last executing test programs: 1m2.863799392s ago: executing program 0 (id=5380): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r2, &(0x7f00000000c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="29ec608dd857"}, 0x14) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}, {&(0x7f0000000000)=""/13, 0xd}], 0x2}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="0203060910"], 0x80}}, 0x0) sendmmsg(r7, &(0x7f0000000180), 0x400000000000117, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 1m1.602553574s ago: executing program 0 (id=5383): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, 0x0, 0x0}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x0, 0x0, @prog_id}, 0x20) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r1, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40) chdir(&(0x7f0000000280)='./file0\x00') symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000400)='./file0\x00') creat(&(0x7f0000000440)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000010428bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00050000000000001c0012800b00010065727370616e00000c000280080007000000df000a0001"], 0x48}}, 0x0) 1m1.307215576s ago: executing program 0 (id=5384): socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000001080)={0x0, 0x0, 0x20000000, 0xfffffffe}) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) pidfd_getfd(r4, r4, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000100), 0x10) 1m0.021886833s ago: executing program 0 (id=5390): socket$kcm(0x2, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYRES32], 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0x41, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r1, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r6) sendmsg$IEEE802154_ASSOCIATE_REQ(r5, &(0x7f0000002180)={0x0, 0x0, &(0x7f0000002140)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5}]}, 0x1c}}, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x12) 37.469718006s ago: executing program 0 (id=5390): socket$kcm(0x2, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYRES32], 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0x41, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r1, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r6) sendmsg$IEEE802154_ASSOCIATE_REQ(r5, &(0x7f0000002180)={0x0, 0x0, &(0x7f0000002140)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5}]}, 0x1c}}, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x12) 14.316054098s ago: executing program 0 (id=5390): socket$kcm(0x2, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYRES32], 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0x41, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r1, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r6) sendmsg$IEEE802154_ASSOCIATE_REQ(r5, &(0x7f0000002180)={0x0, 0x0, &(0x7f0000002140)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5}]}, 0x1c}}, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x12) 13.158568641s ago: executing program 1 (id=5541): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r3 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=@gettaction={0x14, 0x32, 0x701, 0x70bd2d}, 0x14}, 0x1, 0x0, 0x0, 0x20}, 0x4004000) syz_usb_control_io$hid(r3, &(0x7f00000009c0)={0x24, 0x0, 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0022050000008310c59eff"], 0x0}, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r5 = memfd_create(&(0x7f0000000100)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xca', 0x2) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x14, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000883f7a9957a8e502000000000008000000f5b293f900000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xaf, &(0x7f00000000c0)=""/175}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@map, r6}, 0x10) write(r6, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x1) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000340)={0x0, 0x0, 0x940a, 0x1000007}) fcntl$addseals(r5, 0x409, 0xb) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000a40)={{0xa, 0x1, 0x2, 0x9, '\x00', 0x79}, 0x0, [0x126c, 0x4, 0x5, 0x0, 0xccb, 0x6, 0xffffffffffffffff, 0x9, 0x8d7f, 0x3fa, 0x9, 0x3, 0x40, 0x1, 0x9, 0x98b1, 0x7, 0x2, 0x6, 0x9, 0x5, 0x8, 0x7, 0x3, 0x401, 0x7fff, 0x4, 0xfffffffffffffffb, 0x2, 0x8, 0x1, 0x2, 0xa, 0x9, 0x76, 0x3, 0x200000000006, 0x5, 0x6, 0x6, 0xd, 0x40, 0x1000, 0x4, 0x8, 0x7fffffff, 0x0, 0x2d0, 0xfffffffffffffff7, 0x7, 0x8000000000000001, 0x9, 0x3, 0x3, 0x0, 0x6, 0x6, 0x100000006, 0x802, 0xe, 0x2, 0x18d9, 0xe, 0x7, 0x43b, 0xfff, 0x3, 0xffffffffffffff01, 0x800, 0x1, 0x6, 0xe, 0x4, 0x3, 0x6, 0x6, 0x72, 0x80000000, 0x6, 0xe7c, 0x1, 0x7, 0x6, 0x5, 0x5, 0x8, 0x400, 0x4, 0x8, 0xffffffff00000000, 0x7, 0xe, 0x7, 0x1, 0x8, 0x100000000, 0x1a00000, 0x5, 0xffffffffffff3e54, 0xbd, 0xfffffffffffffffd, 0x80, 0x5, 0x3, 0x8, 0x9, 0x5, 0x2, 0xb3d, 0x2, 0x1f, 0x2, 0xfff, 0x7, 0x5, 0x0, 0x7f, 0x1, 0x7fff, 0x9, 0xabd000000000000, 0xffffffffffffffff, 0xa63d, 0x9, 0xfff, 0x200, 0x8015, 0x9]}) r7 = socket(0x10, 0x3, 0x0) recvmmsg(r7, &(0x7f0000003500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xfffffffffffffeb9, 0x0}}, {{0x0, 0x0, &(0x7f0000002a80)}}], 0x3, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r7, 0x6, 0x16, &(0x7f0000000440)=[@sack_perm, @window={0x3, 0x0, 0xce1c}, @sack_perm, @mss={0x2, 0x56}, @timestamp, @sack_perm, @mss={0x2, 0x1}], 0x7) syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_LINKS(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r9, 0x1, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) mount(&(0x7f00000003c0)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='udf\x00', 0x0, 0x0) 9.711390278s ago: executing program 1 (id=5554): syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) r0 = accept$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f00000000c0)={0x7, "86f745a7ce60d43b773fd8714a5c64274fdec0adb16d4ffc728ce26885a68d3f"}) ioctl$CEC_ADAP_S_PHYS_ADDR(0xffffffffffffffff, 0x40026102, 0x0) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000001540), 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) ioctl$PTP_SYS_OFFSET_PRECISE(r3, 0xc0403d08, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="48000000100005040000005f596da40000880900", @ANYRES32=r8, @ANYBLOB="0000000000000000280012800b00010065727370616e000018000280060011004e23000004001200080015"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x140}}, 0x0) getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000001a10010000000000000000000a040000000000002000000006001c000000f0ff0700030050770ddc8bc00a130bf7fb96423f9dab0b766772666d28cc6b13b48fbe871f5626877aa54e12c478e912ec112ee1b12655c7bb36f4d360da35f4a9cec2df0146f68d352311452059d05579875b79e7c8034a1d11ba75a6a5bb84db481b982432974b13d9d4dd33e1a9ba8a735c42e3212c38dad00f11f341f04b1aed844a7b4394c7a6c786a64afada3365f19e5e3e55b0d480fddebbcc4d5da31ee3739a2074c7f77de83c40bb8c8de6bfc18892b74256f7a3a4a81b9cf0ba9e3a83b21ccdd903ba7ad91978a732f57cd770248cb3fc8bfcf1ebe12f7f6efa7d1031073c2a34316c5745c8923e43408ab248341f3321bf3b4e84b34f85a0df504a7610ee54450829473ad12a31f6f48b7737643057eec93c", @ANYRES32=r9, @ANYBLOB], 0x2c}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) accept4$ax25(r5, 0x0, &(0x7f00000000c0), 0x80800) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 8.301524235s ago: executing program 1 (id=5556): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000002c0)="1a000000", 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000480)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f00000007c0)="87", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000240)="1a", 0x1, 0x0, 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000100)=@t={0x81}) shutdown(r0, 0x1) 7.347739996s ago: executing program 1 (id=5558): creat(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=@req={0x647, 0xf1, 0x8}, 0x10) alarm(0xbad7) alarm(0xfffffffffffffffe) 6.386938799s ago: executing program 2 (id=5562): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) (fail_nth: 1) 6.33477112s ago: executing program 1 (id=5563): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/188, 0xbc}], 0x1}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x41}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000e40)={0x0, 0xd, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r4, @ANYBLOB="1400140064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e04de220c"], 0x7) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000340)="14", 0x1, 0x0) 5.802349857s ago: executing program 4 (id=5566): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.503956033s ago: executing program 2 (id=5567): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000040)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x894c, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r4, 0x0, 0x0, 0x20080001, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x11}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b04000000000000000002000000200004801c0001800a0001006c696d69740000000c00028008000440000000010900010073797a30000000000900020073797a3200000000050007769e9fb3b53af795764196ae38fc40df000000140000001100010000000000000000000000000a"], 0x7c}}, 0x0) 5.397431738s ago: executing program 4 (id=5568): unshare(0x20040600) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5800000010000104000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="0000000089bf0000240012800b00010067656e65766500001400028008000100010000000500030000000002140003006725"], 0x58}}, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r1, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000020000b700001a000024c0b3c43994f20095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a87013b98649805216631e20d07dff3ae567ca0d38a8285426"], &(0x7f0000000440)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r4, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="051000000000000000010000000008000300", @ANYRES32=r8, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r8, @ANYBLOB="0a003400020202020202aa8ec10f371c53a7f47637d9c46a8002000800c900781400005b46ffc28f4662d4abf5dbb0672d144428d73713a564d09d5fcfc947f9cabc458b98f5354f207241b619857091daecd4d027d71b7747dbd48a1fa269e533a2"], 0x30}}, 0x0) r9 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) listen(r9, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r9, 0x101, 0x19, &(0x7f0000001c40)=@bpq0, 0x10) r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000a00)={r5}, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'gre0\x00', 0x0}) sendto$packet(r3, &(0x7f0000000340)="02", 0x1, 0x0, &(0x7f0000000000)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) ioctl$F2FS_IOC_MOVE_RANGE(r10, 0xc020f509, &(0x7f0000000180)={r3, 0x7fffffffffffffff, 0x9, 0x3}) sendmsg$key(r12, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="02120c05060000002dbd7000fddbdf2502000a00ff0300000080000000000000001900000025bd700005350000"], 0x30}}, 0x8000) r13 = socket$nl_route(0x10, 0x3, 0x0) r14 = socket(0x1, 0x803, 0x0) getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="001a0000000000001c00128009000100766c616e000000000c000280060001000c369cc2a651b43fed53ae87af1c2ec5bb700a1b90b517e29e597e002bf1b3c02722aabf2611c8c88a55de5492508a00c0a54e41d5bc3523e9f18ea60ff87a31992478994e7bfdb38d1ccf16ff7f4cd083", @ANYRES32=r15, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r15, @ANYBLOB], 0x4c}}, 0x0) 5.15429218s ago: executing program 4 (id=5569): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000200)='net/dev_snmp6\x00') fchdir(r4) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8) getdents(0xffffffffffffffff, 0xfffffffffffffffd, 0x58) pipe(&(0x7f0000000380)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) 4.791439833s ago: executing program 3 (id=5570): unshare(0x22020400) syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') socket(0x2a, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000f80), 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x0, "5660359c3245d1c42317afad7d48ed51000000000000000100"}) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, &(0x7f0000000100)='4', 0x1}) io_uring_enter(r1, 0x7f5f, 0x0, 0x0, 0x0, 0x0) r9 = msgget(0x2, 0x0) msgctl$MSG_INFO(r9, 0xc, &(0x7f0000000040)=""/23) shutdown(r4, 0x1) 4.098334957s ago: executing program 2 (id=5571): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x69}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000000000500", &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (fail_nth: 1) 4.032072712s ago: executing program 4 (id=5572): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000780)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000180)={0x2c, r1, 0x277f826df11ec41b, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}]}, 0x2c}}, 0x40004) 3.566619269s ago: executing program 2 (id=5573): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f00000004c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 2.840625558s ago: executing program 4 (id=5574): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}, @IFLA_LINK={0x8}]}, 0x3c}}, 0x0) 2.762181422s ago: executing program 2 (id=5575): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}, @IFLA_LINK={0x8}]}, 0x3c}}, 0x0) (fail_nth: 1) 2.746610457s ago: executing program 1 (id=5576): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x8, 0x20, 0x46, 0x7, {{0xf, 0x4, 0x0, 0x9, 0x3c, 0x65, 0x0, 0x1, 0x29, 0x0, @private=0xa010100, @rand_addr=0x64010100, {[@end, @timestamp_prespec={0x44, 0x24, 0x40, 0x3, 0x6, [{@empty, 0x4}, {@dev={0xac, 0x14, 0x14, 0x1e}, 0x25}, {@local, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}]}]}}}}}) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7f) write$uinput_user_dev(r0, &(0x7f0000000680)={'syz1\x00', {0x0, 0x0, 0x0, 0xfffc}, 0x3b, [], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x0, 0x2, 0x1, 0xfffffffd}) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000b4163206db1c89aff17c755f20509021b00283f00e70009040e0000000060bb3d00683e57060d705563d8cec9f602f6cd0dd682ca725606d2ac60"], 0x0) ioctl$KDENABIO(r2, 0x4b3d) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800048004000500080000003e"], 0x44}}, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r4, 0x2, {0x2, 0x0, 0x3}}, 0x18) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x1c}, 0x1c}}, 0x0) r6 = syz_open_dev$sg(&(0x7f0000000300), 0x4fff, 0xae581) fcntl$dupfd(r6, 0x0, r6) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x17, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r7, 0x3b88, &(0x7f00000002c0)={0xc, r8}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000100), 0xfecc) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x12, r9, 0x0) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r7, 0x3b70, &(0x7f0000000000)=ANY=[]) 2.63217321s ago: executing program 4 (id=5577): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0xda, 0x0, 0x1}, 0x48) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x10, &(0x7f0000000180), 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f000018e000/0x3000)=nil, 0x3000, 0x1) r2 = io_uring_setup(0x3450, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002700)=""/4118, 0x1000}], 0x0, 0x34}, 0x20) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) socket$inet6(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x181480, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$cgroup_int(r6, &(0x7f0000000200), 0x34000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0) pwritev(r0, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0) 2.342337057s ago: executing program 2 (id=5578): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)) r3 = memfd_create(&(0x7f0000000400)='rootmode', 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x3013, r3, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffb000/0x5000)=nil, 0x5000}, 0x1}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ff9000/0x2000)=nil, 0x2000}, 0x1}) mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = dup(r7) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800000a01"]) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x2f, 0x7, 0x2, 0x7, 0x2, @mcast1, @remote, 0x7800, 0x7800, 0xff, 0x10}}) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r9, 0xffffffffffffffff, 0x0) 2.254827973s ago: executing program 3 (id=5579): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8e}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) open$dir(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000080)={0x0}}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x2a, &(0x7f0000000140), 0x4) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="04040a00e0ffffff0f77042482"], 0xd) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 1.250181306s ago: executing program 3 (id=5580): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000001740)=[{{&(0x7f0000001100)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f00000014c0)=[@dstopts_2292={{0x14}}, @tclass={{0x10}}], 0x24}}], 0x1, 0x0) 1.109901072s ago: executing program 3 (id=5581): r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket(0x0, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) clock_gettime(0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) r3 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @local}, 0x10, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, &(0x7f00000000c0)=ANY=[@ANYBLOB="050000000000000071114500000000008510000002000000850000000000000095000000000000009500a505000000007c521846d5857b35acc37b4b768a7a4248ce236aaf18e35cb7f111bf83064599d998ba12f7681b8fffc6f580452349ae7cb607fde4d0bb72"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000009500000000000000ae685c0b163ef93d95c7e307963140ed2ed0f92de83e0a182f17b5a705fd4a74bc49c62c08a6ff691f1df44c00"/78], 0x0}, 0x90) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYRESDEC=r0, @ANYRES32=r6, @ANYBLOB="38003300c0000000e7ffffffffff080211000000505050505050"], 0x54}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(r0, &(0x7f0000000080)='./file1\x00', 0x0) 80.41111ms ago: executing program 3 (id=5582): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x8e, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x58, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x16, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x87}, @sack_perm={0x4, 0x2}, @generic={0x0, 0xa, "69fbd54ae56dd076"}, @generic={0x0, 0xc, "3836eb47eb1bad12f07e"}, @fastopen={0x22, 0x2}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @mptcp=@ack={0x1e, 0xd, 0x0, 0x4, "5882a08027c1766045"}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0) 0s ago: executing program 3 (id=5583): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000001000/0x3000)=nil, 0x3000}}) (fail_nth: 1) kernel console output (not intermixed with test programs): : config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1515.675137][ T5136] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1515.692403][ T5136] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1515.727419][ T5136] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1515.954098][ T5136] usb 2-1: USB disconnect, device number 111 [ 1517.347412][ T29] audit: type=1326 audit(1721392103.848:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24563 comm="syz.1.5232" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5de2f75b59 code=0x0 [ 1517.525549][T24568] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1517.547370][T24568] hub 9-0:1.0: USB hub found [ 1517.552802][T24568] hub 9-0:1.0: 8 ports detected [ 1517.707323][T24577] syz2: rxe_newlink: already configured on team_slave_1 [ 1518.516470][T24577] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5238'. [ 1518.591936][T24587] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 1518.705191][ T29] audit: type=1326 audit(1721392105.208:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24576 comm="syz.4.5238" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c05d75b59 code=0x0 [ 1519.292285][ T29] audit: type=1326 audit(1721392105.788:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24617 comm="syz.1.5252" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5de2f75b59 code=0x0 [ 1519.383771][ T5137] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 1519.493896][T24621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1519.518851][T24621] hub 9-0:1.0: USB hub found [ 1519.559161][T24621] hub 9-0:1.0: 8 ports detected [ 1519.603444][ T5137] usb 3-1: Using ep0 maxpacket: 16 [ 1519.636220][ T5137] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 1519.673923][ T5137] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1519.699896][ T5137] usb 3-1: Product: syz [ 1519.714024][T24625] fuse: Unknown parameter 'f $dKxgsI8rt%  u0Kf{X0x0000000000000004' [ 1519.725607][ T5137] usb 3-1: Manufacturer: syz [ 1519.731742][ T5137] usb 3-1: SerialNumber: syz [ 1519.742502][ T5137] usb 3-1: config 0 descriptor?? [ 1519.754308][ T5137] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 1520.045770][T24185] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 1520.254045][T24185] usb 1-1: Using ep0 maxpacket: 8 [ 1520.269568][T24185] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 1.00 [ 1520.295210][T24185] usb 1-1: New USB device strings: Mfr=16, Product=1, SerialNumber=1 [ 1520.559369][T24185] usb 1-1: Product: syz [ 1520.574374][T24185] usb 1-1: Manufacturer: syz [ 1520.580680][T24185] usb 1-1: SerialNumber: syz [ 1520.932601][T24185] usb 1-1: config 0 descriptor?? [ 1520.958177][T24185] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1520.986227][T24185] usb 1-1: Detected SIO [ 1520.992099][T24185] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1521.420959][T24652] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.5254'. [ 1521.446360][T24652] openvswitch: netlink: Tunnel attr 0 has unexpected len 13 expected 8 [ 1521.514308][ T9] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 1521.639406][T24656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5263'. [ 1521.693044][T24656] team0: entered promiscuous mode [ 1521.699109][T24656] team_slave_0: entered promiscuous mode [ 1521.843940][ T5137] gp8psk: usb in 128 operation failed. [ 1521.852478][ T9] usb 4-1: config 1 interface 0 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1521.853550][T24656] team_slave_1: entered promiscuous mode [ 1521.866957][ T5137] gp8psk: usb in 137 operation failed. [ 1521.876906][ T5137] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver error while loading driver (-22) [ 1521.886402][ T9] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1521.897344][ T9] usb 4-1: New USB device found, idVendor=9b25, idProduct=0021, bcdDevice= 0.00 [ 1521.906641][ T5137] dvb_usb_gp8psk 3-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 1521.916269][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.922146][T24657] team_slave_0: entered allmulticast mode [ 1522.057720][T24657] team0: Port device team_slave_0 removed [ 1522.075446][T24655] team0: left promiscuous mode [ 1522.080454][T24655] team_slave_1: left promiscuous mode [ 1522.154708][T24185] usb 3-1: USB disconnect, device number 105 [ 1522.203235][ T29] audit: type=1326 audit(1721392108.698:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24662 comm="syz.1.5265" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5de2f75b59 code=0x0 [ 1522.205795][ T9] usb 4-1: string descriptor 0 read error: -71 [ 1522.241201][ T9] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -32 [ 1522.289578][ T9] usb 4-1: USB disconnect, device number 112 [ 1522.750758][T24185] usb 1-1: USB disconnect, device number 99 [ 1522.786287][T24185] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1522.834229][T24185] ftdi_sio 1-1:0.0: device disconnected [ 1523.286418][T24693] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5275'. [ 1524.297144][ T9] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1525.165684][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1525.185281][ T9] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 1525.214862][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1525.240253][ T9] usb 2-1: Product: syz [ 1525.260653][ T9] usb 2-1: Manufacturer: syz [ 1525.273219][ T9] usb 2-1: SerialNumber: syz [ 1525.294481][ T9] usb 2-1: config 0 descriptor?? [ 1525.316927][ T9] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 1525.703479][ T1149] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1525.839370][T24722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1525.874784][ T1149] usb 5-1: device descriptor read/64, error -71 [ 1525.885568][ T29] audit: type=1326 audit(1721392112.388:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24723 comm="syz.3.5283" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda4a575b59 code=0x0 [ 1525.909594][T24722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1525.930505][T24722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1526.213866][ T1149] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1526.393672][ T1149] usb 5-1: device descriptor read/64, error -71 [ 1526.514116][ T1149] usb usb5-port1: attempt power cycle [ 1526.542100][ T9] gp8psk: usb in 128 operation failed. [ 1526.553006][ T9] gp8psk: usb in 137 operation failed. [ 1526.566453][ T9] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver error while loading driver (-22) [ 1526.580277][ T9] dvb_usb_gp8psk 2-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 1526.612684][ T9] usb 2-1: USB disconnect, device number 112 [ 1527.710661][ T1149] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 1527.774354][ T1149] usb 5-1: device descriptor read/8, error -71 [ 1528.073470][ T1149] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1528.334184][ T1149] usb 5-1: device descriptor read/8, error -71 [ 1528.493804][ T1149] usb usb5-port1: unable to enumerate USB device [ 1529.003772][ T51] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 1529.102236][T24770] FAULT_INJECTION: forcing a failure. [ 1529.102236][T24770] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1529.116400][T24770] CPU: 0 PID: 24770 Comm: syz.1.5296 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1529.126220][T24770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1529.136286][T24770] Call Trace: [ 1529.139570][T24770] [ 1529.142501][T24770] dump_stack_lvl+0x241/0x360 [ 1529.147200][T24770] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1529.152409][T24770] ? __pfx__printk+0x10/0x10 [ 1529.157010][T24770] ? __pfx_lock_release+0x10/0x10 [ 1529.162051][T24770] should_fail_ex+0x3b0/0x4e0 [ 1529.166749][T24770] _copy_from_iter+0x1f6/0x1960 [ 1529.171614][T24770] ? __virt_addr_valid+0x183/0x530 [ 1529.176743][T24770] ? __pfx_lock_release+0x10/0x10 [ 1529.181783][T24770] ? __alloc_skb+0x28f/0x440 [ 1529.186380][T24770] ? __pfx__copy_from_iter+0x10/0x10 [ 1529.191676][T24770] ? __virt_addr_valid+0x183/0x530 [ 1529.196800][T24770] ? __virt_addr_valid+0x183/0x530 [ 1529.201918][T24770] ? __virt_addr_valid+0x45f/0x530 [ 1529.207041][T24770] ? __check_object_size+0x49c/0x900 [ 1529.212344][T24770] netlink_sendmsg+0x73d/0xcb0 [ 1529.217134][T24770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1529.222432][T24770] ? __import_iovec+0x536/0x820 [ 1529.227293][T24770] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1529.232581][T24770] ? security_socket_sendmsg+0x87/0xb0 [ 1529.238055][T24770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1529.243351][T24770] __sock_sendmsg+0x221/0x270 [ 1529.248044][T24770] ____sys_sendmsg+0x525/0x7d0 [ 1529.252824][T24770] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1529.258136][T24770] __sys_sendmsg+0x2b0/0x3a0 [ 1529.262738][T24770] ? __pfx___sys_sendmsg+0x10/0x10 [ 1529.267855][T24770] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1529.273855][T24770] ? irqentry_exit+0x63/0x90 [ 1529.278482][T24770] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1529.284820][T24770] ? do_syscall_64+0x100/0x230 [ 1529.289593][T24770] ? do_syscall_64+0xb6/0x230 [ 1529.294282][T24770] do_syscall_64+0xf3/0x230 [ 1529.298797][T24770] ? clear_bhb_loop+0x35/0x90 [ 1529.303482][T24770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1529.309557][T24770] RIP: 0033:0x7f5de2f75b59 [ 1529.313983][T24770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1529.333609][T24770] RSP: 002b:00007f5de3cfc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1529.342035][T24770] RAX: ffffffffffffffda RBX: 00007f5de3106110 RCX: 00007f5de2f75b59 [ 1529.350011][T24770] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000006 [ 1529.357984][T24770] RBP: 00007f5de3cfc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1529.365959][T24770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1529.373935][T24770] R13: 000000000000006e R14: 00007f5de3106110 R15: 00007fff33bc94f8 [ 1529.381925][T24770] [ 1529.492921][ T51] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1529.525477][ T51] usb 3-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 1529.536625][ T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1529.545992][ T51] usb 3-1: Product: syz [ 1529.556139][ T51] usb 3-1: Manufacturer: syz [ 1529.560826][ T51] usb 3-1: SerialNumber: syz [ 1529.587049][ T51] usb 3-1: config 0 descriptor?? [ 1529.628562][ T51] usbtest 3-1:0.0: couldn't get endpoints, -22 [ 1529.635083][ T51] usbtest 3-1:0.0: probe with driver usbtest failed with error -22 [ 1529.914526][T24782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1529.936423][T24782] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1529.950502][ T51] usb 3-1: USB disconnect, device number 106 [ 1529.973559][T24783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1529.982140][T24783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1530.163414][ T5137] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1530.343575][ T5137] usb 5-1: device descriptor read/64, error -71 [ 1531.242011][T24803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1531.337112][T24809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1531.436529][T24803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1532.404835][ T29] audit: type=1326 audit(1721392118.908:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24829 comm="syz.4.5317" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c05d75b59 code=0x0 [ 1532.583423][ T5137] usb 2-1: new low-speed USB device number 113 using dummy_hcd [ 1532.780654][ T5137] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1532.822343][ T5137] usb 2-1: string descriptor 0 read error: -22 [ 1532.830560][ T5137] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1532.843141][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1533.181671][ T5137] usb 2-1: USB disconnect, device number 113 [ 1533.382548][T24842] netlink: 100 bytes leftover after parsing attributes in process `syz.4.5321'. [ 1534.295777][T24860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1534.380486][T24860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1534.420591][T24860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1535.148657][T24837] Bluetooth: hci1: command 0x0406 tx timeout [ 1535.833564][ T9] usb 5-1: new low-speed USB device number 108 using dummy_hcd [ 1535.879999][T24837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1535.893714][ T1149] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 1535.905097][ T5137] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 1535.920796][T24837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1535.930481][T24837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1535.949628][T24837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1535.966799][T24837] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1535.976323][T24837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1536.088353][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1536.119674][ T9] usb 5-1: string descriptor 0 read error: -22 [ 1536.133710][ T1149] usb 1-1: Using ep0 maxpacket: 32 [ 1536.158493][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1536.190911][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1536.216369][ T1149] usb 1-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 64 [ 1536.239723][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1536.258807][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1536.281519][ T1149] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1536.413191][ T1149] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1536.454685][ T5137] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1536.525138][ T1149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1536.534128][ T5137] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1536.547457][ T1149] usb 1-1: Product: syz [ 1536.551733][ T1149] usb 1-1: Manufacturer: 쬚ࡹ薫一汒镠聾밻❭饐▯跈ᆭ照첛洑댓떍≻䢧뒿綒ᘉ롦ꑃ䤺즻콟 [ 1536.565935][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1536.576732][ T5137] usb 2-1: config 0 descriptor?? [ 1536.582605][ T1149] usb 1-1: SerialNumber: syz [ 1536.687405][T10399] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1536.701930][T24878] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1536.849459][T10399] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1536.993033][T10399] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1537.109036][ T5137] plantronics 0003:047F:FFFF.0025: unknown main item tag 0x0 [ 1537.153536][ T5137] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving [ 1537.177665][ T1149] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 1537.216612][T10399] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1537.239155][ T5137] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1537.252321][ T1149] usb 1-1: USB disconnect, device number 100 [ 1537.657147][ T1149] usb 5-1: USB disconnect, device number 108 [ 1537.695690][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.728326][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.744337][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.773673][T10399] bridge_slave_1: left allmulticast mode [ 1537.779401][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.789576][T10399] bridge_slave_1: left promiscuous mode [ 1537.801830][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.820281][T10399] bridge0: port 2(bridge_slave_1) entered disabled state [ 1537.831836][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.840403][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.849038][T10399] bridge_slave_0: left allmulticast mode [ 1537.860522][T10399] bridge_slave_0: left promiscuous mode [ 1537.862072][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.869882][T10399] bridge0: port 1(bridge_slave_0) entered disabled state [ 1537.884418][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.891991][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.901310][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.909343][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.917127][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.924773][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.936481][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.944326][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.951905][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.959557][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.967308][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.975422][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.982999][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.990974][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1537.999729][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.008404][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.016600][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.024372][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.031861][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.043436][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.053943][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.064371][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.074418][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.074590][T24837] Bluetooth: hci3: command tx timeout [ 1538.081962][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.239159][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.249553][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.257258][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.291373][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.299241][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.319274][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.327415][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.335318][T17811] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1538.650535][ T5137] usb 2-1: reset high-speed USB device number 114 using dummy_hcd [ 1538.721874][T17811] hid-generic 0000:0000:0000.0026: hidraw1: HID v0.00 Device [syz0] on syz0 [ 1539.605718][ T9] usb 2-1: USB disconnect, device number 114 [ 1539.797030][T10399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1539.840696][T10399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1539.917070][T10399] bond0 (unregistering): Released all slaves [ 1540.003951][T24894] chnl_net:caif_netlink_parms(): no params data found [ 1540.134246][T24837] Bluetooth: hci3: command tx timeout [ 1540.693667][T24894] bridge0: port 1(bridge_slave_0) entered blocking state [ 1540.724676][T24894] bridge0: port 1(bridge_slave_0) entered disabled state [ 1540.746002][T24894] bridge_slave_0: entered allmulticast mode [ 1540.753017][T24894] bridge_slave_0: entered promiscuous mode [ 1540.790927][T24894] bridge0: port 2(bridge_slave_1) entered blocking state [ 1540.890611][T24894] bridge0: port 2(bridge_slave_1) entered disabled state [ 1541.057768][T24894] bridge_slave_1: entered allmulticast mode [ 1541.283552][T24894] bridge_slave_1: entered promiscuous mode [ 1541.682519][T10399] hsr_slave_0: left promiscuous mode [ 1541.702148][T10399] hsr_slave_1: left promiscuous mode [ 1541.709005][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1541.730434][T10399] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1541.755141][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1541.774363][T10399] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1541.882540][T10399] veth1_macvtap: left promiscuous mode [ 1541.917347][T10399] veth0_macvtap: left promiscuous mode [ 1541.951591][T10399] veth1_vlan: left promiscuous mode [ 1541.972112][T10399] veth0_vlan: left promiscuous mode [ 1542.223570][T24837] Bluetooth: hci3: command tx timeout [ 1543.307575][T10399] team0 (unregistering): Port device team_slave_1 removed [ 1543.360628][T10399] team0 (unregistering): Port device team_slave_0 removed [ 1543.893522][T24894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1543.927137][T24894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1544.097664][T24894] team0: Port device team_slave_0 added [ 1544.134842][T24894] team0: Port device team_slave_1 added [ 1544.293927][T24837] Bluetooth: hci3: command tx timeout [ 1544.437793][T24894] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1544.626874][T24894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1545.423375][T24894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1545.496014][T24894] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1545.502990][T24894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1545.608573][T24894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1545.694785][T20070] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1545.720472][T20070] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1545.732299][T20070] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1545.749544][T20070] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1545.757587][T20070] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1545.798894][T20070] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1545.986782][T24894] hsr_slave_0: entered promiscuous mode [ 1546.022456][T24894] hsr_slave_1: entered promiscuous mode [ 1546.048547][T24894] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1546.068292][T24894] Cannot create hsr debugfs directory [ 1546.081910][T25017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5371'. [ 1546.196443][T25018] bond1 (unregistering): Released all slaves [ 1546.226267][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.858784][T25024] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1546.894426][T10399] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.131770][T10399] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.312549][T10399] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.533975][T10399] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.941794][T24837] Bluetooth: hci5: command tx timeout [ 1549.053602][T10399] bridge_slave_1: left allmulticast mode [ 1549.059290][T10399] bridge_slave_1: left promiscuous mode [ 1549.096802][T10399] bridge0: port 2(bridge_slave_1) entered disabled state [ 1549.125179][T25056] rdma_rxe: rxe_newlink: failed to add team_slave_1 [ 1549.135615][T10399] bridge_slave_0: left allmulticast mode [ 1549.141246][T10399] bridge_slave_0: left promiscuous mode [ 1549.157858][T10399] bridge0: port 1(bridge_slave_0) entered disabled state [ 1549.522015][ T29] audit: type=1326 audit(1721392136.008:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25055 comm="syz.2.5379" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc78575b59 code=0x0 [ 1549.917038][T10399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1549.944788][T10399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1549.965712][T10399] bond0 (unregistering): Released all slaves [ 1549.974316][T24837] Bluetooth: hci5: command tx timeout [ 1549.984506][T25060] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5379'. [ 1549.998327][T25070] msdos: Unknown parameter 'bFs ' [ 1550.131474][T25062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5380'. [ 1550.229863][T25062] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1550.381108][T25063] sch_tbf: burst 88 is lower than device veth7 mtu (1514) ! [ 1550.612889][T25009] chnl_net:caif_netlink_parms(): no params data found [ 1551.773765][T25087] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5387'. [ 1552.156494][T24837] Bluetooth: hci5: command tx timeout [ 1552.510414][T24894] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1552.794706][T25009] bridge0: port 1(bridge_slave_0) entered blocking state [ 1552.851322][T25009] bridge0: port 1(bridge_slave_0) entered disabled state [ 1552.889837][T25009] bridge_slave_0: entered allmulticast mode [ 1552.914798][T25009] bridge_slave_0: entered promiscuous mode [ 1552.971231][T24894] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1553.004379][T24894] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1553.062475][T10399] hsr_slave_0: left promiscuous mode [ 1553.076162][T10399] hsr_slave_1: left promiscuous mode [ 1553.111666][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1553.123515][T10399] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1553.132386][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1553.139897][T10399] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1553.199651][T10399] veth1_macvtap: left promiscuous mode [ 1553.208722][T25112] syz2: rxe_newlink: already configured on team_slave_1 [ 1553.215983][T10399] veth0_macvtap: left promiscuous mode [ 1553.221640][T10399] veth1_vlan: left promiscuous mode [ 1553.230317][T10399] veth0_vlan: left promiscuous mode [ 1553.386153][T20070] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1553.407758][T20070] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1553.418926][T20070] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1553.427146][T20070] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1553.442369][T20070] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1553.450318][T20070] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1553.537238][ T29] audit: type=1326 audit(1721392140.038:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25111 comm="syz.4.5393" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c05d75b59 code=0x0 [ 1553.879177][T10399] team0 (unregistering): Port device team_slave_1 removed [ 1554.215907][T24837] Bluetooth: hci5: command tx timeout [ 1554.398133][T25009] bridge0: port 2(bridge_slave_1) entered blocking state [ 1554.405670][T25009] bridge0: port 2(bridge_slave_1) entered disabled state [ 1554.412893][T25009] bridge_slave_1: entered allmulticast mode [ 1554.420553][T25009] bridge_slave_1: entered promiscuous mode [ 1554.437940][T24894] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1554.457324][T25115] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5393'. [ 1554.495303][T25117] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 1554.575905][T25009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1554.618222][T25009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1554.809281][T24894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1554.915648][T24894] 8021q: adding VLAN 0 to HW filter on device team0 [ 1554.938288][T25009] team0: Port device team_slave_0 added [ 1554.971282][T25009] team0: Port device team_slave_1 added [ 1555.574389][T24837] Bluetooth: hci1: command tx timeout [ 1555.676798][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1555.683997][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1555.700204][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1555.707340][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1555.727032][T25009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1555.737025][T25009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1555.765889][T25009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1555.781230][T25009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1555.789551][T25009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1555.818354][T25009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1555.830517][T24494] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 1555.951138][T25009] hsr_slave_0: entered promiscuous mode [ 1555.958599][T25009] hsr_slave_1: entered promiscuous mode [ 1555.965949][T25009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1555.974252][T25009] Cannot create hsr debugfs directory [ 1556.004829][T24837] Bluetooth: hci0: unexpected event 0x2f length: 1017 > 260 [ 1556.023779][T24494] usb 3-1: Using ep0 maxpacket: 32 [ 1556.057169][T24494] usb 3-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 64 [ 1556.083466][T24494] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1556.094482][T24494] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1556.135872][T24494] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1556.149372][T24494] usb 3-1: Product: syz [ 1556.169146][T24494] usb 3-1: Manufacturer: 쬚ࡹ薫一汒镠聾밻❭饐▯跈ᆭ照첛洑댓떍≻䢧뒿綒ᘉ롦ꑃ䤺즻콟 [ 1556.197514][T24494] usb 3-1: SerialNumber: syz [ 1556.219183][T25131] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1556.261846][T10399] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.394039][T10399] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.496513][T10399] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.515626][T24894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1556.568321][T25118] chnl_net:caif_netlink_parms(): no params data found [ 1556.614265][T10399] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.654403][T24494] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 1556.669221][T24494] usb 3-1: USB disconnect, device number 107 [ 1556.788441][T24894] veth0_vlan: entered promiscuous mode [ 1556.899906][T25118] bridge0: port 1(bridge_slave_0) entered blocking state [ 1556.909204][T25118] bridge0: port 1(bridge_slave_0) entered disabled state [ 1556.918845][T25118] bridge_slave_0: entered allmulticast mode [ 1556.926555][T25118] bridge_slave_0: entered promiscuous mode [ 1556.949760][T25118] bridge0: port 2(bridge_slave_1) entered blocking state [ 1556.961513][T25118] bridge0: port 2(bridge_slave_1) entered disabled state [ 1556.980160][T25118] bridge_slave_1: entered allmulticast mode [ 1556.991193][T25118] bridge_slave_1: entered promiscuous mode [ 1557.022087][T24894] veth1_vlan: entered promiscuous mode [ 1557.078184][T25118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1557.113838][T10399] team0: left allmulticast mode [ 1557.124493][T10399] team_slave_0: left allmulticast mode [ 1557.137080][T10399] team_slave_1: left allmulticast mode [ 1557.142765][T10399] team0: left promiscuous mode [ 1557.148227][T10399] team_slave_0: left promiscuous mode [ 1557.162291][T10399] team_slave_1: left promiscuous mode [ 1557.168551][T10399] bridge0: port 3(team0) entered disabled state [ 1557.185625][T10399] bridge_slave_1: left allmulticast mode [ 1557.191410][T10399] bridge_slave_1: left promiscuous mode [ 1557.201720][T10399] bridge0: port 2(bridge_slave_1) entered disabled state [ 1557.219400][T10399] bridge_slave_0: left allmulticast mode [ 1557.225503][T10399] bridge_slave_0: left promiscuous mode [ 1557.231235][T10399] bridge0: port 1(bridge_slave_0) entered disabled state [ 1557.658829][T24837] Bluetooth: hci1: command tx timeout [ 1558.061856][T10399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.074853][T10399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.089772][T10399] bond0 (unregistering): Released all slaves [ 1558.117998][T25118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1558.325886][T24837] Bluetooth: hci0: SCO packet for unknown connection handle 200 [ 1558.349681][T24837] Bluetooth: hci0: SCO packet for unknown connection handle 201 [ 1558.408256][T25118] team0: Port device team_slave_0 added [ 1559.308636][T25118] team0: Port device team_slave_1 added [ 1559.382189][T25184] FAULT_INJECTION: forcing a failure. [ 1559.382189][T25184] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1559.423124][T25184] CPU: 0 PID: 25184 Comm: syz.2.5406 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1559.432973][T25184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1559.443042][T25184] Call Trace: [ 1559.446313][T25184] [ 1559.449228][T25184] dump_stack_lvl+0x241/0x360 [ 1559.453911][T25184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1559.459121][T25184] ? __pfx__printk+0x10/0x10 [ 1559.463713][T25184] should_fail_ex+0x3b0/0x4e0 [ 1559.468384][T25184] prepare_alloc_pages+0x1da/0x5d0 [ 1559.473580][T25184] __alloc_pages_noprof+0x166/0x6c0 [ 1559.478857][T25184] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1559.484570][T25184] ? validate_chain+0x11e/0x5900 [ 1559.489501][T25184] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1559.494956][T25184] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1559.500929][T25184] vma_alloc_folio_noprof+0xf3/0x1f0 [ 1559.506207][T25184] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1559.512092][T25184] folio_prealloc+0x31/0x170 [ 1559.516668][T25184] handle_pte_fault+0x257b/0x7090 [ 1559.521686][T25184] ? mark_lock+0x9a/0x350 [ 1559.526003][T25184] ? __pfx_handle_pte_fault+0x10/0x10 [ 1559.531358][T25184] ? __lock_acquire+0x1346/0x1fd0 [ 1559.536388][T25184] ? mt_find+0x226/0x850 [ 1559.540624][T25184] handle_mm_fault+0xfb0/0x19d0 [ 1559.545477][T25184] ? __pfx_handle_mm_fault+0x10/0x10 [ 1559.550764][T25184] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 1559.556040][T25184] exc_page_fault+0x2b9/0x8c0 [ 1559.560705][T25184] asm_exc_page_fault+0x26/0x30 [ 1559.565546][T25184] RIP: 0010:filldir64+0x2cb/0x6a0 [ 1559.570563][T25184] Code: 48 8b 44 24 60 48 89 43 08 48 8b 4c 24 10 48 8b 44 24 58 48 89 01 48 8b 44 24 18 8b 6c 24 34 66 89 41 10 40 88 69 12 4d 63 f5 <42> c6 44 31 13 00 4c 8d 79 13 bf 07 00 00 00 44 89 ee e8 2e 66 86 [ 1559.590161][T25184] RSP: 0018:ffffc9000c8ef9e0 EFLAGS: 00050202 [ 1559.596228][T25184] RAX: 0000000000000020 RBX: 0000000020000fd0 RCX: 0000000020000fe8 [ 1559.604208][T25184] RDX: 0000000000000000 RSI: 0000000020000fd0 RDI: 0000000020001008 [ 1559.612249][T25184] RBP: 0000000000000004 R08: ffffffff821001b9 R09: 1ffff11004233000 [ 1559.620206][T25184] R10: dffffc0000000000 R11: ffffed1004233001 R12: ffff88802a491cb8 [ 1559.628163][T25184] R13: 000000000000000a R14: 000000000000000a R15: 0000000020001008 [ 1559.636126][T25184] ? filldir64+0x289/0x6a0 [ 1559.640547][T25184] ? __pfx_filldir64+0x10/0x10 [ 1559.645302][T25184] proc_sys_fill_cache+0x2b2/0x550 [ 1559.650406][T25184] ? __pfx_proc_sys_fill_cache+0x10/0x10 [ 1559.656038][T25184] ? _raw_spin_unlock+0x28/0x50 [ 1559.660880][T25184] ? sysctl_follow_link+0x3d8/0x450 [ 1559.666069][T25184] proc_sys_link_fill_cache+0x1ce/0x360 [ 1559.671605][T25184] ? __pfx_proc_sys_link_fill_cache+0x10/0x10 [ 1559.677665][T25184] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1559.682854][T25184] proc_sys_readdir+0x652/0x8f0 [ 1559.687702][T25184] iterate_dir+0x57a/0x810 [ 1559.692109][T25184] __se_sys_getdents64+0x20d/0x4f0 [ 1559.697212][T25184] ? __pfx___se_sys_getdents64+0x10/0x10 [ 1559.702827][T25184] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1559.708790][T25184] ? __pfx_filldir64+0x10/0x10 [ 1559.713540][T25184] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1559.719851][T25184] ? do_syscall_64+0x100/0x230 [ 1559.724605][T25184] ? do_syscall_64+0xb6/0x230 [ 1559.729272][T25184] do_syscall_64+0xf3/0x230 [ 1559.733764][T25184] ? clear_bhb_loop+0x35/0x90 [ 1559.738425][T25184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1559.744304][T25184] RIP: 0033:0x7fdc78575b59 [ 1559.748703][T25184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1559.768303][T25184] RSP: 002b:00007fdc77fde048 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1559.776711][T25184] RAX: ffffffffffffffda RBX: 00007fdc78706038 RCX: 00007fdc78575b59 [ 1559.784668][T25184] RDX: 0000000000001000 RSI: 0000000020000f80 RDI: 0000000000000007 [ 1559.792626][T25184] RBP: 00007fdc77fde0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1559.800583][T25184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1559.808536][T25184] R13: 000000000000006e R14: 00007fdc78706038 R15: 00007ffd85f38c08 [ 1559.816514][T25184] [ 1559.829003][T24837] Bluetooth: hci1: command tx timeout [ 1559.835034][T25118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1559.841986][T25118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1559.892943][T25118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1559.910127][T25187] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5407'. [ 1559.979290][T24894] veth0_macvtap: entered promiscuous mode [ 1560.041086][T25118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1560.052839][T25118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1560.081354][T25118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1560.126941][T24894] veth1_macvtap: entered promiscuous mode [ 1560.259564][T25009] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1560.308090][T25190] FAULT_INJECTION: forcing a failure. [ 1560.308090][T25190] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1560.340958][T25190] CPU: 0 PID: 25190 Comm: syz.4.5408 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1560.350805][T25190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1560.360882][T25190] Call Trace: [ 1560.364176][T25190] [ 1560.367127][T25190] dump_stack_lvl+0x241/0x360 [ 1560.371838][T25190] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1560.377064][T25190] ? __pfx__printk+0x10/0x10 [ 1560.381687][T25190] should_fail_ex+0x3b0/0x4e0 [ 1560.386386][T25190] prepare_alloc_pages+0x1da/0x5d0 [ 1560.391527][T25190] __alloc_pages_noprof+0x166/0x6c0 [ 1560.396756][T25190] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1560.402508][T25190] ? __lock_acquire+0x1346/0x1fd0 [ 1560.407565][T25190] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1560.413041][T25190] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1560.419033][T25190] vma_alloc_folio_noprof+0xf3/0x1f0 [ 1560.424327][T25190] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1560.430215][T25190] ? mark_lock+0x9a/0x350 [ 1560.434550][T25190] folio_prealloc+0x31/0x170 [ 1560.439156][T25190] handle_pte_fault+0x257b/0x7090 [ 1560.444204][T25190] ? mark_lock+0x9a/0x350 [ 1560.448529][T25190] ? mark_lock+0x9a/0x350 [ 1560.452849][T25190] ? __pfx_handle_pte_fault+0x10/0x10 [ 1560.458214][T25190] ? __lock_acquire+0x1346/0x1fd0 [ 1560.463237][T25190] ? mark_lock+0x9a/0x350 [ 1560.467560][T25190] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1560.473545][T25190] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1560.479880][T25190] ? irqentry_exit+0x63/0x90 [ 1560.484460][T25190] ? lockdep_hardirqs_on+0x99/0x150 [ 1560.489655][T25190] handle_mm_fault+0xfb0/0x19d0 [ 1560.494537][T25190] ? __pfx_handle_mm_fault+0x10/0x10 [ 1560.499839][T25190] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1560.506160][T25190] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 1560.511454][T25190] exc_page_fault+0x2b9/0x8c0 [ 1560.516156][T25190] asm_exc_page_fault+0x26/0x30 [ 1560.521021][T25190] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 1560.526813][T25190] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 1560.546409][T25190] RSP: 0018:ffffc90009537878 EFLAGS: 00050202 [ 1560.552474][T25190] RAX: ffff8880699fc001 RBX: 000000002000111d RCX: 000000000000011d [ 1560.560436][T25190] RDX: 0000000000000000 RSI: ffff8880699fcec0 RDI: 0000000020001000 [ 1560.568398][T25190] RBP: ffffc900095379e8 R08: ffff8880699fcfdc R09: 1ffff1100d33f9fb [ 1560.576365][T25190] R10: dffffc0000000000 R11: ffffed100d33f9fc R12: dffffc0000000000 [ 1560.584340][T25190] R13: 1ffff920012a6f24 R14: 0000000000000fdd R15: ffff8880699fc000 [ 1560.592308][T25190] _copy_to_iter+0x4c0/0x1960 [ 1560.596980][T25190] ? __virt_addr_valid+0x183/0x530 [ 1560.602092][T25190] ? __pfx__copy_to_iter+0x10/0x10 [ 1560.607194][T25190] ? __virt_addr_valid+0x183/0x530 [ 1560.612292][T25190] ? __virt_addr_valid+0x183/0x530 [ 1560.617392][T25190] ? __virt_addr_valid+0x45f/0x530 [ 1560.622496][T25190] ? __phys_addr_symbol+0x2f/0x70 [ 1560.627509][T25190] ? __check_object_size+0x49c/0x900 [ 1560.632793][T25190] ? __rcu_read_unlock+0xa1/0x110 [ 1560.637804][T25190] seq_read_iter+0xb72/0xd60 [ 1560.642396][T25190] seq_read+0x3a4/0x4f0 [ 1560.646543][T25190] ? __pfx_seq_read+0x10/0x10 [ 1560.651209][T25190] ? __mutex_trylock_common+0x183/0x2e0 [ 1560.656753][T25190] ? __pfx_seq_read+0x10/0x10 [ 1560.661412][T25190] proc_reg_read+0x204/0x2f0 [ 1560.666077][T25190] ? __pfx_proc_reg_read+0x10/0x10 [ 1560.671175][T25190] vfs_read+0x204/0xbc0 [ 1560.675331][T25190] ? __pfx_lock_release+0x10/0x10 [ 1560.680364][T25190] ? __pfx_vfs_read+0x10/0x10 [ 1560.685029][T25190] ? __fget_files+0x29/0x470 [ 1560.689608][T25190] ? __fget_files+0x3f6/0x470 [ 1560.694299][T25190] ksys_read+0x1a0/0x2c0 [ 1560.698565][T25190] ? __pfx_ksys_read+0x10/0x10 [ 1560.703343][T25190] ? do_syscall_64+0x100/0x230 [ 1560.708115][T25190] ? do_syscall_64+0xb6/0x230 [ 1560.712785][T25190] do_syscall_64+0xf3/0x230 [ 1560.717281][T25190] ? clear_bhb_loop+0x35/0x90 [ 1560.721952][T25190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1560.727834][T25190] RIP: 0033:0x7f6c05d75b59 [ 1560.732234][T25190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1560.751830][T25190] RSP: 002b:00007f6c06ba3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1560.760234][T25190] RAX: ffffffffffffffda RBX: 00007f6c05f06038 RCX: 00007f6c05d75b59 [ 1560.768195][T25190] RDX: 0000000000002020 RSI: 0000000020000140 RDI: 0000000000000007 [ 1560.776173][T25190] RBP: 00007f6c06ba30a0 R08: 0000000000000000 R09: 0000000000000000 [ 1560.784180][T25190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1560.792155][T25190] R13: 000000000000006e R14: 00007f6c05f06038 R15: 00007fff2b174048 [ 1560.800127][T25190] [ 1560.817249][T25009] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1560.921013][T25009] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1560.948442][T25118] hsr_slave_0: entered promiscuous mode [ 1560.955732][T25118] hsr_slave_1: entered promiscuous mode [ 1560.973484][T25118] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1560.981810][T25118] Cannot create hsr debugfs directory [ 1560.996851][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1561.010394][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1561.020746][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1561.031902][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1561.822031][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1561.875342][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1562.091789][T24837] Bluetooth: hci1: command tx timeout [ 1562.112172][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1562.145383][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1562.165874][T24894] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1562.173652][T25009] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1562.254683][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1562.277799][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1562.290956][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1562.302095][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1562.313208][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1562.324413][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1562.334392][T24894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1562.346397][T24894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1562.359577][T24894] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1562.482734][T24894] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1562.503576][T24894] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1562.544919][T24894] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1562.570477][T24894] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1562.647131][T10399] hsr_slave_0: left promiscuous mode [ 1562.658838][T10399] hsr_slave_1: left promiscuous mode [ 1562.667032][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1562.674880][T10399] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1562.690151][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1562.698008][T10399] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1562.706852][T10399] batman_adv: batadv0: Removing interface: ipvlan2 [ 1562.740954][T10399] veth1_macvtap: left promiscuous mode [ 1562.746714][T10399] veth0_macvtap: left promiscuous mode [ 1562.752534][T10399] veth1_vlan: left promiscuous mode [ 1562.758327][T10399] veth0_vlan: left promiscuous mode [ 1562.840283][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e047800: rx timeout, send abort [ 1562.848764][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e047c00: rx timeout, send abort [ 1562.857875][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e047800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1562.872274][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e047c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1563.698410][T10399] team0 (unregistering): Port device team_slave_1 removed [ 1563.749545][T10399] team0 (unregistering): Port device team_slave_0 removed [ 1564.696019][T18603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1564.711919][T18603] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1564.872087][T18614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1564.888711][T18614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1564.956876][T25009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1565.086186][T25009] 8021q: adding VLAN 0 to HW filter on device team0 [ 1565.130149][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 1565.137274][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1565.202648][ T4871] bridge0: port 2(bridge_slave_1) entered blocking state [ 1565.209799][ T4871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1565.462026][T25229] 9pnet_fd: Insufficient options for proto=fd [ 1565.583750][T25118] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1565.671694][T25118] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1565.759376][T25118] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1565.784673][T25118] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1566.200456][T25118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1566.263160][T25009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1566.302440][T25239] Bluetooth: MGMT ver 1.23 [ 1566.315744][T25118] 8021q: adding VLAN 0 to HW filter on device team0 [ 1566.322913][T25239] Bluetooth: hci3: unsupported parameter 1025 [ 1566.332603][T25239] Bluetooth: hci3: invalid length 0, exp 2 for type 15 [ 1566.364890][T15104] bridge0: port 1(bridge_slave_0) entered blocking state [ 1566.372041][T15104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1566.510059][T15104] bridge0: port 2(bridge_slave_1) entered blocking state [ 1566.517223][T15104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1566.596001][T25009] veth0_vlan: entered promiscuous mode [ 1566.660727][T25009] veth1_vlan: entered promiscuous mode [ 1566.819448][T25009] veth0_macvtap: entered promiscuous mode [ 1566.852688][T25009] veth1_macvtap: entered promiscuous mode [ 1566.884159][T25252] msdos: Unknown parameter 'bFs ' [ 1567.034613][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1567.069402][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1567.081871][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1567.110272][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1567.127102][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1567.137746][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1567.148563][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1567.159485][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1567.198122][T25009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1568.028205][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1568.028232][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.028245][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1568.028258][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.028270][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1568.028283][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.028294][T25009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1568.028307][T25009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.029680][T25009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1568.088472][T25009] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1568.088508][T25009] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1568.088535][T25009] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1568.088567][T25009] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1568.224747][T25118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1568.246867][T25270] netlink: 'syz.2.5424': attribute type 3 has an invalid length. [ 1568.378112][T18614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1568.411465][T25118] veth0_vlan: entered promiscuous mode [ 1568.510124][T18614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1568.543143][T25118] veth1_vlan: entered promiscuous mode [ 1568.597975][T25118] veth0_macvtap: entered promiscuous mode [ 1568.616324][T18614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1568.628620][T25118] veth1_macvtap: entered promiscuous mode [ 1568.637410][T18614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1568.828421][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1568.863122][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.892577][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1568.903684][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.922699][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1568.942912][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.953429][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1568.971636][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1568.983524][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1568.994425][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1569.007036][T25282] blktrace: Concurrent blktraces are not allowed on loop3 [ 1569.042366][T25118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1569.081777][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1569.163690][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1569.199427][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1569.293375][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1569.339987][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1569.360355][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1569.371325][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1569.382246][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1569.392460][T25118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1569.403214][T25118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1569.471687][T25118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1569.537613][T25118] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1569.576640][T25118] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1569.628533][T25118] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1569.639945][T25118] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1570.047156][T25305] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1570.761427][T18599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1570.796847][T18599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1570.840791][T25308] bridge0: port 2(gretap0) entered blocking state [ 1570.847895][T25308] bridge0: port 2(gretap0) entered disabled state [ 1570.855554][T25308] gretap0: entered allmulticast mode [ 1570.877838][T25308] gretap0: entered promiscuous mode [ 1570.911929][T25308] bridge0: port 2(gretap0) entered blocking state [ 1570.918468][T25308] bridge0: port 2(gretap0) entered forwarding state [ 1570.944422][T25313] gretap0: left allmulticast mode [ 1571.108961][T25313] gretap0: left promiscuous mode [ 1571.116691][T25313] bridge0: port 2(gretap0) entered disabled state [ 1571.373624][T24494] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 1572.020390][T18599] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1572.070519][T18599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1572.097725][T24494] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 1572.141369][T24494] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1572.192214][T25308] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1572.213384][T24494] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1572.290014][T24494] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1572.304595][T24494] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1572.323541][T24494] usb 2-1: Manufacturer: syz [ 1572.372051][T24494] usb 2-1: config 0 descriptor?? [ 1572.735542][ T5137] usb 2-1: USB disconnect, device number 115 [ 1574.233498][ T5137] usb 3-1: new full-speed USB device number 108 using dummy_hcd [ 1574.430688][ T5137] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 520, setting to 64 [ 1574.450685][ T5137] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 1574.506364][ T5137] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1574.519919][ T5137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1574.549855][ T5137] usb 3-1: SerialNumber: syz [ 1574.589520][T25340] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1574.714743][T18599] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1574.843047][T25340] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1574.915457][T18599] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1575.084304][T18599] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1575.315181][T18599] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1575.397416][T25359] netlink: 'syz.1.5448': attribute type 3 has an invalid length. [ 1575.399616][T20070] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1575.450522][ T5137] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 1575.463150][T20070] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1575.473138][T20070] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1575.485042][T20070] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1575.494113][T20070] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1575.501457][T20070] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1575.852366][T18599] bridge_slave_1: left allmulticast mode [ 1575.854423][T25383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1575.868525][T18599] bridge_slave_1: left promiscuous mode [ 1575.899048][T18599] bridge0: port 2(bridge_slave_1) entered disabled state [ 1575.909313][T25383] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1575.960221][T18599] bridge_slave_0: left allmulticast mode [ 1576.005504][T18599] bridge_slave_0: left promiscuous mode [ 1576.023938][T18599] bridge0: port 1(bridge_slave_0) entered disabled state [ 1577.084128][T18599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1577.192625][T18599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1577.264563][T18599] bond0 (unregistering): Released all slaves [ 1577.377116][T24185] usb 3-1: USB disconnect, device number 108 [ 1577.401731][T24185] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 1577.574460][T20070] Bluetooth: hci1: command tx timeout [ 1578.695123][T25405] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1579.064517][T25364] chnl_net:caif_netlink_parms(): no params data found [ 1579.319066][T18599] hsr_slave_0: left promiscuous mode [ 1579.384425][T18599] hsr_slave_1: left promiscuous mode [ 1579.424571][T18599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1579.474037][T18599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1579.528381][T18599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1579.553856][T18599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1579.636550][T18599] veth1_macvtap: left promiscuous mode [ 1579.645937][T25432] program syz.2.5462 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1579.657149][T20070] Bluetooth: hci1: command tx timeout [ 1579.679105][T18599] veth0_macvtap: left promiscuous mode [ 1579.692960][T18599] veth1_vlan: left promiscuous mode [ 1579.700798][T18599] veth0_vlan: left promiscuous mode [ 1580.190672][T25436] 9pnet_fd: Insufficient options for proto=fd [ 1581.496331][T24837] Bluetooth: hci5: Opcode 0x206a failed: -110 [ 1581.503037][T20070] Bluetooth: hci5: command 0x206a tx timeout [ 1581.520054][T18599] team0 (unregistering): Port device team_slave_1 removed [ 1581.734365][T18599] team0 (unregistering): Port device team_slave_0 removed [ 1581.751917][T20070] Bluetooth: hci1: command tx timeout [ 1582.517056][ T51] IPVS: starting estimator thread 0... [ 1582.634850][T25458] IPVS: using max 19 ests per chain, 45600 per kthread [ 1583.290584][T25449] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5468'. [ 1583.449097][T25364] bridge0: port 1(bridge_slave_0) entered blocking state [ 1583.528755][T25364] bridge0: port 1(bridge_slave_0) entered disabled state [ 1583.554165][T25364] bridge_slave_0: entered allmulticast mode [ 1583.571776][T25364] bridge_slave_0: entered promiscuous mode [ 1583.601080][T25364] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.349720][T20070] Bluetooth: hci1: command tx timeout [ 1584.363518][T25364] bridge0: port 2(bridge_slave_1) entered disabled state [ 1584.370809][T25364] bridge_slave_1: entered allmulticast mode [ 1584.386577][T25364] bridge_slave_1: entered promiscuous mode [ 1584.637878][T25364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1584.649524][T25477] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1584.676592][T25477] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5475'. [ 1584.679487][T25364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1584.699991][T25486] FAULT_INJECTION: forcing a failure. [ 1584.699991][T25486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1584.715424][T25486] CPU: 1 PID: 25486 Comm: syz.2.5477 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1584.725247][T25486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1584.735294][T25486] Call Trace: [ 1584.738562][T25486] [ 1584.741481][T25486] dump_stack_lvl+0x241/0x360 [ 1584.746159][T25486] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1584.751359][T25486] ? __pfx__printk+0x10/0x10 [ 1584.755945][T25486] ? __pfx_lock_release+0x10/0x10 [ 1584.760967][T25486] should_fail_ex+0x3b0/0x4e0 [ 1584.765655][T25486] _copy_from_user+0x2f/0xe0 [ 1584.770245][T25486] sk_getsockopt+0x1d2/0x3890 [ 1584.774949][T25486] ? __pfx_sk_getsockopt+0x10/0x10 [ 1584.780056][T25486] ? __lock_acquire+0x1346/0x1fd0 [ 1584.785107][T25486] ? __pfx_lock_acquire+0x10/0x10 [ 1584.790137][T25486] ? __fget_files+0x29/0x470 [ 1584.794720][T25486] ? vfs_write+0x7c4/0xc90 [ 1584.799141][T25486] ? __pfx_lock_release+0x10/0x10 [ 1584.804167][T25486] do_sock_getsockopt+0x270/0x850 [ 1584.809196][T25486] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1584.814741][T25486] ? __fget_files+0x3f6/0x470 [ 1584.819422][T25486] __sys_getsockopt+0x271/0x330 [ 1584.824272][T25486] ? __pfx___sys_getsockopt+0x10/0x10 [ 1584.829637][T25486] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1584.835959][T25486] ? do_syscall_64+0x100/0x230 [ 1584.840718][T25486] __x64_sys_getsockopt+0xb5/0xd0 [ 1584.845735][T25486] do_syscall_64+0xf3/0x230 [ 1584.850244][T25486] ? clear_bhb_loop+0x35/0x90 [ 1584.854931][T25486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1584.860830][T25486] RIP: 0033:0x7fdc78575b59 [ 1584.865240][T25486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1584.884844][T25486] RSP: 002b:00007fdc77fff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1584.893258][T25486] RAX: ffffffffffffffda RBX: 00007fdc78705f60 RCX: 00007fdc78575b59 [ 1584.901222][T25486] RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000003 [ 1584.909184][T25486] RBP: 00007fdc77fff0a0 R08: 0000000020000063 R09: 0000000000000000 [ 1584.917149][T25486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1584.925113][T25486] R13: 000000000000000b R14: 00007fdc78705f60 R15: 00007ffd85f38c08 [ 1584.933088][T25486] [ 1584.999304][T25364] team0: Port device team_slave_0 added [ 1585.031289][T25364] team0: Port device team_slave_1 added [ 1585.121786][T25364] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1585.153676][T25364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.221008][T25364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1585.271373][T25364] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1585.302571][T25364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.347483][T25364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1585.551895][T25364] hsr_slave_0: entered promiscuous mode [ 1585.594572][T25364] hsr_slave_1: entered promiscuous mode [ 1585.660163][T25364] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1585.686930][T25364] Cannot create hsr debugfs directory [ 1585.790573][T25500] blktrace: Concurrent blktraces are not allowed on loop3 [ 1586.424532][ T9] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1586.545313][T25364] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1586.591126][T25364] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1586.617925][T25364] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1586.633635][ T9] usb 4-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=7b.a3 [ 1586.643769][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1586.652139][ T9] usb 4-1: Product: syz [ 1586.660544][ T9] usb 4-1: Manufacturer: syz [ 1586.669094][T25364] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1586.686867][ T9] usb 4-1: SerialNumber: syz [ 1586.699129][ T9] usb 4-1: config 0 descriptor?? [ 1586.714005][ T9] snd_usb_variax 4-1:0.0: Line 6 Variax Workbench found [ 1586.723615][T15104] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 1586.746021][ T9] usb 4-1: selecting invalid altsetting 1 [ 1586.766636][ T9] snd_usb_variax 4-1:0.0: set_interface failed [ 1586.786577][ T9] snd_usb_variax 4-1:0.0: Line 6 Variax Workbench now disconnected [ 1586.823226][ T9] snd_usb_variax 4-1:0.0: probe with driver snd_usb_variax failed with error -22 [ 1586.889356][T25364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1586.940055][ T9] usb 4-1: USB disconnect, device number 113 [ 1586.950465][T15104] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 1586.963819][T25364] 8021q: adding VLAN 0 to HW filter on device team0 [ 1586.984983][T15104] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1587.010359][ T5137] bridge0: port 1(bridge_slave_0) entered blocking state [ 1587.017545][ T5137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1587.027198][T15104] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1587.070400][T15104] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1587.080525][T15104] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1587.088750][T15104] usb 3-1: Manufacturer: syz [ 1587.098633][T15104] usb 3-1: config 0 descriptor?? [ 1587.138271][T25525] lo: left promiscuous mode [ 1587.157779][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 1587.164903][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1587.652883][T25532] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5487'. [ 1587.678181][T25532] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5487'. [ 1587.741492][T25364] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1587.965070][T25540] FAULT_INJECTION: forcing a failure. [ 1587.965070][T25540] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1587.965940][T25364] veth0_vlan: entered promiscuous mode [ 1588.001920][T25540] CPU: 1 PID: 25540 Comm: syz.1.5490 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1588.011761][T25540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1588.021823][T25540] Call Trace: [ 1588.025088][T25540] [ 1588.028002][T25540] dump_stack_lvl+0x241/0x360 [ 1588.032669][T25540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1588.037853][T25540] ? __pfx__printk+0x10/0x10 [ 1588.042431][T25540] ? snprintf+0xda/0x120 [ 1588.046657][T25540] should_fail_ex+0x3b0/0x4e0 [ 1588.051320][T25540] _copy_to_user+0x2f/0xb0 [ 1588.055736][T25540] simple_read_from_buffer+0xca/0x150 [ 1588.061116][T25540] proc_fail_nth_read+0x1e9/0x250 [ 1588.066138][T25540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1588.071682][T25540] ? rw_verify_area+0x520/0x6b0 [ 1588.076525][T25540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1588.082062][T25540] vfs_read+0x204/0xbc0 [ 1588.086213][T25540] ? __pfx_lock_release+0x10/0x10 [ 1588.091234][T25540] ? __pfx_vfs_read+0x10/0x10 [ 1588.095904][T25540] ? __fget_files+0x29/0x470 [ 1588.100489][T25540] ? __fget_files+0x3f6/0x470 [ 1588.105168][T25540] ksys_read+0x1a0/0x2c0 [ 1588.109414][T25540] ? __pfx_ksys_read+0x10/0x10 [ 1588.114167][T25540] ? do_syscall_64+0x100/0x230 [ 1588.118957][T25540] ? do_syscall_64+0xb6/0x230 [ 1588.123641][T25540] do_syscall_64+0xf3/0x230 [ 1588.128150][T25540] ? clear_bhb_loop+0x35/0x90 [ 1588.132831][T25540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1588.138723][T25540] RIP: 0033:0x7f5b24d7463c [ 1588.143134][T25540] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1588.162740][T25540] RSP: 002b:00007f5b25ad1040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1588.171172][T25540] RAX: ffffffffffffffda RBX: 00007f5b24f05f60 RCX: 00007f5b24d7463c [ 1588.179145][T25540] RDX: 000000000000000f RSI: 00007f5b25ad10b0 RDI: 0000000000000003 [ 1588.187117][T25540] RBP: 00007f5b25ad10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1588.195090][T25540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1588.203058][T25540] R13: 000000000000000b R14: 00007f5b24f05f60 R15: 00007ffd40026cf8 [ 1588.211042][T25540] [ 1588.229603][T25364] veth1_vlan: entered promiscuous mode [ 1588.292043][T25364] veth0_macvtap: entered promiscuous mode [ 1588.458344][T25364] veth1_macvtap: entered promiscuous mode [ 1588.497813][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1589.060566][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.088451][T25551] FAULT_INJECTION: forcing a failure. [ 1589.088451][T25551] name failslab, interval 1, probability 0, space 0, times 0 [ 1589.088660][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1589.130093][T25551] CPU: 0 PID: 25551 Comm: syz.3.5493 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1589.130180][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.139904][T25551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1589.139919][T25551] Call Trace: [ 1589.139928][T25551] [ 1589.139938][T25551] dump_stack_lvl+0x241/0x360 [ 1589.139970][T25551] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1589.139994][T25551] ? __pfx__printk+0x10/0x10 [ 1589.140019][T25551] ? __pfx___might_resched+0x10/0x10 [ 1589.140046][T25551] should_fail_ex+0x3b0/0x4e0 [ 1589.140074][T25551] ? getname_flags+0xb7/0x540 [ 1589.140098][T25551] should_failslab+0x9/0x20 [ 1589.140122][T25551] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1589.140150][T25551] getname_flags+0xb7/0x540 [ 1589.140178][T25551] __x64_sys_execve+0x78/0xb0 [ 1589.140201][T25551] do_syscall_64+0xf3/0x230 [ 1589.140224][T25551] ? clear_bhb_loop+0x35/0x90 [ 1589.140245][T25551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1589.140269][T25551] RIP: 0033:0x7ffa32b75b59 [ 1589.140288][T25551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1589.140306][T25551] RSP: 002b:00007ffa339b7048 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 1589.140328][T25551] RAX: ffffffffffffffda RBX: 00007ffa32d05f60 RCX: 00007ffa32b75b59 [ 1589.140343][T25551] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000400 [ 1589.140356][T25551] RBP: 00007ffa339b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1589.209832][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1589.214214][T25551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1589.214231][T25551] R13: 000000000000000b R14: 00007ffa32d05f60 R15: 00007ffd8374f028 [ 1589.214261][T25551] [ 1589.323605][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.400656][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1589.438845][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.469130][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1589.506610][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.555819][T25364] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1589.569644][T25563] FAULT_INJECTION: forcing a failure. [ 1589.569644][T25563] name failslab, interval 1, probability 0, space 0, times 0 [ 1589.590133][T25563] CPU: 0 PID: 25563 Comm: syz.1.5497 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1589.592047][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1589.599947][T25563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1589.599963][T25563] Call Trace: [ 1589.599972][T25563] [ 1589.599981][T25563] dump_stack_lvl+0x241/0x360 [ 1589.600014][T25563] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1589.600038][T25563] ? __pfx__printk+0x10/0x10 [ 1589.600062][T25563] ? __pfx___might_resched+0x10/0x10 [ 1589.600092][T25563] should_fail_ex+0x3b0/0x4e0 [ 1589.600120][T25563] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1589.600141][T25563] should_failslab+0x9/0x20 [ 1589.616238][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.620568][T25563] __kmalloc_noprof+0xd8/0x400 [ 1589.620598][T25563] ? kfree+0x4e/0x360 [ 1589.628584][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1589.631450][T25563] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1589.631490][T25563] tomoyo_path_number_perm+0x23a/0x880 [ 1589.640320][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.641216][T25563] ? tomoyo_path_number_perm+0x208/0x880 [ 1589.651898][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1589.656815][T25563] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1589.656887][T25563] ? __fget_files+0x29/0x470 [ 1589.656913][T25563] ? __fget_files+0x3f6/0x470 [ 1589.656934][T25563] ? __fget_files+0x29/0x470 [ 1589.656964][T25563] security_file_ioctl+0x75/0xb0 [ 1589.656989][T25563] __se_sys_ioctl+0x47/0x170 [ 1589.657015][T25563] do_syscall_64+0xf3/0x230 [ 1589.657040][T25563] ? clear_bhb_loop+0x35/0x90 [ 1589.657062][T25563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1589.673919][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.676061][T25563] RIP: 0033:0x7f5b24d75b59 [ 1589.676084][T25563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1589.680593][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1589.690420][T25563] RSP: 002b:00007f5b25ad1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1589.690446][T25563] RAX: ffffffffffffffda RBX: 00007f5b24f05f60 RCX: 00007f5b24d75b59 [ 1589.690461][T25563] RDX: 0000000020000100 RSI: 0000000080047453 RDI: 0000000000000004 [ 1589.690475][T25563] RBP: 00007f5b25ad10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1589.690488][T25563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1589.690501][T25563] R13: 000000000000000b R14: 00007f5b24f05f60 R15: 00007ffd40026cf8 [ 1589.690533][T25563] [ 1589.797667][T25566] FAULT_INJECTION: forcing a failure. [ 1589.797667][T25566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1589.811761][T25563] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1589.827382][T25566] CPU: 0 PID: 25566 Comm: syz.3.5498 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1589.829866][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.836591][T25566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1589.836607][T25566] Call Trace: [ 1589.836616][T25566] [ 1589.836625][T25566] dump_stack_lvl+0x241/0x360 [ 1589.836664][T25566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1589.836689][T25566] ? __pfx__printk+0x10/0x10 [ 1589.844751][T25364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1589.852596][T25566] ? snprintf+0xda/0x120 [ 1589.852623][T25566] should_fail_ex+0x3b0/0x4e0 [ 1589.860661][T25364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1589.868517][T25566] _copy_to_user+0x2f/0xb0 [ 1589.868543][T25566] simple_read_from_buffer+0xca/0x150 [ 1589.868569][T25566] proc_fail_nth_read+0x1e9/0x250 [ 1589.873204][T25364] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1589.884562][T25566] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1589.884593][T25566] ? rw_verify_area+0x520/0x6b0 [ 1589.884615][T25566] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1589.884636][T25566] vfs_read+0x204/0xbc0 [ 1589.884657][T25566] ? __pfx_lock_release+0x10/0x10 [ 1589.884682][T25566] ? __pfx_vfs_read+0x10/0x10 [ 1589.884705][T25566] ? __fget_files+0x29/0x470 [ 1590.028983][T25566] ? __fget_files+0x3f6/0x470 [ 1590.029027][T25566] ksys_read+0x1a0/0x2c0 [ 1590.034875][T25554] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1590.037921][T25566] ? __pfx_ksys_read+0x10/0x10 [ 1590.049350][T25566] ? do_syscall_64+0x100/0x230 [ 1590.049385][T25566] ? do_syscall_64+0xb6/0x230 [ 1590.058794][T25566] do_syscall_64+0xf3/0x230 [ 1590.063288][T25566] ? clear_bhb_loop+0x35/0x90 [ 1590.067962][T25566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1590.073843][T25566] RIP: 0033:0x7ffa32b7463c [ 1590.078243][T25566] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1590.097836][T25566] RSP: 002b:00007ffa339b7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1590.106246][T25566] RAX: ffffffffffffffda RBX: 00007ffa32d05f60 RCX: 00007ffa32b7463c [ 1590.114205][T25566] RDX: 000000000000000f RSI: 00007ffa339b70b0 RDI: 0000000000000004 [ 1590.122164][T25566] RBP: 00007ffa339b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.130121][T25566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1590.138082][T25566] R13: 000000000000000b R14: 00007ffa32d05f60 R15: 00007ffd8374f028 [ 1590.146049][T25566] [ 1590.266454][T25364] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.298523][ T9] usb 3-1: USB disconnect, device number 109 [ 1590.323917][T25364] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.332663][T25364] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.337985][ T29] audit: type=1326 audit(1721392176.828:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1590.353410][T25364] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1590.396669][ T29] audit: type=1326 audit(1721392176.828:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1590.449242][ T29] audit: type=1326 audit(1721392176.888:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1590.493954][ T29] audit: type=1326 audit(1721392176.888:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1590.515507][ C0] vkms_vblank_simulate: vblank timer overrun [ 1590.598998][ T29] audit: type=1326 audit(1721392176.888:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffa32b74590 code=0x7ffc0000 [ 1590.623755][ T29] audit: type=1326 audit(1721392176.888:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1590.669993][ T29] audit: type=1326 audit(1721392176.888:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1590.859141][T18583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1590.872352][T18583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1590.898417][ T29] audit: type=1326 audit(1721392176.888:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1591.514969][ T29] audit: type=1326 audit(1721392176.888:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1591.605821][ T29] audit: type=1326 audit(1721392176.888:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25570 comm="syz.3.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x7ffc0000 [ 1591.676120][T18583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1591.701957][T18583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1591.756899][T25599] FAULT_INJECTION: forcing a failure. [ 1591.756899][T25599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1591.770350][T25599] CPU: 1 PID: 25599 Comm: syz.3.5507 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1591.780181][T25599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1591.790253][T25599] Call Trace: [ 1591.793547][T25599] [ 1591.796489][T25599] dump_stack_lvl+0x241/0x360 [ 1591.801192][T25599] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1591.806399][T25599] ? __pfx__printk+0x10/0x10 [ 1591.810980][T25599] ? __pfx_lock_release+0x10/0x10 [ 1591.815992][T25599] ? vfs_write+0x7c4/0xc90 [ 1591.820393][T25599] should_fail_ex+0x3b0/0x4e0 [ 1591.825073][T25599] _copy_from_user+0x2f/0xe0 [ 1591.829681][T25599] __sys_bpf+0x1a4/0x810 [ 1591.833929][T25599] ? __pfx___sys_bpf+0x10/0x10 [ 1591.838681][T25599] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1591.844644][T25599] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1591.850955][T25599] ? do_syscall_64+0x100/0x230 [ 1591.855707][T25599] __x64_sys_bpf+0x7c/0x90 [ 1591.860109][T25599] do_syscall_64+0xf3/0x230 [ 1591.864600][T25599] ? clear_bhb_loop+0x35/0x90 [ 1591.869258][T25599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1591.875150][T25599] RIP: 0033:0x7ffa32b75b59 [ 1591.879581][T25599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1591.899201][T25599] RSP: 002b:00007ffa339b7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1591.907608][T25599] RAX: ffffffffffffffda RBX: 00007ffa32d05f60 RCX: 00007ffa32b75b59 [ 1591.915568][T25599] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0300000000000000 [ 1591.923535][T25599] RBP: 00007ffa339b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 1591.931508][T25599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1591.939464][T25599] R13: 000000000000000b R14: 00007ffa32d05f60 R15: 00007ffd8374f028 [ 1591.947427][T25599] [ 1592.028984][ T5137] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 1592.036896][ T9] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1592.244291][ T5137] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1592.392788][ T5137] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 1592.402049][ T5137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1592.410838][ T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1592.420422][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1592.429536][ T9] usb 5-1: Product: syz [ 1592.434333][ T9] usb 5-1: Manufacturer: syz [ 1593.269143][ T9] usb 5-1: SerialNumber: syz [ 1593.287354][ T5137] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1593.297572][ T9] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1593.396559][ T9] usb 3-1: USB disconnect, device number 110 [ 1593.427379][ T4871] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1593.653000][T25626] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5517'. [ 1593.854772][ T51] usb 5-1: USB disconnect, device number 109 [ 1594.534912][ T4871] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1594.575550][ T4871] ath9k_htc: Failed to initialize the device [ 1594.600882][ T51] usb 5-1: ath9k_htc: USB layer deinitialized [ 1594.863236][T25644] tipc: Started in network mode [ 1594.868556][T25644] tipc: Node identity ac1414aa, cluster identity 4711 [ 1594.888530][T25644] tipc: New replicast peer: 100.1.1.1 [ 1594.894961][T25644] tipc: Enabled bearer , priority 10 [ 1596.140701][ T4871] tipc: Node number set to 2886997162 [ 1596.234212][T25660] FAULT_INJECTION: forcing a failure. [ 1596.234212][T25660] name failslab, interval 1, probability 0, space 0, times 0 [ 1596.293849][T25660] CPU: 1 PID: 25660 Comm: syz.1.5527 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1596.303704][T25660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1596.313770][T25660] Call Trace: [ 1596.317055][T25660] [ 1596.319991][T25660] dump_stack_lvl+0x241/0x360 [ 1596.324693][T25660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1596.329907][T25660] ? __pfx__printk+0x10/0x10 [ 1596.334517][T25660] ? __pfx___might_resched+0x10/0x10 [ 1596.339819][T25660] should_fail_ex+0x3b0/0x4e0 [ 1596.344520][T25660] should_failslab+0x9/0x20 [ 1596.349038][T25660] __kmalloc_node_noprof+0xdf/0x440 [ 1596.354252][T25660] ? kvmalloc_node_noprof+0x72/0x190 [ 1596.359559][T25660] kvmalloc_node_noprof+0x72/0x190 [ 1596.364684][T25660] seq_read_iter+0x202/0xd60 [ 1596.369305][T25660] seq_read+0x3a4/0x4f0 [ 1596.373473][T25660] ? __pfx_seq_read+0x10/0x10 [ 1596.378161][T25660] ? __mutex_trylock_common+0x183/0x2e0 [ 1596.383745][T25660] ? rw_verify_area+0x520/0x6b0 [ 1596.388608][T25660] ? __pfx_seq_read+0x10/0x10 [ 1596.393297][T25660] vfs_read+0x204/0xbc0 [ 1596.397463][T25660] ? __pfx_lock_release+0x10/0x10 [ 1596.402515][T25660] ? __pfx_vfs_read+0x10/0x10 [ 1596.407208][T25660] ? __fget_files+0x29/0x470 [ 1596.411813][T25660] ? __fget_files+0x3f6/0x470 [ 1596.416521][T25660] ksys_read+0x1a0/0x2c0 [ 1596.420782][T25660] ? __pfx_ksys_read+0x10/0x10 [ 1596.425558][T25660] ? do_syscall_64+0x100/0x230 [ 1596.430340][T25660] ? do_syscall_64+0xb6/0x230 [ 1596.435028][T25660] do_syscall_64+0xf3/0x230 [ 1596.439545][T25660] ? clear_bhb_loop+0x35/0x90 [ 1596.444232][T25660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1596.450137][T25660] RIP: 0033:0x7f5b24d75b59 [ 1596.454564][T25660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1596.474266][T25660] RSP: 002b:00007f5b25ad1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1596.482693][T25660] RAX: ffffffffffffffda RBX: 00007f5b24f05f60 RCX: 00007f5b24d75b59 [ 1596.490674][T25660] RDX: 0000000000002020 RSI: 0000000020000680 RDI: 0000000000000003 [ 1596.498651][T25660] RBP: 00007f5b25ad10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1596.506631][T25660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1596.514608][T25660] R13: 000000000000000b R14: 00007f5b24f05f60 R15: 00007ffd40026cf8 [ 1596.522604][T25660] [ 1596.941714][T25672] FAULT_INJECTION: forcing a failure. [ 1596.941714][T25672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1596.945361][T25670] netlink: 'syz.4.5531': attribute type 20 has an invalid length. [ 1596.980762][T20070] Bluetooth: hci0: unexpected event for opcode 0x0c22 [ 1596.983656][T25672] CPU: 1 PID: 25672 Comm: syz.2.5532 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1596.997365][T25672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1597.007423][T25672] Call Trace: [ 1597.010701][T25672] [ 1597.013643][T25672] dump_stack_lvl+0x241/0x360 [ 1597.018335][T25672] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1597.023539][T25672] ? __pfx__printk+0x10/0x10 [ 1597.028140][T25672] ? __pfx_lock_release+0x10/0x10 [ 1597.033170][T25672] ? vfs_write+0x7c4/0xc90 [ 1597.037595][T25672] should_fail_ex+0x3b0/0x4e0 [ 1597.042273][T25672] _copy_from_user+0x2f/0xe0 [ 1597.046858][T25672] __sys_bpf+0x1a4/0x810 [ 1597.051098][T25672] ? __pfx___sys_bpf+0x10/0x10 [ 1597.055863][T25672] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1597.061838][T25672] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1597.068248][T25672] ? do_syscall_64+0x100/0x230 [ 1597.073009][T25672] __x64_sys_bpf+0x7c/0x90 [ 1597.077415][T25672] do_syscall_64+0xf3/0x230 [ 1597.081912][T25672] ? clear_bhb_loop+0x35/0x90 [ 1597.086585][T25672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1597.092474][T25672] RIP: 0033:0x7fdc78575b59 [ 1597.096882][T25672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1597.116485][T25672] RSP: 002b:00007fdc77fff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1597.124896][T25672] RAX: ffffffffffffffda RBX: 00007fdc78705f60 RCX: 00007fdc78575b59 [ 1597.132858][T25672] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a [ 1597.140823][T25672] RBP: 00007fdc77fff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.148784][T25672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1597.156747][T25672] R13: 000000000000000b R14: 00007fdc78705f60 R15: 00007ffd85f38c08 [ 1597.164722][T25672] [ 1597.333429][ T51] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1597.430113][T25680] batadv_slave_1: entered promiscuous mode [ 1597.445625][T25680] FAULT_INJECTION: forcing a failure. [ 1597.445625][T25680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1597.459007][T25680] CPU: 1 PID: 25680 Comm: syz.2.5535 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1597.468826][T25680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1597.478904][T25680] Call Trace: [ 1597.482183][T25680] [ 1597.485105][T25680] dump_stack_lvl+0x241/0x360 [ 1597.489783][T25680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1597.494978][T25680] ? __pfx__printk+0x10/0x10 [ 1597.499562][T25680] ? __pfx_lock_release+0x10/0x10 [ 1597.504583][T25680] should_fail_ex+0x3b0/0x4e0 [ 1597.509257][T25680] _copy_from_user+0x2f/0xe0 [ 1597.513845][T25680] packet_setsockopt+0x87b/0x1970 [ 1597.518861][T25680] ? mark_lock+0x9a/0x350 [ 1597.523183][T25680] ? __pfx_packet_setsockopt+0x10/0x10 [ 1597.528644][T25680] ? __pfx_lock_acquire+0x10/0x10 [ 1597.533657][T25680] ? __fget_files+0x29/0x470 [ 1597.538244][T25680] ? __pfx_lock_release+0x10/0x10 [ 1597.543269][T25680] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1597.548819][T25680] ? security_socket_setsockopt+0x87/0xb0 [ 1597.554532][T25680] ? __pfx_packet_setsockopt+0x10/0x10 [ 1597.559977][T25680] do_sock_setsockopt+0x3af/0x720 [ 1597.564992][T25680] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1597.570524][T25680] ? __fget_files+0x29/0x470 [ 1597.575104][T25680] ? __fget_files+0x3f6/0x470 [ 1597.579782][T25680] __sys_setsockopt+0x1ae/0x250 [ 1597.584636][T25680] __x64_sys_setsockopt+0xb5/0xd0 [ 1597.589656][T25680] do_syscall_64+0xf3/0x230 [ 1597.594153][T25680] ? clear_bhb_loop+0x35/0x90 [ 1597.598825][T25680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1597.604708][T25680] RIP: 0033:0x7fdc78575b59 [ 1597.609114][T25680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1597.628717][T25680] RSP: 002b:00007fdc77fff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1597.637129][T25680] RAX: ffffffffffffffda RBX: 00007fdc78705f60 RCX: 00007fdc78575b59 [ 1597.645091][T25680] RDX: 0000000000000001 RSI: 0000000000000107 RDI: 0000000000000003 [ 1597.653051][T25680] RBP: 00007fdc77fff0a0 R08: 0000000000000010 R09: 0000000000000000 [ 1597.661009][T25680] R10: 0000000020000fc0 R11: 0000000000000246 R12: 0000000000000001 [ 1597.668969][T25680] R13: 000000000000000b R14: 00007fdc78705f60 R15: 00007ffd85f38c08 [ 1597.676935][T25680] [ 1597.687205][T25679] batadv_slave_1: left promiscuous mode [ 1597.716871][ T51] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1597.730517][ T51] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1597.800633][ T51] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1597.830159][ T51] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1597.861361][T18603] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1597.876446][ T51] usb 5-1: config 0 descriptor?? [ 1597.995940][T25684] FAULT_INJECTION: forcing a failure. [ 1597.995940][T25684] name failslab, interval 1, probability 0, space 0, times 0 [ 1598.057253][T25684] CPU: 0 PID: 25684 Comm: syz.1.5537 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1598.057593][T18603] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1598.067084][T25684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1598.067105][T25684] Call Trace: [ 1598.067114][T25684] [ 1598.067123][T25684] dump_stack_lvl+0x241/0x360 [ 1598.067156][T25684] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1598.067179][T25684] ? __pfx__printk+0x10/0x10 [ 1598.067204][T25684] ? __pfx___might_resched+0x10/0x10 [ 1598.067234][T25684] should_fail_ex+0x3b0/0x4e0 [ 1598.118032][T25684] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1598.123765][T25684] should_failslab+0x9/0x20 [ 1598.128291][T25684] __kmalloc_noprof+0xd8/0x400 [ 1598.133077][T25684] ? kfree+0x4e/0x360 [ 1598.137078][T25684] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1598.142638][T25684] tomoyo_path_number_perm+0x23a/0x880 [ 1598.148121][T25684] ? tomoyo_path_number_perm+0x208/0x880 [ 1598.153757][T25684] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1598.159768][T25684] ? __fget_files+0x29/0x470 [ 1598.164373][T25684] ? __fget_files+0x3f6/0x470 [ 1598.169060][T25684] ? __fget_files+0x29/0x470 [ 1598.173672][T25684] security_file_ioctl+0x75/0xb0 [ 1598.178612][T25684] __se_sys_ioctl+0x47/0x170 [ 1598.183227][T25684] do_syscall_64+0xf3/0x230 [ 1598.187759][T25684] ? clear_bhb_loop+0x35/0x90 [ 1598.192454][T25684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1598.198369][T25684] RIP: 0033:0x7f5b24d75b59 [ 1598.202798][T25684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1598.222421][T25684] RSP: 002b:00007f5b25ad1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1598.230851][T25684] RAX: ffffffffffffffda RBX: 00007f5b24f05f60 RCX: 00007f5b24d75b59 [ 1598.238842][T25684] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1598.246840][T25684] RBP: 00007f5b25ad10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1598.254837][T25684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1598.262824][T25684] R13: 000000000000000b R14: 00007f5b24f05f60 R15: 00007ffd40026cf8 [ 1598.270831][T25684] [ 1598.343046][T25684] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1598.388367][T25682] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 1598.402436][ T51] usbhid 5-1:0.0: can't add hid device: -71 [ 1598.423429][ T51] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1598.447732][T18603] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1598.474505][ T51] usb 5-1: USB disconnect, device number 110 [ 1598.645643][T25691] FAULT_INJECTION: forcing a failure. [ 1598.645643][T25691] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1598.694915][T25691] CPU: 0 PID: 25691 Comm: syz.1.5538 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1598.704760][T25691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1598.714829][T25691] Call Trace: [ 1598.718130][T25691] [ 1598.721077][T25691] dump_stack_lvl+0x241/0x360 [ 1598.725784][T25691] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1598.731007][T25691] ? __pfx__printk+0x10/0x10 [ 1598.735622][T25691] ? __pfx_lock_release+0x10/0x10 [ 1598.740682][T25691] should_fail_ex+0x3b0/0x4e0 [ 1598.745388][T25691] _copy_from_user+0x2f/0xe0 [ 1598.749991][T25691] copy_msghdr_from_user+0xae/0x680 [ 1598.755216][T25691] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1598.761066][T25691] __sys_sendmsg+0x23d/0x3a0 [ 1598.765675][T25691] ? __pfx___sys_sendmsg+0x10/0x10 [ 1598.770799][T25691] ? vfs_write+0x7c4/0xc90 [ 1598.775280][T25691] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1598.781629][T25691] ? do_syscall_64+0x100/0x230 [ 1598.786420][T25691] ? do_syscall_64+0xb6/0x230 [ 1598.791120][T25691] do_syscall_64+0xf3/0x230 [ 1598.795643][T25691] ? clear_bhb_loop+0x35/0x90 [ 1598.800334][T25691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1598.803070][T24837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1598.806228][T25691] RIP: 0033:0x7f5b24d75b59 [ 1598.806252][T25691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1598.806267][T25691] RSP: 002b:00007f5b25ad1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1598.806294][T25691] RAX: ffffffffffffffda RBX: 00007f5b24f05f60 RCX: 00007f5b24d75b59 [ 1598.806308][T25691] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1598.806320][T25691] RBP: 00007f5b25ad10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1598.806333][T25691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1598.806346][T25691] R13: 000000000000000b R14: 00007f5b24f05f60 R15: 00007ffd40026cf8 [ 1598.806376][T25691] [ 1598.806420][ C0] vkms_vblank_simulate: vblank timer overrun [ 1598.870632][T18603] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1598.951001][T24837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1598.960727][T24837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1598.971998][T24837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1598.979878][T24837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1598.987410][T24837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1599.100961][T25705] FAULT_INJECTION: forcing a failure. [ 1599.100961][T25705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1599.130922][T25700] tc_dump_action: action bad kind [ 1599.133523][T25705] CPU: 1 PID: 25705 Comm: syz.4.5542 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1599.145872][T25705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1599.155940][T25705] Call Trace: [ 1599.159231][T25705] [ 1599.162176][T25705] dump_stack_lvl+0x241/0x360 [ 1599.166878][T25705] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1599.172094][T25705] ? __pfx__printk+0x10/0x10 [ 1599.176704][T25705] ? __pfx_lock_release+0x10/0x10 [ 1599.181756][T25705] should_fail_ex+0x3b0/0x4e0 [ 1599.186460][T25705] _copy_from_user+0x2f/0xe0 [ 1599.191071][T25705] copy_msghdr_from_user+0xae/0x680 [ 1599.196298][T25705] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1599.202146][T25705] __sys_sendmsg+0x23d/0x3a0 [ 1599.206758][T25705] ? __pfx___sys_sendmsg+0x10/0x10 [ 1599.211884][T25705] ? vfs_write+0x7c4/0xc90 [ 1599.216357][T25705] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1599.222705][T25705] ? do_syscall_64+0x100/0x230 [ 1599.227492][T25705] ? do_syscall_64+0xb6/0x230 [ 1599.232192][T25705] do_syscall_64+0xf3/0x230 [ 1599.236722][T25705] ? clear_bhb_loop+0x35/0x90 [ 1599.241415][T25705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1599.247307][T25705] RIP: 0033:0x7f6c05d75b59 [ 1599.251716][T25705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1599.271320][T25705] RSP: 002b:00007f6c06bc4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1599.279731][T25705] RAX: ffffffffffffffda RBX: 00007f6c05f05f60 RCX: 00007f6c05d75b59 [ 1599.287698][T25705] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 1599.295746][T25705] RBP: 00007f6c06bc40a0 R08: 0000000000000000 R09: 0000000000000000 [ 1599.303706][T25705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1599.311664][T25705] R13: 000000000000000b R14: 00007f6c05f05f60 R15: 00007fff2b174048 [ 1599.319638][T25705] [ 1599.507488][T25708] /dev/loop1: Can't lookup blockdev [ 1599.579984][T18603] bridge_slave_1: left allmulticast mode [ 1599.594028][T18603] bridge_slave_1: left promiscuous mode [ 1599.616189][T18603] bridge0: port 2(bridge_slave_1) entered disabled state [ 1599.644396][T18603] bridge_slave_0: left allmulticast mode [ 1599.664194][T18603] bridge_slave_0: left promiscuous mode [ 1599.699047][T18603] bridge0: port 1(bridge_slave_0) entered disabled state [ 1600.130513][T25720] netlink: 'syz.3.5546': attribute type 20 has an invalid length. [ 1600.322448][T18603] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1600.335076][T18603] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1600.347817][T18603] bond0 (unregistering): Released all slaves [ 1600.454085][ T5140] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 1600.660788][ T5140] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1600.702133][ T5140] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1600.712379][ T5140] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1600.721567][ T5140] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1600.740986][ T5140] usb 4-1: config 0 descriptor?? [ 1600.917409][T25696] chnl_net:caif_netlink_parms(): no params data found [ 1601.013574][T24837] Bluetooth: hci1: command tx timeout [ 1601.132858][T18603] hsr_slave_0: left promiscuous mode [ 1601.155537][T18603] hsr_slave_1: left promiscuous mode [ 1601.168276][T18603] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1601.177230][T18603] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1601.189422][T18603] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1601.194691][ T5140] usbhid 4-1:0.0: can't add hid device: -71 [ 1601.197441][T18603] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1601.236097][ T5140] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1601.252947][ T5140] usb 4-1: USB disconnect, device number 114 [ 1601.335207][T18603] veth1_macvtap: left promiscuous mode [ 1601.348626][T18603] veth0_macvtap: left promiscuous mode [ 1601.358873][T18603] veth1_vlan: left promiscuous mode [ 1601.364258][T18603] veth0_vlan: left promiscuous mode [ 1601.604276][T25745] block nbd4: shutting down sockets [ 1602.069370][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 1602.069388][ T29] audit: type=1326 audit(1721392188.568:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25759 comm="syz.3.5553" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffa32b75b59 code=0x0 [ 1602.163547][ T5136] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1602.344317][ T5136] usb 5-1: Using ep0 maxpacket: 32 [ 1602.375001][ T5136] usb 5-1: config 0 has an invalid interface number: 4 but max is 0 [ 1602.393584][ T5136] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1602.404625][ T5136] usb 5-1: config 0 has no interface number 0 [ 1602.410931][ T5136] usb 5-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1602.452375][ T5136] usb 5-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88 [ 1602.462666][ T5136] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1602.495273][ T5136] usb 5-1: Product: syz [ 1602.499742][ T5136] usb 5-1: Manufacturer: syz [ 1602.516387][ T5136] usb 5-1: SerialNumber: syz [ 1602.532305][ T5136] usb 5-1: config 0 descriptor?? [ 1602.565740][ T5136] as10x_usb: device has been detected [ 1602.595253][ T5136] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan) [ 1602.681370][T18603] team0 (unregistering): Port device team_slave_1 removed [ 1602.690786][ T5136] usb 5-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)... [ 1602.815210][ T5136] as10x_usb: error during firmware upload part1 [ 1602.831379][ T5136] Registered device Abilis Systems DVB-Titan [ 1602.832687][T18603] team0 (unregistering): Port device team_slave_0 removed [ 1603.093480][T24837] Bluetooth: hci1: command tx timeout [ 1603.893493][T24837] Bluetooth: hci0: command 0x0406 tx timeout [ 1603.966101][T25696] bridge0: port 1(bridge_slave_0) entered blocking state [ 1603.973628][T25696] bridge0: port 1(bridge_slave_0) entered disabled state [ 1603.981667][T25696] bridge_slave_0: entered allmulticast mode [ 1604.007402][T25696] bridge_slave_0: entered promiscuous mode [ 1604.097726][T25696] bridge0: port 2(bridge_slave_1) entered blocking state [ 1604.137120][T25696] bridge0: port 2(bridge_slave_1) entered disabled state [ 1604.185344][T25696] bridge_slave_1: entered allmulticast mode [ 1604.276777][T25696] bridge_slave_1: entered promiscuous mode [ 1604.786070][ T5137] usb 5-1: USB disconnect, device number 111 [ 1604.829881][ T5137] Unregistered device Abilis Systems DVB-Titan [ 1604.831385][ T5137] as10x_usb: device has been disconnected [ 1604.890012][T25696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1604.943666][T25696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1604.991528][T25787] syz2: rxe_newlink: already configured on team_slave_1 [ 1605.152130][T25696] team0: Port device team_slave_0 added [ 1605.173498][T24837] Bluetooth: hci1: command tx timeout [ 1605.207834][T25696] team0: Port device team_slave_1 added [ 1605.216984][T25790] netlink: 84 bytes leftover after parsing attributes in process `syz.3.5561'. [ 1605.340663][T25696] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1605.350668][T25696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1605.409847][T25696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1605.434844][T25696] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1605.442896][T25696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1605.487049][T25696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1605.511153][T25787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5560'. [ 1605.562479][T25788] sch_tbf: burst 88 is lower than device veth7 mtu (1514) ! [ 1605.688715][T25696] hsr_slave_0: entered promiscuous mode [ 1605.716755][T25696] hsr_slave_1: entered promiscuous mode [ 1605.730795][T25696] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1605.739107][T25696] Cannot create hsr debugfs directory [ 1605.746720][T25794] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5562'. [ 1605.766834][T25794] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1605.776019][T25794] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1605.784842][T25794] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1605.788095][T25797] netlink: 'syz.1.5563': attribute type 20 has an invalid length. [ 1605.793569][T25794] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1605.814137][T25794] vxlan0: entered promiscuous mode [ 1605.841887][T24837] Bluetooth: hci5: unexpected event for opcode 0x0c22 [ 1605.891380][ T29] audit: type=1326 audit(1721392192.388:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25786 comm="syz.4.5560" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c05d75b59 code=0x0 [ 1606.113535][ T9] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 1606.332234][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1606.358000][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1606.369243][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1606.399106][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1606.435812][ T9] usb 2-1: config 0 descriptor?? [ 1606.473748][T25696] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1606.502641][T25696] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1606.532162][T25696] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1606.573003][T25696] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1606.729415][T25810] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5568'. [ 1606.755789][T25810] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5568'. [ 1606.827568][T25696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1606.856103][T25696] 8021q: adding VLAN 0 to HW filter on device team0 [ 1606.876859][ T5198] bridge0: port 1(bridge_slave_0) entered blocking state [ 1606.884091][ T5198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1606.915627][ T5198] bridge0: port 2(bridge_slave_1) entered blocking state [ 1606.922778][ T5198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1606.955415][T25696] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1606.971025][T25696] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1607.116761][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 1607.122808][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1607.134173][ T9] usb 2-1: USB disconnect, device number 116 [ 1607.263087][T24837] Bluetooth: hci1: command tx timeout [ 1607.690728][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 1608.034744][T25824] FAULT_INJECTION: forcing a failure. [ 1608.034744][T25824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1608.173432][T25824] CPU: 0 PID: 25824 Comm: syz.2.5571 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1608.183294][T25824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1608.193361][T25824] Call Trace: [ 1608.196651][T25824] [ 1608.199593][T25824] dump_stack_lvl+0x241/0x360 [ 1608.204310][T25824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1608.209527][T25824] ? __pfx__printk+0x10/0x10 [ 1608.214137][T25824] ? __pfx_lock_release+0x10/0x10 [ 1608.219179][T25824] ? vfs_write+0x7c4/0xc90 [ 1608.223618][T25824] should_fail_ex+0x3b0/0x4e0 [ 1608.228319][T25824] _copy_from_user+0x2f/0xe0 [ 1608.232924][T25824] __sys_bpf+0x1a4/0x810 [ 1608.237189][T25824] ? __pfx___sys_bpf+0x10/0x10 [ 1608.241981][T25824] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1608.248067][T25824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1608.254412][T25824] ? do_syscall_64+0x100/0x230 [ 1608.259199][T25824] __x64_sys_bpf+0x7c/0x90 [ 1608.263627][T25824] do_syscall_64+0xf3/0x230 [ 1608.268153][T25824] ? clear_bhb_loop+0x35/0x90 [ 1608.272846][T25824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1608.278756][T25824] RIP: 0033:0x7fdc78575b59 [ 1608.283193][T25824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1608.302826][T25824] RSP: 002b:00007fdc77fff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1608.311245][T25824] RAX: ffffffffffffffda RBX: 00007fdc78705f60 RCX: 00007fdc78575b59 [ 1608.319259][T25824] RDX: 000000000000004c RSI: 0000000020000640 RDI: 000000000000000a [ 1608.327225][T25824] RBP: 00007fdc77fff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1608.335191][T25824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1608.343154][T25824] R13: 000000000000000b R14: 00007fdc78705f60 R15: 00007ffd85f38c08 [ 1608.351218][T25824] [ 1609.212204][T25696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1609.332196][T25839] FAULT_INJECTION: forcing a failure. [ 1609.332196][T25839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1609.339390][T25696] veth0_vlan: entered promiscuous mode [ 1609.366288][T25838] input: syz1 as /devices/virtual/input/input119 [ 1609.383810][T25839] CPU: 0 PID: 25839 Comm: syz.2.5575 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1609.393684][T25839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1609.403786][T25839] Call Trace: [ 1609.403801][T25839] [ 1609.403809][T25839] dump_stack_lvl+0x241/0x360 [ 1609.414712][T25839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1609.414803][T25696] veth1_vlan: entered promiscuous mode [ 1609.419919][T25839] ? __pfx__printk+0x10/0x10 [ 1609.419947][T25839] ? __pfx_lock_release+0x10/0x10 [ 1609.419977][T25839] should_fail_ex+0x3b0/0x4e0 [ 1609.439818][T25839] _copy_from_user+0x2f/0xe0 [ 1609.444442][T25839] copy_msghdr_from_user+0xae/0x680 [ 1609.449674][T25839] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1609.455531][T25839] __sys_sendmsg+0x23d/0x3a0 [ 1609.460163][T25839] ? __pfx___sys_sendmsg+0x10/0x10 [ 1609.465295][T25839] ? vfs_write+0x7c4/0xc90 [ 1609.469776][T25839] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1609.476133][T25839] ? do_syscall_64+0x100/0x230 [ 1609.480970][T25839] ? do_syscall_64+0xb6/0x230 [ 1609.485674][T25839] do_syscall_64+0xf3/0x230 [ 1609.490191][T25839] ? clear_bhb_loop+0x35/0x90 [ 1609.494872][T25839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.500776][T25839] RIP: 0033:0x7fdc78575b59 [ 1609.505198][T25839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1609.524809][T25839] RSP: 002b:00007fdc77fff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1609.533221][T25839] RAX: ffffffffffffffda RBX: 00007fdc78705f60 RCX: 00007fdc78575b59 [ 1609.541183][T25839] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 1609.549150][T25839] RBP: 00007fdc77fff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1609.557203][T25839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1609.565172][T25839] R13: 000000000000000b R14: 00007fdc78705f60 R15: 00007ffd85f38c08 [ 1609.573153][T25839] [ 1609.690767][T25696] veth0_macvtap: entered promiscuous mode [ 1609.717785][T25696] veth1_macvtap: entered promiscuous mode [ 1609.833087][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1609.869090][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1609.879046][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1609.889725][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.002823][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1610.035428][T17811] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 1610.793611][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.839227][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1610.878527][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.913909][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1610.926944][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1610.955620][T25696] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1610.976974][T17811] usb 2-1: Using ep0 maxpacket: 32 [ 1610.988552][T17811] usb 2-1: config 63 has too many interfaces: 40, using maximum allowed: 32 [ 1610.990121][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1611.016345][T17811] usb 2-1: config 63 has an invalid descriptor of length 61, skipping remainder of the config [ 1611.037066][T17811] usb 2-1: config 63 has 1 interface, different from the descriptor's value: 40 [ 1611.047240][T17811] usb 2-1: config 63 has no interface number 0 [ 1611.059299][T17811] usb 2-1: config 63 has too many interfaces: 40, using maximum allowed: 32 [ 1611.068739][T17811] usb 2-1: config 63 has an invalid descriptor of length 61, skipping remainder of the config [ 1611.082608][T17811] usb 2-1: config 63 has 1 interface, different from the descriptor's value: 40 [ 1611.091881][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1611.092978][T17811] usb 2-1: config 63 has no interface number 0 [ 1611.113472][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1611.115807][T17811] usb 2-1: config 63 has too many interfaces: 40, using maximum allowed: 32 [ 1611.140008][T17811] usb 2-1: config 63 has an invalid descriptor of length 61, skipping remainder of the config [ 1611.150443][T17811] usb 2-1: config 63 has 1 interface, different from the descriptor's value: 40 [ 1611.163538][T17811] usb 2-1: config 63 has no interface number 0 [ 1611.175471][T17811] usb 2-1: config 63 has too many interfaces: 40, using maximum allowed: 32 [ 1611.184400][T17811] usb 2-1: config 63 has an invalid descriptor of length 61, skipping remainder of the config [ 1611.195444][T17811] usb 2-1: config 63 has 1 interface, different from the descriptor's value: 40 [ 1611.204590][T17811] usb 2-1: config 63 has no interface number 0 [ 1611.763968][T17811] usb 2-1: config 63 has too many interfaces: 40, using maximum allowed: 32 [ 1611.772697][T17811] usb 2-1: config 63 has an invalid descriptor of length 61, skipping remainder of the config [ 1611.783031][T17811] usb 2-1: config 63 has 1 interface, different from the descriptor's value: 40 [ 1611.792257][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1611.810795][T17811] usb 2-1: config 63 has no interface number 0 [ 1611.835389][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1611.849785][T17811] usb 2-1: New USB device found, idVendor=b16d, idProduct=9ac8, bcdDevice=17.ff [ 1611.865194][T17811] usb 2-1: New USB device strings: Mfr=199, Product=85, SerialNumber=242 [ 1611.874120][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1611.890309][T17811] usb 2-1: Product: syz [ 1611.903553][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1611.913778][T17811] usb 2-1: Manufacturer: syz [ 1611.918753][T17811] usb 2-1: SerialNumber: syz [ 1611.919912][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1611.946302][T25860] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1611.957816][T25696] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1611.978633][T25696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1612.024457][T25696] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1612.057318][T24837] Bluetooth: hci3: command tx timeout [ 1612.081685][T25696] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1612.096253][T25696] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1612.107120][T25696] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1612.116452][T25696] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1612.151248][T25862] ================================================================== [ 1612.159338][T25862] BUG: KASAN: slab-out-of-bounds in uprobe_mmap+0xb9a/0x11a0 [ 1612.166727][T25862] Read of size 8 at addr ffff888072050070 by task syz.3.5583/25862 [ 1612.174621][T25862] [ 1612.176942][T25862] CPU: 1 PID: 25862 Comm: syz.3.5583 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1612.186747][T25862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1612.196803][T25862] Call Trace: [ 1612.200083][T25862] [ 1612.203014][T25862] dump_stack_lvl+0x241/0x360 [ 1612.207704][T25862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1612.212912][T25862] ? __pfx__printk+0x10/0x10 [ 1612.217516][T25862] ? _printk+0xd5/0x120 [ 1612.221681][T25862] ? __virt_addr_valid+0x183/0x530 [ 1612.226820][T25862] ? __virt_addr_valid+0x183/0x530 [ 1612.231948][T25862] print_report+0x169/0x550 [ 1612.236465][T25862] ? __virt_addr_valid+0x183/0x530 [ 1612.241591][T25862] ? __virt_addr_valid+0x183/0x530 [ 1612.246712][T25862] ? __virt_addr_valid+0x45f/0x530 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1612.251836][T25862] ? __phys_addr+0xba/0x170 [ 1612.256365][T25862] ? uprobe_mmap+0xb9a/0x11a0 [ 1612.261054][T25862] kasan_report+0x143/0x180 [ 1612.265564][T25862] ? uprobe_mmap+0xb9a/0x11a0 [ 1612.270257][T25862] uprobe_mmap+0xb9a/0x11a0 [ 1612.274776][T25862] ? __pfx_uprobe_mmap+0x10/0x10 [ 1612.279723][T25862] mmap_region+0x1891/0x2090 [ 1612.284338][T25862] ? __pfx_mmap_region+0x10/0x10 [ 1612.289290][T25862] ? irqentry_exit+0x63/0x90 [ 1612.293890][T25862] ? lockdep_hardirqs_on+0x99/0x150 [ 1612.299103][T25862] ? do_mmap+0x5bb/0xfa0 [ 1612.303360][T25862] ? do_mmap+0x5d0/0xfa0 [ 1612.307614][T25862] do_mmap+0x8ad/0xfa0 [ 1612.311694][T25862] ? __pfx_do_mmap+0x10/0x10 [ 1612.316291][T25862] ? __pfx_down_write_killable+0x10/0x10 [ 1612.321928][T25862] ? __pfx_ima_file_mmap+0x10/0x10 [ 1612.327052][T25862] ? security_mmap_file+0x178/0x1a0 [ 1612.332264][T25862] vm_mmap_pgoff+0x1dd/0x3d0 [ 1612.336864][T25862] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1612.341987][T25862] ? __fget_files+0x29/0x470 [ 1612.346589][T25862] ? __fget_files+0x3f6/0x470 [ 1612.351278][T25862] ksys_mmap_pgoff+0x4f1/0x720 [ 1612.356050][T25862] ? __x64_sys_mmap+0x7f/0x140 [ 1612.360799][T25862] do_syscall_64+0xf3/0x230 [ 1612.365285][T25862] ? clear_bhb_loop+0x35/0x90 [ 1612.369960][T25862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1612.375850][T25862] RIP: 0033:0x7ffa32b75b59 [ 1612.380249][T25862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1612.399840][T25862] RSP: 002b:00007ffa339b7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1612.408235][T25862] RAX: ffffffffffffffda RBX: 00007ffa32d05f60 RCX: 00007ffa32b75b59 [ 1612.416184][T25862] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020000000 [ 1612.424131][T25862] RBP: 00007ffa32be4e5d R08: 0000000000000004 R09: 0000000000000000 [ 1612.432077][T25862] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 1612.440027][T25862] R13: 000000000000000b R14: 00007ffa32d05f60 R15: 00007ffd8374f028 [ 1612.447988][T25862] [ 1612.450983][T25862] [ 1612.453286][T25862] Allocated by task 25696: [ 1612.457686][T25862] kasan_save_track+0x3f/0x80 [ 1612.462346][T25862] __kasan_kmalloc+0x98/0xb0 [ 1612.466913][T25862] kmalloc_trace_noprof+0x19c/0x2c0 [ 1612.472092][T25862] __hw_addr_add_ex+0x1a8/0x610 [ 1612.476920][T25862] dev_mc_add+0xa3/0x110 [ 1612.481146][T25862] igmp6_group_added+0x1a4/0x710 [ 1612.486058][T25862] __ipv6_dev_mc_inc+0x8b8/0xa90 [ 1612.490969][T25862] ipv6_add_dev+0xe12/0x1220 [ 1612.495537][T25862] addrconf_notify+0x6a7/0x1020 [ 1612.500368][T25862] notifier_call_chain+0x19f/0x3e0 [ 1612.505458][T25862] register_netdevice+0x167f/0x1b00 [ 1612.510632][T25862] veth_newlink+0x628/0xcd0 [ 1612.515110][T25862] rtnl_newlink+0x1591/0x20a0 [ 1612.519760][T25862] rtnetlink_rcv_msg+0x73f/0xcf0 [ 1612.524674][T25862] netlink_rcv_skb+0x1e3/0x430 [ 1612.529413][T25862] netlink_unicast+0x7f0/0x990 [ 1612.534153][T25862] netlink_sendmsg+0x8e4/0xcb0 [ 1612.538890][T25862] __sock_sendmsg+0x221/0x270 [ 1612.543548][T25862] __sys_sendto+0x3a4/0x4f0 [ 1612.548044][T25862] __x64_sys_sendto+0xde/0x100 [ 1612.552787][T25862] do_syscall_64+0xf3/0x230 [ 1612.557271][T25862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1612.563148][T25862] [ 1612.565450][T25862] The buggy address belongs to the object at ffff888072050000 [ 1612.565450][T25862] which belongs to the cache kmalloc-128 of size 128 [ 1612.579479][T25862] The buggy address is located 8 bytes to the right of [ 1612.579479][T25862] allocated 104-byte region [ffff888072050000, ffff888072050068) [ 1612.594031][T25862] [ 1612.596335][T25862] The buggy address belongs to the physical page: [ 1612.602723][T25862] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72050 [ 1612.611463][T25862] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1612.618891][T25862] page_type: 0xffffefff(slab) [ 1612.623543][T25862] raw: 00fff00000000000 ffff888015041a00 ffffea000079ed00 dead000000000003 [ 1612.632100][T25862] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1612.640668][T25862] page dumped because: kasan: bad access detected [ 1612.647065][T25862] page_owner tracks the page as allocated [ 1612.652751][T25862] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5093, tgid 5093 (syz-executor), ts 62606556249, free_ts 62600353308 [ 1612.672002][T25862] post_alloc_hook+0x1f3/0x230 [ 1612.676749][T25862] get_page_from_freelist+0x2e4c/0x2f10 [ 1612.682273][T25862] __alloc_pages_noprof+0x256/0x6c0 [ 1612.687454][T25862] alloc_slab_page+0x5f/0x120 [ 1612.692106][T25862] allocate_slab+0x5a/0x2f0 [ 1612.696591][T25862] ___slab_alloc+0xcd1/0x14b0 [ 1612.701244][T25862] __slab_alloc+0x58/0xa0 [ 1612.705550][T25862] kmalloc_trace_noprof+0x1d5/0x2c0 [ 1612.710730][T25862] __hw_addr_add_ex+0x1a8/0x610 [ 1612.715561][T25862] dev_mc_add+0xa3/0x110 [ 1612.719784][T25862] igmp_group_added+0x1bf/0x8d0 [ 1612.724613][T25862] ____ip_mc_inc_group+0x998/0xbf0 [ 1612.729703][T25862] ip_mc_up+0x124/0x300 [ 1612.733836][T25862] inetdev_event+0x1025/0x15c0 [ 1612.738572][T25862] notifier_call_chain+0x19f/0x3e0 [ 1612.743661][T25862] __dev_notify_flags+0x207/0x400 [ 1612.748665][T25862] page last free pid 5094 tgid 5094 stack trace: [ 1612.754966][T25862] free_unref_page+0xd19/0xea0 [ 1612.759712][T25862] __slab_free+0x31b/0x3d0 [ 1612.764109][T25862] qlist_free_all+0x9e/0x140 [ 1612.768677][T25862] kasan_quarantine_reduce+0x14f/0x170 [ 1612.774112][T25862] __kasan_slab_alloc+0x23/0x80 [ 1612.778940][T25862] __kmalloc_noprof+0x1a3/0x400 [ 1612.783767][T25862] fib6_info_alloc+0x2e/0xf0 [ 1612.788332][T25862] ip6_route_info_create+0x445/0x12b0 [ 1612.793685][T25862] ip6_route_add+0x28/0x160 [ 1612.798186][T25862] addrconf_prefix_route+0x314/0x4e0 [ 1612.803455][T25862] inet6_addr_add+0x627/0xb00 [ 1612.808108][T25862] inet6_rtm_newaddr+0x8a3/0xc80 [ 1612.813016][T25862] rtnetlink_rcv_msg+0x73f/0xcf0 [ 1612.817940][T25862] netlink_rcv_skb+0x1e3/0x430 [ 1612.822679][T25862] netlink_unicast+0x7f0/0x990 [ 1612.827419][T25862] netlink_sendmsg+0x8e4/0xcb0 [ 1612.832159][T25862] [ 1612.834462][T25862] Memory state around the buggy address: [ 1612.840065][T25862] ffff88807204ff00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1612.848102][T25862] ffff88807204ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1612.856137][T25862] >ffff888072050000: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 1612.864171][T25862] ^ [ 1612.871861][T25862] ffff888072050080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1612.879897][T25862] ffff888072050100: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 1612.887996][T25862] ================================================================== [ 1613.004116][T25862] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1613.011357][T25862] CPU: 0 PID: 25862 Comm: syz.3.5583 Not tainted 6.10.0-syzkaller-08280-g68b59730459e #0 [ 1613.021167][T25862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1613.031230][T25862] Call Trace: [ 1613.034517][T25862] [ 1613.037447][T25862] dump_stack_lvl+0x241/0x360 [ 1613.042140][T25862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1613.047345][T25862] ? __pfx__printk+0x10/0x10 [ 1613.051946][T25862] ? preempt_schedule+0xe1/0xf0 [ 1613.056798][T25862] ? vscnprintf+0x5d/0x90 [ 1613.061138][T25862] panic+0x349/0x860 [ 1613.065045][T25862] ? check_panic_on_warn+0x21/0xb0 [ 1613.070167][T25862] ? __pfx_panic+0x10/0x10 [ 1613.074593][T25862] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1613.080589][T25862] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1613.086928][T25862] ? print_report+0x502/0x550 [ 1613.091614][T25862] check_panic_on_warn+0x86/0xb0 [ 1613.096568][T25862] ? uprobe_mmap+0xb9a/0x11a0 [ 1613.101263][T25862] end_report+0x77/0x160 [ 1613.105516][T25862] kasan_report+0x154/0x180 [ 1613.110040][T25862] ? uprobe_mmap+0xb9a/0x11a0 [ 1613.114736][T25862] uprobe_mmap+0xb9a/0x11a0 [ 1613.119256][T25862] ? __pfx_uprobe_mmap+0x10/0x10 [ 1613.124202][T25862] mmap_region+0x1891/0x2090 [ 1613.128802][T25862] ? __pfx_mmap_region+0x10/0x10 [ 1613.133739][T25862] ? irqentry_exit+0x63/0x90 [ 1613.138339][T25862] ? lockdep_hardirqs_on+0x99/0x150 [ 1613.143549][T25862] ? do_mmap+0x5bb/0xfa0 [ 1613.147795][T25862] ? do_mmap+0x5d0/0xfa0 [ 1613.152044][T25862] do_mmap+0x8ad/0xfa0 [ 1613.156129][T25862] ? __pfx_do_mmap+0x10/0x10 [ 1613.160729][T25862] ? __pfx_down_write_killable+0x10/0x10 [ 1613.166368][T25862] ? __pfx_ima_file_mmap+0x10/0x10 [ 1613.171492][T25862] ? security_mmap_file+0x178/0x1a0 [ 1613.176703][T25862] vm_mmap_pgoff+0x1dd/0x3d0 [ 1613.181308][T25862] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1613.186425][T25862] ? __fget_files+0x29/0x470 [ 1613.191027][T25862] ? __fget_files+0x3f6/0x470 [ 1613.195712][T25862] ksys_mmap_pgoff+0x4f1/0x720 [ 1613.200484][T25862] ? __x64_sys_mmap+0x7f/0x140 [ 1613.205274][T25862] do_syscall_64+0xf3/0x230 [ 1613.209793][T25862] ? clear_bhb_loop+0x35/0x90 [ 1613.214485][T25862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1613.220377][T25862] RIP: 0033:0x7ffa32b75b59 [ 1613.224800][T25862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1613.244415][T25862] RSP: 002b:00007ffa339b7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1613.252843][T25862] RAX: ffffffffffffffda RBX: 00007ffa32d05f60 RCX: 00007ffa32b75b59 [ 1613.260835][T25862] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020000000 [ 1613.268809][T25862] RBP: 00007ffa32be4e5d R08: 0000000000000004 R09: 0000000000000000 [ 1613.276771][T25862] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 1613.284730][T25862] R13: 000000000000000b R14: 00007ffa32d05f60 R15: 00007ffd8374f028 [ 1613.292695][T25862] [ 1613.295914][T25862] Kernel Offset: disabled [ 1613.300228][T25862] Rebooting in 86400 seconds..