last executing test programs: 15.35382979s ago: executing program 4 (id=583): mkdir(&(0x7f0000000400)='./file0\x00', 0x1e0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x850001, &(0x7f0000000240)='grp\x85u\xc5\x86a') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000200)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(&(0x7f0000000000)='./bus\x00') openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount(&(0x7f00000001c0)=@md0, &(0x7f0000000240)='./file0\x00', 0x0, 0x2089, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create(0x207ffd) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000280)={0x70002012}) mlockall(0x7) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) syz_clone(0x80000480, 0x0, 0x0, 0x0, 0x0, 0x0) mlockall(0x7) 13.506351505s ago: executing program 4 (id=587): syncfs(0xffffffffffffffff) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$uhid(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0) r3 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x9058, 0x2, 0xfffffffc, 0x25e}, &(0x7f0000000280)=0x0, &(0x7f0000000040)) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x11, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000a703000000000000850000000c000000b700000000000000181100007c9a7c0078f9de42dcf0ff7d780dab6105ca4a4add80e9f07dfd3daf13b08b46342e0097a4668d446657c9c726b0693c6eba62e31f5402356ab26461d3b901134169f6b89c4b4ace75d3400741f0d28d9b28e13ebda3b356fcdecc9cc466e0a4d802d4119dfa682a2619e25cd72dc4e6cd34584bf4fd000000000000006616e67a81819040fdea0c91d0dc77a3bf66b488ec79d342b809db692deadbd30f43624067120e7fc81be59d02db826f2eaaff55ddf40d5ec6508fa7c3b3a36eabe0a1d7ba5f83addbebc2732e8481cf0e1d2d454f00258d47a0e801ae456b", @ANYRES32, @ANYRES8=r0], &(0x7f0000000240)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10) sendmsg(0xffffffffffffffff, 0x0, 0x4000) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000560013f16ff28e036afc004a07"], 0xfe33) syz_io_uring_submit(r4, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x2000, @fd=r7, 0x0, 0x0, 0x0, 0x4}) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, r2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) listen(r8, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000400)=ANY=[@ANYBLOB="b6b774626c72aaaaaaaaaa0086dd60000000001c0600fe880000000000000000000000000001fe8000000000000000000000000000aa4e240000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="7000fffde3d22c95abda43fc907800002207c276bf1b6900"], 0x0) r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(&(0x7f0000000100)={0xffffffffffffffff}) listen(r10, 0x4000) recvmmsg(r2, &(0x7f0000004d80), 0x493, 0xa, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="0307"], 0x18}}, 0x0) 12.519607766s ago: executing program 4 (id=588): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="0180420000010181c200000008"], 0x0) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fanotify_init(0x200, 0x0) r7 = dup(r4) fanotify_mark(r6, 0x1, 0x4800107a, r5, 0x0) write$binfmt_misc(r5, &(0x7f0000000100), 0xfffffecc) read$FUSE(r7, &(0x7f0000006480)={0x2020}, 0x2020) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x8001, 0x1, 0x2, 0xc, 0x6b, 0x8}, 0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100)) syz_open_dev$sg(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 11.357834964s ago: executing program 1 (id=590): r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x1, 0xff, 0x1f}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x40008, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) mlock2(&(0x7f00000ac000/0x3000)=nil, 0x3000, 0x0) r7 = io_uring_setup(0x376c, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r7, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000003700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) 10.612145055s ago: executing program 2 (id=591): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f00000053c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="55431449465d69699bf3bd1437b98d3720330d54646d996ac3bca1711716ae850cc710c60faa2ba784988c86b8ad7f36ddb03f1d2c247c839b8316935daa674b2b36c6919cf95b6b746615abeef7a202d5bbb8fd4c84818a5f597b2d7eba4b16adb20cc5f5fc48c4c88506a5bf31507be2669b8887e6bf", 0x77}, {&(0x7f0000000b80)="0a7d5e1e9cf51b7d985c8b19aaa4029e6a9b39e4e02b8d73f02ef4ca74cbc358a911bea70cb6cb9b515a958b8b591e83a91d1c38c803a3ee970498b21b2f33805c1356a4bf47e14adf3411439a947e15df345199500692d7bd2a6753662dafb96b9b7b0688ed1e50c06f5601e804a154fa6c3439fff49b75e38c83cb952961c805ed1bb7b1428847d518bd28b1306199bc26bf3b267bbd3b23", 0x99}, {&(0x7f00000001c0)="b0f3ba759fb06f01c0617e4fee99f164f15a91e4ac0ddea7bd4dc4ea4bf6b232aa8f", 0x22}, {&(0x7f0000000040)="b2c034db90c06aab29505690c9b0bb01c963a2ca0160fff8a8e466c1fbf45b5dd215d0d7bbdc14ede44e7195696e94856f5900f5b1bfbe833834cdabc2", 0x3d}], 0x4}}], 0x1, 0x804) 10.440160959s ago: executing program 4 (id=593): mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="00040000000000000000005ce800000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000b60000009500000000000000819e0ee1d6e6d4287e9ed0defc7a58d7e8aa2c649a95543f8ce8e8631430c7299f028d28a6aae179659813382afcfbea72d57e96c10393ad22b2dd79f68c2d11aa4dbf121d0b35e4bbcd18f737eaa49921574a638597318bfd715eb1584e1016c7fd37381a62d2b7a3dc05a34d50dbb6018f784d5a666bd23185f30c938c38888df431ad048318dac1a951abc213db"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_uring_setup(0x168e, &(0x7f0000000000)={0x0, 0x0, 0x2}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000240)=0x800, 0xb4) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='comm\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="31010000dccd5e08cb06030000e8160000010902240001000064000904340102d469e7000905"], 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000080)={0xf0f041}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vxcan0\x00'}) 10.419018778s ago: executing program 2 (id=594): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000040000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000082532895f5b07befb0254c65278a6a9b09238e6a897cc9fab98292f22b1258c9302038146b00f66d3022940cb27fdab29e43b5e41db531d6e98049b6628ebca48fcdd585de0a3ca189df239a281b904bf776cbc8328f237810143cff96960d58598544ea429ddcd4794f83be66e360d3d092aebec7f3c76b474762dc4a8486d95d79dc17dbf99ee6c82b28febe74432b9a104d6b948f3001a01fa5350d357d01c3f9b015c08ff1f4c784789092462c1971359726ad15e8977eee7465625f502eff875c4b264cd717e60e01ab0774c5fde6d50fefac7d532ce6017173dee326433d"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000900000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000010f500000000fda8556400a571f20000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x59) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kvm_ioapic_set_irq\x00', r3}, 0x10) r6 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000500)='cpu.pressure\x00', 0x2, 0x0) ioctl$F2FS_IOC_DECOMPRESS_FILE(r6, 0xf517, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x10a000, 0x0, 0x0, 0xeffffdff, 0x0, [{}, {0x0, 0x5}, {0x0, 0x0, 0x7}, {}, {0x7}, {}, {}, {0x0, 0x0, 0x20, '\x00', 0xff}, {}, {}, {0x0, 0x0, 0xc}, {0xfd}, {0x0, 0x2d}, {}, {}, {0xb9, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x10}]}}) r9 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4, 0x0, 0x80], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10000}]}]}]}}]}, 0xa4}}, 0x0) r12 = socket(0x10, 0x3, 0x0) sendto$inet6(r12, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r9, 0x110, 0x3) r13 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0) write(r13, &(0x7f00000000c0)='i', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r13, 0x0) r14 = socket$inet_smc(0x2b, 0x1, 0x0) sendto$inet(r14, 0x0, 0x0, 0x200408c4, &(0x7f0000000200)={0x2, 0x4e21, @local}, 0x10) write(r1, &(0x7f0000000180)="588f85d1aac2738c268a9ffea8360cb76d1ab02a3f5e3f0fe59c2c9a22e358efc2e90afb480388a7a4c9", 0x2a) 10.37418282s ago: executing program 1 (id=595): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140), 0x4) getsockopt$inet6_opts(r1, 0x11a, 0x36, 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f0000000000)=ANY=[@ANYRES32=r2]) 9.270614798s ago: executing program 1 (id=596): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'netpci0\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x13) r1 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x80000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084040000000000000002"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000000c00000002000000002000000000001304000080"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={'nicvf0\x00', 0x0}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10) ioctl$TCFLSH(r2, 0x404c4701, 0x20000000) ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000001c0)=0x2) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {r1}}, './file0\x00'}) ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) 5.89144554s ago: executing program 3 (id=600): r0 = creat(&(0x7f0000000740)='./file0\x00', 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f00000001c0)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x100010}}, 0x50) socket$inet_udp(0x2, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x3800048, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 5.685741348s ago: executing program 2 (id=601): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000034004000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a1a83", 0xd4}, {&(0x7f00000014c0)="dc9ebe30", 0x4}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x3c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_TYPE={0x8}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r8, 0x400c620e, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xe002a0ffffffff, 0x0}) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x40, r3, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2c}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xffff388c}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000010}, 0x1) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f00000001c0)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001280)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x3}, @IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}}, 0x0) 5.684905349s ago: executing program 3 (id=602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000080)="440f01cb660f38803f3e67430fc7aa780f954cb9800000c00f3235010000000f30460f01d18f29f001b4f3cb22c916670f01f5c48125f9b14500000066baa00066edb9800000c00f3235010000000f30", 0x50}], 0x1, 0x62, &(0x7f0000000100)=[@cr4={0x1, 0x10010}, @cstype3={0x5, 0x6}], 0x2) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(r3, &(0x7f000000e2c0)=[{&(0x7f00000002c0)=""/147, 0x93}], 0x1, 0x0, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl(r4, 0xfffff000, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r5, &(0x7f0000000000)=[{&(0x7f00000028c0)=""/4098, 0x1002}], 0x1) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, &(0x7f00000001c0)={0x0, 0x0, @pic={0x1, 0x4, 0x71, 0x8, 0x5f, 0x9, 0xcd, 0x9, 0x6, 0x9, 0x3, 0xf4, 0x0, 0x0, 0x41, 0x9}}) 5.584992347s ago: executing program 1 (id=603): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r0, @ANYRES32=r2], 0x44}}, 0x0) (fail_nth: 5) 5.535197838s ago: executing program 0 (id=604): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f00000053c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="55431449465d69699bf3bd1437b98d3720330d54646d996ac3bca1711716ae850cc710c60faa2ba784988c86b8ad7f36ddb03f1d2c247c839b8316935daa674b2b36c6919cf95b6b746615abeef7a202d5bbb8fd4c84818a5f597b2d7eba4b16adb20cc5f5fc48c4c88506a5bf31507be2669b8887e6bf", 0x77}, {&(0x7f0000000b80)="0a7d5e1e9cf51b7d985c8b19aaa4029e6a9b39e4e02b8d73f02ef4ca74cbc358a911bea70cb6cb9b515a958b8b591e83a91d1c38c803a3ee970498b21b2f33805c1356a4bf47e14adf3411439a947e15df345199500692d7bd2a6753662dafb96b9b7b0688ed1e50c06f5601e804a154fa6c3439fff49b75e38c83cb952961c805ed1bb7b1428847d518bd28b1306199bc26bf3b267bbd3b23", 0x99}, {&(0x7f00000001c0)="b0f3ba759fb06f01c0617e4fee99f164f15a91e4ac0ddea7bd4dc4ea4bf6b232aa8f1d802a49e30e5df35a2100c1ab66c84b0d", 0x33}, {&(0x7f0000000040)="b2c034db90c06aab29505690c9b0bb01c963a2ca0160fff8a8e466c1fbf45b5dd215d0d7bbdc14ede44e7195696e94856f5900f5b1bfbe833834cdabc2", 0x3d}], 0x4}}], 0x1, 0x804) 5.174863018s ago: executing program 0 (id=605): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) socket(0x28, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000024c0), 0xa000, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) unshare(0x22020600) pselect6(0x40, &(0x7f0000000040)={0x300000000000000, 0x0, 0x0, 0x6, 0x8, 0x1, 0x6, 0x8}, 0x0, &(0x7f0000000140)={0x1ff, 0x4, 0xda4a, 0x0, 0x0, 0x1, 0x7c}, 0x0, 0x0) 5.08929679s ago: executing program 2 (id=606): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYBLOB], 0xfc}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$nullb(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004000)={&(0x7f0000001880)=@newtaction={0x498, 0x30, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1100}, [{0x484, 0x1, [@m_police={0x480, 0x1, 0x0, 0x0, {{0xb}, {0x454, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xeb2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc01, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x8, 0x0, 0x9, 0x0, 0x2}}}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x8}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x4}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x498}}, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002440)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a7ff070000000000004da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05dfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f9ff86086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace85c370183f23cf0838fb5a1d75c145feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000000000000000000000000000000096e4a7b57a867432217cf0be18b96865ee3dca3a03a5e0d3060705c499776bb3e8c442aa1d3b26842c96080c4c251b8cbc5de68938316e95857b0e3cdb14d4a93d49dd4f7a08639ee6943861886fabfac35f9aab09c77bc495b5c7116de70619c5ac798f1974d7a6e9b80ac4bab0f1657488278a40480731b7f51ff921e8ad8a1986b6da1660c40875504d1265679a718dc9a1400ac15ce81696f712a1074ac47de09e95d64eb72a186f11bf360e5841a283841762a0cda06ac7c74520427465c128763e3258169d32bce06dbf95fcf8e19ffdb7c56fb5e236f2422f631ead769969699318140ad2b431b21f88bf824e1590524a0aea10ad2c5f961533e78d8e46da0e6ef484d25bd09f6de08e398485d95c51f3a5dc76dbdea7b2d236d819018b22467116b359e8c38147565203c75a4a2789019e7e4bf06a2b3779cea3206cc2d10e5a458b81"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x2, 'sh\x00', 0x0, 0x8000}, 0x2c) r5 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmsg$inet_sctp(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="83", 0x1}], 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000008400000005000180000000008b880000ed3cab43d7599dfe5442"], 0x18, 0x4040040}, 0x240008c0) connect(r5, &(0x7f0000000200)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7}, [@default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80) 5.057939405s ago: executing program 3 (id=607): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x40, 0x8, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000140), &(0x7f0000000240)=@udp6=r1}, 0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000080), &(0x7f0000000180)=@udp=r2, 0x1}, 0x20) (fail_nth: 7) 5.056934356s ago: executing program 4 (id=608): setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f00000002c0)=0x2, 0x4) r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f00000001c0)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}, 'veth1_vlan\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000240)={0x18, 0x0, {0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}, 'syz_tun\x00'}}, 0x1e) r3 = syz_open_dev$ndb(&(0x7f0000000280), 0x0, 0x802) ioctl$NBD_DO_IT(r3, 0xab03) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) close(r0) 4.995762767s ago: executing program 0 (id=609): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x3, 0x0, 0x0, 0x1, 0xffffffffffffffff}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000280)) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000049500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000000000020000000000baf200850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000900)={r6, r5, 0x25, 0x0, @val=@tracing={0x0, 0x2}}, 0x20) syz_emit_ethernet(0x4e, &(0x7f0000000500)=ANY=[@ANYRES8=r4], 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=0xffffffffffffffff, 0x4) time(&(0x7f0000000180)) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) bind$inet6(r7, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 4.953261893s ago: executing program 1 (id=610): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) syz_io_uring_setup(0x0, 0x0, &(0x7f0000000000), 0x0) syz_open_dev$dri(0x0, 0x1ff, 0x0) r3 = socket(0x28, 0x3, 0x7218) socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x1, 0x84) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000001cc0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_TOL(r4, &(0x7f0000001dc0)={0x0, 0xa1ff, &(0x7f0000001d80)={&(0x7f0000001d00)={0x68, r5, 0x1, 0x70bd25, 0x0, {{}, {}, {0x4c, 0x18, {0x1ff, @media='ib\x00'}}}}, 0x68}}, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) msync(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 2.215337205s ago: executing program 0 (id=611): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x13, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmmsg$inet6(r0, &(0x7f00000043c0)=[{{&(0x7f0000001140)={0xa, 0x4e23, 0x0, @private2}, 0x1c, &(0x7f0000001280)=[{&(0x7f00000011c0)="99", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x44, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8}, @IFLA_XFRM_IF_ID={0x8}]}}}]}, 0x44}}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x4100, 0x0) 2.172101522s ago: executing program 2 (id=612): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRESHEX=r1], 0x20) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000000)=@e={0xff, 0x9, 0x5, 0x8, @SEQ_NOTEON=@note=0x33, 0x1, 0x2, 0x7}) syz_io_uring_setup(0x4ead, &(0x7f0000000100)={0x0, 0xc9f8, 0x10, 0x2, 0x219}, &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_setup(0x5348, &(0x7f00000001c0)={0x0, 0x6f6e, 0x4, 0x0, 0x107}, &(0x7f0000000240), &(0x7f0000000280)=0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000340)=@IORING_OP_TIMEOUT={0xb, 0xfd, 0x0, 0x0, 0x2, &(0x7f0000000300)={r4, r5+60000000}, 0x1, 0x0, 0x1, {0x0, r6}}) 2.17194516s ago: executing program 3 (id=613): r0 = socket(0x1000000000000010, 0x80802, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r1], 0x68}, 0x1, 0x0, 0x0, 0x8004}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010067656e657665000014000280050009020100000005000a"], 0x44}}, 0x0) 1.32159971s ago: executing program 2 (id=614): r0 = socket$netlink(0x10, 0x3, 0x14) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x600, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000ff25dc140000000000000071120600000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$qrtr(0x2a, 0x2, 0x0) getpeername$qrtr(r3, &(0x7f00000000c0), &(0x7f0000000100)=0xc) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfc, 0x4}}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x69, 0x0, 0x8000000000000, 0x80000000000000, 0x8, 0x9, 0x0, 0x0, 0x0, 0x8001], 0x1, 0x3c4210}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$SNDCTL_SEQ_RESET(r5, 0x5100) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000540)={0xfffffffffffffffc, 0x208000, 0x800}, 0x20) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000200)='X\x00\x00', 0x3}], 0x1) syz_emit_ethernet(0xda, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x2b, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x26, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x5, "4eb8a6"}, {0x0, 0xe, "9606053d0006ff00800000b6"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x4d, 0x0, [{0x0, 0x7, "4b6cefc500"}, {0x1, 0x12, "8c9300"/16}, {0x0, 0xa, "2189ea43a2149b84"}, {0x0, 0x12, "ffd11634eea26b0faffa0dea2e903528"}, {0x0, 0x9, "02a20948fd7406"}, {0x0, 0x9, "ccf0294e2a3bdb"}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}, @lsrr={0x83, 0x7, 0x62, [@rand_addr=0x64010100]}]}}, "a815a23d"}}}}}, 0x0) 1.308887587s ago: executing program 3 (id=615): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x58}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'syztnl0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x42, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x0, 0x0, &(0x7f0000000100)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x6c40) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0xc0884113, &(0x7f0000000300)={0x1, 0xa, 0x800003, 0x1, 0x0, 0x8, 0x5, 0x6, 0x0, 0x3fffff, 0x80000001, 0x1}) ioctl$TIOCSERGETLSR(r2, 0x5417, &(0x7f00000000c0)) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) read(r6, &(0x7f0000001e80)=""/96, 0x60) r7 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) ioctl$VIDIOC_LOG_STATUS(r7, 0x5646, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x200, 0xfffffffffffffd5f) 1.216079912s ago: executing program 0 (id=616): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYRES8], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) rename(&(0x7f0000000e00)='./bus\x00', &(0x7f0000001080)='./file0\x00') r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$kcm(0x10, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000300)={0x1, 0xfd85, {0x0}, {}, 0x4, 0xfffffffffffffffd}) prlimit64(r2, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) socket$caif_stream(0x25, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x10, 0x4, 0x8, 0x5, 0x110c, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r4, 0x10c, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4) 1.188930382s ago: executing program 4 (id=617): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x408000, 0x0) fstat(r0, &(0x7f00000002c0)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) sendmmsg(r2, &(0x7f0000003880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f0000000040)=r1, 0x4) r3 = syz_io_uring_setup(0x7ea9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = syz_io_uring_setup(0x5de7, &(0x7f00000003c0)={0x0, 0x7911, 0x2, 0x1, 0xba, 0x0, r3}, &(0x7f0000000100)=0x0, &(0x7f0000000200)) r8 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x4018, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x20, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r8, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r9 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r10, r11, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x800, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r9, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r8, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f00000001c0)=@IORING_OP_UNLINKAT={0x24, 0x9, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x200, 0x0, {0x0, r12}}) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='pids.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r13, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r13, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r3, 0x2d7e, 0x0, 0x0, 0x0, 0x0) 1.118481113s ago: executing program 1 (id=618): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0) sendfile(r1, r1, &(0x7f0000000000)=0x1, 0x4) (fail_nth: 1) 2.947244ms ago: executing program 0 (id=619): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002380)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000200037800b001144c5b11b1bb3d60000080002"], 0x48}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)=ANY=[@ANYBLOB="ee6a0f5e", @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRESOCT=r0, @ANYBLOB="0800250000000040080002"], 0x3c}}, 0x0) 0s ago: executing program 3 (id=620): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000064c0)=ANY=[@ANYBLOB="140000001000010000000000400000000000000a2c0000000e0a010a0000000000000000070000000900020073797a31000000000900010073797a30"], 0x54}}, 0x0) (fail_nth: 7) kernel console output (not intermixed with test programs): is strongly recommended to keep mac addresses unique to avoid problems! [ 87.098338][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.133020][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.144085][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.157626][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.168751][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.179437][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.190457][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.202277][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.213091][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.222205][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.231650][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.240823][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.271502][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.298633][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.311414][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.326448][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.342068][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.355159][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.426202][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.477439][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.496105][ T5843] Bluetooth: hci4: command tx timeout [ 87.506562][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.521143][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.574637][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.598285][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.615174][ T5843] Bluetooth: hci3: command tx timeout [ 87.620635][ T5843] Bluetooth: hci0: command tx timeout [ 87.626285][ T5843] Bluetooth: hci2: command tx timeout [ 87.631759][ T5843] Bluetooth: hci1: command tx timeout [ 87.644371][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.669492][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.688580][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.704447][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.743949][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.761563][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.771943][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.781360][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.805824][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.817393][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.827704][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.850190][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.868087][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.878691][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.889012][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.902414][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.914472][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.984113][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.993967][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.004491][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.026569][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.133342][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.172353][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.298024][ T5899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.332879][ T5899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.411504][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.411557][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.485651][ T5899] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.485679][ T5899] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.562706][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.562733][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.612298][ T5899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.652454][ T5899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.846573][ T5899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.908573][ T5899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.932874][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.173474][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.585697][ T5842] Bluetooth: hci4: command tx timeout [ 89.675116][ T5842] Bluetooth: hci1: command tx timeout [ 89.680684][ T5842] Bluetooth: hci2: command tx timeout [ 89.687112][ T5842] Bluetooth: hci0: command tx timeout [ 89.692573][ T5842] Bluetooth: hci3: command tx timeout [ 89.899001][ T5943] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.157999][ T5951] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9'. [ 90.505685][ T5954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.690058][ T5957] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 90.720940][ T5959] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 90.764919][ T3068] kernel write not supported for file /input/event0 (pid: 3068 comm: kworker/1:2) [ 91.890218][ T29] audit: type=1326 audit(1731662740.573:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5965 comm="syz.3.15" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b3d77e719 code=0x0 [ 91.944317][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.050446][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.135296][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 92.163478][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 92.176476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.270239][ T47] cfg80211: failed to load regulatory.db [ 92.365015][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.455432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 92.509211][ T3068] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.520930][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 92.774192][ T5989] syz.2.20 uses obsolete (PF_INET,SOCK_PACKET) [ 92.872803][ T3068] usb 4-1: Using ep0 maxpacket: 8 [ 92.883041][ T3068] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 92.912634][ T3068] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.990760][ T3068] usb 4-1: config 0 has no interface number 0 [ 93.004920][ T3068] usb 4-1: config 0 interface 52 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 93.017498][ T3068] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.031088][ T3068] usb 4-1: config 0 interface 52 has no altsetting 0 [ 93.186802][ T3068] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 93.196869][ T3068] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 93.205226][ T3068] usb 4-1: Manufacturer: syz [ 93.233038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.267013][ T3068] usb 4-1: config 0 descriptor?? [ 93.304807][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 93.479580][ T5971] vivid-002: disconnect [ 94.938264][ T5973] vivid-002: reconnect [ 95.025206][ T3068] usb 4-1: Can not set alternate setting to 1, error: -71 [ 95.033349][ T3068] synaptics_usb 4-1:0.52: probe with driver synaptics_usb failed with error -71 [ 95.277985][ T3068] usb 4-1: USB disconnect, device number 2 [ 95.406843][ T6030] netlink: 36 bytes leftover after parsing attributes in process `syz.0.31'. [ 95.823958][ T29] audit: type=1326 audit(1731662744.903:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6029 comm="syz.3.32" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b3d77e719 code=0x0 [ 95.905435][ T6037] vivid-002: disconnect [ 96.307960][ T6029] vivid-002: reconnect [ 96.518575][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 96.675112][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 96.712344][ T8] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 96.729684][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.755790][ T8] usb 2-1: config 0 has no interface number 0 [ 96.771795][ T8] usb 2-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 96.824259][ T8] usb 2-1: config 0 interface 52 has no altsetting 0 [ 96.836624][ T8] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 96.849356][ T8] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 96.860880][ T8] usb 2-1: Manufacturer: syz [ 96.877359][ T8] usb 2-1: config 0 descriptor?? [ 97.095192][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.33'. [ 97.205749][ T8] usb 2-1: Can not set alternate setting to 1, error: -71 [ 97.246043][ T8] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -71 [ 97.295978][ T8] usb 2-1: USB disconnect, device number 2 [ 97.358671][ T6055] netlink: 'syz.0.38': attribute type 29 has an invalid length. [ 97.434537][ T6055] netlink: 596 bytes leftover after parsing attributes in process `syz.0.38'. [ 99.051920][ T29] audit: type=1326 audit(1731662748.123:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6059 comm="syz.0.40" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1f6837e719 code=0x0 [ 99.465270][ T5887] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 99.839898][ T6079] tipc: Started in network mode [ 99.848832][ T6079] tipc: Node identity 1, cluster identity 4711 [ 99.878949][ T6079] tipc: Node number set to 1 [ 99.944925][ T5887] usb 1-1: Using ep0 maxpacket: 8 [ 99.957926][ T5887] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 99.981895][ T5887] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 100.009290][ T5887] usb 1-1: config 0 has no interface number 0 [ 100.014900][ T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 100.023753][ T5887] usb 1-1: config 0 interface 52 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 100.035839][ T5887] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 100.105377][ T6084] nbd1: detected capacity change from 0 to 131072 [ 100.117206][ T6077] block nbd1: Send control failed (result -89) [ 100.128502][ T6077] block nbd1: Request send failed, requeueing [ 100.139217][ T5887] usb 1-1: config 0 interface 52 has no altsetting 0 [ 100.140101][ T5843] block nbd1: Receive control failed (result -32) [ 100.162150][ T40] block nbd1: Dead connection, failed to find a fallback [ 100.169652][ T40] block nbd1: shutting down sockets [ 100.175319][ T40] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.187390][ T40] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.199867][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.216682][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 100.224913][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.227326][ T8] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 100.245324][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.251501][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.254512][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.274036][ T8] usb 4-1: config 0 descriptor?? [ 100.283873][ T8] hdpvr 4-1:0.0: Could not find bulk-in endpoint [ 100.290779][ T8] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 100.330452][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.349692][ T5887] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 100.358927][ T5887] usb 1-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 100.367199][ T5887] usb 1-1: Manufacturer: syz [ 100.372883][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.394150][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.396039][ T5887] usb 1-1: config 0 descriptor?? [ 100.414294][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.424697][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.441269][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.459096][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.548192][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.572588][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.616182][ T6065] vivid-001: disconnect [ 100.624971][ T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 100.645558][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.656614][ T6077] ldm_validate_partition_table(): Disk read failed. [ 100.667746][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.677781][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.689328][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 100.714192][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 100.730123][ T6077] Dev nbd1: unable to read RDB block 0 [ 100.751423][ T6077] nbd1: unable to read partition table [ 100.772031][ T5852] ldm_validate_partition_table(): Disk read failed. [ 100.779951][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 100.789973][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 100.803579][ T8] usb 5-1: config 0 has no interfaces? [ 100.805687][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65535, location=65535 [ 100.826006][ T5852] Dev nbd1: unable to read RDB block 0 [ 100.827936][ T8] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 100.843842][ T5852] nbd1: unable to read partition table [ 100.879060][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.885680][ T5852] ldm_validate_partition_table(): Disk read failed. [ 100.896145][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65279, location=65279 [ 100.933489][ T8] usb 5-1: config 0 descriptor?? [ 100.950646][ T5852] Dev nbd1: unable to read RDB block 0 [ 100.958298][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65534, location=65534 [ 100.982232][ T5852] nbd1: unable to read partition table [ 101.060203][ T5889] usb 4-1: USB disconnect, device number 3 [ 101.160580][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65278, location=65278 [ 101.178513][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65533, location=65533 [ 101.487621][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65277, location=65277 [ 101.498350][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65385, location=65385 [ 101.509701][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65129, location=65129 [ 101.521441][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65383, location=65383 [ 101.535314][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=65127, location=65127 [ 101.546186][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 101.560902][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 101.594322][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32767, location=32767 [ 101.606003][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32511, location=32511 [ 101.616854][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32766, location=32766 [ 101.686293][ T6068] vivid-001: reconnect [ 101.694416][ T5887] usb 1-1: Can not set alternate setting to 1, error: -71 [ 101.705133][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32510, location=32510 [ 101.720112][ T5887] synaptics_usb 1-1:0.52: probe with driver synaptics_usb failed with error -71 [ 101.729773][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32765, location=32765 [ 101.769960][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32509, location=32509 [ 101.780811][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32617, location=32617 [ 101.792954][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32361, location=32361 [ 101.813735][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32615, location=32615 [ 101.833072][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=32359, location=32359 [ 101.844622][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 101.857275][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 101.871163][ T5887] usb 1-1: USB disconnect, device number 2 [ 101.904054][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16383, location=16383 [ 101.930737][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16127, location=16127 [ 101.942090][ T5889] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 101.954059][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16382, location=16382 [ 101.973126][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16126, location=16126 [ 101.994389][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16381, location=16381 [ 102.019823][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16125, location=16125 [ 102.048925][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16233, location=16233 [ 102.069077][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=15977, location=15977 [ 102.083895][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=16231, location=16231 [ 102.109885][ T5889] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 102.132199][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.153617][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=15975, location=15975 [ 102.164168][ T5889] usb 4-1: Product: syz [ 102.180142][ T5889] usb 4-1: Manufacturer: syz [ 102.190758][ T5889] usb 4-1: SerialNumber: syz [ 102.201753][ T6077] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 102.245087][ T6077] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 102.249044][ T5889] usb 4-1: config 0 descriptor?? [ 103.421439][ T8] usb 5-1: string descriptor 0 read error: -71 [ 103.442321][ T8] usb 5-1: USB disconnect, device number 2 [ 104.077335][ T6090] netlink: 8 bytes leftover after parsing attributes in process `syz.3.48'. [ 104.136530][ T5889] usb 4-1: f81604_read: reg: 105 failed: -EPROTO [ 104.143148][ T5889] f81604 4-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 104.193006][ T5889] f81604 4-1:0.0: probe with driver f81604 failed with error -71 [ 104.213600][ T5889] usb 4-1: USB disconnect, device number 4 [ 105.914977][ T5843] Bluetooth: hci3: unexpected event 0x08 length: 78 > 4 [ 106.177376][ T6138] netlink: 32 bytes leftover after parsing attributes in process `syz.4.64'. [ 106.302206][ T6147] netlink: 252 bytes leftover after parsing attributes in process `syz.3.67'. [ 106.314914][ T47] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 106.513584][ T47] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 106.529648][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 106.544801][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.554639][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 106.565644][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 106.575423][ T47] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 254 [ 106.588641][ T47] usb 1-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 106.597805][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.611919][ T47] usb 1-1: config 0 descriptor?? [ 106.835025][ T5886] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 107.911442][ T6164] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.70'. [ 107.984593][ T6164] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 107.997886][ T5886] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 108.004013][ T47] hid-u2fzero 0003:20A0:4287.0001: hidraw0: USB HID vff.fd Device [HID 20a0:4287] on usb-dummy_hcd.0-1/input0 [ 108.023051][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.047915][ T5886] usb 4-1: Product: syz [ 108.052302][ T5886] usb 4-1: Manufacturer: syz [ 108.086227][ T5886] usb 4-1: SerialNumber: syz [ 108.107748][ T47] hid-u2fzero 0003:20A0:4287.0001: NitroKey U2F LED initialised [ 108.144537][ T5886] usb 4-1: config 0 descriptor?? [ 108.165333][ T47] hid-u2fzero 0003:20A0:4287.0001: NitroKey U2F RNG initialised [ 108.252820][ T8] usb 1-1: USB disconnect, device number 3 [ 108.382464][ T5843] Bluetooth: hci3: unexpected event 0x08 length: 78 > 4 [ 108.795955][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.69'. [ 108.897272][ T5886] usb 4-1: f81604_read: reg: 105 failed: -EPROTO [ 108.904860][ T5886] f81604 4-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 108.912501][ T5886] f81604 4-1:0.0: probe with driver f81604 failed with error -71 [ 108.965984][ T5886] usb 4-1: USB disconnect, device number 5 [ 111.657298][ T5886] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 111.726283][ T5843] Bluetooth: hci0: unexpected event 0x08 length: 78 > 4 [ 111.835061][ T5886] usb 4-1: device descriptor read/64, error -71 [ 112.165678][ T5886] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 112.346906][ T5886] usb 4-1: device descriptor read/64, error -71 [ 112.552066][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.2.95'. [ 112.921471][ T5886] usb usb4-port1: attempt power cycle [ 114.167693][ T5886] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 114.424862][ T5886] usb 4-1: device not accepting address 8, error -71 [ 114.477161][ T6287] input: syz0 as /devices/virtual/input/input5 [ 114.625068][ T25] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 114.830532][ T6311] qrtr: Invalid version 9 [ 114.853931][ T25] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 114.873413][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.889223][ T6307] netlink: 'syz.4.104': attribute type 10 has an invalid length. [ 114.893724][ T25] usb 1-1: Product: syz [ 114.914036][ T25] usb 1-1: Manufacturer: syz [ 114.925348][ T6307] bond0: (slave bond_slave_0): Releasing backup interface [ 114.948237][ T25] usb 1-1: SerialNumber: syz [ 114.961462][ T25] usb 1-1: config 0 descriptor?? [ 115.800649][ T6319] netlink: 8 bytes leftover after parsing attributes in process `syz.0.99'. [ 116.055942][ T6327] Zero length message leads to an empty skb [ 116.093879][ T25] usb 1-1: f81604_read: reg: 105 failed: -EPROTO [ 116.100767][ T25] f81604 1-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 116.117962][ T25] f81604 1-1:0.0: probe with driver f81604 failed with error -71 [ 116.146890][ T25] usb 1-1: USB disconnect, device number 4 [ 116.245027][ T5889] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 116.415279][ T5889] usb 4-1: Using ep0 maxpacket: 32 [ 116.434703][ T5889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.592377][ T5889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.830179][ T5889] usb 4-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00 [ 117.066763][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.170718][ T5889] usb 4-1: config 0 descriptor?? [ 117.443159][ T6324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.473997][ T6324] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.499984][ T6324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.533081][ T6324] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.640037][ T6357] netlink: 28 bytes leftover after parsing attributes in process `syz.0.118'. [ 117.709523][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.4.120'. [ 117.813421][ T5889] viewsonic 0003:2133:0018.0002: hidraw0: USB HID v0.00 Device [HID 2133:0018] on usb-dummy_hcd.3-1/input0 [ 117.914898][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 118.183175][ T6370] mmap: syz.4.122 (6370) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 118.897456][ T5889] usb 4-1: USB disconnect, device number 10 [ 118.904592][ T9] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 118.913584][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.948587][ T9] usb 2-1: config 0 has no interface number 0 [ 118.963847][ T9] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 118.976430][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.986311][ T9] usb 2-1: Product: syz [ 119.059018][ T9] usb 2-1: Manufacturer: syz [ 119.083823][ T9] usb 2-1: SerialNumber: syz [ 119.224852][ T9] usb 2-1: config 0 descriptor?? [ 119.373460][ T9] ims_pcu 2-1:0.41: Missing CDC union descriptor [ 119.400702][ T9] ims_pcu 2-1:0.41: probe with driver ims_pcu failed with error -22 [ 120.104526][ T6393] netlink: 20 bytes leftover after parsing attributes in process `syz.3.129'. [ 120.326290][ T6398] netlink: 28 bytes leftover after parsing attributes in process `syz.3.131'. [ 120.442487][ T6402] netlink: 12 bytes leftover after parsing attributes in process `syz.2.133'. [ 120.474598][ T6402] netlink: 12 bytes leftover after parsing attributes in process `syz.2.133'. [ 120.502510][ T6402] netlink: 332 bytes leftover after parsing attributes in process `syz.2.133'. [ 121.463587][ T6408] netlink: 'syz.4.135': attribute type 33 has an invalid length. [ 121.745127][ T47] usb 2-1: USB disconnect, device number 3 [ 122.150749][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 122.395138][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 122.714958][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 122.941629][ T6454] FAULT_INJECTION: forcing a failure. [ 122.941629][ T6454] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 123.004899][ T6454] CPU: 0 UID: 0 PID: 6454 Comm: syz.4.149 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 123.016118][ T6454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 123.026496][ T6454] Call Trace: [ 123.029840][ T6454] [ 123.032822][ T6454] dump_stack_lvl+0x241/0x360 [ 123.037627][ T6454] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.042983][ T6454] ? __pfx__printk+0x10/0x10 [ 123.047729][ T6454] ? __pfx_lock_release+0x10/0x10 [ 123.052897][ T6454] should_fail_ex+0x3b0/0x4e0 [ 123.057688][ T6454] _copy_from_user+0x2f/0xc0 [ 123.062317][ T6454] copy_msghdr_from_user+0xae/0x680 [ 123.067539][ T6454] ? __pfx___might_resched+0x10/0x10 [ 123.072874][ T6454] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 123.078769][ T6454] ? rcu_is_watching+0x15/0xb0 [ 123.083564][ T6454] ? __might_fault+0xaa/0x120 [ 123.088307][ T6454] __sys_sendmmsg+0x36d/0x730 [ 123.093046][ T6454] ? __pfx___sys_sendmmsg+0x10/0x10 [ 123.098328][ T6454] ? __pfx_lock_release+0x10/0x10 [ 123.103399][ T6454] ? kstrtouint_from_user+0x128/0x190 [ 123.108905][ T6454] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 123.114937][ T6454] ? ksys_write+0x229/0x2b0 [ 123.119575][ T6454] ? __pfx_lock_release+0x10/0x10 [ 123.124716][ T6454] ? vfs_write+0x730/0xd30 [ 123.129174][ T6454] ? __mutex_unlock_slowpath+0x21d/0x750 [ 123.135386][ T6454] ? __fget_files+0x3f3/0x470 [ 123.140098][ T6454] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 123.146454][ T6454] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 123.152892][ T6454] ? do_syscall_64+0x100/0x230 [ 123.157735][ T6454] __x64_sys_sendmmsg+0xa0/0xb0 [ 123.162608][ T6454] do_syscall_64+0xf3/0x230 [ 123.167249][ T6454] ? clear_bhb_loop+0x35/0x90 [ 123.171979][ T6454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.177905][ T6454] RIP: 0033:0x7f9d7777e719 [ 123.182375][ T6454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.202629][ T6454] RSP: 002b:00007f9d785ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 123.211287][ T6454] RAX: ffffffffffffffda RBX: 00007f9d77935f80 RCX: 00007f9d7777e719 [ 123.219497][ T6454] RDX: 0000000000000318 RSI: 00000000200bd000 RDI: 0000000000000004 [ 123.227481][ T6454] RBP: 00007f9d785ff090 R08: 0000000000000000 R09: 0000000000000000 [ 123.235577][ T6454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.243742][ T6454] R13: 0000000000000000 R14: 00007f9d77935f80 R15: 00007ffe520bd2c8 [ 123.251751][ T6454] [ 123.323614][ T9] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 123.341533][ T9] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 123.351869][ T9] usb 4-1: config 0 descriptor?? [ 123.370590][ T9] usb 4-1: can't set config #0, error -71 [ 123.420317][ T9] usb 4-1: USB disconnect, device number 11 [ 123.496552][ T6463] input: syz1 as /devices/virtual/input/input6 [ 123.795042][ T5930] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 123.815203][ T3068] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 123.945372][ T5930] usb 1-1: Using ep0 maxpacket: 16 [ 123.959351][ T5930] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 123.968688][ T5930] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.979304][ T5930] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 123.988518][ T5930] usb 1-1: config 1 has no interface number 1 [ 123.988858][ T3068] usb 5-1: Using ep0 maxpacket: 8 [ 123.996311][ T5930] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 124.057758][ T5930] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 124.137731][ T5930] usb 1-1: config 1 interface 2 has no altsetting 0 [ 124.385333][ T5930] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 124.419594][ T5930] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.546303][ T5930] usb 1-1: Product: syz [ 124.602060][ T5930] usb 1-1: Manufacturer: syz [ 124.677958][ T5930] usb 1-1: SerialNumber: syz [ 124.806013][ T3068] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 124.815337][ T3068] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.823379][ T3068] usb 5-1: Product: syz [ 124.861448][ T3068] usb 5-1: Manufacturer: syz [ 124.866373][ T3068] usb 5-1: SerialNumber: syz [ 124.896126][ T3068] usb 5-1: config 0 descriptor?? [ 125.023994][ T25] hid-generic 0000:0D17:0000.0003: unknown main item tag 0x0 [ 125.031914][ T25] hid-generic 0000:0D17:0000.0003: unknown main item tag 0x0 [ 125.051145][ T5930] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 125.051391][ T25] hid-generic 0000:0D17:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 125.060103][ T5930] usb 1-1: 2:1 : format type 39 is not supported yet [ 125.076955][ T5930] usb 1-1: selecting invalid altsetting 0 [ 125.109675][ T5930] usb 1-1: USB disconnect, device number 5 [ 125.121190][ T3068] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 125.155827][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 125.314948][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 125.328936][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 125.342417][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 125.361141][ T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 125.370711][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.381950][ T9] usb 2-1: config 0 descriptor?? [ 125.409128][ T9] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 125.538727][ T6508] netlink: 72 bytes leftover after parsing attributes in process `syz.2.165'. [ 125.558662][ T29] audit: type=1326 audit(1731662774.643:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.595072][ T29] audit: type=1326 audit(1731662774.643:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.624977][ T6480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.634544][ T6480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.642452][ T29] audit: type=1326 audit(1731662774.643:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.664794][ T29] audit: type=1326 audit(1731662774.643:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.710525][ T29] audit: type=1326 audit(1731662774.643:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.738171][ T29] audit: type=1326 audit(1731662774.643:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.768725][ T29] audit: type=1326 audit(1731662774.643:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 125.804617][ T29] audit: type=1326 audit(1731662774.643:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6507 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc69197e719 code=0x7ffc0000 [ 126.945759][ T6517] 9pnet_fd: Insufficient options for proto=fd [ 126.953804][ T3068] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 127.936040][ T6534] usb usb1: usbfs: process 6534 (syz.2.170) did not claim interface 23 before use [ 127.978284][ T6531] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.092027][ T9] usb 5-1: USB disconnect, device number 3 [ 128.264204][ T5930] usb 2-1: USB disconnect, device number 4 [ 128.411199][ T6531] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.442974][ T6545] fuse: Bad value for 'fd' [ 128.727899][ T6531] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.904978][ T5930] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 129.037895][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 129.077665][ T5930] usb 3-1: Using ep0 maxpacket: 16 [ 129.096420][ T6531] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.323075][ T8] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 129.498103][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.614418][ T8] usb 2-1: config 0 descriptor?? [ 129.680404][ T8] cp210x 2-1:0.0: cp210x converter detected [ 129.861404][ T6531] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.893149][ T6531] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.930098][ T5930] usb 3-1: unable to get BOS descriptor or descriptor too short [ 129.942252][ T6531] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.965344][ T5930] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 129.973407][ T6531] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.981851][ T5930] usb 3-1: can't read configurations, error -71 [ 130.090038][ T6569] FAULT_INJECTION: forcing a failure. [ 130.090038][ T6569] name fail_futex, interval 1, probability 0, space 0, times 1 [ 130.104614][ T6569] CPU: 0 UID: 0 PID: 6569 Comm: syz.3.183 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 130.115272][ T6569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 130.125370][ T6569] Call Trace: [ 130.128680][ T6569] [ 130.131641][ T6569] dump_stack_lvl+0x241/0x360 [ 130.136369][ T6569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.141629][ T6569] ? __pfx__printk+0x10/0x10 [ 130.146300][ T6569] ? get_futex_key+0x179/0x1080 [ 130.151196][ T6569] should_fail_ex+0x3b0/0x4e0 [ 130.155920][ T6569] get_futex_key+0x19a/0x1080 [ 130.160661][ T6569] ? __pfx_get_futex_key+0x10/0x10 [ 130.165843][ T6569] futex_wait_multiple_setup+0x16c/0x6d0 [ 130.171589][ T6569] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.178047][ T6569] ? __pfx_futex_wait_multiple_setup+0x10/0x10 [ 130.184224][ T6569] futex_wait_multiple+0x128/0x480 [ 130.189376][ T6569] ? __pfx_futex_wait_multiple+0x10/0x10 [ 130.195135][ T6569] ? __might_fault+0xc6/0x120 [ 130.199830][ T6569] ? __se_sys_futex_waitv+0x3cb/0x5e0 [ 130.205238][ T6569] __se_sys_futex_waitv+0x551/0x5e0 [ 130.210498][ T6569] ? __pfx___se_sys_futex_waitv+0x10/0x10 [ 130.216252][ T6569] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 130.221494][ T6569] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.227841][ T6569] ? do_syscall_64+0x100/0x230 [ 130.232637][ T6569] ? __x64_sys_futex_waitv+0x20/0xc0 [ 130.237944][ T6569] do_syscall_64+0xf3/0x230 [ 130.242555][ T6569] ? clear_bhb_loop+0x35/0x90 [ 130.247359][ T6569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.253268][ T6569] RIP: 0033:0x7f3b3d77e719 [ 130.257720][ T6569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.277341][ T6569] RSP: 002b:00007f3b3e59e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1 [ 130.285774][ T6569] RAX: ffffffffffffffda RBX: 00007f3b3d935f80 RCX: 00007f3b3d77e719 [ 130.293759][ T6569] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000020001080 [ 130.301743][ T6569] RBP: 00007f3b3e59e090 R08: 0000000000000001 R09: 0000000000000000 [ 130.309757][ T6569] R10: 0000000020001100 R11: 0000000000000246 R12: 0000000000000001 [ 130.317948][ T6569] R13: 0000000000000000 R14: 00007f3b3d935f80 R15: 00007ffdfee44e48 [ 130.326033][ T6569] [ 130.352630][ T8] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 130.408908][ T6573] FAULT_INJECTION: forcing a failure. [ 130.408908][ T6573] name failslab, interval 1, probability 0, space 0, times 0 [ 130.422101][ T6573] CPU: 0 UID: 0 PID: 6573 Comm: syz.0.184 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 130.432821][ T6573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 130.442901][ T6573] Call Trace: [ 130.446306][ T6573] [ 130.449258][ T6573] dump_stack_lvl+0x241/0x360 [ 130.453972][ T6573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.459194][ T6573] ? __pfx__printk+0x10/0x10 [ 130.463813][ T6573] should_fail_ex+0x3b0/0x4e0 [ 130.468503][ T6573] ? skb_clone+0x20c/0x390 [ 130.472939][ T6573] should_failslab+0xac/0x100 [ 130.477643][ T6573] ? skb_clone+0x20c/0x390 [ 130.482118][ T6573] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 130.487654][ T6573] skb_clone+0x20c/0x390 [ 130.492111][ T6573] ? dev_queue_xmit_nit+0x220/0xc10 [ 130.497343][ T6573] dev_queue_xmit_nit+0x419/0xc10 [ 130.502392][ T6573] ? dev_queue_xmit_nit+0x2b/0xc10 [ 130.507616][ T6573] ? validate_xmit_skb+0x977/0xf90 [ 130.512754][ T6573] dev_hard_start_xmit+0x15f/0x7e0 [ 130.517886][ T6573] ? __pfx_validate_xmit_skb+0x10/0x10 [ 130.523388][ T6573] __dev_queue_xmit+0x1b11/0x3ed0 [ 130.528465][ T6573] ? kasan_save_track+0x51/0x80 [ 130.533356][ T6573] ? do_syscall_64+0xf3/0x230 [ 130.538067][ T6573] ? __dev_queue_xmit+0x2da/0x3ed0 [ 130.543300][ T6573] ? __pfx___dev_queue_xmit+0x10/0x10 [ 130.548739][ T6573] ? __copy_skb_header+0x437/0x5b0 [ 130.553977][ T6573] ? __asan_memcpy+0x40/0x70 [ 130.558591][ T6573] ? __copy_skb_header+0x437/0x5b0 [ 130.563725][ T6573] ? __skb_clone+0x454/0x6c0 [ 130.568341][ T6573] ? skb_clone+0x240/0x390 [ 130.572865][ T6573] __netlink_deliver_tap+0x54d/0x7c0 [ 130.578204][ T6573] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.583419][ T6573] netlink_deliver_tap+0x19d/0x1b0 [ 130.588639][ T6573] netlink_unicast+0x7c4/0x990 [ 130.593425][ T6573] ? __pfx_netlink_unicast+0x10/0x10 [ 130.598743][ T6573] ? __virt_addr_valid+0x183/0x530 [ 130.603872][ T6573] ? __check_object_size+0x48e/0x900 [ 130.609231][ T6573] netlink_sendmsg+0x8e4/0xcb0 [ 130.614068][ T6573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.619427][ T6573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.624763][ T6573] __sock_sendmsg+0x221/0x270 [ 130.629574][ T6573] ____sys_sendmsg+0x52a/0x7e0 [ 130.634433][ T6573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.639759][ T6573] __sys_sendmsg+0x292/0x380 [ 130.644380][ T6573] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.649590][ T6573] ? __pfx_vfs_write+0x10/0x10 [ 130.654430][ T6573] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.660797][ T6573] ? do_syscall_64+0x100/0x230 [ 130.665732][ T6573] ? do_syscall_64+0xb6/0x230 [ 130.670451][ T6573] do_syscall_64+0xf3/0x230 [ 130.674987][ T6573] ? clear_bhb_loop+0x35/0x90 [ 130.679711][ T6573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.685671][ T6573] RIP: 0033:0x7f1f6837e719 [ 130.690111][ T6573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.709825][ T6573] RSP: 002b:00007f1f691aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.718282][ T6573] RAX: ffffffffffffffda RBX: 00007f1f68535f80 RCX: 00007f1f6837e719 [ 130.726358][ T6573] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 130.734346][ T6573] RBP: 00007f1f691aa090 R08: 0000000000000000 R09: 0000000000000000 [ 130.742420][ T6573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.750534][ T6573] R13: 0000000000000000 R14: 00007f1f68535f80 R15: 00007fff5c1f4448 [ 130.758531][ T6573] [ 130.771249][ T8] usb 2-1: cp210x converter now attached to ttyUSB0 [ 130.821676][ T6558] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 130.855736][ T6558] netlink: 'syz.1.180': attribute type 2 has an invalid length. [ 130.901410][ T5887] usb 2-1: USB disconnect, device number 5 [ 130.907489][ T3068] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 130.924589][ T5887] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 130.942476][ T5887] cp210x 2-1:0.0: device disconnected [ 130.995263][ T6578] fuse: Bad value for 'fd' [ 131.255271][ T3068] usb 4-1: Using ep0 maxpacket: 16 [ 131.262158][ T3068] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.272689][ T3068] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 131.286243][ T3068] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 131.465671][ T6585] usb usb1: usbfs: process 6585 (syz.4.189) did not claim interface 23 before use [ 131.865555][ T3068] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.630832][ T3068] usb 4-1: config 0 descriptor?? [ 132.639479][ T3068] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 132.735896][ T6591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.192'. [ 132.824056][ T6595] netlink: 240 bytes leftover after parsing attributes in process `syz.2.192'. [ 132.885711][ T6572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 132.906414][ T6599] netlink: 236 bytes leftover after parsing attributes in process `syz.4.193'. [ 132.926890][ T6572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.172121][ T6605] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 133.185769][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.192524][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.212280][ T6605] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 133.306105][ T6611] 9pnet_fd: Insufficient options for proto=fd [ 133.352758][ T6613] fuse: Bad value for 'fd' [ 133.514998][ T5930] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 133.666467][ T5930] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 133.696555][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.728926][ T5930] usb 1-1: config 0 descriptor?? [ 135.015065][ T5930] ath6kl: Failed to submit usb control message: -110 [ 135.022662][ T5930] ath6kl: unable to send the bmi data to the device: -110 [ 135.030059][ T5930] ath6kl: Unable to send get target info: -110 [ 135.043848][ T5930] ath6kl: Failed to init ath6kl core: -110 [ 135.177214][ T5930] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 135.407070][ T8] usb 4-1: USB disconnect, device number 12 [ 135.605026][ T5887] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 135.718188][ T6609] kvm: emulating exchange as write [ 135.964932][ T5887] usb 3-1: Using ep0 maxpacket: 32 [ 135.972037][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.277072][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.923370][ T5887] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 136.932813][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.067648][ T6650] netlink: 28 bytes leftover after parsing attributes in process `syz.1.207'. [ 137.115924][ T5887] usb 3-1: config 0 descriptor?? [ 137.527450][ T5887] hub 3-1:0.0: USB hub found [ 137.803882][ T8] usb 1-1: USB disconnect, device number 6 [ 137.811566][ T6630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.835783][ T6630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.025493][ T6661] netlink: 252 bytes leftover after parsing attributes in process `syz.0.212'. [ 138.097494][ T5887] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 138.395166][ T29] audit: type=1326 audit(1731662787.463:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d7777e719 code=0x7ffc0000 [ 138.670447][ T6675] hub 6-0:1.0: USB hub found [ 138.679936][ T6670] FAULT_INJECTION: forcing a failure. [ 138.679936][ T6670] name failslab, interval 1, probability 0, space 0, times 0 [ 139.364941][ T6670] CPU: 1 UID: 0 PID: 6670 Comm: syz.4.214 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 139.375657][ T6670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 139.385793][ T6670] Call Trace: [ 139.389120][ T6670] [ 139.392094][ T6670] dump_stack_lvl+0x241/0x360 [ 139.396863][ T6670] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.402300][ T6670] ? __pfx__printk+0x10/0x10 [ 139.407401][ T6670] ? __kmalloc_noprof+0xb0/0x400 [ 139.412501][ T6670] ? __pfx___might_resched+0x10/0x10 [ 139.417867][ T6670] should_fail_ex+0x3b0/0x4e0 [ 139.422616][ T6670] ? memcg_list_lru_alloc+0x235/0xd00 [ 139.428140][ T6670] should_failslab+0xac/0x100 [ 139.432891][ T6670] ? memcg_list_lru_alloc+0x235/0xd00 [ 139.438309][ T6670] __kmalloc_noprof+0xd8/0x400 [ 139.443125][ T6670] memcg_list_lru_alloc+0x235/0xd00 [ 139.448378][ T6670] ? __pfx_lock_release+0x10/0x10 [ 139.453575][ T6670] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 139.459444][ T6670] ? get_mem_cgroup_from_objcg+0x1af/0x1d0 [ 139.465384][ T6670] ? get_mem_cgroup_from_objcg+0x1a/0x1d0 [ 139.471151][ T6670] __memcg_slab_post_alloc_hook+0x140/0x7e0 [ 139.477116][ T6670] ? alloc_inode+0x87/0x1a0 [ 139.481686][ T6670] kmem_cache_alloc_lru_noprof+0x1e6/0x2b0 [ 139.487554][ T6670] alloc_inode+0x87/0x1a0 [ 139.491971][ T6670] iget_locked+0xf1/0x5a0 [ 139.496389][ T6670] kernfs_get_inode+0x51/0x7b0 [ 139.501277][ T6670] kernfs_iop_lookup+0x266/0x390 [ 139.506621][ T6670] lookup_one_qstr_excl+0x11f/0x260 [ 139.511872][ T6670] do_rmdir+0x297/0x580 [ 139.516257][ T6670] ? __pfx_do_rmdir+0x10/0x10 [ 139.521013][ T6670] ? getname_flags+0x1e3/0x540 [ 139.525853][ T6670] __x64_sys_rmdir+0x47/0x50 [ 139.530512][ T6670] do_syscall_64+0xf3/0x230 [ 139.535064][ T6670] ? clear_bhb_loop+0x35/0x90 [ 139.539791][ T6670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.545816][ T6670] RIP: 0033:0x7f9d7777e719 [ 139.550264][ T6670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.569917][ T6670] RSP: 002b:00007f9d785ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 139.579268][ T6670] RAX: ffffffffffffffda RBX: 00007f9d77935f80 RCX: 00007f9d7777e719 [ 139.587381][ T6670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 [ 139.595576][ T6670] RBP: 00007f9d785ff090 R08: 0000000000000000 R09: 0000000000000000 [ 139.603582][ T6670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.611943][ T6670] R13: 0000000000000000 R14: 00007f9d77935f80 R15: 00007ffe520bd2c8 [ 139.619974][ T6670] [ 139.760914][ T6678] vivid-003: disconnect [ 139.769374][ T6675] hub 6-0:1.0: 1 port detected [ 139.841852][ T29] audit: type=1326 audit(1731662787.463:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d7777e719 code=0x7ffc0000 [ 139.883882][ T6669] vivid-003: reconnect [ 140.090130][ T29] audit: type=1326 audit(1731662787.463:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f9d7777e719 code=0x7ffc0000 [ 140.120908][ T6630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.204'. [ 140.224175][ T29] audit: type=1326 audit(1731662787.473:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d7777e719 code=0x7ffc0000 [ 140.250007][ T5887] usbhid 3-1:0.0: can't add hid device: -71 [ 140.266569][ T5887] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 140.297475][ T29] audit: type=1326 audit(1731662787.763:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9d7777d0b0 code=0x7ffc0000 [ 140.327496][ T5887] usb 3-1: USB disconnect, device number 4 [ 140.364838][ T29] audit: type=1326 audit(1731662787.763:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9d7777d1ff code=0x7ffc0000 [ 140.463557][ T29] audit: type=1326 audit(1731662787.763:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f9d7777e719 code=0x7ffc0000 [ 140.525127][ T29] audit: type=1326 audit(1731662788.773:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6669 comm="syz.1.216" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f035fd7e719 code=0x0 [ 140.600252][ T29] audit: type=1326 audit(1731662788.863:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f9d7777d15c code=0x7ffc0000 [ 140.673402][ T29] audit: type=1326 audit(1731662788.863:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9d7777d1ff code=0x7ffc0000 [ 142.324909][ T6706] vivid-001: disconnect [ 142.393932][ T6700] capability: warning: `syz.1.222' uses 32-bit capabilities (legacy support in use) [ 143.116251][ T6694] vivid-001: reconnect [ 143.653062][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.230'. [ 144.434375][ T6726] netlink: 76 bytes leftover after parsing attributes in process `syz.1.230'. [ 145.666164][ T6731] FAULT_INJECTION: forcing a failure. [ 145.666164][ T6731] name failslab, interval 1, probability 0, space 0, times 0 [ 145.731909][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.0.232 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 145.742579][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 145.752775][ T6731] Call Trace: [ 145.756179][ T6731] [ 145.759242][ T6731] dump_stack_lvl+0x241/0x360 [ 145.763989][ T6731] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.769244][ T6731] ? __pfx__printk+0x10/0x10 [ 145.773882][ T6731] ? __kmalloc_noprof+0xb0/0x400 [ 145.778865][ T6731] ? __pfx___might_resched+0x10/0x10 [ 145.784326][ T6731] should_fail_ex+0x3b0/0x4e0 [ 145.789138][ T6731] ? __se_sys_memfd_create+0x265/0x840 [ 145.794748][ T6731] should_failslab+0xac/0x100 [ 145.799506][ T6731] ? __se_sys_memfd_create+0x265/0x840 [ 145.805109][ T6731] __kmalloc_noprof+0xd8/0x400 [ 145.809944][ T6731] __se_sys_memfd_create+0x265/0x840 [ 145.815285][ T6731] do_syscall_64+0xf3/0x230 [ 145.819835][ T6731] ? clear_bhb_loop+0x35/0x90 [ 145.824561][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.830510][ T6731] RIP: 0033:0x7f1f6837e719 [ 145.834982][ T6731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.854818][ T6731] RSP: 002b:00007f1f691aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 145.863291][ T6731] RAX: ffffffffffffffda RBX: 00007f1f68535f80 RCX: 00007f1f6837e719 [ 145.871400][ T6731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 145.879463][ T6731] RBP: 00007f1f691aa090 R08: 0000000000000000 R09: 0000000000000000 [ 145.887582][ T6731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.895697][ T6731] R13: 0000000000000000 R14: 00007f1f68535f80 R15: 00007fff5c1f4448 [ 145.903742][ T6731] [ 147.506229][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 148.474983][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 148.504642][ T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 148.525822][ T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 148.554140][ T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 148.607012][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 148.607051][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.607075][ T9] usb 3-1: Product: syz [ 148.607093][ T9] usb 3-1: Manufacturer: syz [ 148.607111][ T9] usb 3-1: SerialNumber: syz [ 148.864561][ T9] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 148.961088][ T9] usb 3-1: USB disconnect, device number 5 [ 149.379131][ T6791] netlink: 'syz.4.251': attribute type 1 has an invalid length. [ 149.624456][ T6800] input: syz1 as /devices/virtual/input/input8 [ 149.772538][ T6804] FAULT_INJECTION: forcing a failure. [ 149.772538][ T6804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.826093][ T6804] CPU: 1 UID: 0 PID: 6804 Comm: syz.2.254 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 149.837731][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 149.848703][ T6804] Call Trace: [ 149.852044][ T6804] [ 149.855037][ T6804] dump_stack_lvl+0x241/0x360 [ 149.859790][ T6804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.865846][ T6804] ? __pfx__printk+0x10/0x10 [ 149.870496][ T6804] ? ktime_get_ts64+0xa8/0x2b0 [ 149.875409][ T6804] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 149.881811][ T6804] should_fail_ex+0x3b0/0x4e0 [ 149.887182][ T6804] _copy_to_user+0x31/0xb0 [ 149.891920][ T6804] put_timespec64+0xfa/0x150 [ 149.896668][ T6804] ? __pfx_put_timespec64+0x10/0x10 [ 149.902118][ T6804] poll_select_finish+0x57d/0x7d0 [ 149.907741][ T6804] ? __pfx_poll_select_finish+0x10/0x10 [ 149.913791][ T6804] ? __pfx_set_user_sigmask+0x10/0x10 [ 149.919307][ T6804] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 149.925541][ T6804] __se_sys_pselect6+0x33a/0x3f0 [ 149.930620][ T6804] ? __pfx___se_sys_pselect6+0x10/0x10 [ 149.936228][ T6804] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 149.943056][ T6804] ? do_syscall_64+0x100/0x230 [ 149.948091][ T6804] ? __x64_sys_pselect6+0x21/0xf0 [ 149.953288][ T6804] do_syscall_64+0xf3/0x230 [ 149.958066][ T6804] ? clear_bhb_loop+0x35/0x90 [ 149.963032][ T6804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.969084][ T6804] RIP: 0033:0x7fc69197e719 [ 149.973528][ T6804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.993431][ T6804] RSP: 002b:00007fc6927d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 150.001985][ T6804] RAX: ffffffffffffffda RBX: 00007fc691b36058 RCX: 00007fc69197e719 [ 150.010203][ T6804] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000040 [ 150.018589][ T6804] RBP: 00007fc6927d0090 R08: 0000000020000040 R09: 0000000000000000 [ 150.026588][ T6804] R10: 0000000020000680 R11: 0000000000000246 R12: 0000000000000001 [ 150.034928][ T6804] R13: 0000000000000000 R14: 00007fc691b36058 R15: 00007ffe3e4a1608 [ 150.043274][ T6804] [ 152.367882][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 152.687633][ T6845] vivid-002: disconnect [ 152.698966][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 152.699019][ T29] audit: type=1326 audit(1731662801.683:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.3.265" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b3d77e719 code=0x0 [ 153.130298][ T6838] vivid-002: reconnect [ 153.357546][ T8] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 153.367051][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.403354][ T8] usb 2-1: config 0 descriptor?? [ 153.622851][ T8] [drm] vendor descriptor length:6 data:06 5f 14 24 49 ef 00 00 00 00 00 [ 153.664846][ T8] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 154.037776][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.1.262'. [ 154.060429][ T6868] netlink: 16 bytes leftover after parsing attributes in process `syz.1.262'. [ 154.071858][ T6863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.262'. [ 154.071973][ T6863] bridge_slave_1: left allmulticast mode [ 154.071998][ T6863] bridge_slave_1: left promiscuous mode [ 154.073775][ T6863] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.110930][ T6863] bridge_slave_0: left allmulticast mode [ 154.185220][ T6863] bridge_slave_0: left promiscuous mode [ 154.186509][ T6863] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.431709][ T8] [drm:udl_init] *ERROR* Selecting channel failed [ 154.476547][ T8] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 154.499568][ T8] [drm] Initialized udl on minor 2 [ 154.518066][ T8] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 154.539877][ T8] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 154.580530][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 154.596510][ T8] usb 2-1: USB disconnect, device number 6 [ 154.624287][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 154.744939][ T5887] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 154.925106][ T5887] usb 1-1: Using ep0 maxpacket: 32 [ 154.952734][ T5887] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 154.961532][ T5887] usb 1-1: config 0 has no interface number 0 [ 154.974142][ T5887] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 154.994839][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.024847][ T5887] usb 1-1: Product: syz [ 155.029259][ T5887] usb 1-1: Manufacturer: syz [ 155.033908][ T5887] usb 1-1: SerialNumber: syz [ 155.065843][ T5887] usb 1-1: config 0 descriptor?? [ 155.160913][ T6893] FAULT_INJECTION: forcing a failure. [ 155.160913][ T6893] name failslab, interval 1, probability 0, space 0, times 0 [ 155.179616][ T6893] CPU: 1 UID: 0 PID: 6893 Comm: syz.4.282 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 155.190580][ T6893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 155.201267][ T6893] Call Trace: [ 155.204679][ T6893] [ 155.207658][ T6893] dump_stack_lvl+0x241/0x360 [ 155.212398][ T6893] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.217831][ T6893] ? __pfx__printk+0x10/0x10 [ 155.222565][ T6893] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 155.228098][ T6893] ? __pfx___might_resched+0x10/0x10 [ 155.233437][ T6893] ? ima_get_action+0x75/0xb0 [ 155.238258][ T6893] should_fail_ex+0x3b0/0x4e0 [ 155.243046][ T6893] should_failslab+0xac/0x100 [ 155.247860][ T6893] ? __scm_send+0x5d3/0x1410 [ 155.252524][ T6893] __kmalloc_cache_noprof+0x6c/0x2c0 [ 155.257955][ T6893] ? mark_lock+0x9a/0x360 [ 155.262881][ T6893] __scm_send+0x5d3/0x1410 [ 155.267505][ T6893] ? mark_lock+0x9a/0x360 [ 155.272243][ T6893] ? smack_socket_getpeersec_dgram+0x306/0x410 [ 155.278630][ T6893] unix_dgram_sendmsg+0x1c9/0x1f80 [ 155.284351][ T6893] ? smack_socket_sendmsg+0x178/0x540 [ 155.290233][ T6893] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 155.296011][ T6893] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 155.302648][ T6893] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 155.309723][ T6893] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 155.315410][ T6893] ? __import_iovec+0x3a8/0x870 [ 155.320304][ T6893] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 155.325896][ T6893] __sock_sendmsg+0x221/0x270 [ 155.330628][ T6893] ____sys_sendmsg+0x52a/0x7e0 [ 155.335713][ T6893] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.341061][ T6893] __sys_sendmmsg+0x3ab/0x730 [ 155.346047][ T6893] ? __pfx___sys_sendmmsg+0x10/0x10 [ 155.351485][ T6893] ? __pfx_lock_release+0x10/0x10 [ 155.356555][ T6893] ? kstrtouint_from_user+0x128/0x190 [ 155.361979][ T6893] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 155.367978][ T6893] ? ksys_write+0x229/0x2b0 [ 155.372699][ T6893] ? __pfx_lock_release+0x10/0x10 [ 155.378202][ T6893] ? vfs_write+0x730/0xd30 [ 155.382643][ T6893] ? __mutex_unlock_slowpath+0x21d/0x750 [ 155.388303][ T6893] ? __fget_files+0x3f3/0x470 [ 155.393126][ T6893] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 155.399151][ T6893] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 155.405596][ T6893] ? do_syscall_64+0x100/0x230 [ 155.410383][ T6893] __x64_sys_sendmmsg+0xa0/0xb0 [ 155.415271][ T6893] do_syscall_64+0xf3/0x230 [ 155.419809][ T6893] ? clear_bhb_loop+0x35/0x90 [ 155.424620][ T6893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.430558][ T6893] RIP: 0033:0x7f9d7777e719 [ 155.435102][ T6893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.455633][ T6893] RSP: 002b:00007f9d785ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 155.464083][ T6893] RAX: ffffffffffffffda RBX: 00007f9d77935f80 RCX: 00007f9d7777e719 [ 155.472072][ T6893] RDX: 0000000000000001 RSI: 0000000020000400 RDI: 0000000000000004 [ 155.480058][ T6893] RBP: 00007f9d785ff090 R08: 0000000000000000 R09: 0000000000000000 [ 155.488244][ T6893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.496682][ T6893] R13: 0000000000000000 R14: 00007f9d77935f80 R15: 00007ffe520bd2c8 [ 155.504695][ T6893] [ 155.535025][ T5887] radio-si470x 1-1:0.35: this is not a si470x device. [ 155.774042][ T5887] radio-raremono 1-1:0.35: this is not Thanko's Raremono. [ 155.778160][ T5887] usb 1-1: USB disconnect, device number 7 [ 156.004952][ T6908] hub 6-0:1.0: USB hub found [ 156.006881][ T6908] hub 6-0:1.0: 1 port detected [ 156.493513][ T6915] fuse: Invalid rootmode [ 156.613058][ T6919] netlink: 20 bytes leftover after parsing attributes in process `syz.2.287'. [ 156.653557][ T6919] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 156.660669][ T6919] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 156.770093][ T6919] vhci_hcd vhci_hcd.0: Device attached [ 156.894001][ T6920] vhci_hcd: connection closed [ 156.897750][ T69] vhci_hcd: stop threads [ 156.933279][ T69] vhci_hcd: release socket [ 156.946033][ T9] vhci_hcd: vhci_device speed not set [ 156.986249][ T69] vhci_hcd: disconnect device [ 157.005395][ T9] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 157.042611][ T9] usb 37-1: enqueue for inactive port 0 [ 157.151542][ T9] vhci_hcd: vhci_device speed not set [ 157.368022][ T53] Bluetooth: Error in BCSP hdr checksum [ 157.715390][ T2988] Bluetooth: Error in BCSP hdr checksum [ 157.904279][ T5899] Bluetooth: Error in BCSP hdr checksum [ 158.013040][ T29] audit: type=1804 audit(1731662807.093:28): pid=6951 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.295" name="/newroot/68/bus/bus" dev="overlay" ino=375 res=1 errno=0 [ 158.077558][ T29] audit: type=1804 audit(1731662807.143:29): pid=6949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.295" name="/newroot/68/bus/bus" dev="overlay" ino=375 res=1 errno=0 [ 158.527202][ T6967] hub 6-0:1.0: USB hub found [ 158.533252][ T6967] hub 6-0:1.0: 1 port detected [ 159.234825][ T29] audit: type=1326 audit(1731662808.313:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6969 comm="syz.4.302" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d7777e719 code=0x0 [ 159.347386][ T6976] sp0: Synchronizing with TNC [ 159.416126][ T5842] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 161.161193][ T6994] netlink: 'syz.0.308': attribute type 1 has an invalid length. [ 161.237894][ T6998] FAULT_INJECTION: forcing a failure. [ 161.237894][ T6998] name failslab, interval 1, probability 0, space 0, times 0 [ 161.251158][ T6994] bond1: entered promiscuous mode [ 161.256513][ T6998] CPU: 0 UID: 0 PID: 6998 Comm: syz.3.310 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 161.267252][ T6998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 161.277556][ T6998] Call Trace: [ 161.280860][ T6998] [ 161.283987][ T6998] dump_stack_lvl+0x241/0x360 [ 161.286919][ T6994] 8021q: adding VLAN 0 to HW filter on device bond1 [ 161.288953][ T6998] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.301376][ T6998] ? __pfx__printk+0x10/0x10 [ 161.306032][ T6998] ? fs_reclaim_acquire+0x93/0x130 [ 161.311230][ T6998] ? __pfx___might_resched+0x10/0x10 [ 161.316594][ T6998] should_fail_ex+0x3b0/0x4e0 [ 161.321333][ T6998] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 161.327145][ T6998] should_failslab+0xac/0x100 [ 161.331872][ T6998] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 161.337681][ T6998] __kmalloc_noprof+0xd8/0x400 [ 161.342598][ T6998] tomoyo_realpath_from_path+0xcf/0x5e0 [ 161.348293][ T6998] tomoyo_path_number_perm+0x23a/0x880 [ 161.353822][ T6998] ? tomoyo_path_number_perm+0x208/0x880 [ 161.359500][ T6998] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 161.365579][ T6998] ? __fget_files+0x29/0x470 [ 161.370232][ T6998] ? __fget_files+0x3f3/0x470 [ 161.374962][ T6998] security_file_ioctl+0xc6/0x2a0 [ 161.380545][ T6998] __se_sys_ioctl+0x47/0x170 [ 161.385211][ T6998] do_syscall_64+0xf3/0x230 [ 161.389744][ T6998] ? clear_bhb_loop+0x35/0x90 [ 161.394494][ T6998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.400492][ T6998] RIP: 0033:0x7f3b3d77e719 [ 161.404924][ T6998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.424574][ T6998] RSP: 002b:00007f3b3e59e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.433047][ T6998] RAX: ffffffffffffffda RBX: 00007f3b3d935f80 RCX: 00007f3b3d77e719 [ 161.441051][ T6998] RDX: 0000000020000000 RSI: 0000000040045731 RDI: 0000000000000005 [ 161.449045][ T6998] RBP: 00007f3b3e59e090 R08: 0000000000000000 R09: 0000000000000000 [ 161.457071][ T6998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.465154][ T6998] R13: 0000000000000000 R14: 00007f3b3d935f80 R15: 00007ffdfee44e48 [ 161.473261][ T6998] [ 161.476380][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.483756][ T6998] ERROR: Out of memory at tomoyo_realpath_from_path. [ 161.571187][ T7000] netlink: 3 bytes leftover after parsing attributes in process `syz.0.308'. [ 161.584585][ T7003] netlink: 'syz.2.311': attribute type 1 has an invalid length. [ 161.603070][ T7003] netlink: 224 bytes leftover after parsing attributes in process `syz.2.311'. [ 161.670951][ T7000] batadv1: entered promiscuous mode [ 161.688111][ T7000] batadv1: entered allmulticast mode [ 161.701842][ T7000] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 161.716627][ T7000] bond1: (slave batadv1): making interface the new active one [ 161.728011][ T7000] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 161.748666][ T7009] sctp: [Deprecated]: syz.4.313 (pid 7009) Use of int in max_burst socket option. [ 161.748666][ T7009] Use struct sctp_assoc_value instead [ 161.931821][ T5930] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 161.992389][ T7013] @ÿ: renamed from veth0_vlan (while UP) [ 162.095064][ T5930] usb 4-1: Using ep0 maxpacket: 8 [ 162.110311][ T5930] usb 4-1: unable to get BOS descriptor or descriptor too short [ 162.119833][ T5930] usb 4-1: too many configurations: 146, using maximum allowed: 8 [ 162.180927][ T5930] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 162.242333][ T5930] usb 4-1: can't read configurations, error -71 [ 162.328068][ T7024] usb usb1: usbfs: process 7024 (syz.4.316) did not claim interface 23 before use [ 163.242672][ T7028] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 164.230139][ T7028] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.239067][ T7028] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.247456][ T7028] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.255788][ T7028] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.314292][ T7036] netlink: 8 bytes leftover after parsing attributes in process `syz.4.321'. [ 164.323938][ T7036] netlink: 4 bytes leftover after parsing attributes in process `syz.4.321'. [ 164.333466][ T7036] FAULT_INJECTION: forcing a failure. [ 164.333466][ T7036] name failslab, interval 1, probability 0, space 0, times 0 [ 164.346411][ T7036] CPU: 1 UID: 0 PID: 7036 Comm: syz.4.321 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 164.357049][ T7036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 164.367247][ T7036] Call Trace: [ 164.370560][ T7036] [ 164.373515][ T7036] dump_stack_lvl+0x241/0x360 [ 164.378227][ T7036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.383480][ T7036] ? __pfx__printk+0x10/0x10 [ 164.388127][ T7036] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 164.393708][ T7036] ? __pfx___might_resched+0x10/0x10 [ 164.399031][ T7036] should_fail_ex+0x3b0/0x4e0 [ 164.403732][ T7036] ? radix_tree_node_alloc+0x8b/0x3c0 [ 164.409128][ T7036] should_failslab+0xac/0x100 [ 164.413816][ T7036] ? radix_tree_node_alloc+0x8b/0x3c0 [ 164.419201][ T7036] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 164.424585][ T7036] radix_tree_node_alloc+0x8b/0x3c0 [ 164.429803][ T7036] idr_get_free+0x296/0xab0 [ 164.434328][ T7036] idr_alloc_u32+0x195/0x330 [ 164.438937][ T7036] ? __pfx_idr_alloc_u32+0x10/0x10 [ 164.444080][ T7036] ? __pfx_lock_acquire+0x10/0x10 [ 164.449123][ T7036] ? net_generic+0x1f/0x240 [ 164.453639][ T7036] ? __kasan_kmalloc+0x98/0xb0 [ 164.458429][ T7036] tcf_idr_check_alloc+0x703/0x940 [ 164.463553][ T7036] ? __sock_sendmsg+0x221/0x270 [ 164.468419][ T7036] ? ____sys_sendmsg+0x52a/0x7e0 [ 164.473378][ T7036] ? __pfx_tcf_idr_check_alloc+0x10/0x10 [ 164.479024][ T7036] ? __nla_parse+0x40/0x60 [ 164.483461][ T7036] tcf_mirred_init+0x249/0x1000 [ 164.488336][ T7036] ? __pfx_tcf_mirred_init+0x10/0x10 [ 164.493647][ T7036] ? __asan_memcpy+0x40/0x70 [ 164.498257][ T7036] ? __pfx_tcf_mirred_init+0x10/0x10 [ 164.503560][ T7036] tcf_action_init_1+0x5d7/0x890 [ 164.508514][ T7036] ? nla_strscpy+0x100/0x180 [ 164.513139][ T7036] ? __pfx_tcf_action_init_1+0x10/0x10 [ 164.518618][ T7036] ? _raw_read_unlock+0x28/0x50 [ 164.523486][ T7036] ? tc_action_load_ops+0x26d/0x590 [ 164.528715][ T7036] ? __nla_parse+0x40/0x60 [ 164.533159][ T7036] tcf_action_init+0x2e8/0xae0 [ 164.537948][ T7036] ? __pfx_tcf_action_init+0x10/0x10 [ 164.543292][ T7036] ? cap_capable+0x1b4/0x250 [ 164.547925][ T7036] ? cap_capable+0x1b4/0x250 [ 164.552533][ T7036] ? safesetid_security_capable+0xb2/0x1d0 [ 164.558449][ T7036] tc_ctl_action+0x47d/0xcf0 [ 164.563070][ T7036] ? __pfx_tc_ctl_action+0x10/0x10 [ 164.568219][ T7036] ? __mutex_lock+0x9ab/0xd70 [ 164.572918][ T7036] ? __pfx___mutex_lock+0x10/0x10 [ 164.577968][ T7036] ? __pfx_tc_ctl_action+0x10/0x10 [ 164.583094][ T7036] rtnetlink_rcv_msg+0x73f/0xcf0 [ 164.588097][ T7036] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 164.593504][ T7036] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 164.600154][ T7036] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 164.605757][ T7036] netlink_rcv_skb+0x1e3/0x430 [ 164.610636][ T7036] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 164.616128][ T7036] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 164.621476][ T7036] ? __rcu_read_unlock+0xa1/0x110 [ 164.626632][ T7036] netlink_unicast+0x7f6/0x990 [ 164.631442][ T7036] ? __pfx_netlink_unicast+0x10/0x10 [ 164.636759][ T7036] ? __phys_addr_symbol+0x48/0x70 [ 164.641840][ T7036] ? __check_object_size+0x48e/0x900 [ 164.647263][ T7036] netlink_sendmsg+0x8e4/0xcb0 [ 164.652246][ T7036] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.657580][ T7036] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.662897][ T7036] __sock_sendmsg+0x221/0x270 [ 164.667617][ T7036] ____sys_sendmsg+0x52a/0x7e0 [ 164.672420][ T7036] ? __pfx_____sys_sendmsg+0x10/0x10 [ 164.677769][ T7036] __sys_sendmsg+0x292/0x380 [ 164.682421][ T7036] ? __pfx___sys_sendmsg+0x10/0x10 [ 164.687692][ T7036] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 164.694052][ T7036] ? do_syscall_64+0x100/0x230 [ 164.698846][ T7036] ? do_syscall_64+0xb6/0x230 [ 164.703552][ T7036] do_syscall_64+0xf3/0x230 [ 164.708078][ T7036] ? clear_bhb_loop+0x35/0x90 [ 164.712778][ T7036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.718700][ T7036] RIP: 0033:0x7f9d7777e719 [ 164.723137][ T7036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.742765][ T7036] RSP: 002b:00007f9d785bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.751199][ T7036] RAX: ffffffffffffffda RBX: 00007f9d77936130 RCX: 00007f9d7777e719 [ 164.759185][ T7036] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003 [ 164.767166][ T7036] RBP: 00007f9d785bd090 R08: 0000000000000000 R09: 0000000000000000 [ 164.775156][ T7036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.783159][ T7036] R13: 0000000000000000 R14: 00007f9d77936130 R15: 00007ffe520bd2c8 [ 164.791158][ T7036] [ 164.952873][ T7040] tipc: Started in network mode [ 164.963250][ T7040] tipc: Node identity 5a91401344c7, cluster identity 4711 [ 165.006201][ T7040] tipc: Enabled bearer , priority 0 [ 165.013475][ T7037] netlink: 'syz.3.319': attribute type 4 has an invalid length. [ 165.065995][ T7029] tipc: Disabling bearer [ 165.098291][ T7054] netlink: 252 bytes leftover after parsing attributes in process `syz.3.324'. [ 165.256719][ T7045] 9pnet_fd: Insufficient options for proto=fd [ 165.283630][ T7059] sp0: Synchronizing with TNC [ 165.313559][ T7059] sp0: Found TNC [ 165.325197][ T7058] [U] è` [ 165.694175][ T29] audit: type=1326 audit(1731662814.773:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7062 comm="syz.0.328" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1f6837e719 code=0x0 [ 165.746437][ T7073] vivid-001: disconnect [ 166.216500][ T7062] vivid-001: reconnect [ 167.148075][ T7086] netlink: 252 bytes leftover after parsing attributes in process `syz.1.335'. [ 168.539600][ T7094] hub 6-0:1.0: USB hub found [ 168.563999][ T7094] hub 6-0:1.0: 1 port detected [ 168.628010][ T7108] netlink: 56 bytes leftover after parsing attributes in process `syz.2.341'. [ 168.824910][ T5932] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 169.150914][ T5932] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 169.169781][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.179233][ T5932] usb 5-1: Product: syz [ 169.197759][ T5932] usb 5-1: Manufacturer: syz [ 169.221163][ T5932] usb 5-1: SerialNumber: syz [ 169.231681][ T5932] usb 5-1: config 0 descriptor?? [ 169.246719][ T7119] input: syz0 as /devices/virtual/input/input9 [ 169.535474][ T5932] mos7840 5-1:0.0: required endpoints missing [ 170.590339][ T5887] usb 5-1: USB disconnect, device number 4 [ 171.305558][ T7140] block device autoloading is deprecated and will be removed. [ 171.448430][ T29] audit: type=1326 audit(1731662820.533:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.3.351" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b3d77e719 code=0x0 [ 173.198142][ T7136] pim6reg: entered allmulticast mode [ 173.292493][ T7151] ======================================================= [ 173.292493][ T7151] WARNING: The mand mount option has been deprecated and [ 173.292493][ T7151] and is ignored by this kernel. Remove the mand [ 173.292493][ T7151] option from the mount to silence this warning. [ 173.292493][ T7151] ======================================================= [ 173.328350][ T7151] 9pnet_fd: Insufficient options for proto=fd [ 173.457759][ T7159] input: syz0 as /devices/virtual/input/input10 [ 173.725188][ T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 174.038793][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 174.144177][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.390506][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 174.518628][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 174.662916][ T8] usb 4-1: SerialNumber: syz [ 174.743496][ T8] usb 4-1: config 0 descriptor?? [ 174.776942][ T8] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 174.819521][ T8] uvcvideo 4-1:0.0: Entity type for entity Output 255 was not initialized! [ 174.857418][ T8] usb 4-1: Failed to create links for entity 255 [ 174.909890][ T8] usb 4-1: Failed to register entities (-22). [ 174.970028][ T8] usb 4-1: USB disconnect, device number 15 [ 175.854669][ T7185] fuse: Bad value for 'user_id' [ 175.859817][ T7185] fuse: Bad value for 'user_id' [ 176.010791][ T7181] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 176.010791][ T7181] The task syz.1.364 (7181) triggered the difference, watch for misbehavior. [ 176.038216][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'. [ 177.716018][ T7217] input: syz0 as /devices/virtual/input/input11 [ 178.267258][ T7222] (syz.2.373,7222,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 178.276137][ T7222] (syz.2.373,7222,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 179.605832][ T7237] netlink: 'syz.2.378': attribute type 21 has an invalid length. [ 180.915586][ T5887] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 180.943566][ T7254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'. [ 181.097179][ T5887] usb 1-1: config 0 interface 0 has no altsetting 0 [ 181.117508][ T5887] usb 1-1: New USB device found, idVendor=0e41, idProduct=4650, bcdDevice=9f.7f [ 181.136276][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.144567][ T5887] usb 1-1: Product: syz [ 181.153959][ T5887] usb 1-1: Manufacturer: syz [ 181.161217][ T5887] usb 1-1: SerialNumber: syz [ 181.173447][ T5887] usb 1-1: config 0 descriptor?? [ 181.453301][ T5887] snd_usb_pod 1-1:0.0: Line 6 PODxt Live found [ 182.008493][ T5887] snd_usb_pod 1-1:0.0: set_interface failed [ 182.016528][ T5887] snd_usb_pod 1-1:0.0: Line 6 PODxt Live now disconnected [ 182.023865][ T5887] snd_usb_pod 1-1:0.0: probe with driver snd_usb_pod failed with error -71 [ 182.033957][ T5887] usb 1-1: USB disconnect, device number 9 [ 182.405128][ T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 182.936086][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 182.945813][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 182.960860][ T8] usb 4-1: config 0 has no interface number 0 [ 183.680673][ T8] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 183.713009][ T8] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 183.722891][ T8] usb 4-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 183.732593][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.752515][ T8] usb 4-1: config 0 descriptor?? [ 183.775398][ T8] hso 4-1:0.1: Failed to find BULK IN ep [ 183.984190][ T25] usb 4-1: USB disconnect, device number 16 [ 184.142408][ T5887] IPVS: starting estimator thread 0... [ 184.273318][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.401'. [ 184.289503][ T7307] IPVS: using max 17 ests per chain, 40800 per kthread [ 184.331474][ T7311] netlink: 'syz.2.401': attribute type 4 has an invalid length. [ 186.395582][ T7322] 9pnet_fd: Insufficient options for proto=fd [ 187.150557][ T5889] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 187.457484][ T7360] vivid-004: disconnect [ 187.519837][ T29] audit: type=1326 audit(1731662836.493:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7356 comm="syz.4.417" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d7777e719 code=0x0 [ 187.578050][ T5889] usb 3-1: unable to get BOS descriptor or descriptor too short [ 187.586441][ T5889] usb 3-1: not running at top speed; connect to a high speed hub [ 187.602082][ T5889] usb 3-1: config 1 has an invalid descriptor of length 128, skipping remainder of the config [ 187.624671][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 187.649122][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 187.676856][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.693676][ T5889] usb 3-1: Product: syz [ 187.702680][ T5889] usb 3-1: Manufacturer: syz [ 187.710121][ T5889] usb 3-1: SerialNumber: syz [ 188.045452][ T7356] vivid-004: reconnect [ 188.435107][ T5889] usb 3-1: 0:2 : does not exist [ 188.474976][ T5889] usb 3-1: USB disconnect, device number 7 [ 189.370499][ T7386] sctp: [Deprecated]: syz.1.426 (pid 7386) Use of struct sctp_assoc_value in delayed_ack socket option. [ 189.370499][ T7386] Use struct sctp_sack_info instead [ 190.080032][ T29] audit: type=1326 audit(1731662839.163:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7399 comm="syz.3.430" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b3d77e719 code=0x0 [ 190.130328][ T7405] vivid-002: disconnect [ 190.661085][ T7399] vivid-002: reconnect [ 193.685459][ T3068] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 193.820200][ T7454] tmpfs: Bad value for 'size' [ 193.875111][ T3068] usb 5-1: Using ep0 maxpacket: 32 [ 193.939193][ T3068] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 193.951570][ T3068] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.962441][ T3068] usb 5-1: Product: syz [ 193.967137][ T3068] usb 5-1: Manufacturer: syz [ 193.973135][ T3068] usb 5-1: SerialNumber: syz [ 194.102728][ T3068] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 194.370327][ T7465] binder: 7464:7465 ioctl c0306201 0 returned -14 [ 194.474923][ T5932] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 194.617732][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.807233][ T5932] usb 4-1: config 0 has an invalid descriptor of length 254, skipping remainder of the config [ 194.882895][ T5932] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 194.939926][ T5932] usb 4-1: New USB device found, idVendor=936d, idProduct=50d0, bcdDevice=39.3c [ 194.979176][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.011627][ T5932] usb 4-1: Product: syz [ 195.026463][ T5932] usb 4-1: Manufacturer: syz [ 195.035472][ T29] audit: type=1326 audit(1731662844.113:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7469 comm="syz.2.457" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc69197e719 code=0x0 [ 195.036264][ T5932] usb 4-1: SerialNumber: syz [ 195.127005][ T5932] usb 4-1: config 0 descriptor?? [ 195.334887][ T25] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 195.388144][ T5887] usb 4-1: USB disconnect, device number 17 [ 195.504812][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 195.522647][ T25] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 195.531938][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.568208][ T25] usb 3-1: config 0 has no interface number 0 [ 195.589768][ T25] usb 3-1: config 0 interface 52 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 195.614943][ T3068] gspca_stk1135: reg_w 0xd err -110 [ 195.621262][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.634756][ T3068] gspca_stk1135: Sensor write failed [ 195.640136][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.646576][ T25] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.664751][ T3068] gspca_stk1135: Sensor write failed [ 195.670129][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.684775][ T25] usb 3-1: config 0 interface 52 has no altsetting 0 [ 195.693101][ T25] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 195.704786][ T3068] gspca_stk1135: Sensor read failed [ 195.710067][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.724758][ T25] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 195.732904][ T25] usb 3-1: Manufacturer: syz [ 195.744762][ T3068] gspca_stk1135: Sensor read failed [ 195.750033][ T3068] gspca_stk1135: Detected sensor type unknown (0x0) [ 195.765755][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.772178][ T3068] gspca_stk1135: Sensor read failed [ 195.781313][ T25] usb 3-1: config 0 descriptor?? [ 195.805039][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.811927][ T3068] gspca_stk1135: Sensor read failed [ 195.817487][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.823894][ T3068] gspca_stk1135: Sensor write failed [ 195.829303][ T3068] gspca_stk1135: serial bus timeout: status=0x00 [ 195.835726][ T3068] gspca_stk1135: Sensor write failed [ 195.842441][ T3068] stk1135 5-1:64.0: probe with driver stk1135 failed with error -110 [ 196.020245][ T7477] vivid-000: disconnect [ 196.188506][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.459'. [ 196.200359][ T7481] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 197.348098][ T7489] netlink: 28 bytes leftover after parsing attributes in process `syz.3.461'. [ 197.518846][ T8] usb 5-1: USB disconnect, device number 5 [ 197.975081][ T8] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 197.986266][ T7470] vivid-000: reconnect [ 198.061802][ T25] usb 3-1: Can not set alternate setting to 1, error: -71 [ 198.073176][ T25] synaptics_usb 3-1:0.52: probe with driver synaptics_usb failed with error -71 [ 198.144112][ T25] usb 3-1: USB disconnect, device number 8 [ 198.739396][ T7508] netlink: 'syz.2.468': attribute type 21 has an invalid length. [ 198.784138][ T7508] netlink: 132 bytes leftover after parsing attributes in process `syz.2.468'. [ 198.808369][ T8] usb 4-1: New USB device found, idVendor=12d1, idProduct=6748, bcdDevice=49.0b [ 198.818560][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.824334][ T7508] netlink: 28 bytes leftover after parsing attributes in process `syz.2.468'. [ 198.827227][ T8] usb 4-1: Product: syz [ 198.840350][ T8] usb 4-1: Manufacturer: syz [ 198.845116][ T8] usb 4-1: SerialNumber: syz [ 198.855712][ T8] usb 4-1: config 0 descriptor?? [ 198.860820][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.470'. [ 198.899921][ T8] huawei_cdc_ncm 4-1:0.0: CDC Union missing and no IAD found [ 198.919372][ T8] huawei_cdc_ncm 4-1:0.0: bind() failure [ 199.243598][ T8] usb 4-1: USB disconnect, device number 18 [ 199.286143][ T7527] fuse: Unknown parameter 'ÿÿÿÿ0x0000000000000009' [ 199.384076][ T7530] veth1_macvtap: left promiscuous mode [ 199.400540][ T7530] macsec0: entered promiscuous mode [ 199.413286][ T7530] macsec0: entered allmulticast mode [ 199.457875][ T7530] veth1_macvtap: entered promiscuous mode [ 199.463903][ T7530] veth1_macvtap: entered allmulticast mode [ 199.472228][ T7530] macsec0: left promiscuous mode [ 199.479148][ T7530] macsec0: left allmulticast mode [ 199.484609][ T7530] veth1_macvtap: left allmulticast mode [ 199.617505][ T7534] input: syz0 as /devices/virtual/input/input13 [ 201.035074][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.047917][ T7520] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 201.358296][ T5932] IPVS: starting estimator thread 0... [ 201.445117][ T7550] IPVS: using max 14 ests per chain, 33600 per kthread [ 202.853812][ T7522] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 203.073803][ T7559] 9pnet_fd: Insufficient options for proto=fd [ 203.480622][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 203.747519][ T7583] warning: `syz.0.490' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 204.693967][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.1.493'. [ 205.039559][ T7601] hub 6-0:1.0: USB hub found [ 205.134638][ T7601] hub 6-0:1.0: 1 port detected [ 206.712778][ T5889] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 206.940250][ T55] Bluetooth: hci1: command 0x0406 tx timeout [ 206.946456][ T5841] Bluetooth: hci3: command 0x0406 tx timeout [ 206.952724][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 206.959072][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 206.984841][ T5889] usb 3-1: Using ep0 maxpacket: 32 [ 206.994488][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 207.016131][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 207.064819][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 207.095082][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 207.146530][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 207.183895][ T5889] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 207.321222][ T7630] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 207.355284][ T7630] infiniband sy{0: RDMA CMA: cma_listen_on_dev, error -98 [ 208.023374][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.031695][ T5889] usb 3-1: Product: syz [ 208.036533][ T5889] usb 3-1: Manufacturer: syz [ 208.041606][ T5889] usb 3-1: SerialNumber: syz [ 208.056127][ T5889] usb 3-1: config 0 descriptor?? [ 208.185948][ T7635] bond0: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 208.225045][ T7635] netlink: 'syz.0.505': attribute type 10 has an invalid length. [ 208.266671][ T7635] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.274673][ T7635] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.360039][ T7635] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.367295][ T7635] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.374827][ T7635] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.381994][ T7635] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.458132][ T7635] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 208.467709][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 208.484560][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 208.516820][ T6413] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex [ 209.100454][ T29] audit: type=1326 audit(1731662858.183:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7639 comm="syz.4.508" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d7777e719 code=0x0 [ 209.188069][ T7653] vivid-004: disconnect [ 209.424671][ T7639] vivid-004: reconnect [ 209.578644][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -110 [ 209.586625][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.618853][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.644456][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.672445][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.706049][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.742893][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.774854][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.781849][ T7659] netlink: 'syz.3.512': attribute type 10 has an invalid length. [ 209.787421][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.810640][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.842156][ T7659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.879595][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.910706][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 209.913664][ T7659] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 209.970809][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 210.063854][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 210.086784][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 210.099938][ T7658] bond0: entered promiscuous mode [ 210.109767][ T5889] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 210.121278][ T7658] bond_slave_0: entered promiscuous mode [ 210.127188][ T5889] input input15: Timeout waiting for response from device. [ 210.161117][ T7658] bond_slave_1: entered promiscuous mode [ 210.187608][ T7658] batadv0: entered promiscuous mode [ 210.880791][ T5913] usb 3-1: USB disconnect, device number 9 [ 211.000663][ T7665] @: renamed from vlan0 (while UP) [ 213.546748][ T5889] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 213.650983][ T7691] program syz.2.523 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.024925][ T5889] usb 1-1: Using ep0 maxpacket: 16 [ 214.043180][ T5889] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.071263][ T5889] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 214.098289][ T5930] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 214.152968][ T5889] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 214.204463][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.633245][ T5889] usb 1-1: config 0 descriptor?? [ 214.648464][ T5889] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 214.798031][ T5889] IPVS: starting estimator thread 0... [ 214.810077][ T7700] tipc: Started in network mode [ 214.815170][ T5930] usb 3-1: Using ep0 maxpacket: 8 [ 214.815286][ T7700] tipc: Node identity ac1414aa, cluster identity 4711 [ 214.836407][ T7700] tipc: Enabled bearer , priority 10 [ 214.839948][ T5930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 214.854800][ T5930] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 214.864599][ T5930] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x5B, changing to 0xB [ 214.903017][ T5930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 62104, setting to 1024 [ 214.914449][ T5930] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 214.950965][ T7688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.959830][ T7688] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.975222][ T5930] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=9e.7e [ 214.985084][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.993867][ T5930] usb 3-1: Product: syz [ 215.020668][ T5930] usb 3-1: Manufacturer: syz [ 215.032743][ T7701] IPVS: using max 16 ests per chain, 38400 per kthread [ 215.044280][ T5930] usb 3-1: SerialNumber: syz [ 215.073303][ T5930] usb 3-1: config 0 descriptor?? [ 215.091195][ T7691] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 215.111672][ T5930] usbtest 3-1:0.0: couldn't get endpoints, -22 [ 215.119132][ T5930] usbtest 3-1:0.0: probe with driver usbtest failed with error -22 [ 215.347817][ T7708] 9pnet_fd: Insufficient options for proto=fd [ 215.351416][ T5930] usb 3-1: USB disconnect, device number 10 [ 215.857644][ T25] tipc: Node number set to 2886997162 [ 217.274866][ T5889] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 217.964918][ T5889] usb 3-1: Using ep0 maxpacket: 16 [ 218.032845][ T5889] usb 3-1: unable to get BOS descriptor or descriptor too short [ 218.044862][ T5889] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 218.075947][ T5889] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 218.083588][ T5889] usb 3-1: can't read configurations, error -71 [ 218.151581][ T5932] usb 1-1: USB disconnect, device number 10 [ 218.460717][ T53] tipc: Subscription rejected, illegal request [ 221.714975][ T8] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 221.895258][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 221.917518][ T8] usb 5-1: unable to get BOS descriptor or descriptor too short [ 221.959274][ T8] usb 5-1: config 7 has an invalid interface number: 180 but max is 1 [ 222.000326][ T8] usb 5-1: config 7 has an invalid interface number: 57 but max is 1 [ 222.523520][ T8] usb 5-1: config 7 has no interface number 0 [ 222.529789][ T8] usb 5-1: config 7 has no interface number 1 [ 222.536157][ T8] usb 5-1: config 7 interface 57 altsetting 8 has a duplicate endpoint with address 0x6, skipping [ 222.547053][ T8] usb 5-1: config 7 interface 57 altsetting 8 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 222.558004][ T8] usb 5-1: config 7 interface 57 altsetting 8 has an endpoint descriptor with address 0xA9, changing to 0x89 [ 222.570151][ T8] usb 5-1: config 7 interface 57 altsetting 8 endpoint 0x89 has an invalid bInterval 220, changing to 11 [ 222.581908][ T8] usb 5-1: config 7 interface 57 altsetting 8 endpoint 0x89 has invalid maxpacket 26298, setting to 1024 [ 222.593512][ T8] usb 5-1: config 7 interface 57 altsetting 8 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 222.606987][ T8] usb 5-1: config 7 interface 180 has no altsetting 0 [ 222.613800][ T8] usb 5-1: config 7 interface 57 has no altsetting 0 [ 222.824398][ T8] usb 5-1: New USB device found, idVendor=07c0, idProduct=1503, bcdDevice=b8.b9 [ 222.834440][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.855975][ T8] usb 5-1: Product: syz [ 222.860215][ T8] usb 5-1: Manufacturer: syz [ 222.888299][ T8] usb 5-1: SerialNumber: syz [ 223.421227][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.4.544'. [ 224.006449][ T7792] tmpfs: Unknown parameter 'huThiæ^si' [ 224.266060][ T8] iowarrior 5-1:7.180: no interrupt-in endpoint found [ 224.326070][ T8] iowarrior 5-1:7.57: no interrupt-out endpoint found [ 224.355199][ T8] usb 5-1: USB disconnect, device number 6 [ 225.850854][ T7779] mmap: syz.3.547 (7779): VmData 25841664 exceed data ulimit 136. Update limits or use boot option ignore_rlimit_data. [ 226.425557][ T7814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.554'. [ 227.741802][ T5930] IPVS: starting estimator thread 0... [ 227.798640][ T7805] 9pnet_fd: Insufficient options for proto=fd [ 227.834909][ T7821] IPVS: using max 24 ests per chain, 57600 per kthread [ 228.147951][ T7829] netlink: 48 bytes leftover after parsing attributes in process `syz.3.559'. [ 228.223124][ T7832] binder: 7827:7832 ioctl c0306201 20000400 returned -22 [ 228.256074][ T7832] netlink: 24 bytes leftover after parsing attributes in process `syz.4.561'. [ 228.313385][ T7832] veth1_macvtap: left promiscuous mode [ 228.341212][ T7832] macsec0: entered promiscuous mode [ 228.369804][ T7832] macsec0: entered allmulticast mode [ 228.406503][ T7836] veth1_macvtap: entered promiscuous mode [ 228.422893][ T7836] veth1_macvtap: entered allmulticast mode [ 228.446576][ T7836] macsec0: left promiscuous mode [ 228.486661][ T7836] macsec0: left allmulticast mode [ 228.506912][ T7836] veth1_macvtap: left allmulticast mode [ 228.985587][ T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 229.245810][ T8] usb 5-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 229.371625][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.577954][ T8] usb 5-1: config 0 descriptor?? [ 229.885084][ T8] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 230.651501][ T7853] 9pnet_fd: Insufficient options for proto=fd [ 231.015049][ T8] gspca_sunplus: reg_w_riv err -110 [ 231.020425][ T8] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 231.088786][ T7868] netlink: 48 bytes leftover after parsing attributes in process `syz.0.572'. [ 231.723947][ T25] usb 5-1: USB disconnect, device number 7 [ 231.754961][ T5913] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 232.104868][ T5913] usb 1-1: Using ep0 maxpacket: 8 [ 232.116435][ T5913] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 232.124128][ T5913] usb 1-1: can't read configurations, error -61 [ 232.135147][ T7876] 9pnet_fd: Insufficient options for proto=fd [ 232.192448][ T7884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.576'. [ 232.254890][ T5913] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 232.424873][ T5913] usb 1-1: Using ep0 maxpacket: 8 [ 232.443411][ T5913] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 232.458247][ T5913] usb 1-1: can't read configurations, error -61 [ 232.470877][ T5913] usb usb1-port1: attempt power cycle [ 233.349016][ T7883] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 233.385181][ T7883] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 233.456002][ T7883] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 233.492541][ T7883] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 233.574849][ T5913] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 233.597247][ T7883] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 233.603411][ T7883] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 233.611960][ T5913] usb 1-1: Using ep0 maxpacket: 8 [ 233.614205][ T7899] random: crng reseeded on system resumption [ 233.619699][ T5913] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 233.632302][ T5913] usb 1-1: can't read configurations, error -61 [ 233.752349][ T7883] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 233.762178][ T7883] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 233.770566][ T5913] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 233.793562][ T7883] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 233.812614][ T7883] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 233.824275][ T5913] usb 1-1: Using ep0 maxpacket: 8 [ 233.993492][ T7906] netlink: 12 bytes leftover after parsing attributes in process `syz.4.580'. [ 234.003530][ T7906] netlink: 32 bytes leftover after parsing attributes in process `syz.4.580'. [ 234.626417][ T5913] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 234.665812][ T5913] usb 1-1: can't read configurations, error -61 [ 234.729425][ T5913] usb usb1-port1: unable to enumerate USB device [ 235.338276][ T7909] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 236.236660][ T7914] 9pnet_fd: Insufficient options for proto=fd [ 236.354927][ T5886] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 236.505088][ T5886] usb 1-1: Using ep0 maxpacket: 8 [ 236.514440][ T5886] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 236.534075][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.552654][ T5886] usb 1-1: Product: syz [ 236.557212][ T5886] usb 1-1: Manufacturer: syz [ 236.561909][ T5886] usb 1-1: SerialNumber: syz [ 236.578279][ T5886] usb 1-1: config 0 descriptor?? [ 236.596325][ T5886] gspca_main: se401-2.14.0 probing 047d:5003 [ 237.270736][ T7916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.285663][ T7916] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.485799][ T7931] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 237.775957][ T5886] gspca_se401: Bayer format not supported! [ 238.014158][ T5843] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 238.353708][ T8] usb 1-1: USB disconnect, device number 15 [ 239.834348][ T29] audit: type=1326 audit(1731662888.892:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7952 comm="syz.4.593" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d7777e719 code=0x0 [ 240.334991][ T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 240.744850][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 240.753302][ T8] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 240.761703][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 240.771924][ T8] usb 5-1: config 0 has no interface number 0 [ 240.778235][ T8] usb 5-1: config 0 interface 52 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 240.789754][ T8] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 240.866346][ T8] usb 5-1: config 0 interface 52 has no altsetting 0 [ 240.899231][ T8] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 240.951969][ T8] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 241.024203][ T8] usb 5-1: Manufacturer: syz [ 241.052934][ T8] usb 5-1: config 0 descriptor?? [ 241.308801][ T7963] vivid-004: disconnect [ 244.101129][ T7956] netlink: 'syz.2.594': attribute type 5 has an invalid length. [ 244.361093][ T7989] netlink: 'syz.2.601': attribute type 21 has an invalid length. [ 244.369665][ T7989] netlink: 132 bytes leftover after parsing attributes in process `syz.2.601'. [ 244.409789][ T7989] binder: 7988:7989 ioctl 400c620e 200003c0 returned -22 [ 244.436944][ T7991] FAULT_INJECTION: forcing a failure. [ 244.436944][ T7991] name failslab, interval 1, probability 0, space 0, times 0 [ 244.468504][ T7991] CPU: 1 UID: 0 PID: 7991 Comm: syz.1.603 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 244.479173][ T7991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 244.489460][ T7991] Call Trace: [ 244.492791][ T7991] [ 244.495757][ T7991] dump_stack_lvl+0x241/0x360 [ 244.500523][ T7991] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.505768][ T7991] ? __pfx__printk+0x10/0x10 [ 244.510408][ T7991] ? ref_tracker_alloc+0x332/0x490 [ 244.515576][ T7991] should_fail_ex+0x3b0/0x4e0 [ 244.520296][ T7991] ? skb_clone+0x20c/0x390 [ 244.524755][ T7991] should_failslab+0xac/0x100 [ 244.529470][ T7991] ? skb_clone+0x20c/0x390 [ 244.533934][ T7991] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 244.539350][ T7991] skb_clone+0x20c/0x390 [ 244.543651][ T7991] __netlink_deliver_tap+0x3cc/0x7c0 [ 244.548991][ T7991] ? netlink_deliver_tap+0x2e/0x1b0 [ 244.554242][ T7991] netlink_deliver_tap+0x19d/0x1b0 [ 244.559420][ T7991] netlink_unicast+0x7c4/0x990 [ 244.564224][ T7991] ? __pfx_netlink_unicast+0x10/0x10 [ 244.569529][ T7991] ? __virt_addr_valid+0x183/0x530 [ 244.574662][ T7991] ? __check_object_size+0x48e/0x900 [ 244.579976][ T7991] netlink_sendmsg+0x8e4/0xcb0 [ 244.584770][ T7991] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.590089][ T7991] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.595402][ T7991] __sock_sendmsg+0x221/0x270 [ 244.600095][ T7991] ____sys_sendmsg+0x52a/0x7e0 [ 244.604895][ T7991] ? __pfx_____sys_sendmsg+0x10/0x10 [ 244.610217][ T7991] __sys_sendmsg+0x292/0x380 [ 244.614837][ T7991] ? __pfx___sys_sendmsg+0x10/0x10 [ 244.619979][ T7991] ? __pfx_vfs_write+0x10/0x10 [ 244.624804][ T7991] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 244.631167][ T7991] ? do_syscall_64+0x100/0x230 [ 244.635953][ T7991] ? do_syscall_64+0xb6/0x230 [ 244.640655][ T7991] do_syscall_64+0xf3/0x230 [ 244.645271][ T7991] ? clear_bhb_loop+0x35/0x90 [ 244.649975][ T7991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.655971][ T7991] RIP: 0033:0x7f035fd7e719 [ 244.660414][ T7991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.680077][ T7991] RSP: 002b:00007f0360ac0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 244.688513][ T7991] RAX: ffffffffffffffda RBX: 00007f035ff35f80 RCX: 00007f035fd7e719 [ 244.696505][ T7991] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000005 [ 244.704492][ T7991] RBP: 00007f0360ac0090 R08: 0000000000000000 R09: 0000000000000000 [ 244.712486][ T7991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.720655][ T7991] R13: 0000000000000000 R14: 00007f035ff35f80 R15: 00007ffc5d579f58 [ 244.728661][ T7991] [ 244.756339][ C1] hrtimer: interrupt took 24617304 ns [ 244.787815][ T7955] vivid-004: reconnect [ 244.796892][ T8] usb 5-1: Can not set alternate setting to 1, error: -71 [ 244.825629][ T8] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -71 [ 244.847005][ T8] usb 5-1: USB disconnect, device number 8 [ 249.161602][ T8031] vivid-002: ================= START STATUS ================= [ 249.172405][ T8031] vivid-002: Radio HW Seek Mode: Bounded [ 249.179483][ T8031] vivid-002: Radio Programmable HW Seek: false [ 249.186814][ T8031] vivid-002: RDS Rx I/O Mode: Block I/O [ 249.193896][ T8031] vivid-002: Generate RBDS Instead of RDS: false [ 249.200849][ T8031] vivid-002: RDS Reception: true [ 249.206109][ T8031] vivid-002: RDS Program Type: 0 inactive [ 249.212476][ T8031] vivid-002: RDS PS Name: inactive [ 249.217951][ T8031] vivid-002: RDS Radio Text: inactive [ 249.223899][ T8031] vivid-002: RDS Traffic Announcement: false inactive [ 249.231006][ T8031] vivid-002: RDS Traffic Program: false inactive [ 249.237817][ T8031] vivid-002: RDS Music: false inactive [ 249.243863][ T8031] vivid-002: ================== END STATUS ================== [ 249.753672][ T3068] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 249.839969][ T8039] FAULT_INJECTION: forcing a failure. [ 249.839969][ T8039] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 249.957537][ T8039] CPU: 0 UID: 0 PID: 8039 Comm: syz.1.618 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 249.968208][ T8039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 249.978313][ T8039] Call Trace: [ 249.981624][ T8039] [ 249.984584][ T8039] dump_stack_lvl+0x241/0x360 [ 249.989331][ T8039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.994597][ T8039] ? __pfx__printk+0x10/0x10 [ 249.999244][ T8039] ? __pfx_lock_release+0x10/0x10 [ 250.004381][ T8039] should_fail_ex+0x3b0/0x4e0 [ 250.009111][ T8039] _copy_from_user+0x2f/0xc0 [ 250.013764][ T8039] __se_sys_sendfile64+0xcd/0x1e0 [ 250.020278][ T8039] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 250.025957][ T8039] ? do_syscall_64+0x100/0x230 [ 250.030772][ T8039] ? do_syscall_64+0xb6/0x230 [ 250.035495][ T8039] do_syscall_64+0xf3/0x230 [ 250.040048][ T8039] ? clear_bhb_loop+0x35/0x90 [ 250.044771][ T8039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.050703][ T8039] RIP: 0033:0x7f035fd7e719 [ 250.055158][ T8039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.074908][ T8039] RSP: 002b:00007f0360a9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 250.083463][ T8039] RAX: ffffffffffffffda RBX: 00007f035ff36058 RCX: 00007f035fd7e719 [ 250.091479][ T8039] RDX: 0000000020000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 250.099497][ T8039] RBP: 00007f0360a9f090 R08: 0000000000000000 R09: 0000000000000000 [ 250.107515][ T8039] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 250.115523][ T8039] R13: 0000000000000001 R14: 00007f035ff36058 R15: 00007ffc5d579f58 [ 250.123551][ T8039] Connection to 10.128.0.34 closed by remote host. [ 250.235916][ T8045] FAULT_INJECTION: forcing a failure. [ 250.235916][ T8045] name failslab, interval 1, probability 0, space 0, times 0 [ 250.281645][ T8043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.619'. [ 250.331203][ T8045] CPU: 0 UID: 0 PID: 8045 Comm: syz.3.620 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 250.334001][ T8043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.619'. [ 250.341842][ T8045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 250.341914][ T8045] Call Trace: [ 250.341925][ T8045] [ 250.341937][ T8045] dump_stack_lvl+0x241/0x360 [ 250.341979][ T8045] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.342018][ T8045] ? __pfx__printk+0x10/0x10 [ 250.342053][ T8045] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 250.342080][ T8045] ? __pfx___might_resched+0x10/0x10 [ 250.342111][ T8045] ? __mutex_unlock_slowpath+0x21d/0x750 [ 250.342148][ T8045] should_fail_ex+0x3b0/0x4e0 [ 250.342180][ T8045] should_failslab+0xac/0x100 [ 250.342204][ T8045] ? nfnetlink_rcv+0x1265/0x2ab0 [ 250.342236][ T8045] __kmalloc_cache_noprof+0x6c/0x2c0 [ 250.342268][ T8045] nfnetlink_rcv+0x1265/0x2ab0 [ 250.342336][ T8045] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 250.342420][ T8045] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.342448][ T8045] ? skb_clone+0x240/0x390 [ 250.342481][ T8045] ? __pfx_lock_release+0x10/0x10 [ 250.342532][ T8045] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.342564][ T8045] netlink_unicast+0x7f6/0x990 [ 250.342600][ T8045] ? __pfx_netlink_unicast+0x10/0x10 [ 250.342624][ T8045] ? __virt_addr_valid+0x183/0x530 [ 250.342652][ T8045] ? __check_object_size+0x48e/0x900 [ 250.468749][ T8045] netlink_sendmsg+0x8e4/0xcb0 [ 250.473571][ T8045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.478914][ T8045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.484236][ T8045] __sock_sendmsg+0x221/0x270 [ 250.488954][ T8045] ____sys_sendmsg+0x52a/0x7e0 [ 250.493795][ T8045] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.499145][ T8045] __sys_sendmsg+0x292/0x380 [ 250.503792][ T8045] ? __pfx___sys_sendmsg+0x10/0x10 [ 250.508969][ T8045] ? __pfx_vfs_write+0x10/0x10 [ 250.513807][ T8045] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 250.520205][ T8045] ? do_syscall_64+0x100/0x230 [ 250.525017][ T8045] ? do_syscall_64+0xb6/0x230 [ 250.529735][ T8045] do_syscall_64+0xf3/0x230 [ 250.534285][ T8045] ? clear_bhb_loop+0x35/0x90 [ 250.539011][ T8045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.544956][ T8045] RIP: 0033:0x7f3b3d77e719 [ 250.549409][ T8045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.569051][ T8045] RSP: 002b:00007f3b3e59e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.577505][ T8045] RAX: ffffffffffffffda RBX: 00007f3b3d935f80 RCX: 00007f3b3d77e719 [ 250.585510][ T8045] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 250.593510][ T8045] RBP: 00007f3b3e59e090 R08: 0000000000000000 R09: 0000000000000000 [ 250.601510][ T8045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.609516][ T8045] R13: 0000000000000000 R14: 00007f3b3d935f80 R15: 00007ffdfee44e48 [ 250.617542][ T8045] [ 251.464441][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.615467][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.699319][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.765840][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.865971][ T11] bridge_slave_1: left allmulticast mode [ 251.872398][ T11] bridge_slave_1: left promiscuous mode [ 251.881134][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.897442][ T11] bridge_slave_0: left allmulticast mode [ 251.903159][ T11] bridge_slave_0: left promiscuous mode [ 251.909127][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.378395][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.393111][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.409341][ T11] bond0 (unregistering): Released all slaves [ 252.668374][ T11] hsr_slave_0: left promiscuous mode [ 252.674560][ T11] hsr_slave_1: left promiscuous mode [ 252.681126][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.690946][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.699991][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.707597][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 252.730800][ T11] veth1_vlan: left promiscuous mode [ 252.736733][ T11] veth0_vlan: left promiscuous mode [ 252.828429][ T11] pim6reg (unregistering): left allmulticast mode [ 253.152749][ T11] team0 (unregistering): Port device team_slave_1 removed [ 253.198422][ T11] team0 (unregistering): Port device team_slave_0 removed [ 253.752173][ T11] IPVS: stop unused estimator thread 0... [ 253.816781][ T11] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.827028][ T11] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.876128][ T11] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.886871][ T11] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.941934][ T11] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.951842][ T11] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.000842][ T11] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 254.010758][ T11] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.118553][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.202788][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.272496][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.338517][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.431047][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.521752][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.588392][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.671222][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.769948][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.847530][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.901718][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.944636][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.039548][ T11] bridge_slave_1: left allmulticast mode [ 255.046364][ T11] bridge_slave_1: left promiscuous mode [ 255.052071][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.062649][ T11] bridge_slave_0: left allmulticast mode [ 255.068492][ T11] bridge_slave_0: left promiscuous mode [ 255.074169][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.086243][ T11] bridge_slave_1: left allmulticast mode [ 255.091947][ T11] bridge_slave_1: left promiscuous mode [ 255.098581][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.107453][ T11] bridge_slave_0: left allmulticast mode [ 255.113109][ T11] bridge_slave_0: left promiscuous mode [ 255.119065][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.130353][ T11] bridge_slave_1: left allmulticast mode [ 255.136114][ T11] bridge_slave_1: left promiscuous mode [ 255.141882][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.146167][ T53] [ 255.151624][ T53] ============================= [ 255.156709][ T53] WARNING: suspicious RCU usage [ 255.161590][ T53] 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 Not tainted [ 255.168864][ T53] ----------------------------- [ 255.173757][ T53] net/sched/sch_generic.c:1290 suspicious rcu_dereference_protected() usage! [ 255.182643][ T53] [ 255.182643][ T53] other info that might help us debug this: [ 255.182643][ T53] [ 255.192941][ T53] [ 255.192941][ T53] rcu_scheduler_active = 2, debug_locks = 1 [ 255.201132][ T53] 3 locks held by kworker/u8:3/53: [ 255.206356][ T53] #0: ffff88807c941148 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 255.217623][ T53] #1: ffffc90000bd7d00 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 255.230660][ T53] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x174/0x3170 [ 255.240471][ T53] [ 255.240471][ T53] stack backtrace: [ 255.246451][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 255.257260][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 255.267336][ T53] Workqueue: bond0 bond_mii_monitor [ 255.272587][ T53] Call Trace: [ 255.275916][ T53] [ 255.278890][ T53] dump_stack_lvl+0x241/0x360 [ 255.283590][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.288814][ T53] ? __pfx__printk+0x10/0x10 [ 255.293431][ T53] lockdep_rcu_suspicious+0x226/0x340 [ 255.298995][ T53] dev_deactivate_queue+0x8f/0x160 [ 255.304214][ T53] dev_deactivate_many+0xc8/0xb10 [ 255.309265][ T53] dev_deactivate+0x184/0x280 [ 255.313966][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 255.319177][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 255.325174][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 255.331516][ T53] ? rfc2863_policy+0x1d7/0x300 [ 255.336396][ T53] linkwatch_do_dev+0x10a/0x170 [ 255.341262][ T53] ethtool_op_get_link+0x15/0x60 [ 255.346221][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 255.351872][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 255.357004][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 255.362676][ T53] bond_mii_monitor+0x49a/0x3170 [ 255.367645][ T53] ? __lock_acquire+0x1384/0x2050 [ 255.372687][ T53] ? bond_mii_monitor+0x174/0x3170 [ 255.377826][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 255.383228][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 255.388273][ T53] ? preempt_schedule+0xe1/0xf0 [ 255.393225][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 255.398611][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 255.404615][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 255.410974][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 255.416365][ T53] ? process_scheduled_works+0x976/0x1850 [ 255.422102][ T53] process_scheduled_works+0xa63/0x1850 [ 255.427687][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 255.433690][ T53] ? assign_work+0x364/0x3d0 [ 255.438300][ T53] worker_thread+0x870/0xd30 [ 255.442918][ T53] ? __kthread_parkme+0x169/0x1d0 [ 255.447971][ T53] ? __pfx_worker_thread+0x10/0x10 [ 255.453100][ T53] kthread+0x2f0/0x390 [ 255.457269][ T53] ? __pfx_worker_thread+0x10/0x10 [ 255.462432][ T53] ? __pfx_kthread+0x10/0x10 [ 255.467044][ T53] ret_from_fork+0x4b/0x80 [ 255.471481][ T53] ? __pfx_kthread+0x10/0x10 [ 255.476084][ T53] ret_from_fork_asm+0x1a/0x30 [ 255.480887][ T53] [ 255.485746][ T53] [ 255.488114][ T53] ============================= [ 255.492981][ T53] WARNING: suspicious RCU usage [ 255.497953][ T53] 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 Not tainted [ 255.505172][ T53] ----------------------------- [ 255.510049][ T53] include/linux/rtnetlink.h:100 suspicious rcu_dereference_protected() usage! [ 255.519012][ T53] [ 255.519012][ T53] other info that might help us debug this: [ 255.519012][ T53] [ 255.529302][ T53] [ 255.529302][ T53] rcu_scheduler_active = 2, debug_locks = 1 [ 255.537457][ T53] 3 locks held by kworker/u8:3/53: [ 255.542853][ T53] #0: ffff88807c941148 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 255.553989][ T53] #1: ffffc90000bd7d00 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 255.566982][ T53] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x174/0x3170 [ 255.576754][ T53] [ 255.576754][ T53] stack backtrace: [ 255.582658][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 255.593337][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 255.603401][ T53] Workqueue: bond0 bond_mii_monitor [ 255.608643][ T53] Call Trace: [ 255.611927][ T53] [ 255.614879][ T53] dump_stack_lvl+0x241/0x360 [ 255.619611][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.624838][ T53] ? __pfx__printk+0x10/0x10 [ 255.629465][ T53] lockdep_rcu_suspicious+0x226/0x340 [ 255.634861][ T53] dev_deactivate_many+0x18f/0xb10 [ 255.640008][ T53] dev_deactivate+0x184/0x280 [ 255.644711][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 255.649957][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 255.655867][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 255.662219][ T53] ? rfc2863_policy+0x1d7/0x300 [ 255.667081][ T53] linkwatch_do_dev+0x10a/0x170 [ 255.671955][ T53] ethtool_op_get_link+0x15/0x60 [ 255.676911][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 255.682588][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 255.687713][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 255.693366][ T53] bond_mii_monitor+0x49a/0x3170 [ 255.698335][ T53] ? __lock_acquire+0x1384/0x2050 [ 255.703393][ T53] ? bond_mii_monitor+0x174/0x3170 [ 255.708560][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 255.713951][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 255.719016][ T53] ? preempt_schedule+0xe1/0xf0 [ 255.723916][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 255.729305][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 255.735418][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 255.741799][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 255.747195][ T53] ? process_scheduled_works+0x976/0x1850 [ 255.752930][ T53] process_scheduled_works+0xa63/0x1850 [ 255.758533][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 255.764556][ T53] ? assign_work+0x364/0x3d0 [ 255.769167][ T53] worker_thread+0x870/0xd30 [ 255.773791][ T53] ? __kthread_parkme+0x169/0x1d0 [ 255.778846][ T53] ? __pfx_worker_thread+0x10/0x10 [ 255.783989][ T53] kthread+0x2f0/0x390 [ 255.788067][ T53] ? __pfx_worker_thread+0x10/0x10 [ 255.793235][ T53] ? __pfx_kthread+0x10/0x10 [ 255.797869][ T53] ret_from_fork+0x4b/0x80 [ 255.802327][ T53] ? __pfx_kthread+0x10/0x10 [ 255.806963][ T53] ret_from_fork_asm+0x1a/0x30 [ 255.811775][ T53] [ 255.818996][ T53] BUG: sleeping function called from invalid context at net/core/dev.c:11284 [ 255.827938][ T53] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 53, name: kworker/u8:3 [ 255.837253][ T53] preempt_count: 0, expected: 0 [ 255.842131][ T53] RCU nest depth: 1, expected: 0 [ 255.847127][ T53] 3 locks held by kworker/u8:3/53: [ 255.852247][ T53] #0: ffff88807c941148 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 255.863490][ T53] #1: ffffc90000bd7d00 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 255.876571][ T53] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x174/0x3170 [ 255.886347][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 255.897051][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 255.907380][ T53] Workqueue: bond0 bond_mii_monitor [ 255.912621][ T53] Call Trace: [ 255.915913][ T53] [ 255.918871][ T53] dump_stack_lvl+0x241/0x360 [ 255.923567][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.928776][ T53] ? __pfx__printk+0x10/0x10 [ 255.933408][ T53] __might_resched+0x5d4/0x780 [ 255.938275][ T53] ? dev_deactivate_many+0x25f/0xb10 [ 255.943586][ T53] ? __pfx___might_resched+0x10/0x10 [ 255.948900][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 255.954307][ T53] ? dev_deactivate_many+0x250/0xb10 [ 255.959625][ T53] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 255.965357][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 255.970568][ T53] synchronize_net+0x1b/0x50 [ 255.975167][ T53] dev_deactivate_many+0x4a7/0xb10 [ 255.980319][ T53] ? dev_deactivate_many+0x250/0xb10 [ 255.985616][ T53] dev_deactivate+0x184/0x280 [ 255.990302][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 255.995518][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 256.001486][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.007822][ T53] ? rfc2863_policy+0x1d7/0x300 [ 256.012679][ T53] linkwatch_do_dev+0x10a/0x170 [ 256.017536][ T53] ethtool_op_get_link+0x15/0x60 [ 256.022586][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 256.028229][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 256.033351][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 256.039010][ T53] bond_mii_monitor+0x49a/0x3170 [ 256.043966][ T53] ? __lock_acquire+0x1384/0x2050 [ 256.049021][ T53] ? bond_mii_monitor+0x174/0x3170 [ 256.054268][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 256.059683][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 256.064728][ T53] ? preempt_schedule+0xe1/0xf0 [ 256.069614][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 256.074989][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 256.080980][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 256.087379][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 256.092864][ T53] ? process_scheduled_works+0x976/0x1850 [ 256.098608][ T53] process_scheduled_works+0xa63/0x1850 [ 256.101366][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.104207][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 256.116701][ T53] ? assign_work+0x364/0x3d0 [ 256.121331][ T53] worker_thread+0x870/0xd30 [ 256.125946][ T53] ? __kthread_parkme+0x169/0x1d0 [ 256.130983][ T53] ? __pfx_worker_thread+0x10/0x10 [ 256.136103][ T53] kthread+0x2f0/0x390 [ 256.140190][ T53] ? __pfx_worker_thread+0x10/0x10 [ 256.145309][ T53] ? __pfx_kthread+0x10/0x10 [ 256.149992][ T53] ret_from_fork+0x4b/0x80 [ 256.154503][ T53] ? __pfx_kthread+0x10/0x10 [ 256.159094][ T53] ret_from_fork_asm+0x1a/0x30 [ 256.163876][ T53] [ 256.167704][ T53] [ 256.170064][ T53] ============================= [ 256.174978][ T53] WARNING: suspicious RCU usage [ 256.179866][ T53] 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 Tainted: G W [ 256.188529][ T53] ----------------------------- [ 256.193415][ T53] kernel/rcu/tree_exp.h:949 Illegal synchronize_rcu_expedited() in RCU read-side critical section! [ 256.204417][ T53] [ 256.204417][ T53] other info that might help us debug this: [ 256.204417][ T53] [ 256.214821][ T53] [ 256.214821][ T53] rcu_scheduler_active = 2, debug_locks = 1 [ 256.223029][ T53] 3 locks held by kworker/u8:3/53: [ 256.228252][ T53] #0: ffff88807c941148 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 256.239445][ T53] #1: ffffc90000bd7d00 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 256.252405][ T53] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x174/0x3170 [ 256.262191][ T53] [ 256.262191][ T53] stack backtrace: [ 256.268137][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G W 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 256.280482][ T53] Tainted: [W]=WARN [ 256.284285][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 256.294341][ T53] Workqueue: bond0 bond_mii_monitor [ 256.299580][ T53] Call Trace: [ 256.302872][ T53] [ 256.305821][ T53] dump_stack_lvl+0x241/0x360 [ 256.310510][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.315762][ T53] ? __pfx__printk+0x10/0x10 [ 256.320454][ T53] lockdep_rcu_suspicious+0x226/0x340 [ 256.325843][ T53] synchronize_rcu_expedited+0x12e/0x830 [ 256.331499][ T53] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 256.337678][ T53] ? add_taint+0x99/0xe0 [ 256.341944][ T53] ? __might_resched+0x5e0/0x780 [ 256.346907][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 256.352304][ T53] ? dev_deactivate_many+0x250/0xb10 [ 256.357609][ T53] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 256.363344][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 256.368598][ T53] dev_deactivate_many+0x4a7/0xb10 [ 256.373816][ T53] ? dev_deactivate_many+0x250/0xb10 [ 256.379125][ T53] dev_deactivate+0x184/0x280 [ 256.383828][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 256.389060][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 256.395055][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.401395][ T53] ? rfc2863_policy+0x1d7/0x300 [ 256.406264][ T53] linkwatch_do_dev+0x10a/0x170 [ 256.411127][ T53] ethtool_op_get_link+0x15/0x60 [ 256.416090][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 256.421784][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 256.426920][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 256.432670][ T53] bond_mii_monitor+0x49a/0x3170 [ 256.437639][ T53] ? __lock_acquire+0x1384/0x2050 [ 256.442693][ T53] ? bond_mii_monitor+0x174/0x3170 [ 256.447832][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 256.453372][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 256.458418][ T53] ? preempt_schedule+0xe1/0xf0 [ 256.463282][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 256.468666][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 256.474713][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 256.481107][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 256.486503][ T53] ? process_scheduled_works+0x976/0x1850 [ 256.492244][ T53] process_scheduled_works+0xa63/0x1850 [ 256.497827][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 256.503921][ T53] ? assign_work+0x364/0x3d0 [ 256.508533][ T53] worker_thread+0x870/0xd30 [ 256.513219][ T53] ? __kthread_parkme+0x169/0x1d0 [ 256.518305][ T53] ? __pfx_worker_thread+0x10/0x10 [ 256.523436][ T53] kthread+0x2f0/0x390 [ 256.527516][ T53] ? __pfx_worker_thread+0x10/0x10 [ 256.532645][ T53] ? __pfx_kthread+0x10/0x10 [ 256.537338][ T53] ret_from_fork+0x4b/0x80 [ 256.541803][ T53] ? __pfx_kthread+0x10/0x10 [ 256.546408][ T53] ret_from_fork_asm+0x1a/0x30 [ 256.551205][ T53] [ 256.561409][ T53] [ 256.563763][ T53] ============================= [ 256.568610][ T53] [ BUG: Invalid wait context ] [ 256.573455][ T53] 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 Tainted: G W [ 256.582053][ T53] ----------------------------- [ 256.587004][ T53] kworker/u8:3/53 is trying to lock: [ 256.592465][ T53] ffffffff8e93d338 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 256.602942][ T53] other info that might help us debug this: [ 256.608837][ T53] context-{4:4} [ 256.612298][ T53] 3 locks held by kworker/u8:3/53: [ 256.617440][ T53] #0: ffff88807c941148 ((wq_completion)bond0#3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 256.628611][ T53] #1: ffffc90000bd7d00 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 256.641594][ T53] #2: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x174/0x3170 [ 256.651279][ T53] stack backtrace: [ 256.655000][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G W 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 256.667244][ T53] Tainted: [W]=WARN [ 256.671047][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 256.681108][ T53] Workqueue: bond0 bond_mii_monitor [ 256.686374][ T53] Call Trace: [ 256.689655][ T53] [ 256.692589][ T53] dump_stack_lvl+0x241/0x360 [ 256.697283][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.702490][ T53] ? __pfx__printk+0x10/0x10 [ 256.707093][ T53] __lock_acquire+0x154a/0x2050 [ 256.711961][ T53] lock_acquire+0x1ed/0x550 [ 256.716476][ T53] ? synchronize_rcu_expedited+0x451/0x830 [ 256.722302][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 256.727425][ T53] ? __pfx___might_resched+0x10/0x10 [ 256.732729][ T53] __mutex_lock+0x136/0xd70 [ 256.737243][ T53] ? synchronize_rcu_expedited+0x451/0x830 [ 256.743075][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 256.748142][ T53] ? synchronize_rcu_expedited+0x414/0x830 [ 256.753966][ T53] ? synchronize_rcu_expedited+0x451/0x830 [ 256.759789][ T53] ? __pfx_lock_release+0x10/0x10 [ 256.764840][ T53] ? __pfx___mutex_lock+0x10/0x10 [ 256.769880][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 256.775097][ T53] synchronize_rcu_expedited+0x451/0x830 [ 256.780750][ T53] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 256.787004][ T53] ? add_taint+0x99/0xe0 [ 256.791250][ T53] ? __might_resched+0x5e0/0x780 [ 256.796221][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 256.801602][ T53] ? dev_deactivate_many+0x250/0xb10 [ 256.806895][ T53] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 256.812619][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 256.817842][ T53] dev_deactivate_many+0x4a7/0xb10 [ 256.822985][ T53] ? dev_deactivate_many+0x250/0xb10 [ 256.828283][ T53] dev_deactivate+0x184/0x280 [ 256.832976][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 256.838181][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 256.844095][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.850539][ T53] ? rfc2863_policy+0x1d7/0x300 [ 256.855410][ T53] linkwatch_do_dev+0x10a/0x170 [ 256.860274][ T53] ethtool_op_get_link+0x15/0x60 [ 256.865228][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 256.870964][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 256.876102][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 256.881846][ T53] bond_mii_monitor+0x49a/0x3170 [ 256.886810][ T53] ? __lock_acquire+0x1384/0x2050 [ 256.891878][ T53] ? bond_mii_monitor+0x174/0x3170 [ 256.897009][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 256.902488][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 256.907535][ T53] ? preempt_schedule+0xe1/0xf0 [ 256.912415][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 256.917794][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 256.923791][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 256.930140][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 256.935537][ T53] ? process_scheduled_works+0x976/0x1850 [ 256.941294][ T53] process_scheduled_works+0xa63/0x1850 [ 256.946879][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 256.952882][ T53] ? assign_work+0x364/0x3d0 [ 256.957496][ T53] worker_thread+0x870/0xd30 [ 256.962108][ T53] ? __kthread_parkme+0x169/0x1d0 [ 256.967174][ T53] ? __pfx_worker_thread+0x10/0x10 [ 256.972339][ T53] kthread+0x2f0/0x390 [ 256.976421][ T53] ? __pfx_worker_thread+0x10/0x10 [ 256.981544][ T53] ? __pfx_kthread+0x10/0x10 [ 256.986144][ T53] ret_from_fork+0x4b/0x80 [ 256.990581][ T53] ? __pfx_kthread+0x10/0x10 [ 256.995177][ T53] ret_from_fork_asm+0x1a/0x30 [ 256.999977][ T53] [ 257.003503][ T53] ------------[ cut here ]------------ [ 257.009000][ T53] Voluntary context switch within RCU read-side critical section! [ 257.009100][ T53] WARNING: CPU: 0 PID: 53 at kernel/rcu/tree_plugin.h:331 rcu_note_context_switch+0xcf4/0xff0 [ 257.027151][ T53] Modules linked in: [ 257.031059][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G W 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 257.043217][ T53] Tainted: [W]=WARN [ 257.047020][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 257.057168][ T53] Workqueue: bond0 bond_mii_monitor [ 257.062395][ T53] RIP: 0010:rcu_note_context_switch+0xcf4/0xff0 [ 257.068698][ T53] Code: 00 ba 02 00 00 00 e8 7b f8 fd ff 4c 8b b4 24 80 00 00 00 eb 91 c6 05 dd ec 89 0e 01 90 48 c7 c7 80 28 0c 8c e8 ad 29 da ff 90 <0f> 0b 90 90 e9 3b f4 ff ff 90 0f 0b 90 45 84 ed 0f 84 00 f4 ff ff [ 257.088348][ T53] RSP: 0018:ffffc90000bd6fa0 EFLAGS: 00010046 [ 257.094430][ T53] RAX: f41d79ac66c3d900 RBX: ffff888020eac044 RCX: ffff888020eabc00 [ 257.102413][ T53] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 257.110389][ T53] RBP: ffffc90000bd70f0 R08: ffffffff8155e222 R09: fffffbfff1cf9fd0 [ 257.118367][ T53] R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff888020eabc00 [ 257.126348][ T53] R13: 0000000000000000 R14: 1ffff9200017ae0c R15: dffffc0000000000 [ 257.134324][ T53] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 257.143260][ T53] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 257.149847][ T53] CR2: 000000110c3ad906 CR3: 000000000e734000 CR4: 00000000003526f0 [ 257.157923][ T53] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 257.165907][ T53] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 257.173892][ T53] Call Trace: [ 257.177193][ T53] [ 257.180129][ T53] ? __warn+0x168/0x4e0 [ 257.184297][ T53] ? rcu_note_context_switch+0xcf4/0xff0 [ 257.189948][ T53] ? report_bug+0x2b3/0x500 [ 257.194455][ T53] ? rcu_note_context_switch+0xcf4/0xff0 [ 257.200104][ T53] ? handle_bug+0x60/0x90 [ 257.204455][ T53] ? exc_invalid_op+0x1a/0x50 [ 257.209145][ T53] ? asm_exc_invalid_op+0x1a/0x20 [ 257.214188][ T53] ? __warn_printk+0x292/0x360 [ 257.218972][ T53] ? rcu_note_context_switch+0xcf4/0xff0 [ 257.224619][ T53] ? ret_from_fork_asm+0x1a/0x30 [ 257.229593][ T53] ? __printk_cpu_sync_put+0x67/0x80 [ 257.235010][ T53] ? dump_stack_lvl+0x301/0x360 [ 257.239874][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.245107][ T53] ? __pfx__printk+0x10/0x10 [ 257.249702][ T53] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 257.255694][ T53] ? rcu_is_watching+0x15/0xb0 [ 257.260463][ T53] __schedule+0x34b/0x4bd0 [ 257.264890][ T53] ? rcu_is_watching+0x15/0xb0 [ 257.269665][ T53] ? lock_acquire+0x264/0x550 [ 257.274355][ T53] ? __pfx___schedule+0x10/0x10 [ 257.279224][ T53] ? __mutex_trylock_common+0x92/0x2e0 [ 257.284695][ T53] ? __pfx___mutex_trylock_common+0x10/0x10 [ 257.290605][ T53] schedule+0x14b/0x320 [ 257.294853][ T53] schedule_preempt_disabled+0x13/0x30 [ 257.300402][ T53] __mutex_lock+0x391/0xd70 [ 257.304956][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 257.309995][ T53] ? synchronize_rcu_expedited+0x451/0x830 [ 257.315812][ T53] ? __pfx_lock_release+0x10/0x10 [ 257.320850][ T53] ? __pfx___mutex_lock+0x10/0x10 [ 257.325884][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 257.331099][ T53] synchronize_rcu_expedited+0x451/0x830 [ 257.336868][ T53] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 257.343032][ T53] ? add_taint+0x99/0xe0 [ 257.347367][ T53] ? __might_resched+0x5e0/0x780 [ 257.352324][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 257.357704][ T53] ? dev_deactivate_many+0x250/0xb10 [ 257.362998][ T53] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 257.368730][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 257.373949][ T53] dev_deactivate_many+0x4a7/0xb10 [ 257.379118][ T53] ? dev_deactivate_many+0x250/0xb10 [ 257.384417][ T53] dev_deactivate+0x184/0x280 [ 257.389108][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 257.394318][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 257.400312][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.406771][ T53] ? rfc2863_policy+0x1d7/0x300 [ 257.411634][ T53] linkwatch_do_dev+0x10a/0x170 [ 257.416517][ T53] ethtool_op_get_link+0x15/0x60 [ 257.421472][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 257.427125][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 257.432338][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 257.437989][ T53] bond_mii_monitor+0x49a/0x3170 [ 257.442943][ T53] ? __lock_acquire+0x1384/0x2050 [ 257.447978][ T53] ? bond_mii_monitor+0x174/0x3170 [ 257.453104][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 257.458496][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 257.463616][ T53] ? preempt_schedule+0xe1/0xf0 [ 257.468475][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 257.473850][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 257.480105][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 257.486447][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 257.491824][ T53] ? process_scheduled_works+0x976/0x1850 [ 257.497553][ T53] process_scheduled_works+0xa63/0x1850 [ 257.503123][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 257.509118][ T53] ? assign_work+0x364/0x3d0 [ 257.513721][ T53] worker_thread+0x870/0xd30 [ 257.518330][ T53] ? __kthread_parkme+0x169/0x1d0 [ 257.523366][ T53] ? __pfx_worker_thread+0x10/0x10 [ 257.528488][ T53] kthread+0x2f0/0x390 [ 257.532560][ T53] ? __pfx_worker_thread+0x10/0x10 [ 257.537683][ T53] ? __pfx_kthread+0x10/0x10 [ 257.542274][ T53] ret_from_fork+0x4b/0x80 [ 257.546706][ T53] ? __pfx_kthread+0x10/0x10 [ 257.551303][ T53] ret_from_fork_asm+0x1a/0x30 [ 257.556099][ T53] [ 257.559120][ T53] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 257.566401][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Tainted: G W 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 257.578570][ T53] Tainted: [W]=WARN [ 257.582379][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 257.592474][ T53] Workqueue: bond0 bond_mii_monitor [ 257.597712][ T53] Call Trace: [ 257.601088][ T53] [ 257.604030][ T53] dump_stack_lvl+0x241/0x360 [ 257.608728][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.613939][ T53] ? __pfx__printk+0x10/0x10 [ 257.618546][ T53] ? vscnprintf+0x5d/0x90 [ 257.622890][ T53] panic+0x349/0x880 [ 257.626796][ T53] ? __warn+0x177/0x4e0 [ 257.630961][ T53] ? __pfx_panic+0x10/0x10 [ 257.635587][ T53] ? ret_from_fork_asm+0x1a/0x30 [ 257.640561][ T53] __warn+0x34b/0x4e0 [ 257.644571][ T53] ? rcu_note_context_switch+0xcf4/0xff0 [ 257.650218][ T53] report_bug+0x2b3/0x500 [ 257.654556][ T53] ? rcu_note_context_switch+0xcf4/0xff0 [ 257.660205][ T53] handle_bug+0x60/0x90 [ 257.664373][ T53] exc_invalid_op+0x1a/0x50 [ 257.668892][ T53] asm_exc_invalid_op+0x1a/0x20 [ 257.673752][ T53] RIP: 0010:rcu_note_context_switch+0xcf4/0xff0 [ 257.680005][ T53] Code: 00 ba 02 00 00 00 e8 7b f8 fd ff 4c 8b b4 24 80 00 00 00 eb 91 c6 05 dd ec 89 0e 01 90 48 c7 c7 80 28 0c 8c e8 ad 29 da ff 90 <0f> 0b 90 90 e9 3b f4 ff ff 90 0f 0b 90 45 84 ed 0f 84 00 f4 ff ff [ 257.699629][ T53] RSP: 0018:ffffc90000bd6fa0 EFLAGS: 00010046 [ 257.705717][ T53] RAX: f41d79ac66c3d900 RBX: ffff888020eac044 RCX: ffff888020eabc00 [ 257.713738][ T53] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 257.721724][ T53] RBP: ffffc90000bd70f0 R08: ffffffff8155e222 R09: fffffbfff1cf9fd0 [ 257.729710][ T53] R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff888020eabc00 [ 257.737692][ T53] R13: 0000000000000000 R14: 1ffff9200017ae0c R15: dffffc0000000000 [ 257.745681][ T53] ? __warn_printk+0x292/0x360 [ 257.750506][ T53] ? ret_from_fork_asm+0x1a/0x30 [ 257.755458][ T53] ? __printk_cpu_sync_put+0x67/0x80 [ 257.760755][ T53] ? dump_stack_lvl+0x301/0x360 [ 257.765620][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.770827][ T53] ? __pfx__printk+0x10/0x10 [ 257.775425][ T53] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 257.781448][ T53] ? rcu_is_watching+0x15/0xb0 [ 257.786220][ T53] __schedule+0x34b/0x4bd0 [ 257.790641][ T53] ? rcu_is_watching+0x15/0xb0 [ 257.795416][ T53] ? lock_acquire+0x264/0x550 [ 257.800104][ T53] ? __pfx___schedule+0x10/0x10 [ 257.804966][ T53] ? __mutex_trylock_common+0x92/0x2e0 [ 257.810439][ T53] ? __pfx___mutex_trylock_common+0x10/0x10 [ 257.816341][ T53] schedule+0x14b/0x320 [ 257.820506][ T53] schedule_preempt_disabled+0x13/0x30 [ 257.825984][ T53] __mutex_lock+0x391/0xd70 [ 257.830520][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 257.835562][ T53] ? synchronize_rcu_expedited+0x451/0x830 [ 257.841377][ T53] ? __pfx_lock_release+0x10/0x10 [ 257.846414][ T53] ? __pfx___mutex_lock+0x10/0x10 [ 257.851449][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 257.856669][ T53] synchronize_rcu_expedited+0x451/0x830 [ 257.862311][ T53] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 257.868504][ T53] ? add_taint+0x99/0xe0 [ 257.872752][ T53] ? __might_resched+0x5e0/0x780 [ 257.877707][ T53] ? __local_bh_enable_ip+0x168/0x200 [ 257.883087][ T53] ? dev_deactivate_many+0x250/0xb10 [ 257.888477][ T53] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 257.894228][ T53] ? do_raw_spin_unlock+0x13c/0x8b0 [ 257.899470][ T53] dev_deactivate_many+0x4a7/0xb10 [ 257.904603][ T53] ? dev_deactivate_many+0x250/0xb10 [ 257.909913][ T53] dev_deactivate+0x184/0x280 [ 257.914610][ T53] ? __pfx_dev_deactivate+0x10/0x10 [ 257.919851][ T53] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 257.925842][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.932193][ T53] ? rfc2863_policy+0x1d7/0x300 [ 257.937052][ T53] linkwatch_do_dev+0x10a/0x170 [ 257.941913][ T53] ethtool_op_get_link+0x15/0x60 [ 257.946867][ T53] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 257.952511][ T53] bond_check_dev_link+0x1f1/0x3f0 [ 257.957729][ T53] ? __pfx_bond_check_dev_link+0x10/0x10 [ 257.963384][ T53] bond_mii_monitor+0x49a/0x3170 [ 257.968598][ T53] ? __lock_acquire+0x1384/0x2050 [ 257.973633][ T53] ? bond_mii_monitor+0x174/0x3170 [ 257.978764][ T53] ? __pfx_bond_mii_monitor+0x10/0x10 [ 257.984163][ T53] ? __pfx_lock_acquire+0x10/0x10 [ 257.989201][ T53] ? preempt_schedule+0xe1/0xf0 [ 257.994059][ T53] ? __pfx_preempt_schedule+0x10/0x10 [ 257.999447][ T53] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 258.005441][ T53] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 258.011781][ T53] ? preempt_schedule_thunk+0x1a/0x30 [ 258.017161][ T53] ? process_scheduled_works+0x976/0x1850 [ 258.022892][ T53] process_scheduled_works+0xa63/0x1850 [ 258.028466][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 258.034460][ T53] ? assign_work+0x364/0x3d0 [ 258.039061][ T53] worker_thread+0x870/0xd30 [ 258.043670][ T53] ? __kthread_parkme+0x169/0x1d0 [ 258.048712][ T53] ? __pfx_worker_thread+0x10/0x10 [ 258.053837][ T53] kthread+0x2f0/0x390 [ 258.057913][ T53] ? __pfx_worker_thread+0x10/0x10 [ 258.063051][ T53] ? __pfx_kthread+0x10/0x10 [ 258.067653][ T53] ret_from_fork+0x4b/0x80 [ 258.072084][ T53] ? __pfx_kthread+0x10/0x10 [ 258.076678][ T53] ret_from_fork_asm+0x1a/0x30 [ 258.081574][ T53] [ 258.084928][ T53] Kernel Offset: disabled [ 258.089288][ T53] Rebooting in 86400 seconds..