T11357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 530.050009][T11357] ? __pfx__printk+0x10/0x10 [ 530.054624][T11357] ? snprintf+0xda/0x120 [ 530.058893][T11357] should_fail_ex+0x3b0/0x4e0 [ 530.063598][T11357] _copy_to_user+0x31/0xb0 [ 530.068036][T11357] simple_read_from_buffer+0xca/0x150 [ 530.073446][T11357] proc_fail_nth_read+0x1e9/0x250 [ 530.078523][T11357] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 530.084114][T11357] ? rw_verify_area+0x55e/0x6f0 [ 530.089001][T11357] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 530.094591][T11357] vfs_read+0x1fc/0xb70 [ 530.098790][T11357] ? __pfx___mutex_lock+0x10/0x10 [ 530.103844][T11357] ? __pfx_vfs_read+0x10/0x10 [ 530.108565][T11357] ? __fget_files+0x2a/0x410 [ 530.113202][T11357] ? __fget_files+0x395/0x410 [ 530.117915][T11357] ? __fget_files+0x2a/0x410 [ 530.122553][T11357] ksys_read+0x18f/0x2b0 [ 530.126841][T11357] ? __pfx_ksys_read+0x10/0x10 [ 530.131652][T11357] ? do_syscall_64+0x100/0x230 [ 530.136461][T11357] ? do_syscall_64+0xb6/0x230 [ 530.141185][T11357] do_syscall_64+0xf3/0x230 [ 530.145729][T11357] ? clear_bhb_loop+0x35/0x90 [ 530.150451][T11357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.156385][T11357] RIP: 0033:0x7f591cd7d15c [ 530.160833][T11357] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 530.180479][T11357] RSP: 002b:00007f591dbbc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 530.188938][T11357] RAX: ffffffffffffffda RBX: 00007f591cf35f80 RCX: 00007f591cd7d15c [ 530.196941][T11357] RDX: 000000000000000f RSI: 00007f591dbbc0a0 RDI: 000000000000000b [ 530.204950][T11357] RBP: 00007f591dbbc090 R08: 0000000000000000 R09: 0000000000000000 [ 530.212950][T11357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 530.220939][T11357] R13: 0000000000000000 R14: 00007f591cf35f80 R15: 00007ffd0d82c588 [ 530.228951][T11357] [ 530.521825][T11381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1391'. [ 530.544417][T11381] netlink: 691 bytes leftover after parsing attributes in process `syz.2.1391'. [ 531.184410][T11373] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1388'. [ 531.253722][T11383] FAULT_INJECTION: forcing a failure. [ 531.253722][T11383] name failslab, interval 1, probability 0, space 0, times 0 [ 531.266712][T11383] CPU: 1 UID: 0 PID: 11383 Comm: syz.4.1393 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 531.277001][T11383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 531.287093][T11383] Call Trace: [ 531.290296][ T29] audit: type=1326 audit(1730807855.023:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11384 comm="syz.5.1392" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f591cd7e719 code=0x0 [ 531.290374][T11383] [ 531.315019][T11383] dump_stack_lvl+0x241/0x360 [ 531.319739][T11383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 531.324960][T11383] ? __pfx__printk+0x10/0x10 [ 531.329557][T11383] ? kmem_cache_alloc_noprof+0x48/0x380 [ 531.335106][T11383] ? __pfx___might_resched+0x10/0x10 [ 531.340403][T11383] should_fail_ex+0x3b0/0x4e0 [ 531.345109][T11383] should_failslab+0xac/0x100 [ 531.349812][T11383] ? mas_alloc_nodes+0x25b/0x7e0 [ 531.354760][T11383] kmem_cache_alloc_noprof+0x70/0x380 [ 531.360138][T11383] mas_alloc_nodes+0x25b/0x7e0 [ 531.364905][T11383] mas_preallocate+0x575/0x8d0 [ 531.369676][T11383] ? __pfx_mas_preallocate+0x10/0x10 [ 531.374996][T11383] ? __raw_spin_lock_init+0x45/0x100 [ 531.380285][T11383] ? __mas_set_range+0x133/0x3c0 [ 531.385227][T11383] __mmap_region+0x1b89/0x2cd0 [ 531.390013][T11383] ? __pfx___mmap_region+0x10/0x10 [ 531.395126][T11383] ? vm_unmapped_area+0x4fa/0xdb0 [ 531.400174][T11383] ? kernel_text_address+0xa7/0xe0 [ 531.405309][T11383] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 531.411899][T11383] ? mm_get_unmapped_area_vmflags+0xb9/0xf0 [ 531.417803][T11383] ? thp_get_unmapped_area_vmflags+0x341/0x380 [ 531.423954][T11383] ? cap_mmap_addr+0x163/0x2c0 [ 531.428716][T11383] mmap_region+0x1d0/0x2c0 [ 531.433133][T11383] ? security_mmap_addr+0x6f/0x250 [ 531.438255][T11383] do_mmap+0x8f0/0x1000 [ 531.442416][T11383] ? __pfx_do_mmap+0x10/0x10 [ 531.447004][T11383] ? __pfx_down_write_killable+0x10/0x10 [ 531.452635][T11383] ? apparmor_mmap_file+0xc3/0xe0 [ 531.457756][T11383] vm_mmap_pgoff+0x214/0x430 [ 531.462358][T11383] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 531.467471][T11383] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 531.473802][T11383] ? do_syscall_64+0x100/0x230 [ 531.478565][T11383] ? ksys_mmap_pgoff+0xdf/0x720 [ 531.483413][T11383] ? __x64_sys_mmap+0x7f/0x140 [ 531.488174][T11383] do_syscall_64+0xf3/0x230 [ 531.492678][T11383] ? clear_bhb_loop+0x35/0x90 [ 531.497362][T11383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.503256][T11383] RIP: 0033:0x7f129cb7e753 [ 531.507667][T11383] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 531.527276][T11383] RSP: 002b:00007f129d8f2e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 531.535692][T11383] RAX: ffffffffffffffda RBX: 00000000000002c2 RCX: 00007f129cb7e753 [ 531.543671][T11383] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 531.551647][T11383] RBP: 00000000200003c2 R08: 00000000ffffffff R09: 0000000000000000 [ 531.559618][T11383] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 531.567586][T11383] R13: 00007f129d8f2ef0 R14: 00007f129d8f2eb0 R15: 0000000020000380 [ 531.575565][T11383] [ 532.090745][T11403] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1398'. [ 532.107470][T11403] overlayfs: failed to resolve './file0': -2 [ 533.454063][T11423] netlink: 'syz.5.1404': attribute type 1 has an invalid length. [ 533.466499][T11423] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1404'. [ 533.733571][T11431] binder: 11429:11431 ioctl c0306201 20000140 returned -14 [ 563.035141][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 589.960339][T11448] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1411'. [ 589.983053][ T29] audit: type=1326 audit(1730807913.663:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11443 comm="syz.1.1412" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177b97e719 code=0x0 [ 590.959533][T11463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1413'. [ 591.122783][ T5933] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 591.156021][ T29] audit: type=1326 audit(1730807914.913:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11464 comm="syz.1.1414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177b97e719 code=0x0 [ 591.166856][T11467] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1415'. [ 592.292795][ T5933] usb 1-1: Using ep0 maxpacket: 32 [ 592.299664][ T5933] usb 1-1: config 0 has an invalid interface number: 219 but max is 0 [ 592.313594][ T5933] usb 1-1: config 0 has no interface number 0 [ 592.319743][ T5933] usb 1-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 592.335882][ T5933] usb 1-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 592.364646][ T5933] usb 1-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 592.382243][ T5933] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 592.400385][ T5933] usb 1-1: config 0 interface 219 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 592.422848][ T5933] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 592.432219][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.450612][ T5933] usb 1-1: Product: syz [ 592.457516][T11479] FAULT_INJECTION: forcing a failure. [ 592.457516][T11479] name failslab, interval 1, probability 0, space 0, times 0 [ 592.498298][ T5933] usb 1-1: Manufacturer: syz [ 592.507916][ T5933] usb 1-1: SerialNumber: syz [ 592.521354][T11479] CPU: 1 UID: 0 PID: 11479 Comm: syz.5.1419 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 592.531659][T11479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 592.541744][T11479] Call Trace: [ 592.545039][T11479] [ 592.547986][T11479] dump_stack_lvl+0x241/0x360 [ 592.552697][T11479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 592.557929][T11479] ? __pfx__printk+0x10/0x10 [ 592.562636][T11479] ? kmem_cache_alloc_noprof+0x48/0x380 [ 592.568207][T11479] ? __pfx___might_resched+0x10/0x10 [ 592.573529][T11479] should_fail_ex+0x3b0/0x4e0 [ 592.578240][T11479] should_failslab+0xac/0x100 [ 592.582942][T11479] ? mas_alloc_nodes+0x25b/0x7e0 [ 592.587904][T11479] kmem_cache_alloc_noprof+0x70/0x380 [ 592.593307][T11479] mas_alloc_nodes+0x25b/0x7e0 [ 592.598104][T11479] mas_preallocate+0x575/0x8d0 [ 592.602902][T11479] ? __pfx_mas_preallocate+0x10/0x10 [ 592.608223][T11479] ? __raw_spin_lock_init+0x45/0x100 [ 592.613637][T11479] ? __mas_set_range+0x133/0x3c0 [ 592.618640][T11479] __mmap_region+0x1b89/0x2cd0 [ 592.623465][T11479] ? __pfx___mmap_region+0x10/0x10 [ 592.628607][T11479] ? vm_unmapped_area+0x4fa/0xdb0 [ 592.633689][T11479] ? kernel_text_address+0xa7/0xe0 [ 592.639018][T11479] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 592.645648][T11479] ? mm_get_unmapped_area_vmflags+0xb9/0xf0 [ 592.651576][T11479] ? thp_get_unmapped_area_vmflags+0x341/0x380 [ 592.657760][T11479] ? cap_mmap_addr+0x163/0x2c0 [ 592.662556][T11479] mmap_region+0x1d0/0x2c0 [ 592.667003][T11479] ? security_mmap_addr+0x6f/0x250 [ 592.672158][T11479] do_mmap+0x8f0/0x1000 [ 592.676361][T11479] ? __pfx_do_mmap+0x10/0x10 [ 592.680984][T11479] ? __pfx_down_write_killable+0x10/0x10 [ 592.686651][T11479] ? apparmor_mmap_file+0xc3/0xe0 [ 592.691710][T11479] vm_mmap_pgoff+0x214/0x430 [ 592.696341][T11479] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 592.701482][T11479] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.707845][T11479] ? do_syscall_64+0x100/0x230 [ 592.712641][T11479] ? ksys_mmap_pgoff+0xdf/0x720 [ 592.717523][T11479] ? __x64_sys_mmap+0x7f/0x140 [ 592.722319][T11479] do_syscall_64+0xf3/0x230 [ 592.726851][T11479] ? clear_bhb_loop+0x35/0x90 [ 592.731557][T11479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.737479][T11479] RIP: 0033:0x7f591cd7e753 [ 592.741920][T11479] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 592.761559][T11479] RSP: 002b:00007f591dbbbe18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 592.770011][T11479] RAX: ffffffffffffffda RBX: 0000000000000515 RCX: 00007f591cd7e753 [ 592.778011][T11479] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 592.786015][T11479] RBP: 0000000020000602 R08: 00000000ffffffff R09: 0000000000000000 [ 592.794019][T11479] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 592.802023][T11479] R13: 00007f591dbbbef0 R14: 00007f591dbbbeb0 R15: 00000000200005c0 [ 592.810053][T11479] [ 592.842891][ T5933] usb 1-1: config 0 descriptor?? [ 592.893155][ T5933] usb 1-1: can't set config #0, error -71 [ 592.975414][ T5933] usb 1-1: USB disconnect, device number 24 [ 593.002899][ T5896] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 593.152407][T11495] MPI: mpi too large (187200 bits) [ 593.181488][T11495] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1425'. [ 593.225465][ T5896] usb 2-1: Using ep0 maxpacket: 16 [ 593.288127][ T5896] usb 2-1: config 0 has an invalid interface number: 68 but max is 0 [ 593.369666][T11500] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1424'. [ 593.383939][T11500] netlink: 691 bytes leftover after parsing attributes in process `syz.0.1424'. [ 594.009742][ T5896] usb 2-1: config 0 has no interface number 0 [ 594.016026][ T5896] usb 2-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 594.058880][ T5896] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 594.078751][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.098424][ T5896] usb 2-1: Product: syz [ 594.118481][ T5896] usb 2-1: Manufacturer: syz [ 594.132635][ T5896] usb 2-1: SerialNumber: syz [ 594.232768][T11507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1427'. [ 594.878785][T11513] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1428'. [ 594.883816][ T5896] usb 2-1: config 0 descriptor?? [ 594.896190][T11482] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 594.933535][ T5896] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 595.021545][ T29] audit: type=1326 audit(1730807918.783:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11520 comm="syz.2.1430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3809d7e719 code=0x0 [ 595.164874][T11525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.186301][T11525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.289100][ T29] audit: type=1326 audit(1730807919.053:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11526 comm="syz.0.1432" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feee357e719 code=0x0 [ 595.398322][T11528] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 595.639036][T11531] FAULT_INJECTION: forcing a failure. [ 595.639036][T11531] name failslab, interval 1, probability 0, space 0, times 0 [ 595.653152][T11531] CPU: 0 UID: 0 PID: 11531 Comm: syz.4.1433 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 595.663444][T11531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 595.673531][T11531] Call Trace: [ 595.676833][T11531] [ 595.679786][T11531] dump_stack_lvl+0x241/0x360 [ 595.684497][T11531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 595.689735][T11531] ? __pfx__printk+0x10/0x10 [ 595.694364][T11531] ? fs_reclaim_acquire+0x93/0x130 [ 595.699509][T11531] ? __pfx___might_resched+0x10/0x10 [ 595.704835][T11531] should_fail_ex+0x3b0/0x4e0 [ 595.709549][T11531] should_failslab+0xac/0x100 [ 595.714262][T11531] __kmalloc_noprof+0xdd/0x4c0 [ 595.719054][T11531] ? tomoyo_encode+0x26f/0x540 [ 595.723848][T11531] tomoyo_encode+0x26f/0x540 [ 595.728473][T11531] tomoyo_realpath_from_path+0x59e/0x5e0 [ 595.734151][T11531] tomoyo_path_number_perm+0x236/0x860 [ 595.739637][T11531] ? __lock_acquire+0x1397/0x2100 [ 595.744695][T11531] ? tomoyo_path_number_perm+0x206/0x860 [ 595.750362][T11531] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 595.756419][T11531] ? __fget_files+0x2a/0x410 [ 595.761059][T11531] ? __fget_files+0x2a/0x410 [ 595.765686][T11531] security_file_ioctl+0xc6/0x2a0 [ 595.770747][T11531] __se_sys_ioctl+0x46/0x170 [ 595.775379][T11531] do_syscall_64+0xf3/0x230 [ 595.779910][T11531] ? clear_bhb_loop+0x35/0x90 [ 595.784630][T11531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.790551][T11531] RIP: 0033:0x7f129cb7e719 [ 595.794992][T11531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.814635][T11531] RSP: 002b:00007f129d8f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 595.823095][T11531] RAX: ffffffffffffffda RBX: 00007f129cd35f80 RCX: 00007f129cb7e719 [ 595.831163][T11531] RDX: 0000000020000140 RSI: 0000000080044940 RDI: 0000000000000003 [ 595.839180][T11531] RBP: 00007f129d8f3090 R08: 0000000000000000 R09: 0000000000000000 [ 595.847194][T11531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 595.855202][T11531] R13: 0000000000000000 R14: 00007f129cd35f80 R15: 00007fffc06826a8 [ 595.863225][T11531] [ 595.883001][T11531] ERROR: Out of memory at tomoyo_realpath_from_path. [ 595.993747][ T6234] usb 2-1: Failed to submit usb control message: -110 [ 596.011013][ T6234] usb 2-1: unable to send the bmi data to the device: -110 [ 596.022784][ T6234] usb 2-1: unable to get target info from device [ 596.037856][ T6234] usb 2-1: could not get target info (-110) [ 596.046233][ T6234] usb 2-1: could not probe fw (-110) [ 597.159818][ T5896] usb 2-1: USB disconnect, device number 23 [ 599.393038][T11553] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1439'. [ 599.713195][T11555] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'. [ 600.523124][T11553] netlink: 691 bytes leftover after parsing attributes in process `syz.5.1439'. [ 601.143207][ T29] audit: type=1326 audit(1730807924.873:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11566 comm="syz.2.1444" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3809d7e719 code=0x0 [ 601.178228][T11574] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1442'. [ 601.442964][ T5896] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 601.450888][ T5844] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 601.602917][ T5896] usb 1-1: Using ep0 maxpacket: 16 [ 601.608193][ T5844] usb 5-1: Using ep0 maxpacket: 16 [ 601.616331][ T5844] usb 5-1: config 180 has an invalid interface number: 201 but max is 1 [ 601.625092][ T5896] usb 1-1: config 180 has an invalid interface number: 201 but max is 1 [ 601.638058][ T5896] usb 1-1: config 180 has an invalid interface number: 139 but max is 1 [ 601.655266][ T5844] usb 5-1: config 180 has an invalid interface number: 139 but max is 1 [ 601.679424][ T5896] usb 1-1: config 180 contains an unexpected descriptor of type 0x1, skipping [ 601.691045][ T5844] usb 5-1: config 180 contains an unexpected descriptor of type 0x1, skipping [ 601.712792][ T5896] usb 1-1: config 180 has no interface number 0 [ 601.721476][ T5844] usb 5-1: config 180 has no interface number 0 [ 601.738323][ T5896] usb 1-1: config 180 has no interface number 1 [ 601.753401][ T5844] usb 5-1: config 180 has no interface number 1 [ 601.765052][ T5896] usb 1-1: config 180 interface 201 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 601.779079][ T5844] usb 5-1: config 180 interface 201 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 601.806196][ T5844] usb 5-1: config 180 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 601.822155][ T5896] usb 1-1: config 180 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 601.862551][ T5844] usb 5-1: New USB device found, idVendor=5e24, idProduct=ab02, bcdDevice=d0.92 [ 601.875522][ T5896] usb 1-1: New USB device found, idVendor=5e24, idProduct=ab02, bcdDevice=d0.92 [ 601.889534][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.909569][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.928067][ T5896] usb 1-1: Product: syz [ 601.956317][ T5844] usb 5-1: Product: syz [ 601.960542][ T5844] usb 5-1: Manufacturer: syz [ 601.966064][ T5896] usb 1-1: Manufacturer: syz [ 601.970702][ T5896] usb 1-1: SerialNumber: syz [ 601.987878][ T5844] usb 5-1: SerialNumber: syz [ 602.183080][ T5933] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 602.541105][ T5933] usb 6-1: Using ep0 maxpacket: 16 [ 602.547635][ T5933] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.508184][ T5933] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 603.521489][ T5933] usb 6-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 603.530855][ T5933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.835673][ T5933] usb 6-1: config 0 descriptor?? [ 604.235637][ T3071] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 604.254066][T10906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.262542][ T6234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.277954][T10906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.287396][ T6234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.515344][ T3071] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 604.525308][ T3071] usb 2-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 604.556054][ T3071] usb 2-1: Manufacturer: syz [ 604.580709][ T3071] usb 2-1: config 0 descriptor?? [ 604.673894][ T5933] kye 0003:0458:5015.0005: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 604.689056][ T5933] kye 0003:0458:5015.0005: unbalanced collection at end of report description [ 604.698579][ T5933] kye 0003:0458:5015.0005: parse failed [ 604.704612][ T5933] kye 0003:0458:5015.0005: probe with driver kye failed with error -22 [ 605.001414][ T3071] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 605.432944][T11612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1457'. [ 605.525770][ T5896] usb 5-1: USB disconnect, device number 26 [ 606.311446][ T9] usb 6-1: USB disconnect, device number 23 [ 606.319593][T11613] netlink: 691 bytes leftover after parsing attributes in process `syz.2.1457'. [ 606.411744][ T5894] usb 1-1: USB disconnect, device number 25 [ 606.462441][T11624] FAULT_INJECTION: forcing a failure. [ 606.462441][T11624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.466247][ T5896] usb 2-1: USB disconnect, device number 24 [ 606.475734][T11624] CPU: 1 UID: 0 PID: 11624 Comm: syz.5.1460 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 606.491881][T11624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 606.501965][T11624] Call Trace: [ 606.505249][T11624] [ 606.508180][T11624] dump_stack_lvl+0x241/0x360 [ 606.512865][T11624] ? __pfx_dump_stack_lvl+0x10/0x10 [ 606.518065][T11624] ? __pfx__printk+0x10/0x10 [ 606.522659][T11624] should_fail_ex+0x3b0/0x4e0 [ 606.527343][T11624] _copy_from_user+0x2f/0xc0 [ 606.531930][T11624] move_addr_to_kernel+0x82/0x150 [ 606.536958][T11624] __sys_sendto+0x268/0x4c0 [ 606.541468][T11624] ? __pfx___sys_sendto+0x10/0x10 [ 606.546494][T11624] ? __mutex_unlock_slowpath+0x21e/0x790 [ 606.552140][T11624] ? __fget_files+0x2a/0x410 [ 606.556747][T11624] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 606.562731][T11624] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.569064][T11624] __x64_sys_sendto+0xde/0x100 [ 606.573830][T11624] do_syscall_64+0xf3/0x230 [ 606.578330][T11624] ? clear_bhb_loop+0x35/0x90 [ 606.583011][T11624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.588903][T11624] RIP: 0033:0x7f591cd7e719 [ 606.593316][T11624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.612922][T11624] RSP: 002b:00007f591dbbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 606.621334][T11624] RAX: ffffffffffffffda RBX: 00007f591cf35f80 RCX: 00007f591cd7e719 [ 606.629333][T11624] RDX: 0000000000000001 RSI: 0000000020847fff RDI: 0000000000000003 [ 606.637316][T11624] RBP: 00007f591dbbc090 R08: 0000000020000000 R09: 000000000000001c [ 606.645290][T11624] R10: 0000000000000041 R11: 0000000000000246 R12: 0000000000000001 [ 606.653345][T11624] R13: 0000000000000000 R14: 00007f591cf35f80 R15: 00007ffd0d82c588 [ 606.661327][T11624] [ 607.846593][T11647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 607.872397][T11647] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 609.218350][T11682] netlink: 'syz.4.1474': attribute type 39 has an invalid length. [ 609.659776][T11698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1477'. [ 610.432990][ T5896] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 610.510798][T11708] bridge0: port 3(vlan2) entered blocking state [ 610.543480][T11708] bridge0: port 3(vlan2) entered disabled state [ 610.556493][T11708] vlan2: entered allmulticast mode [ 610.561868][T11708] gretap0: entered allmulticast mode [ 610.569200][T11708] vlan2: entered promiscuous mode [ 610.584893][T11708] gretap0: entered promiscuous mode [ 610.605447][T11708] bridge0: port 3(vlan2) entered blocking state [ 610.612476][T11708] bridge0: port 3(vlan2) entered forwarding state [ 610.643076][ T5896] usb 6-1: device descriptor read/64, error -71 [ 610.786513][T11660] ipt_REJECT: TCP_RESET invalid for non-tcp [ 610.818108][T11715] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1481'. [ 610.902805][ T5896] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 611.063596][ T5896] usb 6-1: device descriptor read/64, error -71 [ 611.085395][T11724] netlink: 'syz.0.1483': attribute type 39 has an invalid length. [ 611.175680][T11728] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1484'. [ 611.205111][ T5896] usb usb6-port1: attempt power cycle [ 611.238866][T11729] overlayfs: failed to resolve './file0': -2 [ 611.584882][ T5896] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 611.656952][ T5896] usb 6-1: device descriptor read/8, error -71 [ 611.997429][T11739] hsr0: entered promiscuous mode [ 612.058228][ T5896] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 612.116835][ T5896] usb 6-1: device descriptor read/8, error -71 [ 612.417293][ T5896] usb usb6-port1: unable to enumerate USB device [ 613.650259][T11765] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1495'. [ 614.267936][T11786] FAULT_INJECTION: forcing a failure. [ 614.267936][T11786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.302167][T11786] CPU: 1 UID: 0 PID: 11786 Comm: syz.1.1500 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 614.312483][T11786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 614.322570][T11786] Call Trace: [ 614.325881][T11786] [ 614.328837][T11786] dump_stack_lvl+0x241/0x360 [ 614.333548][T11786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 614.338769][T11786] ? __pfx__printk+0x10/0x10 [ 614.343388][T11786] ? __pfx_lock_release+0x10/0x10 [ 614.348458][T11786] should_fail_ex+0x3b0/0x4e0 [ 614.353182][T11786] _copy_from_iter+0x21f/0x1e70 [ 614.358066][T11786] ? __virt_addr_valid+0x183/0x530 [ 614.363214][T11786] ? __pfx_lock_release+0x10/0x10 [ 614.368288][T11786] ? __alloc_skb+0x28f/0x440 [ 614.372932][T11786] ? __pfx__copy_from_iter+0x10/0x10 [ 614.378275][T11786] ? __virt_addr_valid+0x183/0x530 [ 614.383431][T11786] ? __virt_addr_valid+0x183/0x530 [ 614.388590][T11786] ? __virt_addr_valid+0x45f/0x530 [ 614.393740][T11786] ? __check_object_size+0x48e/0x900 [ 614.399066][T11786] pfkey_sendmsg+0x235/0x1050 [ 614.403789][T11786] ? __pfx___might_resched+0x10/0x10 [ 614.409128][T11786] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 614.414289][T11786] ? aa_sk_perm+0x96d/0xab0 [ 614.418846][T11786] ? __pfx_aa_sk_perm+0x10/0x10 [ 614.423727][T11786] ? __pfx_lock_release+0x10/0x10 [ 614.428777][T11786] ? __import_iovec+0x590/0x870 [ 614.433655][T11786] ? aa_sock_msg_perm+0x91/0x160 [ 614.438623][T11786] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 614.443758][T11786] __sock_sendmsg+0x221/0x270 [ 614.448463][T11786] ____sys_sendmsg+0x52a/0x7e0 [ 614.453257][T11786] ? __pfx_____sys_sendmsg+0x10/0x10 [ 614.458570][T11786] ? __fget_files+0x2a/0x410 [ 614.463198][T11786] ? __fget_files+0x2a/0x410 [ 614.467825][T11786] __sys_sendmsg+0x269/0x350 [ 614.472439][T11786] ? __pfx_lock_release+0x10/0x10 [ 614.477491][T11786] ? __pfx___sys_sendmsg+0x10/0x10 [ 614.482639][T11786] ? __pfx_vfs_write+0x10/0x10 [ 614.487458][T11786] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 614.493820][T11786] ? do_syscall_64+0x100/0x230 [ 614.498614][T11786] ? do_syscall_64+0xb6/0x230 [ 614.503331][T11786] do_syscall_64+0xf3/0x230 [ 614.507860][T11786] ? clear_bhb_loop+0x35/0x90 [ 614.512566][T11786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.518481][T11786] RIP: 0033:0x7f177b97e719 [ 614.522920][T11786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.542558][T11786] RSP: 002b:00007f177c71d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 614.551017][T11786] RAX: ffffffffffffffda RBX: 00007f177bb35f80 RCX: 00007f177b97e719 [ 614.559022][T11786] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 614.567036][T11786] RBP: 00007f177c71d090 R08: 0000000000000000 R09: 0000000000000000 [ 614.575052][T11786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.583066][T11786] R13: 0000000000000000 R14: 00007f177bb35f80 R15: 00007ffc784fff08 [ 614.591088][T11786] [ 614.767621][T11790] FAULT_INJECTION: forcing a failure. [ 614.767621][T11790] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.787474][T11790] CPU: 0 UID: 0 PID: 11790 Comm: syz.5.1502 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 614.797788][T11790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 614.807875][T11790] Call Trace: [ 614.811171][T11790] [ 614.814129][T11790] dump_stack_lvl+0x241/0x360 [ 614.818835][T11790] ? __pfx_dump_stack_lvl+0x10/0x10 [ 614.824056][T11790] ? __pfx__printk+0x10/0x10 [ 614.828672][T11790] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 614.834677][T11790] ? __pfx_lock_release+0x10/0x10 [ 614.839720][T11790] ? _raw_spin_lock_irq+0xdf/0x120 [ 614.844866][T11790] should_fail_ex+0x3b0/0x4e0 [ 614.849574][T11790] _copy_from_user+0x2f/0xc0 [ 614.854181][T11790] restore_altstack+0x99/0x150 [ 614.858972][T11790] ? __pfx_restore_altstack+0x10/0x10 [ 614.864371][T11790] ? __task_pid_nr_ns+0x28/0x450 [ 614.869343][T11790] __do_sys_rt_sigreturn+0x194/0x280 [ 614.874666][T11790] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 614.880515][T11790] ? do_syscall_64+0x100/0x230 [ 614.885320][T11790] ? do_syscall_64+0xb6/0x230 [ 614.887266][T11792] pimreg: entered allmulticast mode [ 614.890015][T11790] do_syscall_64+0xf3/0x230 [ 614.890046][T11790] ? clear_bhb_loop+0x35/0x90 [ 614.890071][T11790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.910341][T11790] RIP: 0033:0x7f591cd1a099 [ 614.912818][T11792] pimreg: left allmulticast mode [ 614.914764][T11790] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 614.939334][T11790] RSP: 002b:00007f591dbbba80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 614.947779][T11790] RAX: ffffffffffffffda RBX: 00007f591cf35f80 RCX: 00007f591cd1a099 [ 614.955781][T11790] RDX: 00007f591dbbba80 RSI: 00007f591dbbbbb0 RDI: 0000000000000021 [ 614.963791][T11790] RBP: 00007f591dbbc090 R08: 0000000000000000 R09: 0000000000000000 [ 614.971791][T11790] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 614.979787][T11790] R13: 0000000000000000 R14: 00007f591cf35f80 R15: 00007ffd0d82c588 [ 614.987810][T11790] [ 615.123214][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 615.232910][ T5896] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 615.273059][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 615.287099][ T9] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 615.296838][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.305844][ T9] usb 1-1: Product: syz [ 615.310039][ T9] usb 1-1: Manufacturer: syz [ 615.314760][ T9] usb 1-1: SerialNumber: syz [ 615.321448][ T9] usb 1-1: config 0 descriptor?? [ 616.081001][ T5844] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 616.090413][ T9] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: failure sending bit rate [ 616.099245][ T9] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 616.126286][ T9] usb 1-1: USB disconnect, device number 26 [ 616.146428][ T5896] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 616.157623][ T5896] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 616.168789][ T5896] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 616.180110][ T5896] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 616.190340][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.201451][T11793] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 616.209585][T11793] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 616.220151][ T5896] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 616.295458][ T5844] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 616.305714][ T5844] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.338602][ T5844] usb 3-1: config 0 descriptor?? [ 616.346930][ T5844] cp210x 3-1:0.0: cp210x converter detected [ 616.433273][ T9] usb 2-1: USB disconnect, device number 25 [ 616.824667][ T5844] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 616.849965][ T5844] usb 3-1: cp210x converter now attached to ttyUSB0 [ 616.920225][T11813] FAULT_INJECTION: forcing a failure. [ 616.920225][T11813] name failslab, interval 1, probability 0, space 0, times 0 [ 616.942810][T11813] CPU: 1 UID: 0 PID: 11813 Comm: syz.5.1510 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 616.953113][T11813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 616.963169][T11813] Call Trace: [ 616.966460][T11813] [ 616.969411][T11813] dump_stack_lvl+0x241/0x360 [ 616.974121][T11813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 616.979351][T11813] ? __pfx__printk+0x10/0x10 [ 616.983973][T11813] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 616.989990][T11813] ? __pfx___might_resched+0x10/0x10 [ 616.995325][T11813] should_fail_ex+0x3b0/0x4e0 [ 617.000036][T11813] should_failslab+0xac/0x100 [ 617.004748][T11813] kmem_cache_alloc_node_noprof+0x77/0x380 [ 617.010591][T11813] ? __alloc_skb+0x1c3/0x440 [ 617.015223][T11813] __alloc_skb+0x1c3/0x440 [ 617.019673][T11813] ? __pfx___alloc_skb+0x10/0x10 [ 617.024648][T11813] ? netlink_ack_tlv_len+0x6e/0x200 [ 617.029882][T11813] netlink_ack+0x13f/0xa30 [ 617.034330][T11813] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 617.039840][T11813] netlink_rcv_skb+0x262/0x430 [ 617.044649][T11813] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 617.050164][T11813] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 617.055514][T11813] ? netlink_deliver_tap+0x2e/0x1b0 [ 617.060762][T11813] netlink_unicast+0x7f6/0x990 [ 617.065582][T11813] ? __pfx_netlink_unicast+0x10/0x10 [ 617.070912][T11813] ? __virt_addr_valid+0x183/0x530 [ 617.076065][T11813] ? __check_object_size+0x48e/0x900 [ 617.081402][T11813] netlink_sendmsg+0x8e4/0xcb0 [ 617.086219][T11813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.091546][T11813] ? aa_sock_msg_perm+0x91/0x160 [ 617.096525][T11813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.101852][T11813] __sock_sendmsg+0x221/0x270 [ 617.106566][T11813] ____sys_sendmsg+0x52a/0x7e0 [ 617.111365][T11813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 617.116678][T11813] ? __fget_files+0x2a/0x410 [ 617.121299][T11813] ? __fget_files+0x2a/0x410 [ 617.125929][T11813] __sys_sendmsg+0x269/0x350 [ 617.130548][T11813] ? __pfx_lock_release+0x10/0x10 [ 617.135610][T11813] ? __pfx___sys_sendmsg+0x10/0x10 [ 617.140774][T11813] ? __pfx_vfs_write+0x10/0x10 [ 617.145599][T11813] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 617.151979][T11813] ? do_syscall_64+0x100/0x230 [ 617.156783][T11813] ? do_syscall_64+0xb6/0x230 [ 617.161501][T11813] do_syscall_64+0xf3/0x230 [ 617.166047][T11813] ? clear_bhb_loop+0x35/0x90 [ 617.170770][T11813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.176698][T11813] RIP: 0033:0x7f591cd7e719 [ 617.181147][T11813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.200787][T11813] RSP: 002b:00007f591dbbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 617.209245][T11813] RAX: ffffffffffffffda RBX: 00007f591cf35f80 RCX: 00007f591cd7e719 [ 617.217250][T11813] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000003 [ 617.225256][T11813] RBP: 00007f591dbbc090 R08: 0000000000000000 R09: 0000000000000000 [ 617.233263][T11813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 617.241268][T11813] R13: 0000000000000000 R14: 00007f591cf35f80 R15: 00007ffd0d82c588 [ 617.249292][T11813] [ 617.255430][ T5844] usb 3-1: USB disconnect, device number 17 [ 617.260042][ T29] audit: type=1326 audit(1730807941.023:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.1.1512" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f177b97e719 code=0x0 [ 617.296365][T11820] tun0: tun_chr_ioctl cmd 2148553947 [ 617.303972][T11820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1514'. [ 617.347883][ T5844] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 617.403199][ T5844] cp210x 3-1:0.0: device disconnected [ 617.458407][T11828] unknown channel width for channel at 909000KHz? [ 617.597296][ T5894] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 617.765610][ T5894] usb 6-1: Using ep0 maxpacket: 8 [ 617.773035][ T5894] usb 6-1: config 0 has an invalid interface number: 32 but max is 0 [ 617.773163][ T5894] usb 6-1: config 0 has no interface number 0 [ 617.773353][ T5894] usb 6-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.773450][ T5894] usb 6-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.779172][ T5894] usb 6-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 617.779303][ T5894] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 617.779393][ T5894] usb 6-1: Manufacturer: syz [ 617.809993][ T5894] usb 6-1: config 0 descriptor?? [ 618.234094][T11839] netlink: 'syz.2.1519': attribute type 25 has an invalid length. [ 618.242283][T11839] netlink: 'syz.2.1519': attribute type 44 has an invalid length. [ 618.562876][ T5900] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 618.593437][ T5844] usb 6-1: USB disconnect, device number 28 [ 618.633252][ T5933] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 618.723206][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 618.751697][ T5900] usb 1-1: New USB device found, idVendor=13d3, idProduct=3306, bcdDevice=88.be [ 618.802581][ T5933] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 618.822284][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.830456][ T5933] usb 5-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 618.839238][ T5900] usb 1-1: Product: syz [ 618.843636][ T5933] usb 5-1: Manufacturer: syz [ 618.848401][ T5900] usb 1-1: Manufacturer: syz [ 618.854568][ T5900] usb 1-1: SerialNumber: syz [ 618.863189][ T5933] usb 5-1: config 0 descriptor?? [ 618.870285][ T5900] usb 1-1: config 0 descriptor?? [ 618.883800][ T5900] r8712u: register rtl8712_netdev_ops to netdev_ops [ 618.890567][ T5900] usb 1-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 619.093173][ T5900] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 619.117888][ T5900] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 619.132948][ T5900] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 619.188287][ T5900] usb 1-1: USB disconnect, device number 27 [ 619.304387][ T5933] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 619.673171][ T5844] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 619.681752][T11861] FAULT_INJECTION: forcing a failure. [ 619.681752][T11861] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 619.695264][T11861] CPU: 0 UID: 0 PID: 11861 Comm: syz.2.1528 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 619.705562][T11861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 619.715657][T11861] Call Trace: [ 619.718965][T11861] [ 619.721928][T11861] dump_stack_lvl+0x241/0x360 [ 619.726643][T11861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 619.731878][T11861] ? __pfx__printk+0x10/0x10 [ 619.736504][T11861] ? snprintf+0xda/0x120 [ 619.740794][T11861] should_fail_ex+0x3b0/0x4e0 [ 619.745510][T11861] _copy_to_user+0x31/0xb0 [ 619.749963][T11861] simple_read_from_buffer+0xca/0x150 [ 619.755370][T11861] proc_fail_nth_read+0x1e9/0x250 [ 619.760429][T11861] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 619.766015][T11861] ? rw_verify_area+0x55e/0x6f0 [ 619.770914][T11861] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 619.776501][T11861] vfs_read+0x1fc/0xb70 [ 619.780707][T11861] ? __pfx___mutex_lock+0x10/0x10 [ 619.785761][T11861] ? __pfx_vfs_read+0x10/0x10 [ 619.790440][T11861] ? __mutex_unlock_slowpath+0x21e/0x790 [ 619.796090][T11861] ? __fget_files+0x2a/0x410 [ 619.800701][T11861] ? __fget_files+0x395/0x410 [ 619.805396][T11861] ? __fget_files+0x2a/0x410 [ 619.810040][T11861] ksys_read+0x18f/0x2b0 [ 619.814309][T11861] ? __pfx_ksys_read+0x10/0x10 [ 619.819101][T11861] ? do_syscall_64+0x100/0x230 [ 619.823902][T11861] ? do_syscall_64+0xb6/0x230 [ 619.828606][T11861] do_syscall_64+0xf3/0x230 [ 619.833118][T11861] ? clear_bhb_loop+0x35/0x90 [ 619.837830][T11861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.843755][T11861] RIP: 0033:0x7f3809d7d15c [ 619.848194][T11861] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 619.867814][T11861] RSP: 002b:00007f380ab76030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 619.876272][T11861] RAX: ffffffffffffffda RBX: 00007f3809f35f80 RCX: 00007f3809d7d15c [ 619.884268][T11861] RDX: 000000000000000f RSI: 00007f380ab760a0 RDI: 0000000000000005 [ 619.892266][T11861] RBP: 00007f380ab76090 R08: 0000000000000000 R09: 0000000000000000 [ 619.900250][T11861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.908254][T11861] R13: 0000000000000000 R14: 00007f3809f35f80 R15: 00007ffee8700e38 [ 619.911302][ T5933] usb 5-1: USB disconnect, device number 27 [ 619.916252][T11861] [ 619.916409][ C0] vkms_vblank_simulate: vblank timer overrun [ 619.936724][T11862] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1527'. [ 619.953484][T11859] kAFS: No cell specified [ 620.063490][ T5844] usb 6-1: Using ep0 maxpacket: 8 [ 620.085161][ T5844] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10ae, bcdDevice=8a.18 [ 620.100781][ T5844] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.121323][ T5844] usb 6-1: config 0 descriptor?? [ 620.134398][ T5844] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 620.152967][ T5844] dvb_usb_af9035 6-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 620.395347][ T5844] usb 6-1: USB disconnect, device number 29 [ 620.792923][ T5900] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 620.953402][ T5900] usb 5-1: Using ep0 maxpacket: 16 [ 620.962505][ T5900] usb 5-1: config 180 has an invalid interface number: 201 but max is 1 [ 620.972353][ T5900] usb 5-1: config 180 has an invalid interface number: 139 but max is 1 [ 620.980874][ T5900] usb 5-1: config 180 contains an unexpected descriptor of type 0x1, skipping [ 620.989925][ T5900] usb 5-1: config 180 has no interface number 0 [ 620.996453][ T5900] usb 5-1: config 180 has no interface number 1 [ 621.006190][ T5900] usb 5-1: config 180 interface 201 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 621.017436][ T5900] usb 5-1: config 180 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 621.072843][ T5900] usb 5-1: New USB device found, idVendor=5e24, idProduct=ab02, bcdDevice=d0.92 [ 621.081950][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.097744][ T5900] usb 5-1: Product: syz [ 621.101975][ T5900] usb 5-1: Manufacturer: syz [ 621.122924][ T5900] usb 5-1: SerialNumber: syz [ 621.302613][T11887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 621.344914][T11890] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1539'. [ 622.545645][T11922] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 622.554116][T11921] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 622.778182][T11937] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 622.833645][T11939] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 623.055803][T11951] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1568'. [ 623.066964][T11951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1568'. [ 623.120100][T11953] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1569'. [ 623.134381][T11953] batadv0: entered promiscuous mode [ 623.216259][T11957] bridge0: port 1(bridge_slave_0) entered blocking state [ 623.223820][T11957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 623.617904][ T9] usb 5-1: USB disconnect, device number 28 [ 623.820474][T11989] netlink: 'syz.4.1584': attribute type 39 has an invalid length. [ 624.485246][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.770215][T12025] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1597'. [ 624.815984][T12025] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1597'. [ 625.088005][T12036] tipc: Started in network mode [ 625.097034][T12036] tipc: Node identity 16a77e6937a9, cluster identity 4711 [ 625.109541][T12036] tipc: Enabled bearer , priority 0 [ 625.121981][T12034] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1602'. [ 625.191022][T12036] tipc: Resetting bearer [ 625.204224][T12038] netlink: 'syz.4.1602': attribute type 4 has an invalid length. [ 625.228188][T12035] tipc: Resetting bearer [ 626.216142][ T5900] tipc: Node number set to 554597993 [ 628.363277][T12035] tipc: Disabling bearer [ 628.371296][T12044] netlink: 'syz.4.1602': attribute type 4 has an invalid length. [ 628.497344][T12080] tap0: tun_chr_ioctl cmd 1074812118 [ 628.724879][T12105] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 628.793619][T12112] bond0: (slave bond_slave_0): Releasing backup interface [ 628.823651][T12112] bond0: (slave bond_slave_1): Releasing backup interface [ 629.054528][T12112] team0: Port device team_slave_0 removed [ 629.118256][T12112] team0: Port device team_slave_1 removed [ 629.134064][T12112] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.141552][T12112] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.180768][T12127] netlink: 468 bytes leftover after parsing attributes in process `syz.2.1629'. [ 629.190839][T12112] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.205677][T12112] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.260055][T12127] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1629'. [ 629.368541][T12136] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1632'. [ 629.468747][T12138] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1633'. [ 629.568678][T12142] wg2: entered promiscuous mode [ 629.583217][T12142] team0: Device wg2 is of different type [ 629.819434][T12153] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1639'. [ 629.894688][T12153] 0·: renamed from hsr0 (while UP) [ 629.927849][T12153] 0·: left promiscuous mode [ 629.932447][T12153] 0·: entered allmulticast mode [ 629.947922][T12153] hsr_slave_0: entered allmulticast mode [ 629.962765][T12153] hsr_slave_1: entered allmulticast mode [ 629.979165][T12153] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 630.161528][T12167] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1647'. [ 630.337654][T12174] team0: Device wg2 is of different type [ 631.238141][T12220] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1671'. [ 632.326902][T12268] bridge2: entered promiscuous mode [ 632.352922][T12268] bridge2: entered allmulticast mode [ 632.402599][T12268] team0: Port device bridge2 added [ 632.490155][T12271] netlink: 'syz.1.1692': attribute type 10 has an invalid length. [ 632.525729][T12271] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 632.547296][T12268] bridge0: port 3(ip6gretap0) entered blocking state [ 632.561637][T12268] bridge0: port 3(ip6gretap0) entered disabled state [ 632.570128][T12268] ip6gretap0: entered allmulticast mode [ 632.613724][T12268] ip6gretap0: entered promiscuous mode [ 632.624710][T12268] bridge0: port 3(ip6gretap0) entered blocking state [ 632.632175][T12268] bridge0: port 3(ip6gretap0) entered forwarding state [ 632.949351][T12301] vlan2: entered promiscuous mode [ 632.970518][T12301] dummy0: entered promiscuous mode [ 632.980980][T12301] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 633.201383][T12319] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1716'. [ 633.470350][T12336] tipc: Started in network mode [ 633.482916][T12336] tipc: Node identity f7, cluster identity 4711 [ 633.489228][T12336] tipc: Node number set to 247 [ 633.679864][T12354] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 633.687869][T12354] IPv6: NLM_F_CREATE should be set when creating new route [ 633.702166][T12356] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1729'. [ 634.845119][T12432] bond0: (slave bond_slave_0): Releasing backup interface [ 634.914479][T12432] bond0: (slave bond_slave_1): Releasing backup interface [ 635.024627][T12432] team0: Port device team_slave_0 removed [ 635.044240][T12445] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 635.083198][T12432] team0: Port device team_slave_1 removed [ 635.105022][T12432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 635.123257][T12432] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 635.146209][T12432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 635.162971][T12432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 635.218992][T12432] bond0: (slave netdevsim0): Releasing backup interface [ 635.249644][T12438] wg2: entered promiscuous mode [ 635.279009][T12438] team0: Port device wg2 added [ 635.364181][T12455] lo speed is unknown, defaulting to 1000 [ 635.371229][T12457] lo: entered allmulticast mode [ 635.405460][T12457] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 635.438320][T12470] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1782'. [ 635.469334][T12455] lo speed is unknown, defaulting to 1000 [ 635.495045][T12455] lo speed is unknown, defaulting to 1000 [ 635.578422][T12475] netlink: set zone limit has 4 unknown bytes [ 635.682913][T12481] tipc: Started in network mode [ 635.706961][T12481] tipc: Node identity f7, cluster identity 4711 [ 635.718483][T12481] tipc: Node number set to 247 [ 635.828526][ T5844] lo speed is unknown, defaulting to 1000 [ 635.850151][T12455] infiniband syz0: set active [ 635.872039][T12455] infiniband syz0: added lo [ 635.997703][T12455] RDS/IB: syz0: added [ 636.058365][T12455] smc: adding ib device syz0 with port count 1 [ 636.094580][T12506] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 636.096290][T12455] smc: ib device syz0 port 1 has pnetid [ 636.101869][T12506] IPv6: NLM_F_CREATE should be set when creating new route [ 636.138236][ T5933] lo speed is unknown, defaulting to 1000 [ 636.149705][T12455] lo speed is unknown, defaulting to 1000 [ 636.190751][T12509] xt_CT: You must specify a L4 protocol and not use inversions on it [ 636.449843][T12455] lo speed is unknown, defaulting to 1000 [ 636.554734][T12530] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1809'. [ 636.623419][T12535] netlink: 'syz.4.1809': attribute type 4 has an invalid length. [ 636.706700][T12538] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 636.714003][T12538] IPv6: NLM_F_CREATE should be set when creating new route [ 636.758787][T12455] lo speed is unknown, defaulting to 1000 [ 637.052944][T12455] lo speed is unknown, defaulting to 1000 [ 637.247321][T12566] x_tables: ip_tables: osf match: only valid for protocol 6 [ 637.280218][T12567] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 637.520997][T12559] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1816'. [ 637.531005][T12559] netlink: 'syz.5.1816': attribute type 1 has an invalid length. [ 637.539054][T12559] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1816'. [ 637.548482][T12565] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 637.555846][T12565] IPv6: NLM_F_CREATE should be set when creating new route [ 637.565461][T12455] lo speed is unknown, defaulting to 1000 [ 637.890727][T12595] vlan2: entered promiscuous mode [ 638.068641][T12606] x_tables: ip_tables: osf match: only valid for protocol 6 [ 638.603989][T12645] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 638.763908][T12654] netlink: 'syz.2.1867': attribute type 23 has an invalid length. [ 638.801804][T12654] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1867'. [ 639.344188][T12691] netlink: set zone limit has 4 unknown bytes [ 639.452997][T12692] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1886'. [ 639.477202][T12692] batadv0: entered promiscuous mode [ 639.637303][T12712] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1893'. [ 639.659003][T12712] bond0: option arp_interval: invalid value (18446744073693556097) [ 639.682989][T12712] bond0: option arp_interval: allowed values 0 - 2147483647 [ 639.778243][T12722] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1901'. [ 639.993487][T12736] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1907'. [ 640.391833][T12766] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1924'. [ 640.536846][T12771] netlink: 'syz.0.1925': attribute type 10 has an invalid length. [ 640.866864][T12799] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1937'. [ 640.902508][T12799] batadv0: entered promiscuous mode [ 641.505609][T12827] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1951'. [ 641.817658][T12847] netlink: 'syz.5.1954': attribute type 10 has an invalid length. [ 641.851396][T12849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1960'. [ 642.199749][T12849] team0 (unregistering): Port device team_slave_0 removed [ 642.214526][T12849] team0 (unregistering): Port device team_slave_1 removed [ 642.230862][T12849] team0 (unregistering): Port device macvlan1 removed [ 642.266886][T12853] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1964'. [ 642.278824][T12853] batadv0: entered promiscuous mode [ 642.422574][T12865] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1969'. [ 642.891066][T12891] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1982'. [ 642.910561][T12895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1983'. [ 643.160786][T12908] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1990'. [ 643.230940][T12913] bridge2: entered promiscuous mode [ 643.247369][T12913] bridge2: entered allmulticast mode [ 643.289705][T12910] netlink: 'syz.2.1991': attribute type 10 has an invalid length. [ 643.371839][T12910] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 643.453728][T12910] bridge0: port 3(ip6gretap0) entered blocking state [ 643.461135][T12910] bridge0: port 3(ip6gretap0) entered disabled state [ 643.469923][T12926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1998'. [ 643.474158][T12910] ip6gretap0: entered allmulticast mode [ 643.493866][T12910] ip6gretap0: entered promiscuous mode [ 643.502386][T12925] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1997'. [ 643.516933][T12910] bridge0: port 3(ip6gretap0) entered blocking state [ 643.523798][T12910] bridge0: port 3(ip6gretap0) entered forwarding state [ 643.935224][T12954] netlink: 'syz.4.2011': attribute type 1 has an invalid length. [ 643.957631][T12954] netlink: 'syz.4.2011': attribute type 3 has an invalid length. [ 643.995329][T12949] netlink: 'syz.2.2009': attribute type 1 has an invalid length. [ 644.267013][T12976] x_tables: ip_tables: osf match: only valid for protocol 6 [ 644.808092][T13020] vlan2: entered promiscuous mode [ 644.820749][T13021] netlink: 'syz.4.2043': attribute type 11 has an invalid length. [ 645.285435][T13056] netlink: 'syz.4.2059': attribute type 1 has an invalid length. [ 645.497645][T13068] netlink: 'syz.2.2065': attribute type 10 has an invalid length. [ 645.853078][T13088] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 645.872629][T13097] netlink: 'syz.1.2078': attribute type 10 has an invalid length. [ 645.891927][T13099] netlink: 'syz.5.2079': attribute type 4 has an invalid length. [ 645.992488][T13109] netlink: 'syz.5.2079': attribute type 4 has an invalid length. [ 646.119423][T13113] bridge1: entered promiscuous mode [ 646.139187][T13113] bridge1: entered allmulticast mode [ 646.215985][T13113] team0: Port device bridge1 added [ 646.236365][T13120] netlink: 'syz.0.2083': attribute type 10 has an invalid length. [ 646.244411][T13120] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 646.257010][T13120] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 646.584709][T13147] infiniband syz0: set down [ 646.594972][ T9] lo speed is unknown, defaulting to 1000 [ 646.604663][ T9] lo speed is unknown, defaulting to 1000 [ 646.624879][T13147] infiniband syz0: set active [ 646.629810][ T5844] lo speed is unknown, defaulting to 1000 [ 646.636256][ T5844] lo speed is unknown, defaulting to 1000 [ 646.750030][T13151] __nla_validate_parse: 9 callbacks suppressed [ 646.750054][T13151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2099'. [ 647.193035][T13179] infiniband syz0: set down [ 647.198016][ T9] lo speed is unknown, defaulting to 1000 [ 647.204037][ T9] lo speed is unknown, defaulting to 1000 [ 647.234624][T13190] infiniband syz0: set active [ 647.239573][ T5844] lo speed is unknown, defaulting to 1000 [ 647.254498][ T5844] lo speed is unknown, defaulting to 1000 [ 647.256537][T13188] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 647.604724][T13208] xt_CT: No such helper "netbios-ns" [ 647.958830][T13231] wg2: entered promiscuous mode [ 647.971918][T13231] team0: Device wg2 is of different type [ 648.481973][T13258] vlan2: entered promiscuous mode [ 648.499473][T13258] bridge0: entered promiscuous mode [ 648.517765][T13263] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 648.946038][T13290] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2160'. [ 648.966132][T13292] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 649.210327][T13305] wg2: entered promiscuous mode [ 649.281769][T13308] lo: entered allmulticast mode [ 649.309575][T13308] tunl0: entered allmulticast mode [ 649.349699][T13308] gre0: entered allmulticast mode [ 649.499209][T13308] gretap0: left promiscuous mode [ 649.514398][T13308] bridge0: port 3(vlan2) entered disabled state [ 649.533652][T13308] erspan0: entered allmulticast mode [ 649.555016][T13308] ip_vti0: entered allmulticast mode [ 649.578390][T13308] ip6_vti0: entered allmulticast mode [ 649.603830][T13308] sit0: entered allmulticast mode [ 649.634605][T13308] ip6tnl0: entered allmulticast mode [ 649.667140][T13308] ip6gre0: entered allmulticast mode [ 649.701401][T13308] syz_tun: entered allmulticast mode [ 649.721006][T13308] ip6gretap0: entered allmulticast mode [ 649.767095][T13308] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.774534][T13308] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.803884][T13308] bridge0: entered allmulticast mode [ 649.821107][T13308] vcan0: entered allmulticast mode [ 649.858248][T13308] bond0: entered allmulticast mode [ 649.875883][T13308] bond_slave_0: entered allmulticast mode [ 649.881895][T13308] bond_slave_1: entered allmulticast mode [ 649.908005][T13308] team0: entered allmulticast mode [ 649.919285][T13308] team_slave_0: entered allmulticast mode [ 649.925421][T13308] team_slave_1: entered allmulticast mode [ 649.950700][T13308] dummy0: entered allmulticast mode [ 649.978766][T13308] nlmon0: entered allmulticast mode [ 649.999802][T13308] caif0: entered allmulticast mode [ 650.012446][T13308] batadv0: entered allmulticast mode [ 650.027078][T13308] vxcan0: entered allmulticast mode [ 650.049584][T13308] vxcan1: entered allmulticast mode [ 650.066010][T13308] veth0: entered allmulticast mode [ 650.080945][T13308] veth1: entered allmulticast mode [ 650.112448][T13308] wg1: entered allmulticast mode [ 650.128630][T13308] wg2: left promiscuous mode [ 650.139330][T13308] wg2: entered allmulticast mode [ 650.149628][T13308] veth0_to_bridge: entered allmulticast mode [ 650.185614][T13308] veth1_to_bridge: entered allmulticast mode [ 650.229337][T13308] veth0_to_bond: entered allmulticast mode [ 650.269372][T13308] veth1_to_bond: entered allmulticast mode [ 650.297397][T13308] veth0_to_team: entered allmulticast mode [ 650.324656][T13308] veth1_to_team: entered allmulticast mode [ 650.354603][T13308] veth0_to_batadv: entered allmulticast mode [ 650.371085][T13308] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 650.383886][T13308] batadv_slave_0: entered allmulticast mode [ 650.402975][T13308] veth1_to_batadv: entered allmulticast mode [ 650.416074][T13308] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.431409][T13308] batadv_slave_1: entered allmulticast mode [ 650.443442][T13308] xfrm0: entered allmulticast mode [ 650.465541][T13308] veth0_to_hsr: entered allmulticast mode [ 650.485163][T13308] hsr_slave_0: entered allmulticast mode [ 650.503277][T13308] veth1_to_hsr: entered allmulticast mode [ 650.523476][T13308] hsr_slave_1: entered allmulticast mode [ 650.540896][T13308] hsr0: entered allmulticast mode [ 650.561062][T13308] veth1_virt_wifi: entered allmulticast mode [ 650.580744][T13308] veth0_virt_wifi: entered allmulticast mode [ 650.600228][T13308] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 650.611588][T13308] veth1_vlan: entered allmulticast mode [ 650.629338][T13308] veth0_vlan: entered allmulticast mode [ 650.666457][T13308] vlan0: entered allmulticast mode [ 650.671721][T13308] vlan1: entered allmulticast mode [ 650.686042][T13308] macvlan0: entered allmulticast mode [ 650.698990][T13308] macvlan1: entered allmulticast mode [ 650.714563][T13308] ipvlan0: entered allmulticast mode [ 650.731740][T13308] ipvlan1: entered allmulticast mode [ 650.742863][T13308] veth1_macvtap: entered allmulticast mode [ 650.763684][T13308] veth0_macvtap: entered allmulticast mode [ 650.780345][T13308] macvtap0: entered allmulticast mode [ 650.803975][T13308] macsec0: entered allmulticast mode [ 650.823893][T13308] geneve0: entered allmulticast mode [ 650.836940][T13308] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.854141][T13308] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.863393][T13308] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.872289][T13308] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.883261][T13308] geneve1: entered allmulticast mode [ 650.899715][T13308] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 650.912351][T13308] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 650.932970][T13308] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 650.966829][T13308] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 650.990518][T13308] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 651.003029][T13308] ip6erspan0: entered allmulticast mode [ 651.013971][T13308] mac80211_hwsim hwsim2 nicvf0: entered allmulticast mode [ 651.021601][T13308] vlan3: entered allmulticast mode [ 651.028315][T13308] bridge1: left promiscuous mode [ 651.038618][T13321] validate_nla: 6 callbacks suppressed [ 651.038638][T13321] netlink: 'syz.2.2173': attribute type 1 has an invalid length. [ 651.052923][T13321] netlink: 'syz.2.2173': attribute type 3 has an invalid length. [ 651.072942][T13321] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2173'. [ 651.178694][T13349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2181'. [ 651.255488][T13352] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2188'. [ 651.304194][T13354] x_tables: ip_tables: osf match: only valid for protocol 6 [ 651.771018][T13385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2199'. [ 651.920358][T13391] x_tables: ip_tables: osf match: only valid for protocol 6 [ 651.999111][T13396] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2203'. [ 652.083834][T13403] netlink: 'syz.5.2203': attribute type 4 has an invalid length. [ 652.140334][T13406] netlink: 'syz.5.2203': attribute type 4 has an invalid length. [ 652.216841][T13409] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2212'. [ 652.468697][T13430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2218'. [ 652.681623][T13440] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2222'. [ 652.751465][T13448] netlink: 'syz.0.2222': attribute type 4 has an invalid length. [ 652.766484][T13448] netlink: 'syz.0.2222': attribute type 4 has an invalid length. [ 652.931648][T13457] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 653.155170][T13473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2237'. [ 653.238675][T13476] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2238'. [ 653.325504][T13481] netlink: 'syz.2.2238': attribute type 4 has an invalid length. [ 653.358822][T13481] netlink: 'syz.2.2238': attribute type 4 has an invalid length. [ 653.410864][T13485] x_tables: ip_tables: osf match: only valid for protocol 6 [ 653.812852][T13509] netlink: 'syz.0.2252': attribute type 11 has an invalid length. [ 653.963214][T13512] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2254'. [ 654.030792][T13519] netlink: 'syz.1.2254': attribute type 4 has an invalid length. [ 654.097684][T13519] infiniband syz0: set down [ 654.102628][ T8] lo speed is unknown, defaulting to 1000 [ 654.111052][T13326] lo speed is unknown, defaulting to 1000 [ 654.150958][T13535] netlink: 'syz.1.2254': attribute type 4 has an invalid length. [ 654.169823][T13535] infiniband syz0: set active [ 654.174809][ T5894] lo speed is unknown, defaulting to 1000 [ 654.180623][ T5894] lo speed is unknown, defaulting to 1000 [ 654.420608][T13543] netlink: 112 bytes leftover after parsing attributes in process `syz.5.2266'. [ 654.789648][T13578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2280'. [ 655.078891][T13597] 0·: renamed from hsr0 (while UP) [ 655.096862][T13597] 0·: entered allmulticast mode [ 655.102460][T13597] hsr_slave_0: entered allmulticast mode [ 655.114438][T13597] hsr_slave_1: entered allmulticast mode [ 655.121725][T13597] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 655.552030][T13620] 8021q: adding VLAN 0 to HW filter on device team0 [ 655.567101][T13620] bond0: (slave team0): Enslaving as an active interface with an up link [ 656.060149][T13647] validate_nla: 4 callbacks suppressed [ 656.060170][T13647] netlink: 'syz.1.2314': attribute type 10 has an invalid length. [ 656.113027][T13647] 8021q: adding VLAN 0 to HW filter on device team0 [ 656.134570][T13647] bond0: (slave team0): Enslaving as an active interface with an up link [ 656.321472][T13661] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 656.508921][T13672] netlink: 'syz.2.2323': attribute type 11 has an invalid length. [ 656.888978][T13692] __nla_validate_parse: 10 callbacks suppressed [ 656.889000][T13692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2332'. [ 657.086729][T13706] netlink: 'syz.5.2339': attribute type 11 has an invalid length. [ 657.173497][T13712] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2342'. [ 657.267724][T13718] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2345'. [ 657.387193][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2347'. [ 657.690327][T13740] netlink: 'syz.0.2354': attribute type 11 has an invalid length. [ 657.718481][T13742] vlan2: entered promiscuous mode [ 657.932451][T13755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2360'. [ 658.009334][T13759] netlink: 'syz.5.2362': attribute type 1 has an invalid length. [ 658.294272][T13776] netlink: 'syz.2.2369': attribute type 10 has an invalid length. [ 658.422139][T13787] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2370'. [ 658.920320][T13814] lo speed is unknown, defaulting to 1000 [ 659.386371][T13830] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 659.416308][T13830] netlink: 'syz.2.2390': attribute type 10 has an invalid length. [ 659.619339][T13844] vlan3: entered promiscuous mode [ 659.852493][T13858] netlink: 'syz.2.2402': attribute type 18 has an invalid length. [ 660.180253][T13874] netlink: 'syz.0.2410': attribute type 39 has an invalid length. [ 660.757287][T13890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2418'. [ 660.833428][T13902] netlink: 'syz.4.2421': attribute type 39 has an invalid length. [ 661.231711][T13930] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2434'. [ 661.666359][T13961] x_tables: ip_tables: osf match: only valid for protocol 6 [ 662.959562][T14022] netlink: 'syz.2.2479': attribute type 2 has an invalid length. [ 662.980831][T14022] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2479'. [ 663.734549][T14057] netlink: 'syz.4.2498': attribute type 10 has an invalid length. [ 663.755769][T14057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 663.782969][T14057] 8021q: adding VLAN 0 to HW filter on device team0 [ 663.811951][T14057] bond0: (slave team0): Enslaving as an active interface with an up link [ 664.030328][T14080] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 664.295338][T14097] netlink: 'syz.0.2514': attribute type 10 has an invalid length. [ 664.304270][T14097] team0: left allmulticast mode [ 664.313005][T14097] 8021q: adding VLAN 0 to HW filter on device team0 [ 664.324763][T14097] team0: entered allmulticast mode [ 664.330555][T14097] bond0: (slave team0): Enslaving as an active interface with an up link [ 664.339579][T14098] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2512'. [ 664.419508][T14098] bond0: (slave team0): Releasing backup interface [ 664.701348][T14116] netlink: 'syz.5.2524': attribute type 1 has an invalid length. [ 664.742428][T14122] netlink: 'syz.0.2526': attribute type 10 has an invalid length. [ 664.763850][T14119] netlink: 'syz.2.2523': attribute type 11 has an invalid length. [ 665.022577][T14133] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2531'. [ 665.216481][T14149] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2538'. [ 665.281280][T14149] netlink: 'syz.2.2538': attribute type 4 has an invalid length. [ 665.317504][T14154] netlink: 'syz.0.2539': attribute type 10 has an invalid length. [ 665.335847][T14149] netlink: 'syz.2.2538': attribute type 4 has an invalid length. [ 665.495402][T14164] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 665.561788][T14165] bridge4: entered promiscuous mode [ 665.567519][T14165] bridge4: entered allmulticast mode [ 665.580829][T14165] netlink: 'syz.2.2545': attribute type 10 has an invalid length. [ 665.839051][T14184] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2552'. [ 665.869120][T14185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2551'. [ 666.151829][T14185] bond0: (slave team0): Releasing backup interface [ 666.165936][T14185] bond0: Destroying bond [ 666.237889][T14194] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2555'. [ 666.526476][T14185] bond0 (unregistering): Released all slaves [ 666.547598][T14203] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2558'. [ 666.580954][T14185] team0 (unregistering): Port device wg2 removed [ 666.606000][T14187] netlink: 'syz.1.2554': attribute type 10 has an invalid length. [ 666.915527][T14219] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2564'. [ 667.276235][T14239] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2571'. [ 667.442046][T14259] x_tables: ip_tables: osf match: only valid for protocol 6 [ 668.029496][T14294] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 668.330619][T14322] __nla_validate_parse: 3 callbacks suppressed [ 668.330641][T14322] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2599'. [ 668.464416][T14330] validate_nla: 6 callbacks suppressed [ 668.464437][T14330] netlink: 'syz.1.2603': attribute type 1 has an invalid length. [ 668.529414][T14332] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2604'. [ 668.581172][T14339] netlink: 'syz.2.2604': attribute type 4 has an invalid length. [ 668.663773][T14345] netlink: 'syz.2.2604': attribute type 4 has an invalid length. [ 668.746339][T14350] netlink: 'syz.5.2611': attribute type 2 has an invalid length. [ 668.755299][T14350] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2611'. [ 668.992137][T14365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2616'. [ 669.017589][T14365] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2616'. [ 669.050376][T14371] netlink: 'syz.0.2618': attribute type 1 has an invalid length. [ 669.262854][T14383] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2623'. [ 669.346138][T14391] netlink: 'syz.5.2623': attribute type 4 has an invalid length. [ 669.375258][T14389] netlink: 'syz.2.2625': attribute type 2 has an invalid length. [ 669.383435][T14389] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2625'. [ 669.442898][T14383] netlink: 'syz.5.2623': attribute type 4 has an invalid length. [ 669.614686][T14405] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2631'. [ 669.697236][T14408] netlink: 'syz.2.2632': attribute type 1 has an invalid length. [ 669.758858][T14412] netlink: 'syz.5.2634': attribute type 11 has an invalid length. [ 670.167223][T14442] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2648'. [ 670.189779][T14445] netlink: 'syz.0.2650': attribute type 11 has an invalid length. [ 670.396523][T14455] vlan3: entered promiscuous mode [ 670.440924][T14461] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 670.503490][T14463] netlink: 'syz.2.2659': attribute type 2 has an invalid length. [ 670.511293][T14463] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2659'. [ 670.572075][T14469] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 670.744422][T14482] bridge5: entered promiscuous mode [ 670.768732][T14482] bridge5: entered allmulticast mode [ 671.092757][T14503] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 671.440989][T14527] vlan3: entered promiscuous mode [ 671.947382][T14562] syz_tun: entered promiscuous mode [ 671.965394][T14562] macsec1: entered promiscuous mode [ 672.019360][T14562] syz_tun: left promiscuous mode [ 672.150172][T14574] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 673.379668][T14634] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 673.470669][T14639] x_tables: ip_tables: osf match: only valid for protocol 6 [ 673.647246][T14650] __nla_validate_parse: 4 callbacks suppressed [ 673.647268][T14650] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2744'. [ 674.075042][T14666] x_tables: ip_tables: osf match: only valid for protocol 6 [ 674.654079][T14687] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2762'. [ 674.745808][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 674.758855][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 674.769218][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 674.777393][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 674.788292][ T5853] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 674.802917][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 674.834134][T14691] lo speed is unknown, defaulting to 1000 [ 674.980010][T14704] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2771'. [ 674.989216][T14704] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2771'. [ 675.116861][T14710] netlink: 'syz.1.2773': attribute type 11 has an invalid length. [ 675.259089][T14715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2775'. [ 675.326443][T14691] chnl_net:caif_netlink_parms(): no params data found [ 675.493865][T14729] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2779'. [ 675.559263][T14736] validate_nla: 2 callbacks suppressed [ 675.559283][T14736] netlink: 'syz.5.2781': attribute type 1 has an invalid length. [ 675.630154][T14736] netlink: 216 bytes leftover after parsing attributes in process `syz.5.2781'. [ 675.656070][T14691] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.692864][T14691] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.712927][T14691] bridge_slave_0: entered allmulticast mode [ 675.727183][T14691] bridge_slave_0: entered promiscuous mode [ 675.763080][T14691] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.792393][T14691] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.811797][T14691] bridge_slave_1: entered allmulticast mode [ 675.833895][T14691] bridge_slave_1: entered promiscuous mode [ 675.946760][T14691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.974638][T14691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 676.078518][T14691] team0: Port device team_slave_0 added [ 676.099830][T14757] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2791'. [ 676.119704][T14691] team0: Port device team_slave_1 added [ 676.211767][T14691] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.220043][T14691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.253166][T14691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 676.293576][T14691] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 676.322982][T14691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.377976][T14691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 676.461592][T14691] hsr_slave_0: entered promiscuous mode [ 676.476240][T14691] hsr_slave_1: entered promiscuous mode [ 676.830252][T14691] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.872827][ T5853] Bluetooth: hci0: command tx timeout [ 676.900096][T14793] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2806'. [ 676.983200][T14691] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.122818][T14803] netlink: 'syz.4.2811': attribute type 11 has an invalid length. [ 677.124455][T14691] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.269688][T14691] bond0: (slave netdevsim0): Releasing backup interface [ 677.303504][T14691] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.333572][T14813] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2814'. [ 677.551445][T14691] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 677.575082][T14691] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 677.605908][T14691] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 677.626470][T14691] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 677.769835][T14691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.802481][T14691] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.807424][T14831] netlink: 'syz.0.2823': attribute type 11 has an invalid length. [ 677.820965][ T6105] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.828158][ T6105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 677.857533][ T6105] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.864710][ T6105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.198651][T14691] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.309252][T14691] veth0_vlan: entered promiscuous mode [ 678.339894][T14691] veth1_vlan: entered promiscuous mode [ 678.406919][T14691] veth0_macvtap: entered promiscuous mode [ 678.436705][T14691] veth1_macvtap: entered promiscuous mode [ 678.474847][T14691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.501068][T14691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.522241][T14691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.534826][T14691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.546190][T14691] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 678.558471][T14691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.569232][T14691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.579386][T14691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.589911][T14691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.601076][T14691] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 678.634631][T14691] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.649899][T14691] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.658751][T14691] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.667590][T14691] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.828468][T10897] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.854254][T10897] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.926255][ T6991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.940720][ T6991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.953908][ T5853] Bluetooth: hci0: command tx timeout [ 679.001175][T14874] __nla_validate_parse: 3 callbacks suppressed [ 679.001196][T14874] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2840'. [ 679.178966][T14881] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2844'. [ 679.656022][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 679.668861][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 679.681010][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 679.690299][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 679.700394][ T5846] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 679.709609][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 679.851588][T14905] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2854'. [ 680.036706][T14893] lo speed is unknown, defaulting to 1000 [ 680.046324][T14912] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2857'. [ 680.399179][T10897] bond0: (slave netdevsim0): Releasing backup interface [ 680.500460][T14936] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2869'. [ 680.513403][T14936] batadv0: entered promiscuous mode [ 680.743102][T10897] vlan2: left promiscuous mode [ 680.750745][T10897] bridge0: port 3(vlan2) entered disabled state [ 680.793967][T10897] bridge_slave_1: left promiscuous mode [ 680.799775][T10897] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.843568][T10897] bridge_slave_0: left promiscuous mode [ 680.849344][T10897] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.034311][ T5853] Bluetooth: hci0: command tx timeout [ 681.297580][T14965] netlink: 'syz.1.2882': attribute type 11 has an invalid length. [ 681.357997][T10897] team0: Port device bridge1 removed [ 681.607827][T10897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 681.618008][T10897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 681.627963][T10897] bond0 (unregistering): (slave team0): Releasing backup interface [ 681.639462][T10897] team0: left allmulticast mode [ 681.645388][T10897] bond0 (unregistering): Released all slaves [ 681.660513][T14961] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2880'. [ 681.747827][T14893] chnl_net:caif_netlink_parms(): no params data found [ 681.755758][ T5853] Bluetooth: hci1: command tx timeout [ 682.109189][T14893] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.117907][T14893] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.125292][T14893] bridge_slave_0: entered allmulticast mode [ 682.133264][T14893] bridge_slave_0: entered promiscuous mode [ 682.141938][T14893] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.149250][T14893] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.156975][T14893] bridge_slave_1: entered allmulticast mode [ 682.166357][T14893] bridge_slave_1: entered promiscuous mode [ 682.247335][T14893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.306764][T14893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 682.362856][T10897] hsr_slave_0: left promiscuous mode [ 682.393853][T10897] hsr_slave_1: left promiscuous mode [ 682.411318][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.431883][T10897] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 683.113138][ T5853] Bluetooth: hci0: command tx timeout [ 683.346951][T10897] team0 (unregistering): Port device team_slave_1 removed [ 683.418595][T10897] team0 (unregistering): Port device team_slave_0 removed [ 683.833097][ T5853] Bluetooth: hci1: command tx timeout [ 683.925950][T15013] ip6tnl2: entered allmulticast mode [ 684.080727][T14893] team0: Port device team_slave_0 added [ 684.107197][T14893] team0: Port device team_slave_1 added [ 684.181520][T15045] Bluetooth: MGMT ver 1.23 [ 684.214923][T14893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 684.240312][T15042] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2910'. [ 684.256944][T14893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.297096][T14893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 684.314411][T14893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 684.322046][T14893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.403291][T14893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 684.417378][T15045] netlink: 'syz.5.2910': attribute type 4 has an invalid length. [ 684.451846][T15055] netlink: 'syz.5.2910': attribute type 4 has an invalid length. [ 684.452879][T15050] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2913'. [ 684.491592][T15057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2915'. [ 684.635008][T14893] hsr_slave_0: entered promiscuous mode [ 684.648223][T14893] hsr_slave_1: entered promiscuous mode [ 684.663746][T14893] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 684.673232][T14893] Cannot create hsr debugfs directory [ 684.680261][T15061] netlink: 112 bytes leftover after parsing attributes in process `syz.5.2918'. [ 684.712303][T10897] IPVS: stop unused estimator thread 0... [ 685.116408][T15083] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 685.183815][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2927'. [ 685.319658][T15091] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2930'. [ 685.341729][T15091] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2930'. [ 685.393545][T14893] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 685.416389][T14893] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 685.440785][T14893] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 685.462318][T14893] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 685.662489][T14893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 685.707969][T14893] 8021q: adding VLAN 0 to HW filter on device team0 [ 685.749694][T10906] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.756896][T10906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.775353][T10906] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.782504][T10906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.852600][T15110] netlink: 892 bytes leftover after parsing attributes in process `syz.4.2939'. [ 685.880840][T15112] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2940'. [ 685.914004][ T5846] Bluetooth: hci1: command tx timeout [ 686.139712][T14893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 686.232816][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout [ 686.251044][ T5853] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 686.278060][T14893] veth0_vlan: entered promiscuous mode [ 686.294726][T14893] veth1_vlan: entered promiscuous mode [ 686.317923][T15131] vlan2: entered promiscuous mode [ 686.342590][T15131] dummy0: entered promiscuous mode [ 686.365317][T15131] vlan2: entered allmulticast mode [ 686.370509][T15131] dummy0: entered allmulticast mode [ 686.442947][T15131] dummy0: left allmulticast mode [ 686.447976][T15131] dummy0: left promiscuous mode [ 686.476254][T15142] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2953'. [ 686.541805][T14893] veth0_macvtap: entered promiscuous mode [ 686.579586][T14893] veth1_macvtap: entered promiscuous mode [ 686.637045][T14893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.663832][T14893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.692410][T14893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.742895][T14893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.764784][T14893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.788989][T14893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.820317][T14893] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 686.852482][T14893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.888060][T14893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.921332][T14893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.951117][T14893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.978849][T14893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 687.002792][T14893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 687.015662][T14893] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 687.065736][T14893] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.080926][T14893] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.107035][T14893] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.142859][T14893] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.322521][ T6991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.345110][ T6991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 687.387823][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.405794][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 687.957044][T15211] team0: Device wg2 is of different type [ 687.992987][ T5853] Bluetooth: hci1: command tx timeout [ 688.489559][T15239] wg2: entered promiscuous mode [ 688.518454][T15239] team0: Device wg2 is of different type [ 689.253348][T15279] netlink: 'syz.1.3010': attribute type 13 has an invalid length. [ 689.349991][T15283] netlink: 'syz.4.3012': attribute type 2 has an invalid length. [ 689.368262][T15283] __nla_validate_parse: 5 callbacks suppressed [ 689.368284][T15283] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3012'. [ 689.386308][T15285] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3014'. [ 689.560203][T15285] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input18 [ 689.802628][T15307] netlink: 'syz.1.3022': attribute type 72 has an invalid length. [ 689.831082][T15307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3022'. [ 689.899528][T15309] netlink: 'syz.0.3023': attribute type 13 has an invalid length. [ 690.047002][T15317] netlink: 'syz.4.3027': attribute type 2 has an invalid length. [ 690.093989][T15317] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3027'. [ 690.207132][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 690.221489][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 690.241314][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 690.253274][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 690.268239][ T5846] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 690.277684][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 690.492057][ T6991] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.500491][T15340] netlink: 'syz.4.3035': attribute type 72 has an invalid length. [ 690.513995][T15340] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3035'. [ 690.641481][ T6991] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.683578][T15324] lo speed is unknown, defaulting to 1000 [ 690.791329][ T6991] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.882865][ T5846] Bluetooth: hci1: command tx timeout [ 691.007109][ T6991] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.060674][T15352] netlink: 'syz.2.3041': attribute type 2 has an invalid length. [ 691.084115][T15352] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3041'. [ 691.104190][T15355] netlink: 'syz.0.3042': attribute type 11 has an invalid length. [ 692.317937][ T5846] Bluetooth: hci3: command tx timeout [ 692.435919][ T6991] bond0 (unregistering): Released all slaves [ 692.466277][T15382] team0: Device wg2 is of different type [ 692.587448][T15324] chnl_net:caif_netlink_parms(): no params data found [ 692.635384][ T6991] tipc: Left network mode [ 692.991433][T15324] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.033310][T15324] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.040568][T15324] bridge_slave_0: entered allmulticast mode [ 693.088312][T15324] bridge_slave_0: entered promiscuous mode [ 693.198850][T15324] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.224280][T15324] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.231604][T15324] bridge_slave_1: entered allmulticast mode [ 693.247141][T15324] bridge_slave_1: entered promiscuous mode [ 693.344597][T15324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.384813][T15324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 693.521238][T15324] team0: Port device team_slave_0 added [ 693.600527][ T6991] hsr_slave_0: left promiscuous mode [ 693.617897][ T6991] hsr_slave_1: left promiscuous mode [ 693.679495][ T6991] veth1_macvtap: left promiscuous mode [ 693.698642][ T6991] veth0_macvtap: left promiscuous mode [ 693.720484][ T6991] veth1_vlan: left promiscuous mode [ 693.731748][ T6991] veth0_vlan: left promiscuous mode [ 694.205903][T15460] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3085'. [ 694.394437][ T5846] Bluetooth: hci3: command tx timeout [ 695.006972][T15324] team0: Port device team_slave_1 added [ 695.018701][T15439] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3077'. [ 695.032900][T15439] batadv0: entered promiscuous mode [ 695.046701][T15447] bond0: entered promiscuous mode [ 695.051932][T15447] bond_slave_0: entered promiscuous mode [ 695.058199][T15447] bond_slave_1: entered promiscuous mode [ 695.065077][T15447] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 695.083653][T15447] bond0: left promiscuous mode [ 695.088630][T15447] bond_slave_0: left promiscuous mode [ 695.094349][T15447] bond_slave_1: left promiscuous mode [ 695.152612][T15324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 695.182849][T15324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 695.223658][T15324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 695.269288][T15324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 695.277610][T15324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 695.304140][T15324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 695.450228][T15324] hsr_slave_0: entered promiscuous mode [ 695.478000][T15324] hsr_slave_1: entered promiscuous mode [ 695.498723][T15324] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 695.532855][T15324] Cannot create hsr debugfs directory [ 695.640158][T15480] netlink: 'syz.0.3094': attribute type 11 has an invalid length. [ 695.664544][T15483] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3095'. [ 695.789108][ T6991] IPVS: stop unused estimator thread 0... [ 696.178101][T15503] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3106'. [ 696.474216][ T5846] Bluetooth: hci3: command tx timeout [ 696.547673][T15324] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 696.579875][T15324] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 696.639240][T15324] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 696.671779][T15324] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 696.928441][T15324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.987550][T15324] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.999148][T15546] ------------[ cut here ]------------ [ 697.004901][T15546] kernel BUG at arch/x86/mm/physaddr.c:23! [ 697.012279][T15546] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 697.019274][T15546] CPU: 1 UID: 0 PID: 15546 Comm: syz.1.3123 Not tainted 6.12.0-rc6-next-20241105-syzkaller #0 [ 697.029553][T15546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 697.039626][T15546] RIP: 0010:__phys_addr+0x16a/0x170 [ 697.044845][T15546] Code: a0 ca 7a 8e 4c 89 f6 4c 89 fa e8 f1 13 ab 03 e9 45 ff ff ff e8 87 24 52 00 90 0f 0b e8 7f 24 52 00 90 0f 0b e8 77 24 52 00 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 697.046173][ T6234] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.064455][T15546] RSP: 0018:ffffc9000336fd90 EFLAGS: 00010287 [ 697.064479][T15546] RAX: ffffffff8143b349 RBX: 000000007ffffff2 RCX: 0000000000040000 [ 697.064494][T15546] RDX: ffffc900044c9000 RSI: 0000000000000917 RDI: 0000000000000918 [ 697.064505][T15546] RBP: 1ffff11004925309 R08: ffffffff8143b2e5 R09: 1ffffffff20395f6 [ 697.064520][T15546] R10: dffffc0000000000 R11: fffffbfff20395f7 R12: dffffc0000000000 [ 697.064534][T15546] R13: fffffffffffffff2 R14: 000000007ffffff2 R15: ffff888024929808 [ 697.064548][T15546] FS: 00007f177c71d6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 697.071611][ T6234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 697.077613][T15546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 697.077630][T15546] CR2: fffffffffffffff8 CR3: 00000000284a6000 CR4: 00000000003526f0 [ 697.077644][T15546] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 697.077655][T15546] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 697.077667][T15546] Call Trace: [ 697.077675][T15546] [ 697.170316][T15546] ? __die_body+0x5f/0xb0 [ 697.174651][T15546] ? die+0x9e/0xc0 [ 697.178368][T15546] ? do_trap+0x15a/0x3a0 [ 697.182608][T15546] ? __phys_addr+0x16a/0x170 [ 697.187194][T15546] ? do_error_trap+0x1dc/0x2c0 [ 697.191959][T15546] ? __phys_addr+0x16a/0x170 [ 697.196544][T15546] ? __pfx_do_error_trap+0x10/0x10 [ 697.201656][T15546] ? handle_invalid_op+0x34/0x40 [ 697.206591][T15546] ? __phys_addr+0x16a/0x170 [ 697.211172][T15546] ? exc_invalid_op+0x38/0x50 [ 697.215864][T15546] ? asm_exc_invalid_op+0x1a/0x20 [ 697.220883][T15546] ? __phys_addr+0x105/0x170 [ 697.225470][T15546] ? __phys_addr+0x169/0x170 [ 697.230065][T15546] ? __phys_addr+0x16a/0x170 [ 697.234666][T15546] ? free_bprm+0x2b5/0x300 [ 697.239101][T15546] kfree+0x71/0x420 [ 697.242921][T15546] ? free_bprm+0x295/0x300 [ 697.247330][T15546] free_bprm+0x2b5/0x300 [ 697.251562][T15546] do_execveat_common+0x3bb/0x770 [ 697.256667][T15546] __x64_sys_execveat+0xc4/0xe0 [ 697.261509][T15546] do_syscall_64+0xf3/0x230 [ 697.266008][T15546] ? clear_bhb_loop+0x35/0x90 [ 697.270683][T15546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.276602][T15546] RIP: 0033:0x7f177b97e719 [ 697.281050][T15546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 697.300656][T15546] RSP: 002b:00007f177c71d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 697.309067][T15546] RAX: ffffffffffffffda RBX: 00007f177bb35f80 RCX: 00007f177b97e719 [ 697.317030][T15546] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 697.324998][T15546] RBP: 00007f177b9f139e R08: 0000000000000000 R09: 0000000000000000 [ 697.332962][T15546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 697.340922][T15546] R13: 0000000000000000 R14: 00007f177bb35f80 R15: 00007ffc784fff08 [ 697.348898][T15546] [ 697.351915][T15546] Modules linked in: [ 697.356778][T15546] ---[ end trace 0000000000000000 ]--- [ 697.373967][T10906] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.381186][T10906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 697.382859][T15546] RIP: 0010:__phys_addr+0x16a/0x170 [ 697.394782][T15546] Code: a0 ca 7a 8e 4c 89 f6 4c 89 fa e8 f1 13 ab 03 e9 45 ff ff ff e8 87 24 52 00 90 0f 0b e8 7f 24 52 00 90 0f 0b e8 77 24 52 00 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 697.409027][T15324] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 697.415040][T15546] RSP: 0018:ffffc9000336fd90 EFLAGS: 00010287 [ 697.425313][T15324] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 697.459870][T15546] [ 697.462262][T15546] RAX: ffffffff8143b349 RBX: 000000007ffffff2 RCX: 0000000000040000 [ 697.470722][T15546] RDX: ffffc900044c9000 RSI: 0000000000000917 RDI: 0000000000000918 [ 697.479744][T15546] RBP: 1ffff11004925309 R08: ffffffff8143b2e5 R09: 1ffffffff20395f6 [ 697.488888][T15546] R10: dffffc0000000000 R11: fffffbfff20395f7 R12: dffffc0000000000 [ 697.497257][T15546] R13: fffffffffffffff2 R14: 000000007ffffff2 R15: ffff888024929808 [ 697.506298][T15546] FS: 00007f177c71d6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 697.515508][T15546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 697.522421][T15546] CR2: 00007fbb97036440 CR3: 00000000284a6000 CR4: 00000000003526f0 [ 697.530906][T15546] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 697.539178][T15546] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 697.547345][T15546] Kernel panic - not syncing: Fatal exception [ 697.553695][T15546] Kernel Offset: disabled [ 697.558015][T15546] Rebooting in 86400 seconds..