last executing test programs: 46.663679634s ago: executing program 2 (id=23): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000e00)='/sys/kernel/crash_elfcorehdr_size', 0x0, 0x0) read(r0, &(0x7f00000003c0)=""/118, 0x76) syz_emit_ethernet(0x219, &(0x7f0000000780)={@local, @empty, @val={@val={0x88a8, 0x1, 0x1, 0x1}, {0x8100, 0x1, 0x1, 0x3}}, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x1db, 0x67, 0x0, @dev, @private1={0xfc, 0x1, '\x00', 0x1}, {[@fragment={0x21, 0x0, 0x0, 0x0, 0x0, 0x1f}, @hopopts={0x3c, 0x2f, '\x00', [@pad1, @hao={0xc9, 0x10, @private2}, @generic={0x27, 0x23, "4ef7c3c086b2eb52831b730a2622e1c63387f10400137aad05c676daa04551aea583d6"}, @jumbo, @generic={0x68, 0x82, "35d08e78c7faf33c74de67a607ed27a38f6f79136e7d209fdd2d1ae5cfae154905236256feb677981ac19a350e0087388beffe6a51ca91d049adef2c296c607faafb67bd2bfe1cabba26f54960d8120dfc1a38cb3abe00eb2befee3599a8f3b067e804e6339ea57d7c0feb0324432f76c2d716f32b0d6f7671e9284d4ba3ca27f590"}, @enc_lim={0x4, 0x1, 0x87}, @generic={0x6, 0xb2, "aae202754ba9485e72abb946cc97387f3043c6b006a8eaf9142721d2007deba1e64d4cb63693c37d52ac00d6904b526c0c0b767d47a67f25c7b8b57c0b3389755a1c6fd41a1175255c651e6f49717a24bd44b9c935b94915a8f19c354c8ebf4233c1878bcc1feff6fdffa15ba5128c86cdea27beb830f064e7e9034fca4e2fc47d68e0cfb4d9d3ea531a8a808b2786cfeb4df80360b74631a9a8ee691d271575e6d6b7bc28d222f43b3d79e59e59d4951bb4"}]}], "d33ece78eaf575d68f21e803f559c6ff3baff862985b4418f360159e1d6f1c38bb476c8c7d865ec6b5773aba4bfa79b7633791ce77b29ed60b82cfba6e1806ce3d32ad0ddec659781c5cb9"}}}}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)={0x44, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}]}]}, 0x44}}, 0x0) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000640), r2) sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x68, r4, 0x0, 0x70bd28, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xb}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xfa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x4000) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000000c0)={'wg2\x00'}) setsockopt(r1, 0x84, 0x14, &(0x7f00000001c0)="020000000980ffff", 0x8) unshare(0x20000400) r5 = socket$inet_tcp(0x2, 0x1, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000200)="91ca12", 0x3}], 0x1, 0x9, 0x0, 0x4) setsockopt$IP_VS_SO_SET_DELDEST(r5, 0x6, 0x9, &(0x7f0000000200)={{0x1, @local, 0xfffe, 0x1, 'lc\x00', 0x16}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4, 0x0, 0x0, 0x400}}, 0x44) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYRES16=r1], 0x0) ioctl$sock_netdev_private(r1, 0x89f4, &(0x7f0000000040)="65215adc7345c363486c6e9dd313923e442cd0b7853d14f6fb53fc99a28ff82bd3568c4d7b810254b3f70e35fd23b943b25beccb6c43ca0d0745407f1334690d9a4619d8de9412d5a7d36d8ed03fa7") syz_usb_control_io$hid(r6, 0x0, 0x0) unshare(0x20000400) r7 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000010c0)=[{{&(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20004804}}], 0x1, 0x0) r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r9, r9, r9}, 0xffffffffffffffff, 0xfe, 0x0) r10 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) r11 = dup(r10) syz_kvm_setup_cpu$x86(r11, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000ac0)=[@textreal={0x8, 0x0}], 0x1, 0x23, 0x0, 0x0) ioctl$IOCTL_GET_NUM_DEVICES(r11, 0x40046104, &(0x7f0000000000)) splice(r7, &(0x7f0000000040), r8, 0x0, 0x808, 0x0) syz_usb_control_io$printer(r6, &(0x7f0000000140)={0x14, &(0x7f0000000100)={0x40, 0xe, 0xc, {0xc, 0xc, "0c1d123efbbad1c2dfe0"}}, &(0x7f0000000200)={0x0, 0x3, 0x99, @string={0x99, 0x3, "0d5ee869022cfa63cb846cf886215e56820da4bdef5ac6704cfebdeffa79f5cc00c6e4979025312834accd5f52cc6efb638056a75cb3e1e2e2e328174bfdaf8a8c8d83a2301c7c2937f00380396023d133882f69256b73ad0923c555936ba1e6a38eaa4929f119403ffdb5a0b0959a93100e27d64be0847d36a531cd5cd9dbe0bdd1d29e24dd65866d45d548b6ee67a399daaf47cc5737"}}}, &(0x7f0000000500)={0x34, &(0x7f00000002c0)={0x0, 0xd, 0xa1, "b9dd376f6836fc22032829860d7029663e1e0e9e18f135a395de0c0f635dde1ca1624782828d85511d05418158323b34ee447e6d88a363d898fa8e1444117741489db8b32a18434e82954c6d87ab46d49b271a091903659c36cfaa3f36ecde25856b94759587552aa0a49bbc1d456c62d6e14b44431663ccc5165d9523c1d73c8f67a48380838e62246f654fb784717935af82d12669f35811596ec1ad957fdc30"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000440)={0x20, 0x0, 0x17, {0x15, "61d3661a33ff0c9d3f0c70e70a0ee842a9a9bf975b"}}, &(0x7f0000000480)={0x20, 0x1, 0x1, 0x3}, &(0x7f00000004c0)={0x20, 0x0, 0x1, 0x5}}) 43.580626639s ago: executing program 2 (id=33): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r2, 0x0) accept4(r2, 0x0, 0x0, 0x0) mmap(&(0x7f0000275000/0x2000)=nil, 0x2000, 0xb, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 42.61049997s ago: executing program 2 (id=38): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009b02"]) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x88}, {0x0, 0x0, 0x9, 0x0, 0xb, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1b0000005500e95f25bd7000fedbdf2507000000", @ANYRES32=0x0, @ANYBLOB="d9360100", @ANYRES32=0x0, @ANYBLOB="0100feffac1414bb00000000000000000000000086dd0000"], 0x38}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x240, 0x0) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000000440)={0x2, 0x0, [{0x6000, 0xea, &(0x7f00000002c0)=""/234}, {0x8080000, 0x4b, &(0x7f00000003c0)=""/75}]}) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r9 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r7, &(0x7f00000000c0)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x20}, @ipv4=@udp={{0x9, 0x4, 0x3, 0x26, 0x88, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x10, 0x1c, 0x0, 0x5, [0x1, 0x4, 0x4]}]}}, {0x4e20, 0x4e21, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x1, "cc9076053333c98aab3d501bf817920a8da263c567a486ff0a1b2e8f78165e39", "7d591a13c426e5901e02555e5cf04d15", {"85a15e4078ad604dbe515d00", "90701aad8601dc8a67b8332ccc4f325c"}}}}}, 0x96) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000001a000100000000000000000002000000000000000000000008000100e000000108000300", @ANYRES8=r6], 0x34}}, 0x20000000) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_DESTROY(r10, 0x5502) 42.035072183s ago: executing program 1 (id=41): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000500)={0x20, 0x28, 0x91, {0x91, 0xb, "47a468c1fb56fd4a2625992afe97504bcb6b685b4f6e6c78f94b6e7e15aec50cfa73cddc359cbc4e039f625e7a8b4b60bd7e133686295846aad809943d13831620a24c60b6cf12f3158c6d871fa5d060b51f958f44b6ae6231167a3dcaf43957d885ff3778afbacbf8cf53c2e53a864871662a263632db064579ab9fb17887f6b94480c087981fcb54ae1d249a8e0d"}}, 0x0}, 0x0) 41.920018278s ago: executing program 2 (id=43): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) (fail_nth: 2) syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004300), 0x2000, &(0x7f0000006300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000063c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 40.815051875s ago: executing program 2 (id=45): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) fcntl$getownex(r0, 0x10, &(0x7f0000000480)={0x0, 0x0}) r2 = syz_clone3(&(0x7f0000002840)={0x8000, &(0x7f00000016c0), &(0x7f0000001700), &(0x7f0000001740), {0x3e}, &(0x7f0000001780)=""/4096, 0x1000, &(0x7f0000002780)=""/126, &(0x7f0000002800)=[0x0, 0x0], 0x2}, 0x58) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = getpid() kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r5 = getpid() sched_setscheduler(r5, 0x2, 0x0) r6 = openat$cgroup(0xffffffffffffffff, &(0x7f0000002900)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f0000002940)={0xb86055adaa82d761, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0), {0x19}, &(0x7f00000006c0)=""/4096, 0x1000, &(0x7f0000000400)=""/87, &(0x7f00000028c0)=[0x0, r1, r2, r4, r5], 0x5, {r6}}, 0x58) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f0000000040)={r8, 0x200, 0xe0, "2b7cb92a12bb2d076818064da8346fec0e9aef65011ff4790301e15d62e6e71e34b69d08f1b69a552514e8032588fd08dd4eeaa5c44d6497d4cd804a8d5d1f8bc5ed08d1d67fd75b09555a6bd5272d43902758a149098f2fd001547899b1240b34d5a0a5b0ff20d5906445890203e5c460f5fd4da47e8de78d5ea3110ea80c42c4a83e310e6ac9cba0277cdf1e2cdac7945f20dd38136652aeb9548e685010586b7f5af019564d8a02fff28a4d6c2b75821db764254fa83092c9443b070ce9323e8db7475d23f096c5d548bfe9baac64f66e45e8132ccac674db56ce67a9baaf"}, 0xe8) getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) r10 = msgget$private(0x0, 0x29) msgrcv(r10, 0x0, 0x0, 0x2, 0x3000) msgsnd(r10, &(0x7f00000029c0)={0x3, "f672785716859f1a8494dd8daa61b4acf85bf155cd6ff0b649ac516ab110158be34c3fd1b10e17bec3494f42e57c51f6d14b41a9a7188b54fc44f9eaca6159606bb2d36765a710217c098d33b1d0981787a6992d632232fe31bddf039436459cc050db659071c7f039a1f8a4d48a7432501ca06f1511009c4de4b69589b0b1a757135264c24657cd18d034d40ed255386d584e94ba9c75f5f8ac167478dc242f0f47724e5c42acc1cb29907beb6a2b71799908279693d1f9125abf78f902ba85ab9bbbbcd146322ae0ef236c32812fe0baf454cd1852add34b994e13aa5482038325fc507edcf2d61f0456edae0a5854"}, 0xf8, 0x800) msgctl$MSG_STAT(r10, 0xb, &(0x7f00000005c0)=""/198) msgsnd(r10, &(0x7f0000000180)={0x2, "3d46b1306832ae3329ccbe6eefc7a9f808b61b0779a6d9cf176f1f7d64c5e216383594df8e95ddf6660c8096601fcd8161e25edecc7cb69d046092729af2e643155e095e1833d875400a801f3e5122fe38d5227379c160baf82e91268c01e3eff6c32155883734e92c69062d252b7e1b996f5babbc116c70de613654b970b2af606203928808d7262fa656782b01aff0e685c9c9de4ba1f0534ecac70796018e9dedfb980c32aabd581f9643822b28ed96604bf655530d68b7511add141eb511cae2f2"}, 0xcb, 0x800) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000300)={r9, 0xfff8}, 0x8) r11 = socket(0x2, 0x80805, 0x0) setsockopt$inet_msfilter(r11, 0x0, 0x29, &(0x7f0000000140)={@remote, @rand_addr=0x64010100, 0x1, 0x3, [@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, @multicast2]}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r11, 0x84, 0xf, &(0x7f0000000500)={r8, @in6={{0xa, 0x4e22, 0x1, @empty, 0x9}}, 0x5, 0x8, 0x3c4, 0x6, 0x4}, 0xfffffffffffffffe) sendmmsg$inet_sctp(r11, &(0x7f00000003c0), 0x0, 0x14081) 40.385974964s ago: executing program 2 (id=47): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000080), 0x2, 0x2) ioctl$KVM_RUN(r3, 0xae80, 0x0) 39.908517633s ago: executing program 32 (id=47): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000080), 0x2, 0x2) ioctl$KVM_RUN(r3, 0xae80, 0x0) 39.893017343s ago: executing program 1 (id=50): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf090000000000004509010000000000ac000000000000003e9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect(0x2, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff03007e002afe542bed1558c8cafd371f46feb5206cff1bb6e77fc044700d75cda0ba7689dc2b5435f06cc8d46cc0ada11d8f509f0f97b4c5ca06b991a0356ef219a97cca763cec69b7167a3d1a96fec4a80a529c"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) close_range(r0, 0xffffffffffffffff, 0x0) 37.195150941s ago: executing program 1 (id=57): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x11, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000280)=ANY=[@ANYRES8=r1, @ANYRES8=r1, @ANYBLOB="47dd6680c53d330f7d3abd52c5c1568c9fff18f84e86d5d12e34ff0d4b75574471672559a944b94b8fe3fe10e1939ae729ee95c5b5f783782ac0368a3d936d12d39fde67a6a9a6b16109a5929a1da32e920f23cd48d28279085e1a7d6aac8637695add7317a79d613de585c168808b0e926c56ca313b4795a43df508d3d95f6ecb62ff49e020adb1ad30806473d0cf7c02f57768cc796bb148d25f8aafdc0b40f511b1f116f9", @ANYRESDEC=r2], 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x2, 0xfffffffc) dup(0xffffffffffffffff) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xd) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x169802, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x22e442, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1, 0x1}, 0x8) write$rfkill(r4, &(0x7f0000000240)={0x9, 0x4, 0x0, 0x1, 0x4}, 0x8) r5 = dup(r3) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet6(r1, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0) read$FUSE(r5, &(0x7f0000003080)={0x2020}, 0xfffffda3) socket(0x2b, 0x1, 0x1) 32.957762816s ago: executing program 1 (id=66): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}}) statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x800, 0x0) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f0000002300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x401, {0xfffffffffffffffe, 0x7, 0x0, '\x00', {0x4000, 0x1, 0x101, 0x4a300, r2, r3, 0x8000, '\x00', 0x3, 0x4, 0x497, 0x2, {0x8003, 0x8}, {0x6, 0x3}, {0x0, 0xd651}, {0x4000000000002, 0x9}, 0x8000, 0xa, 0xfffffffe, 0x6}}}}) write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x22000100}}, 0x50) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a00000000000000ff000000b7080000000000007baaf8ff00000000b5080200000000007b8af0ff00000000bf8100000000000007010000a8d5b100bfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000000c0000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x3, 0x10, &(0x7f0000001e00)=""/4087, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 32.673248692s ago: executing program 1 (id=67): syz_emit_ethernet(0x42, &(0x7f0000000100)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@timestamp_addr={0x44, 0xc, 0x6, 0x1, 0x0, [{@multicast1}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 32.102711651s ago: executing program 1 (id=70): syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="f700000042ad0902120001000800200904"], 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'veth0_to_bond\x00', 0x2}) write$tun(r0, &(0x7f0000000040)=ANY=[], 0x44) 31.569849513s ago: executing program 33 (id=70): syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="f700000042ad0902120001000800200904"], 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'veth0_to_bond\x00', 0x2}) write$tun(r0, &(0x7f0000000040)=ANY=[], 0x44) 27.821096367s ago: executing program 0 (id=82): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000090900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a300000000028000480240001800a0001007175657565000000140002800600014000020000060003400001000014000000110001"], 0xd8}}, 0x4000040) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) r2 = dup(r1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x6a0ffff, 0x0, &(0x7f0000000040)={0x0, 0xc, 0xffff, 0x0, 0xffff}, 0x8, 0x5fe, 0xfff, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000001070311000000000000000007000003140007"], 0x28}, 0x1, 0x0, 0x0, 0x4048054}, 0x800) preadv2(r3, &(0x7f0000000380)=[{&(0x7f0000000300)=""/103, 0x67}], 0x1, 0x5, 0x101, 0x1) 27.509125961s ago: executing program 0 (id=84): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 27.359414792s ago: executing program 0 (id=85): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (fail_nth: 3) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f00000000c0)=0x8080000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x88800, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 26.520949328s ago: executing program 0 (id=90): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x301243, 0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_io_uring_setup(0x64b7, &(0x7f00000002c0)={0x0, 0x4533, 0x11500, 0x0, 0x2b1, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f0000000340)=0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) pipe(&(0x7f0000001240)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r7, 0xffffffffffffffff, 0x0, 0x24) write$binfmt_elf64(r0, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x6, 0x1, 0x3, 0x6, 0x0, 0x3, 0x40, 0x198, 0x0, 0x3, 0x38, 0x0, 0x0, 0x2}}, 0x40) close(r6) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r8}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@allow_other}]}}, 0x0, 0x0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0) 25.57172677s ago: executing program 0 (id=91): socket$inet_icmp_raw(0x2, 0x3, 0x1) getpid() r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="10000000000000000083873da6a4641fb4fc0a79000000070000001c000000000000000000080000008bf84615e59f8adb22d6a5e53bae79fe91d0"], 0x30}}], 0x1, 0x20048045) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e1f, @remote}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x1, 0x0, @multicast1, @private=0xac1414bb}, "00186371ae9b1c03"}}}}}, 0x0) 25.023416912s ago: executing program 0 (id=93): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 24.751971324s ago: executing program 34 (id=93): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 6.822585095s ago: executing program 6 (id=186): socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x18, 0x2b, 0x0, @private2, @local, {[@routing={0x1, 0x0, 0x2, 0x8}], {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x1, 0x100, @val=0x44d99a5b0a9b4c9b}}}}}}}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r1, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 6.582968739s ago: executing program 6 (id=188): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r4, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x8d, 0x0, 0x0, r3, 0x0}]) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r5, 0x84, 0x79, &(0x7f0000000040)={r1, 0x7ce, 0x80}, 0x8) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = eventfd(0x2) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000100)={r8, 0xfffffffe, 0x2, r8}) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000180)={r8, 0xfffffffe}) r9 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) r10 = fsopen(&(0x7f00000002c0)='jfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000280)='source', &(0x7f0000000500)='#mS\xb2j\xcb\xa18:.)\xc7\x84Yt\xad\xdc\xff\xd7\xf1\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xf1\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d>\xca\xb1\xbe\'\xc1\x8e7\xcb\x99\xc0\x0e\xbe\xcfpnx\x15\xf9&6\x90\x14h\xdd\b|5\xf26\xba\x03\xb6j\xd8\x82v/\xf8I\xa1%b\n\t/\xd9M\xd4:$y$}\xe0HZ\a\x02u\x86G\x9e\xbf\xa7Y?\x05\x00\xda\x96&\xc5\xab\x03\xdc\xb0\xd1j1\x1f&\x1ep\xe3-\\W\x89U\x89\x98\xffn9\x99d\xeb\f\xd9\xd0\xbd\x81f\xca%\t\x87\xfe\xa8\xab\xff]/\xfaPN\aQ{\x8a\x8b', 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB="180000005600230d000000000000000007"], 0x18}}, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), r9) 5.516541219s ago: executing program 4 (id=193): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x44, 0x16, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x18, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x5}]}]}], {0x14, 0x10}}, 0xc4}, 0x1, 0x0, 0x0, 0x804}, 0x40040) r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') execveat$binfmt(0xffffffffffffff9c, r1, &(0x7f0000000080), &(0x7f00000000c0), 0x0) r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff) close(r2) execveat$binfmt(0xffffffffffffff9c, r1, &(0x7f0000000100), &(0x7f0000000140), 0x0) r3 = openat$binfmt(0xffffffffffffff9c, r1, 0x2, 0x0) write(r3, &(0x7f0000000180)="01010101", 0x4) close(r3) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SNDCTL_SYNTH_INFO(r4, 0xc08c5102, &(0x7f00000001c0)={"72aff75adb43e03ef79eb64112049537b2bb02544fa16385edfd65925ca6", 0x2, 0x1, 0x401, 0x401, 0x4, 0x3, 0x2, 0x4, [0x2, 0x4, 0xc, 0x7, 0x8a4, 0x7, 0xffffffff, 0xff000000, 0x3ff, 0x6, 0xfd, 0x2, 0x9, 0x6, 0x8, 0x6, 0x9, 0x6956, 0x5]}) execveat$binfmt(0xffffffffffffff9c, r1, &(0x7f00000001c0), &(0x7f0000000200), 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) close(r5) execveat$binfmt(0xffffffffffffff9c, r1, &(0x7f00000003c0), &(0x7f00000002c0), 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff) execveat$binfmt(0xffffffffffffff9c, r1, &(0x7f0000000340), &(0x7f0000000380), 0x0) 5.373661521s ago: executing program 6 (id=195): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0xf6, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r0, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r1, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0) 5.362501209s ago: executing program 7 (id=196): fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet(0x2, 0x3, 0x2) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) flistxattr(r2, &(0x7f00000000c0)=""/107, 0x6b) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SNDCTL_FM_4OP_ENABLE(r1, 0x4004510f, &(0x7f0000000140)=0x10000) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1}}], 0x1, 0x0) 4.847733686s ago: executing program 5 (id=197): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x17}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_FLAGS={0x8}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x850}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x8}, @in=@initdev={0xac, 0x1e, 0x10, 0x0}, 0x0, 0x4000, 0x0, 0x8004, 0xa, 0x0, 0x0, 0x32, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010100, 0x4d2, 0x3c}, @in6=@dev={0xfe, 0x80, '\x00', 0x17}, {0x326, 0x0, 0x0, 0x0, 0xfff, 0xfffffffffffffffc, 0xffffffffffffffff}, {0x0, 0x0, 0x4000000000000001, 0x800}, {0x8c, 0x7, 0x4}, 0x70bd29, 0x2, 0xa, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 4.847490094s ago: executing program 7 (id=198): socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x18, 0x2b, 0x0, @private2, @local, {[@routing={0x1, 0x0, 0x2, 0x8}], {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x1, 0x100, @val=0x44d99a5b0a9b4c9b}}}}}}}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r1, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 4.844823454s ago: executing program 4 (id=199): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) 4.630757527s ago: executing program 7 (id=201): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) socket$pppl2tp(0x18, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0x4}, 0x0) getpid() mknodat$loop(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8, 0x0) setns(0xffffffffffffffff, 0x8020000) open_tree(0xffffffffffffff9c, 0x0, 0x9801) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0x120, 0x11, 0x148, 0x120, 0x0, 0x220, 0x2a8, 0x2a8, 0x220, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x6, 0x9, 0x2], 0x5}, {0xffffffffffffffff, [0x0, 0x0, 0x6, 0x6]}}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00', {0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) syz_open_dev$evdev(&(0x7f00000000c0), 0x20000000000, 0x822b01) r4 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 4.630412363s ago: executing program 6 (id=202): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = getpid() r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGSKNS(r2, 0x894c, 0x0) syz_usb_connect$uac1(0x2, 0xc2, &(0x7f0000000200)=ANY=[@ANYBLOB="12010003090000406b1d01014000010203010902b00003010e10040904000000010100000a24010100050201020c24070510b5c6a1cfd29608090401000001020000090401010101020000072401090600000c240201fe02090404d875b1082402011004060c0905010910005209060725010008ff01090402000001020000090402010101020000072401010801000d24020104020501ceb739b26b0724012b8a05000724010900071008240201000208a209058209fc"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) r3 = syz_pidfd_open(r1, 0x0) setns(r3, 0x24020000) r4 = syz_clone3(&(0x7f00000008c0)={0x15340180, 0x0, 0x0, 0x0, {0x200}, 0x0, 0x0, 0x0, 0x0}, 0x58) sched_setaffinity(r4, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000038c0), 0x800) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r8, 0xc0145401, &(0x7f0000003900)={0x2, 0x3, 0x4, 0x0, 0x1}) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r9, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x20001, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r9, 0x40a85321, &(0x7f00000004c0)={{0x80, 0xfc}, 'port1\x00', 0x0, 0x120000, 0x4093, 0x8, 0x20000, 0xfffffffc, 0xffffffff, 0x0, 0x5}) connect$can_bcm(r6, &(0x7f00000000c0)={0x1d, r7}, 0x10) sendmsg$can_bcm(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000002c0)=ANY=[], 0x48}}, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) 4.538925232s ago: executing program 4 (id=203): ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0xf0, 0x4b0, 0xbbba, 0x80, 0xd968d5b908ac0cdc, 0x0, {0x1, 0x0, 0x1}, {}, {0xfffffffd, 0x0, 0x8000000}, {0x0, 0xfffffffc}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, 0x0, 0x0, 0x200, 0x39, 0x2, 0x0, 0x1}) 4.490064659s ago: executing program 5 (id=204): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) socket$pppl2tp(0x18, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0x4}, 0x0) getpid() mknodat$loop(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8, 0x0) setns(0xffffffffffffffff, 0x8020000) open_tree(0xffffffffffffff9c, 0x0, 0x9801) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0x120, 0x11, 0x148, 0x120, 0x0, 0x220, 0x2a8, 0x2a8, 0x220, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x6, 0x9, 0x2], 0x5}, {0xffffffffffffffff, [0x0, 0x0, 0x6, 0x6]}}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00', {0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) syz_open_dev$evdev(&(0x7f00000000c0), 0x20000000000, 0x822b01) r4 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 4.210654585s ago: executing program 4 (id=206): ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x5e14bb979c836c9, 0xffffffffffffffff, {0x4}}, './file0\x00'}) openat(r0, &(0x7f00000000c0)='./file0\x00', 0x440, 0x180) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x6c, 0xeb, 0x85, 0x40, 0x249c, 0x9002, 0xdead, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xdf, 0x6d}}]}}]}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4050000000000007110640000000000667000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4a, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = semget$private(0x0, 0x0, 0x8) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e040128000000000001090224"], 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) close(r3) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r5 = accept4(r4, 0x0, 0x0, 0x80000) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000001400)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)="d75db8360b1a84a9c5d38784575c5c13c7b2dc6f0f7e15f72207ab8bdcdedf20c80e592c4695a472c3146ddacb7adf5100c01728cd83ce2a97e09ec97a2a688d9d58", 0x42}, {&(0x7f0000000480)="c636606fec", 0x5}], 0x2, 0x0, 0x0, 0x4c014}], 0x1, 0x10) r7 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r7, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(r7, &(0x7f0000000200)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x10, 0x0}, 0x810) recvmmsg(r7, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000440)=""/46, 0x2e}], 0x1, &(0x7f0000000800)=""/71, 0x47}, 0x9}], 0x1, 0x40000025, 0x0) migrate_pages(0x0, 0x6, 0xffffffffffffffff, 0x0) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000000)=[0xe0a3]) r8 = socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect$hid(0x7, 0x3f, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x419, 0x600, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x4, 0x30, 0x27, [{{0x9, 0x4, 0x0, 0x7, 0x1, 0x3, 0x1, 0x3, 0xd, {0x9, 0x21, 0x6, 0x8, 0x1, {0x22, 0x797}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x2, 0x0, 0xf7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x9, 0x6, 0x1}}]}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x300, 0x0, 0x6, 0x6, 0x20, 0xe4}, 0x43, &(0x7f0000000780)=ANY=[@ANYBLOB="050f4300060b100102a0000604040009071002144c00000b100104080005020200800c100a3020800000000001000a1003020000b5fc01800b10010c9e00f90faa904444d06b2070dcf2b3b1b6c480e800050c3f257343ba6080c575a63a57c71e1ebf8b1faa91cc839195317184af46626c1f1caf2bed200f0ba33e9b118302eb6f2e90b9784ad622789a17898fcc35285bfdbc8cbc78a28aa967a71995445c115cc909b068e5a50360be0e3cbc816be9dbb2f59dc33250893c05bd4024902f008a5a7d17406d88b4b15f5cdb909db44c17c1915024a00346ecc82855cf708b0c7928359b401afc4c04cc60e9cb5e42410322214c2b99f711fff64bbead074b48acc0b690306d8b6fe7e310606d32a127af5bdb79e702166d56f065793b71e520512a14aa4945f1a7cef3aafe81ff3952a66d48ca2114c3a6920c58782816fecd4aa1e3def0bf6ec9b9759c0a180fb6dcff8d0c672222fe101085972bb5630446771e8c516a90e6cb575239948c0654f2bb4541a12bc61fea7782634da8f46d78e508f5413720b8e3a6ac510f9644af49248a12771ce650900e88bb680e9a2a4aec4e5ccaab6125cc0e82cc47fdc1ee83ad908d23915e3cb5f52c804d82eaba5cbd475402a026569f59dd574fca1f9dc550c17c1869a331807f5bb1da2f8c4f0e3803468475d217ff91cc3ba3236b0a89879d68dbef988158faa317e2d9b6b3dadce46d37aaa95b78e2061c3ae33a80da751bf2c0c3c3e7761c28d0b5fe033a0ddd2672bd1f801936d1ac533d18c5a50e898f22bed2b7086afdbdd872efd08fc5172483b74db01200000000000000"], 0x2, [{0x33, &(0x7f0000000200)=@string={0x33, 0x3, "d1c650823d8b66fd612efb1d835d1cf6eb0742a9ebaa4ddca16d838947f019c2294d0c2cfac102403b3d3da7bb84af5732"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x2809}}]}) setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x4001, 0x3, 0x330, 0x1b8, 0x0, 0x148, 0x0, 0x148, 0x298, 0x240, 0x240, 0x298, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0x190, 0x1b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x390) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46040700030d0000000000000003000300060000000903000038000000000000000e00000000002000030005000000ff0f0000000002000000000000800900000000000100010000002d09000004000000fa00000000000068144f5b0003000000000400000700000002000000000000000d00000003"], 0x98) 3.358729885s ago: executing program 5 (id=209): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008100}, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x200042, 0x0, 0x3}, 0x10) close(r0) 2.866573494s ago: executing program 5 (id=210): syz_emit_vhci(&(0x7f0000000340)=@HCI_VENDOR_PKT, 0x274) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0, @ANYRES64=r0, @ANYRES32=0x0, @ANYBLOB="00000000c100020008002e0002000000"], 0x50}}, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="3b437c492ae17b05"], 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x106}}, 0x20) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002) getdents(r3, 0x0, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x4, 0x20001) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x458, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1a0, 0x1c8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x2, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r4, 0x80184132, &(0x7f0000000380)) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r3, 0x3) unshare(0x400) r6 = mq_open(&(0x7f00000000c0)='${\v\x00\x87u\x93\xca\r\x1c\b\xaa\xf4J\xeb\x1d\xe9\x97W\r\xfc\xc6*lO\xd70xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x89fb, &(0x7f0000000480)={'veth1_macvtap\x00', @random='\x00\x00\x00 \x00'}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xb4}]}) fanotify_init(0x200, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x4003}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) 2.50956744s ago: executing program 3 (id=212): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0xf6, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r0, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r1, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0) 2.226685077s ago: executing program 5 (id=213): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) 2.171461911s ago: executing program 3 (id=214): socket$inet6(0xa, 0x3, 0xc1) socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$packet(0x11, 0x3, 0x300) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) (async) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x0, 0x21b}, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x7, 0x0, 0x45, @remote, @remote, 0x0, 0x700, 0x7}}) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) (async) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) (async) r7 = socket$kcm(0x10, 0x3, 0x4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x13}) (async) writev(r7, &(0x7f0000000780)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000224e0000", 0x58}], 0x1) (async) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100050005000700000000000800090000003f0014002000ff200100100000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0) 2.064426738s ago: executing program 7 (id=215): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getrandom(&(0x7f0000000080)=""/127, 0x7f, 0x3) read$FUSE(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sched_setattr(0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000080000000800000008"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={r3, &(0x7f00000004c0), 0x0}, 0x20) write$sndseq(0xffffffffffffffff, &(0x7f0000000540)=[{0x84, 0x84, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x9e, 0x8, 0x9, @time={0x101, 0x3}, {0x80, 0x7}, {0xac, 0x1}, @time=@time={0xd9, 0x9}}], 0x38) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.951656453s ago: executing program 5 (id=216): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) read$nci(r0, 0x0, 0x0) 1.782645869s ago: executing program 3 (id=217): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0xd09, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_SYNPROXY_WSCALE={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 1.556531538s ago: executing program 3 (id=218): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004300), 0x2000, &(0x7f0000006300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000063c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(r1, &(0x7f0000000000)='./file0\x00', 0x89000, 0x88) 1.402002562s ago: executing program 6 (id=219): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000080)=@arm64={0x75, 0x1, 0xf3, '\x00', 0xdec}) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f00000002c0)={0x8, 0xa}) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) r8 = openat$cgroup_devices(r3, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) dup2(r7, r8) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 1.397874231s ago: executing program 4 (id=220): socket$nl_route(0x10, 0x3, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x3d28, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x800}, &(0x7f0000c57000), 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}}) 431.601322ms ago: executing program 4 (id=221): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x81800) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x100000f, 0x11, r1, 0x48a06000) syz_usb_control_io(r0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x256c, 0x6e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7f, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x3, 0x1, 0x0, 0x41, {0x9, 0x21, 0x0, 0x1, 0x1, {0x22, 0x7a0}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x5, 0x5, 0x90}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x200, 0x7, 0xa, 0x6, 0x40, 0x80}, 0x19, &(0x7f0000000200)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x5, "c3e88e36c1cf72a786a1db8a52dc834a"}]}, 0x1, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x1007}}]}) sendmsg$nl_xfrm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000008c0)=@allocspi={0x120, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0x0, 0x33}, @in=@loopback, {0x0, 0x4000000000, 0x0, 0x0, 0x0, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, {0x0, 0xffffff7f}, 0x0, 0x80080}, 0x0, 0x1a0b1}, [@address_filter={0x28, 0x1a, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@local, 0x2, 0xff, 0x9}}]}, 0x120}}, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0x15, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0x0, 0x0, 0xcd7e], [], 0x0, [0x1]}, 0x0, 0x2000}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x2c, r5, 0x5, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x3}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40048}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000700)={0x34, &(0x7f0000000480)={0x40, 0xa, 0x4, '\x00\x00\x00\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0}) 350.684007ms ago: executing program 3 (id=222): syz_open_dev$video4linux(0x0, 0x5, 0x1) ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x111b00, 0x0) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r3, 0x3b8d, &(0x7f0000000100)={0x20, r0, &(0x7f0000000080)=[{0x1, 0x2}, {0x1, 0x2}, {0x1, 0x2}, {}], 0xdeadbeef, 0x8, 0x4}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r3, 0x3b8b, &(0x7f0000000040)={0x10, 0x1, r0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r2, @ANYBLOB="800202000a000200577f0000aabb000020000e80050001008f000000050001000100000004000200050001"], 0x48}}, 0x0) 192.151483ms ago: executing program 7 (id=223): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = userfaultfd(0x80001) io_setup(0x9, &(0x7f0000000040)=0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x20441, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000440)={0x9, "4206ad063ff47d1dc9cb07cdb0464100000000001400", 0xffffffffffffffff}) io_submit(r2, 0x1, &(0x7f00000001c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) close_range(r1, 0xffffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x80000000000005, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) 59.887819ms ago: executing program 3 (id=224): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0xf6, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r0, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r1, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0) 0s ago: executing program 7 (id=225): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) syz_usb_connect$uac1(0x2, 0xac, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000406b1d010140000102030109029a00030100007f0904000000010100000a24010000000201020c24020000000000000000000c24020400000000001000000d2407000000004336d88b1a56090401000001020000090401010101020000090501094000000000072501800000020904020000010200000904020101010200000f2402028000000002000000000000072401fe80000009058209200000000007"], 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0xe544, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040)=0x3) utimensat(0xffffffffffffff9c, &(0x7f0000002240)='.\x00', &(0x7f00000002c0)={{0x0, 0x3fffffff}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r5, 0x0, 0x0) getdents64(r5, 0xfffffffffffffffe, 0x29) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0) kernel console output (not intermixed with test programs): aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.763395][ T5856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.775457][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.791297][ T5858] veth1_macvtap: entered promiscuous mode [ 76.796412][ T1801] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.808584][ T5856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.817980][ T1801] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.823312][ T5856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.839458][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.851343][ T5857] veth1_macvtap: entered promiscuous mode [ 76.872627][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.885558][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.896402][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.913956][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.926483][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.936733][ T5856] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.946330][ T5856] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.956027][ T5856] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.965277][ T5856] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.983643][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.995916][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.008944][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.020173][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.031554][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.042883][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.061542][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.107868][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.119994][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.130458][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.142302][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.153778][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.164843][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.175289][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.186825][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.201595][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.212036][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.225207][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.235616][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.246376][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.257569][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.271138][ T5854] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.280893][ T5854] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.289940][ T5854] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.300287][ T5854] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.313745][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.326057][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.336017][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.347070][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.357056][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.367995][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.379957][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.397399][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.409991][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.421958][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.438908][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.448852][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.465943][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.477022][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.487820][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.498834][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.508915][ T1801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.520138][ T1801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.537419][ T5858] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.550702][ T5858] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.561117][ T5858] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.570600][ T5858] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.591631][ T5857] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.600668][ T5857] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.611306][ T5857] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.622064][ T5857] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.736661][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.751692][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.780324][ T5853] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 77.856232][ T4947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.875012][ T4947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.910835][ T1801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.922031][ T1801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.956449][ T4947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.970329][ T4947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.998509][ T5898] netlink: 'syz.4.5': attribute type 21 has an invalid length. [ 78.011895][ T5898] netlink: 144 bytes leftover after parsing attributes in process `syz.4.5'. [ 78.043561][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.058166][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.098153][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.143742][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.204430][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.229485][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.325051][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.334622][ T5847] Bluetooth: hci0: command tx timeout [ 78.344590][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.508191][ T5847] Bluetooth: hci2: command tx timeout [ 78.513652][ T5847] Bluetooth: hci1: command tx timeout [ 78.519341][ T5851] Bluetooth: hci3: command tx timeout [ 78.521910][ T5847] Bluetooth: hci4: command tx timeout [ 78.652038][ T5912] FAULT_INJECTION: forcing a failure. [ 78.652038][ T5912] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 78.673368][ T5912] CPU: 0 UID: 0 PID: 5912 Comm: syz.3.4 Not tainted 6.14.0-rc6-syzkaller #0 [ 78.673391][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 78.673403][ T5912] Call Trace: [ 78.673409][ T5912] [ 78.673416][ T5912] dump_stack_lvl+0x241/0x360 [ 78.673446][ T5912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.673463][ T5912] ? __pfx__printk+0x10/0x10 [ 78.673480][ T5912] ? __pfx_lock_release+0x10/0x10 [ 78.673508][ T5912] should_fail_ex+0x40a/0x550 [ 78.673534][ T5912] _copy_from_user+0x2d/0xb0 [ 78.673554][ T5912] rfkill_fop_write+0x121/0x790 [ 78.673576][ T5912] ? common_file_perm+0x1a6/0x210 [ 78.673599][ T5912] ? __pfx_rfkill_fop_write+0x10/0x10 [ 78.673617][ T5912] ? bpf_lsm_inode_setsecurity+0x20/0x20 [ 78.673638][ T5912] ? rw_verify_area+0x243/0x630 [ 78.673653][ T5912] ? __pfx_rfkill_fop_write+0x10/0x10 [ 78.673674][ T5912] vfs_write+0x29f/0xd10 [ 78.673692][ T5912] ? __mutex_unlock_slowpath+0x227/0x800 [ 78.673716][ T5912] ? __pfx_vfs_write+0x10/0x10 [ 78.673730][ T5912] ? do_sys_openat2+0x17a/0x1d0 [ 78.673755][ T5912] ? __fget_files+0x2a/0x410 [ 78.673777][ T5912] ? __fget_files+0x395/0x410 [ 78.673796][ T5912] ? __fget_files+0x2a/0x410 [ 78.673827][ T5912] ksys_write+0x18f/0x2b0 [ 78.673843][ T5912] ? __pfx_ksys_write+0x10/0x10 [ 78.673859][ T5912] ? do_syscall_64+0x100/0x230 [ 78.673882][ T5912] ? do_syscall_64+0xb6/0x230 [ 78.673904][ T5912] do_syscall_64+0xf3/0x230 [ 78.673926][ T5912] ? clear_bhb_loop+0x35/0x90 [ 78.673949][ T5912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.673975][ T5912] RIP: 0033:0x7f446218d169 [ 78.674003][ T5912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.674015][ T5912] RSP: 002b:00007f446300d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 78.674032][ T5912] RAX: ffffffffffffffda RBX: 00007f44623a5fa0 RCX: 00007f446218d169 [ 78.674042][ T5912] RDX: 0000000000000008 RSI: 0000400000000080 RDI: 0000000000000003 [ 78.674051][ T5912] RBP: 00007f446300d090 R08: 0000000000000000 R09: 0000000000000000 [ 78.674060][ T5912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.674068][ T5912] R13: 0000000000000000 R14: 00007f44623a5fa0 R15: 00007f44624cfa28 [ 78.674089][ T5912] [ 78.684601][ T26] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 78.931502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 79.027021][ T5889] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 79.310689][ T5889] usb 1-1: config 0 has no interfaces? [ 79.345337][ T26] usb 5-1: too many configurations: 89, using maximum allowed: 8 [ 79.355587][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.421945][ T5889] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 79.454778][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.455158][ T5922] FAULT_INJECTION: forcing a failure. [ 79.455158][ T5922] name failslab, interval 1, probability 0, space 0, times 1 [ 79.471998][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.515329][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.543655][ T5889] usb 1-1: Product: syz [ 79.552209][ T5889] usb 1-1: Manufacturer: syz [ 79.560396][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.575693][ T5889] usb 1-1: SerialNumber: syz [ 79.589307][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.609644][ T5922] CPU: 1 UID: 0 PID: 5922 Comm: syz.3.7 Not tainted 6.14.0-rc6-syzkaller #0 [ 79.609663][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 79.609669][ T5922] Call Trace: [ 79.609673][ T5922] [ 79.609678][ T5922] dump_stack_lvl+0x241/0x360 [ 79.609695][ T5922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.609705][ T5922] ? __pfx__printk+0x10/0x10 [ 79.609715][ T5922] ? fs_reclaim_acquire+0x93/0x130 [ 79.609726][ T5922] ? __pfx___might_resched+0x10/0x10 [ 79.609740][ T5922] should_fail_ex+0x40a/0x550 [ 79.609757][ T5922] should_failslab+0xac/0x100 [ 79.609769][ T5922] __kmalloc_noprof+0xdd/0x4c0 [ 79.609782][ T5922] ? kstrtouint_from_user+0x128/0x190 [ 79.609791][ T5922] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 79.609804][ T5922] tomoyo_realpath_from_path+0xcf/0x5e0 [ 79.609819][ T5922] tomoyo_path_number_perm+0x239/0x770 [ 79.609831][ T5922] ? __lock_acquire+0x1397/0x2100 [ 79.609847][ T5922] ? tomoyo_path_number_perm+0x209/0x770 [ 79.609860][ T5922] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 79.609892][ T5922] ? __fget_files+0x2a/0x410 [ 79.609907][ T5922] ? __fget_files+0x2a/0x410 [ 79.609922][ T5922] security_file_ioctl+0xc6/0x2a0 [ 79.609936][ T5922] __se_sys_ioctl+0x46/0x170 [ 79.609947][ T5922] do_syscall_64+0xf3/0x230 [ 79.609968][ T5922] ? clear_bhb_loop+0x35/0x90 [ 79.609982][ T5922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.609994][ T5922] RIP: 0033:0x7f446218d169 [ 79.610003][ T5922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.610010][ T5922] RSP: 002b:00007f446300d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.610021][ T5922] RAX: ffffffffffffffda RBX: 00007f44623a5fa0 RCX: 00007f446218d169 [ 79.610028][ T5922] RDX: 0000400000000040 RSI: 00000000c0845657 RDI: 0000000000000003 [ 79.610034][ T5922] RBP: 00007f446300d090 R08: 0000000000000000 R09: 0000000000000000 [ 79.610040][ T5922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.610045][ T5922] R13: 0000000000000000 R14: 00007f44623a5fa0 R15: 00007f44624cfa28 [ 79.610059][ T5922] [ 79.610299][ T5922] ERROR: Out of memory at tomoyo_realpath_from_path. [ 79.846214][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.859976][ T5889] usb 1-1: config 0 descriptor?? [ 79.878828][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.890611][ T26] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 541 [ 79.903999][ T5894] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 79.909054][ T26] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 79.923724][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.942442][ T26] usb 5-1: Product: syz [ 79.969637][ T26] usb 5-1: Manufacturer: syz [ 79.998841][ T26] usb 5-1: SerialNumber: syz [ 80.020482][ T5914] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 80.031969][ T5905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 80.044307][ T5914] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 80.060188][ T26] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 80.099486][ T5889] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 80.112891][ T5930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.283230][ T5930] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.494772][ T5851] Bluetooth: hci0: command tx timeout [ 80.564234][ T5895] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 80.574912][ T55] Bluetooth: hci1: command tx timeout [ 80.580457][ T55] Bluetooth: hci2: command tx timeout [ 80.586443][ T5847] Bluetooth: hci3: command tx timeout [ 80.591915][ T5851] Bluetooth: hci4: command tx timeout [ 80.904381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 80.913552][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 80.933974][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 80.973901][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 81.145209][ T5914] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 81.204057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 81.215337][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.215649][ T5914] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 81.223972][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 81.252429][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 81.399071][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 81.475502][ T5914] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 81.543917][ T5889] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 81.551451][ T5889] ath9k_htc: Failed to initialize the device [ 81.573765][ T5914] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 81.643281][ T5914] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 81.664563][ T5914] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 81.672633][ T5889] usb 5-1: ath9k_htc: USB layer deinitialized [ 81.700043][ T5914] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 81.715707][ T5914] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 82.042717][ T975] usb 5-1: USB disconnect, device number 2 [ 82.062174][ T10] cfg80211: failed to load regulatory.db [ 82.112358][ T5895] usb 4-1: device descriptor read/all, error -71 [ 82.283505][ T5956] netlink: 'syz.3.10': attribute type 2 has an invalid length. [ 82.754121][ T5889] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 82.987075][ T5975] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15'. [ 83.017279][ T5889] usb 3-1: config 0 has no interfaces? [ 83.031560][ T5889] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 83.049786][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.074622][ T5889] usb 3-1: Product: syz [ 83.086895][ T5889] usb 3-1: Manufacturer: syz [ 83.100489][ T5889] usb 3-1: SerialNumber: syz [ 83.120808][ T5889] usb 3-1: config 0 descriptor?? [ 83.274007][ T5988] FAULT_INJECTION: forcing a failure. [ 83.274007][ T5988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.302244][ T5988] CPU: 1 UID: 0 PID: 5988 Comm: syz.3.16 Not tainted 6.14.0-rc6-syzkaller #0 [ 83.302269][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 83.302279][ T5988] Call Trace: [ 83.302285][ T5988] [ 83.302292][ T5988] dump_stack_lvl+0x241/0x360 [ 83.302317][ T5988] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.302333][ T5988] ? __pfx__printk+0x10/0x10 [ 83.302350][ T5988] ? __pfx_lock_release+0x10/0x10 [ 83.302379][ T5988] should_fail_ex+0x40a/0x550 [ 83.302402][ T5988] _copy_from_user+0x2d/0xb0 [ 83.302420][ T5988] copy_msghdr_from_user+0xae/0x680 [ 83.302437][ T5988] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 83.302447][ T5988] ? __fget_files+0x2a/0x410 [ 83.302462][ T5988] ? __fget_files+0x2a/0x410 [ 83.302479][ T5988] __sys_sendmsg+0x209/0x350 [ 83.302499][ T5988] ? __pfx___sys_sendmsg+0x10/0x10 [ 83.302523][ T5988] ? __pfx___schedule+0x10/0x10 [ 83.302539][ T5988] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 83.302552][ T5988] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 83.302567][ T5988] ? do_syscall_64+0xb6/0x230 [ 83.302587][ T5988] do_syscall_64+0xf3/0x230 [ 83.302607][ T5988] ? clear_bhb_loop+0x35/0x90 [ 83.302630][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.302650][ T5988] RIP: 0033:0x7f446218d169 [ 83.302665][ T5988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.302677][ T5988] RSP: 002b:00007f446300d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.302694][ T5988] RAX: ffffffffffffffda RBX: 00007f44623a5fa0 RCX: 00007f446218d169 [ 83.302704][ T5988] RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 0000000000000003 [ 83.302710][ T5988] RBP: 00007f446300d090 R08: 0000000000000000 R09: 0000000000000000 [ 83.302716][ T5988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.302721][ T5988] R13: 0000000000000000 R14: 00007f44623a5fa0 R15: 00007f44624cfa28 [ 83.302735][ T5988] [ 83.560562][ T10] usb 1-1: USB disconnect, device number 2 [ 83.813303][ T5964] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 83.847893][ T6001] openvswitch: netlink: Duplicate or invalid key (type 0). [ 83.871695][ T5995] FAULT_INJECTION: forcing a failure. [ 83.871695][ T5995] name failslab, interval 1, probability 0, space 0, times 0 [ 83.885407][ T5995] CPU: 1 UID: 0 PID: 5995 Comm: syz.0.19 Not tainted 6.14.0-rc6-syzkaller #0 [ 83.885422][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 83.885427][ T5995] Call Trace: [ 83.885431][ T5995] [ 83.885435][ T5995] dump_stack_lvl+0x241/0x360 [ 83.885452][ T5995] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.885463][ T5995] ? __pfx__printk+0x10/0x10 [ 83.885473][ T5995] ? fs_reclaim_acquire+0x93/0x130 [ 83.885483][ T5995] ? __pfx___might_resched+0x10/0x10 [ 83.885497][ T5995] should_fail_ex+0x40a/0x550 [ 83.885513][ T5995] should_failslab+0xac/0x100 [ 83.885526][ T5995] __kmalloc_noprof+0xdd/0x4c0 [ 83.885538][ T5995] ? kstrtouint_from_user+0x128/0x190 [ 83.885554][ T5995] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 83.885567][ T5995] tomoyo_realpath_from_path+0xcf/0x5e0 [ 83.885582][ T5995] tomoyo_path_number_perm+0x239/0x770 [ 83.885594][ T5995] ? __lock_acquire+0x1397/0x2100 [ 83.885609][ T5995] ? tomoyo_path_number_perm+0x209/0x770 [ 83.885622][ T5995] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 83.885654][ T5995] ? __fget_files+0x2a/0x410 [ 83.885668][ T5995] ? __fget_files+0x2a/0x410 [ 83.885683][ T5995] security_file_ioctl+0xc6/0x2a0 [ 83.885696][ T5995] __se_sys_ioctl+0x46/0x170 [ 83.885708][ T5995] do_syscall_64+0xf3/0x230 [ 83.885722][ T5995] ? clear_bhb_loop+0x35/0x90 [ 83.885736][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.885748][ T5995] RIP: 0033:0x7f24f858d169 [ 83.885757][ T5995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.885764][ T5995] RSP: 002b:00007f24f939e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.885775][ T5995] RAX: ffffffffffffffda RBX: 00007f24f87a5fa0 RCX: 00007f24f858d169 [ 83.885781][ T5995] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 83.885787][ T5995] RBP: 00007f24f939e090 R08: 0000000000000000 R09: 0000000000000000 [ 83.885794][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.885800][ T5995] R13: 0000000000000000 R14: 00007f24f87a5fa0 R15: 00007f24f88cfa28 [ 83.885814][ T5995] [ 83.886536][ T5995] ERROR: Out of memory at tomoyo_realpath_from_path. [ 84.109233][ T5939] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 84.152685][ T6001] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 84.382251][ T5939] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 84.429266][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.491863][ T5939] usb 2-1: Product: syz [ 84.504126][ T5939] usb 2-1: Manufacturer: syz [ 84.516237][ T5939] usb 2-1: SerialNumber: syz [ 84.543299][ T5939] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 84.574379][ T5892] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 84.637368][ T5894] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 84.764245][ T5892] usb 4-1: Using ep0 maxpacket: 32 [ 84.794762][ T5892] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 84.922401][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.037354][ T5892] usb 4-1: config 0 descriptor?? [ 85.080591][ T5892] gspca_main: sq930x-2.14.0 probing 041e:403c [ 85.092883][ T5999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.113013][ T5999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.725656][ T5894] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 85.781305][ T6036] netlink: 36 bytes leftover after parsing attributes in process `syz.0.22'. [ 85.802295][ T5892] gspca_sq930x: ucbus_write failed -110 [ 85.809524][ T5892] sq930x 4-1:0.0: probe with driver sq930x failed with error -110 [ 85.827001][ T5894] ath9k_htc: Failed to initialize the device [ 85.893720][ T5894] usb 2-1: ath9k_htc: USB layer deinitialized [ 86.197824][ T5892] usb 3-1: USB disconnect, device number 2 [ 86.512770][ T975] usb 2-1: USB disconnect, device number 3 [ 86.723964][ T5892] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.827603][ T5894] usb 4-1: USB disconnect, device number 4 [ 86.926373][ T5892] usb 3-1: device descriptor read/64, error -71 [ 87.119096][ T975] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 87.194102][ T5892] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 87.228877][ T6060] FAULT_INJECTION: forcing a failure. [ 87.228877][ T6060] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.263024][ T6060] CPU: 1 UID: 0 PID: 6060 Comm: syz.4.26 Not tainted 6.14.0-rc6-syzkaller #0 [ 87.263049][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 87.263058][ T6060] Call Trace: [ 87.263064][ T6060] [ 87.263072][ T6060] dump_stack_lvl+0x241/0x360 [ 87.263098][ T6060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.263116][ T6060] ? __pfx__printk+0x10/0x10 [ 87.263132][ T6060] ? rcu_is_watching+0x15/0xb0 [ 87.263149][ T6060] ? __pfx_lock_release+0x10/0x10 [ 87.263165][ T6060] ? __alloc_frozen_pages_noprof+0x350/0x710 [ 87.263191][ T6060] should_fail_ex+0x40a/0x550 [ 87.263219][ T6060] _copy_from_iter+0x1df/0x1c40 [ 87.263252][ T6060] ? __pfx__copy_from_iter+0x10/0x10 [ 87.263270][ T6060] ? tun_get_user+0x875/0x48a0 [ 87.263292][ T6060] ? set_page_refcounted+0xa1/0x1e0 [ 87.263314][ T6060] ? alloc_pages_noprof+0x136/0x190 [ 87.263333][ T6060] ? page_copy_sane+0x46/0x260 [ 87.263353][ T6060] copy_page_from_iter+0x7a/0x100 [ 87.263374][ T6060] tun_get_user+0x2035/0x48a0 [ 87.263402][ T6060] ? tun_get_user+0x875/0x48a0 [ 87.263436][ T6060] ? __pfx_tun_get_user+0x10/0x10 [ 87.263470][ T6060] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 87.263487][ T6060] ? tun_get+0x1e/0x2f0 [ 87.263503][ T6060] ? __pfx_lock_release+0x10/0x10 [ 87.263537][ T6060] ? tun_get+0x1e/0x2f0 [ 87.263553][ T6060] ? tun_get+0x27d/0x2f0 [ 87.263572][ T6060] tun_chr_write_iter+0x10d/0x1f0 [ 87.263593][ T6060] vfs_write+0xacf/0xd10 [ 87.263614][ T6060] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 87.263634][ T6060] ? __pfx_vfs_write+0x10/0x10 [ 87.263648][ T6060] ? do_sys_openat2+0x17a/0x1d0 [ 87.263673][ T6060] ? __fget_files+0x2a/0x410 [ 87.263697][ T6060] ? __fget_files+0x2a/0x410 [ 87.263727][ T6060] ksys_write+0x18f/0x2b0 [ 87.263746][ T6060] ? __pfx_ksys_write+0x10/0x10 [ 87.263764][ T6060] ? do_syscall_64+0x100/0x230 [ 87.263790][ T6060] ? do_syscall_64+0xb6/0x230 [ 87.263816][ T6060] do_syscall_64+0xf3/0x230 [ 87.263836][ T6060] ? clear_bhb_loop+0x35/0x90 [ 87.263859][ T6060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.263876][ T6060] RIP: 0033:0x7f03c838bc1f [ 87.263891][ T6060] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 87.263903][ T6060] RSP: 002b:00007f03c91e6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 87.263921][ T6060] RAX: ffffffffffffffda RBX: 00007f03c85a5fa0 RCX: 00007f03c838bc1f [ 87.263933][ T6060] RDX: 000000000000006e RSI: 0000400000000640 RDI: 00000000000000c8 [ 87.263943][ T6060] RBP: 00007f03c91e6090 R08: 0000000000000000 R09: 0000000000000000 [ 87.263953][ T6060] R10: 000000000000006e R11: 0000000000000293 R12: 0000000000000001 [ 87.263962][ T6060] R13: 0000000000000001 R14: 00007f03c85a5fa0 R15: 00007f03c86cfa28 [ 87.263987][ T6060] [ 87.540262][ T5894] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 87.603940][ T5892] usb 3-1: device descriptor read/64, error -71 [ 87.658641][ T975] usb 2-1: Using ep0 maxpacket: 8 [ 87.707721][ T975] usb 2-1: unable to get BOS descriptor or descriptor too short [ 87.715614][ T975] usb 2-1: too many configurations: 80, using maximum allowed: 8 [ 87.727824][ T975] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 87.735531][ T975] usb 2-1: can't read configurations, error -61 [ 87.752003][ T5894] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 87.771890][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 87.793404][ T5892] usb usb3-port1: attempt power cycle [ 87.824959][ T6069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.28'. [ 87.838807][ T5894] usb 4-1: config 0 has no interface number 0 [ 87.838974][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.28'. [ 87.862047][ T5894] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 15403, setting to 1024 [ 87.865088][ T975] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 87.883318][ T5894] usb 4-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 87.927257][ T5894] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 87.948325][ T5894] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 87.958085][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.970668][ T5894] usb 4-1: config 0 descriptor?? [ 87.999065][ T6050] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 88.040677][ T5894] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 88.048752][ T975] usb 2-1: Using ep0 maxpacket: 8 [ 88.092481][ T975] usb 2-1: unable to get BOS descriptor or descriptor too short [ 88.100646][ T975] usb 2-1: too many configurations: 80, using maximum allowed: 8 [ 88.113689][ T975] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 88.121699][ T975] usb 2-1: can't read configurations, error -61 [ 88.132919][ T975] usb usb2-port1: attempt power cycle [ 88.148647][ T6080] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.165739][ T6080] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 88.176411][ T5892] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 88.185184][ T6080] fuse: blksize only supported for fuseblk [ 88.205778][ T5892] usb 3-1: device descriptor read/8, error -71 [ 88.216657][ T1801] usb 4-1: Failed to submit usb control message: -71 [ 88.216907][ T5894] usb 4-1: USB disconnect, device number 5 [ 88.227343][ T1801] usb 4-1: unable to send the bmi data to the device: -71 [ 88.240046][ T1801] usb 4-1: unable to get target info from device [ 88.246854][ T1801] usb 4-1: could not get target info (-71) [ 88.253060][ T1801] usb 4-1: could not probe fw (-71) [ 88.314012][ T5889] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 88.473996][ T975] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 88.474188][ T5892] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 88.483566][ T5889] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 88.505374][ T975] usb 2-1: Using ep0 maxpacket: 8 [ 88.510608][ T5889] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 88.521354][ T975] usb 2-1: unable to get BOS descriptor or descriptor too short [ 88.524403][ T5892] usb 3-1: device descriptor read/8, error -71 [ 88.533903][ T975] usb 2-1: too many configurations: 80, using maximum allowed: 8 [ 88.547321][ T5889] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 88.556516][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 88.566167][ T975] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 88.574059][ T5889] usb 1-1: SerialNumber: syz [ 88.579357][ T975] usb 2-1: can't read configurations, error -61 [ 88.645200][ T5892] usb usb3-port1: unable to enumerate USB device [ 88.714149][ T975] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 88.734667][ T975] usb 2-1: Using ep0 maxpacket: 8 [ 88.741439][ T975] usb 2-1: unable to get BOS descriptor or descriptor too short [ 88.749579][ T975] usb 2-1: too many configurations: 80, using maximum allowed: 8 [ 88.759415][ T975] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 88.767347][ T975] usb 2-1: can't read configurations, error -61 [ 88.774285][ T975] usb usb2-port1: unable to enumerate USB device [ 88.799436][ T6079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.808664][ T6079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.833755][ T5889] usb 1-1: 0:2 : does not exist [ 88.858130][ T5889] usb 1-1: USB disconnect, device number 3 [ 89.060940][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 89.077107][ T5892] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 89.234044][ T5892] usb 4-1: Using ep0 maxpacket: 8 [ 89.244088][ T5892] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 89.253355][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.261454][ T5892] usb 4-1: Product: syz [ 89.273875][ T5892] usb 4-1: Manufacturer: syz [ 89.278825][ T5892] usb 4-1: SerialNumber: syz [ 89.284074][ T5939] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 89.293388][ T5892] usb 4-1: config 0 descriptor?? [ 89.305523][ T5892] gspca_main: sq930x-2.14.0 probing 2770:930c [ 89.474214][ T5939] usb 5-1: Using ep0 maxpacket: 8 [ 89.482706][ T5939] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 89.498581][ T5939] usb 5-1: config 0 has no interface number 0 [ 89.511745][ T5939] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 89.524386][ T5939] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 89.536491][ T5939] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 89.547707][ T5939] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 89.560864][ T5939] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 89.581066][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.602214][ T5939] usb 5-1: config 0 descriptor?? [ 89.633037][ T5939] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 89.806142][ T5892] gspca_sq930x: ucbus_write failed -71 [ 89.819214][ T5892] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 89.838573][ T5892] usb 4-1: USB disconnect, device number 6 [ 90.070390][ T6085] openvswitch: netlink: Tunnel attr 47 out of range max 16 [ 90.100088][ T6085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.116821][ T6085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.265549][ T5889] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 90.332378][ T6104] netlink: 104 bytes leftover after parsing attributes in process `syz.2.38'. [ 90.369111][ T6104] netlink: 3 bytes leftover after parsing attributes in process `syz.2.38'. [ 90.396664][ T6104] syzkaller1: entered promiscuous mode [ 90.407591][ T6104] syzkaller1: entered allmulticast mode [ 90.432542][ T6104] netlink: 8 bytes leftover after parsing attributes in process `syz.2.38'. [ 90.444012][ T5889] usb 1-1: Using ep0 maxpacket: 32 [ 90.461754][ T5889] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.481275][ T5889] usb 1-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 90.503504][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.519350][ T5889] usb 1-1: Product: syz [ 90.538796][ T5889] usb 1-1: Manufacturer: syz [ 90.543717][ T5889] usb 1-1: SerialNumber: syz [ 90.568271][ T5889] usb 1-1: config 0 descriptor?? [ 90.575947][ T6108] FAULT_INJECTION: forcing a failure. [ 90.575947][ T6108] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.604074][ T6108] CPU: 0 UID: 0 PID: 6108 Comm: syz.3.40 Not tainted 6.14.0-rc6-syzkaller #0 [ 90.604107][ T6108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 90.604117][ T6108] Call Trace: [ 90.604122][ T6108] [ 90.604129][ T6108] dump_stack_lvl+0x241/0x360 [ 90.604155][ T6108] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.604175][ T6108] ? __pfx__printk+0x10/0x10 [ 90.604203][ T6108] should_fail_ex+0x40a/0x550 [ 90.604231][ T6108] strncpy_from_user+0x36/0x270 [ 90.604256][ T6108] getname_flags+0xf1/0x540 [ 90.604283][ T6108] do_sys_openat2+0xd2/0x1d0 [ 90.604308][ T6108] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.604341][ T6108] __x64_sys_openat+0x247/0x2a0 [ 90.604365][ T6108] ? __pfx___x64_sys_openat+0x10/0x10 [ 90.604390][ T6108] ? exc_page_fault+0x590/0x8b0 [ 90.604415][ T6108] ? do_syscall_64+0xb6/0x230 [ 90.604440][ T6108] do_syscall_64+0xf3/0x230 [ 90.604461][ T6108] ? clear_bhb_loop+0x35/0x90 [ 90.604485][ T6108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.604505][ T6108] RIP: 0033:0x7f446218bad0 [ 90.604520][ T6108] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 90.604533][ T6108] RSP: 002b:00007f446300cb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 90.604552][ T6108] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f446218bad0 [ 90.604563][ T6108] RDX: 0000000000000002 RSI: 00007f446300cc10 RDI: 00000000ffffff9c [ 90.604573][ T6108] RBP: 00007f446300cc10 R08: 0000000000000000 R09: 00236f656469762f [ 90.604584][ T6108] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 90.604594][ T6108] R13: 0000000000000001 R14: 00007f44623a5fa0 R15: 00007f44624cfa28 [ 90.604618][ T6108] [ 90.969239][ T6112] mmap: syz.3.42 (6112): VmData 37388288 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data. [ 91.173006][ T6114] FAULT_INJECTION: forcing a failure. [ 91.173006][ T6114] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.186963][ T5939] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 91.226194][ T6114] CPU: 1 UID: 0 PID: 6114 Comm: syz.2.43 Not tainted 6.14.0-rc6-syzkaller #0 [ 91.226221][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 91.226231][ T6114] Call Trace: [ 91.226237][ T6114] [ 91.226245][ T6114] dump_stack_lvl+0x241/0x360 [ 91.226271][ T6114] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.226292][ T6114] ? __pfx__printk+0x10/0x10 [ 91.226318][ T6114] should_fail_ex+0x40a/0x550 [ 91.226345][ T6114] strncpy_from_user+0x36/0x270 [ 91.226370][ T6114] getname_flags+0xf1/0x540 [ 91.226395][ T6114] do_sys_openat2+0xd2/0x1d0 [ 91.226420][ T6114] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.226439][ T6114] ? __fget_files+0x2a/0x410 [ 91.226463][ T6114] ? __fget_files+0x2a/0x410 [ 91.226489][ T6114] __x64_sys_openat+0x247/0x2a0 [ 91.226514][ T6114] ? __pfx___x64_sys_openat+0x10/0x10 [ 91.226539][ T6114] ? do_syscall_64+0x100/0x230 [ 91.226565][ T6114] ? do_syscall_64+0xb6/0x230 [ 91.226605][ T6114] do_syscall_64+0xf3/0x230 [ 91.226627][ T6114] ? clear_bhb_loop+0x35/0x90 [ 91.226651][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.226672][ T6114] RIP: 0033:0x7f275ab8d169 [ 91.226687][ T6114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.226700][ T6114] RSP: 002b:00007f275ba4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 91.226718][ T6114] RAX: ffffffffffffffda RBX: 00007f275ada5fa0 RCX: 00007f275ab8d169 [ 91.226730][ T6114] RDX: 0000000000000000 RSI: 0000400000002180 RDI: ffffffffffffff9c [ 91.226741][ T6114] RBP: 00007f275ba4d090 R08: 0000000000000000 R09: 0000000000000000 [ 91.226751][ T6114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.226760][ T6114] R13: 0000000000000000 R14: 00007f275ada5fa0 R15: 00007f275aecfa28 [ 91.226784][ T6114] [ 91.431012][ T5939] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 91.439286][ T5939] usb 2-1: config 0 has no interface number 0 [ 91.446296][ T5939] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.457464][ T5939] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.467578][ T5939] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 91.477204][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.485412][ T5892] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 91.498246][ T5939] usb 2-1: config 0 descriptor?? [ 91.650429][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.662048][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.672945][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 91.686604][ T5892] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 91.696530][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.727194][ T5892] usb 4-1: config 0 descriptor?? [ 91.966097][ T5939] prodikeys 0003:041E:2801.0001: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input1 [ 91.981378][ T5939] hid_prodikeys: hid-prodikeys: failed to find output report [ 91.981378][ T5939] [ 92.091810][ T975] usb 5-1: USB disconnect, device number 3 [ 92.141577][ T975] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 92.159883][ T5892] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 92.210182][ T5892] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 92.224096][ T5939] usb 2-1: USB disconnect, device number 8 [ 92.580177][ T6123] mmap: syz.4.46 (6123) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 92.611370][ T6128] netlink: 35 bytes leftover after parsing attributes in process `syz.3.44'. [ 92.630566][ T6128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.44'. [ 92.661449][ T5889] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 92.673272][ T6129] netlink: 12 bytes leftover after parsing attributes in process `syz.3.44'. [ 92.683878][ T975] usb 4-1: USB disconnect, device number 7 [ 92.689511][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.724019][ T5889] usb 1-1: USB disconnect, device number 4 [ 92.775356][ T6098] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 92.950677][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.275439][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.460036][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.474033][ T5892] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 93.593624][ T6132] batadv_slave_1: entered promiscuous mode [ 93.636272][ T6140] FAULT_INJECTION: forcing a failure. [ 93.636272][ T6140] name failslab, interval 1, probability 0, space 0, times 0 [ 93.666919][ T5892] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 93.684478][ T5892] usb 2-1: config 0 has no interface number 0 [ 93.690702][ T5892] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 93.720483][ T5892] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 93.733200][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.743182][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.752521][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.753489][ T5892] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 93.774378][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.774446][ T6140] CPU: 0 UID: 0 PID: 6140 Comm: syz.3.51 Not tainted 6.14.0-rc6-syzkaller #0 [ 93.774464][ T6140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.774474][ T6140] Call Trace: [ 93.774480][ T6140] [ 93.774486][ T6140] dump_stack_lvl+0x241/0x360 [ 93.774511][ T6140] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.774528][ T6140] ? __pfx__printk+0x10/0x10 [ 93.774546][ T6140] ? kmem_cache_alloc_noprof+0x48/0x380 [ 93.774575][ T6140] ? __pfx___might_resched+0x10/0x10 [ 93.774598][ T6140] should_fail_ex+0x40a/0x550 [ 93.774625][ T6140] should_failslab+0xac/0x100 [ 93.774647][ T6140] ? vm_area_dup+0x61/0x290 [ 93.774662][ T6140] kmem_cache_alloc_noprof+0x70/0x380 [ 93.774686][ T6140] vm_area_dup+0x61/0x290 [ 93.774704][ T6140] __split_vma+0x1bf/0xbf0 [ 93.774733][ T6140] ? __pfx___split_vma+0x10/0x10 [ 93.774759][ T6140] ? validate_chain+0x11e/0x5920 [ 93.774781][ T6140] vms_gather_munmap_vmas+0x2e6/0x1600 [ 93.774806][ T6140] ? validate_chain+0x11e/0x5920 [ 93.774825][ T6140] ? __pfx_lock_acquire+0x10/0x10 [ 93.774847][ T6140] ? __pfx_validate_chain+0x10/0x10 [ 93.774866][ T6140] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 93.774890][ T6140] ? mark_lock+0x9a/0x360 [ 93.774914][ T6140] do_vmi_align_munmap+0x3ff/0x6f0 [ 93.774932][ T6140] ? __lock_acquire+0x1397/0x2100 [ 93.774960][ T6140] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 93.775009][ T6140] ? mas_find+0x8c0/0xbb0 [ 93.775035][ T6140] do_vmi_munmap+0x24e/0x2d0 [ 93.775059][ T6140] do_munmap+0x18a/0x240 [ 93.775077][ T6140] ? __pfx_do_munmap+0x10/0x10 [ 93.775097][ T6140] ? __pfx_down_write_killable+0x10/0x10 [ 93.775114][ T6140] ? ksys_write+0x22a/0x2b0 [ 93.775132][ T6140] ? __pfx_lock_release+0x10/0x10 [ 93.775156][ T6140] __se_sys_mremap+0x10c1/0x1b20 [ 93.775189][ T6140] ? __pfx___se_sys_mremap+0x10/0x10 [ 93.775206][ T6140] ? do_sys_openat2+0x17a/0x1d0 [ 93.775235][ T6140] ? __fget_files+0x2a/0x410 [ 93.775262][ T6140] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 93.775286][ T6140] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.775309][ T6140] ? do_syscall_64+0x100/0x230 [ 93.775332][ T6140] ? __x64_sys_mremap+0x20/0xc0 [ 93.775353][ T6140] do_syscall_64+0xf3/0x230 [ 93.775374][ T6140] ? clear_bhb_loop+0x35/0x90 [ 93.775397][ T6140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.775416][ T6140] RIP: 0033:0x7f446218d169 [ 93.775430][ T6140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.775445][ T6140] RSP: 002b:00007f4462fec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 93.775463][ T6140] RAX: ffffffffffffffda RBX: 00007f44623a6080 RCX: 00007f446218d169 [ 93.775473][ T6140] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 00004000005ab000 [ 93.775483][ T6140] RBP: 00007f4462fec090 R08: 0000400000ffe000 R09: 0000000000000000 [ 93.775493][ T6140] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 93.775502][ T6140] R13: 0000000000000001 R14: 00007f44623a6080 R15: 00007f44624cfa28 [ 93.775526][ T6140] [ 93.821024][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.974051][ T5851] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 93.974522][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.037487][ T6131] batadv_slave_1: left promiscuous mode [ 94.174345][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 94.182327][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 94.190083][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 94.198078][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 94.208124][ T5844] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 94.215791][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.248774][ T36] bridge_slave_1: left allmulticast mode [ 94.257379][ T36] bridge_slave_1: left promiscuous mode [ 94.264143][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.285266][ T36] bridge_slave_0: left allmulticast mode [ 94.293328][ T36] bridge_slave_0: left promiscuous mode [ 94.303789][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.463754][ T5892] usb 2-1: Product: syz [ 94.469075][ T5892] usb 2-1: Manufacturer: syz [ 94.474569][ T5892] usb 2-1: SerialNumber: syz [ 94.516111][ T5892] usb 2-1: config 0 descriptor?? [ 94.523255][ T6135] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 94.545036][ T5892] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 95.022157][ T5892] usb 2-1: USB disconnect, device number 9 [ 95.064081][ T5892] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 95.642972][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.768096][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.799905][ T36] bond0 (unregistering): Released all slaves [ 95.945446][ T26] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 96.069293][ T6174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.59'. [ 96.124080][ T5889] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 96.172216][ T26] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 96.183520][ T978] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 96.253068][ T26] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 96.264700][ T5844] Bluetooth: hci4: command tx timeout [ 96.334711][ T26] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 96.376550][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.404275][ T6146] chnl_net:caif_netlink_parms(): no params data found [ 96.441953][ T6158] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 96.471580][ T26] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 96.650590][ T6189] FAULT_INJECTION: forcing a failure. [ 96.650590][ T6189] name failslab, interval 1, probability 0, space 0, times 0 [ 96.685957][ T6189] CPU: 1 UID: 0 PID: 6189 Comm: syz.4.60 Not tainted 6.14.0-rc6-syzkaller #0 [ 96.685981][ T6189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 96.685990][ T6189] Call Trace: [ 96.685996][ T6189] [ 96.686004][ T6189] dump_stack_lvl+0x241/0x360 [ 96.686028][ T6189] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.686045][ T6189] ? __pfx__printk+0x10/0x10 [ 96.686080][ T6189] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 96.686103][ T6189] ? __pfx___might_resched+0x10/0x10 [ 96.686121][ T6189] ? __lock_acquire+0x1397/0x2100 [ 96.686144][ T6189] should_fail_ex+0x40a/0x550 [ 96.686170][ T6189] should_failslab+0xac/0x100 [ 96.686191][ T6189] kmem_cache_alloc_node_noprof+0x77/0x380 [ 96.686209][ T6189] ? __alloc_skb+0x1c3/0x440 [ 96.686235][ T6189] __alloc_skb+0x1c3/0x440 [ 96.686261][ T6189] ? __pfx___alloc_skb+0x10/0x10 [ 96.686285][ T6189] ? __lock_acquire+0x1397/0x2100 [ 96.686309][ T6189] alloc_skb_with_frags+0xc3/0x820 [ 96.686328][ T6189] ? validate_chain+0x11e/0x5920 [ 96.686351][ T6189] sock_alloc_send_pskb+0x91a/0xa60 [ 96.686385][ T6189] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 96.686403][ T6189] ? mark_lock+0x9a/0x360 [ 96.686416][ T6189] ? __pfx_validate_chain+0x10/0x10 [ 96.686434][ T6189] ? __lock_acquire+0x1397/0x2100 [ 96.686461][ T6189] __ip_append_data+0x300d/0x46b0 [ 96.686503][ T6189] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.686530][ T6189] ? __pfx_lock_release+0x10/0x10 [ 96.686565][ T6189] ? __pfx___ip_append_data+0x10/0x10 [ 96.686588][ T6189] ? ip_setup_cork+0x580/0x9a0 [ 96.686612][ T6189] ip_make_skb+0x198/0x420 [ 96.686640][ T6189] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.686660][ T6189] ? __pfx_ip_make_skb+0x10/0x10 [ 96.686687][ T6189] ? rt_is_expired+0x242/0x2c0 [ 96.686708][ T6189] ? ipv4_dst_check+0x59/0x80 [ 96.686724][ T6189] ? __pfx_ipv4_dst_check+0x10/0x10 [ 96.686745][ T6189] udp_sendmsg+0x1c33/0x2b00 [ 96.686786][ T6189] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.686808][ T6189] ? __pfx_udp_sendmsg+0x10/0x10 [ 96.686862][ T6189] ? inet_sendmsg+0x2ba/0x390 [ 96.686888][ T6189] __sock_sendmsg+0x1a6/0x270 [ 96.686910][ T6189] ____sys_sendmsg+0x53a/0x860 [ 96.686934][ T6189] ? __pfx_____sys_sendmsg+0x10/0x10 [ 96.686949][ T6189] ? __fget_files+0x2a/0x410 [ 96.686971][ T6189] ? __fget_files+0x2a/0x410 [ 96.686999][ T6189] __sys_sendmmsg+0x36a/0x720 [ 96.687025][ T6189] ? __pfx___sys_sendmmsg+0x10/0x10 [ 96.687051][ T6189] ? __pfx_lock_release+0x10/0x10 [ 96.687069][ T6189] ? kstrtouint_from_user+0x128/0x190 [ 96.687106][ T6189] ? ksys_write+0x22a/0x2b0 [ 96.687123][ T6189] ? __pfx_lock_release+0x10/0x10 [ 96.687150][ T6189] ? sb_end_write+0xe9/0x1c0 [ 96.687172][ T6189] ? vfs_write+0x7fa/0xd10 [ 96.687190][ T6189] ? __mutex_unlock_slowpath+0x227/0x800 [ 96.687235][ T6189] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 96.687258][ T6189] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 96.687281][ T6189] ? do_syscall_64+0x100/0x230 [ 96.687307][ T6189] __x64_sys_sendmmsg+0xa0/0xb0 [ 96.687325][ T6189] do_syscall_64+0xf3/0x230 [ 96.687346][ T6189] ? clear_bhb_loop+0x35/0x90 [ 96.687368][ T6189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.687388][ T6189] RIP: 0033:0x7f03c838d169 [ 96.687403][ T6189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.687415][ T6189] RSP: 002b:00007f03c91a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 96.687434][ T6189] RAX: ffffffffffffffda RBX: 00007f03c85a6160 RCX: 00007f03c838d169 [ 96.687445][ T6189] RDX: 000000000800001d RSI: 0000400000007fc0 RDI: 0000000000000005 [ 96.687455][ T6189] RBP: 00007f03c91a4090 R08: 0000000000000000 R09: 0000000000000000 [ 96.687464][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.687473][ T6189] R13: 0000000000000000 R14: 00007f03c85a6160 R15: 00007f03c86cfa28 [ 96.687496][ T6189] [ 97.381180][ T36] hsr_slave_0: left promiscuous mode [ 97.387758][ T36] hsr_slave_1: left promiscuous mode [ 97.402661][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.410372][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.427118][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.435278][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.475476][ T6192] capability: warning: `syz.0.55' uses deprecated v2 capabilities in a way that may be insecure [ 97.498088][ T36] veth1_macvtap: left promiscuous mode [ 97.504174][ T36] veth0_macvtap: left promiscuous mode [ 97.509855][ T36] veth1_vlan: left promiscuous mode [ 97.515539][ T36] veth0_vlan: left promiscuous mode [ 98.334066][ T5844] Bluetooth: hci4: command tx timeout [ 98.880244][ T978] usb 4-1: unable to get BOS descriptor or descriptor too short [ 98.913902][ T978] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 98.941973][ T978] usb 4-1: can't read configurations, error -71 [ 98.983555][ T36] team0 (unregistering): Port device team_slave_1 removed [ 99.179076][ T6205] process 'syz.3.63' launched './file1' with NULL argv: empty string added [ 99.212370][ T36] team0 (unregistering): Port device team_slave_0 removed [ 100.229705][ T5889] usb 1-1: USB disconnect, device number 5 [ 100.300545][ T6191] bridge1: entered promiscuous mode [ 100.415510][ T5844] Bluetooth: hci4: command tx timeout [ 100.592973][ T6220] netlink: 'syz.0.68': attribute type 3 has an invalid length. [ 100.605935][ T6220] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.68'. [ 100.650949][ T6146] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.684099][ T6146] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.698681][ T6146] bridge_slave_0: entered allmulticast mode [ 100.720386][ T6146] bridge_slave_0: entered promiscuous mode [ 100.759481][ T6146] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.782774][ T6146] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.790543][ T6146] bridge_slave_1: entered allmulticast mode [ 100.798005][ T6146] bridge_slave_1: entered promiscuous mode [ 100.948602][ T6146] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.013285][ T6146] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.196184][ T6146] team0: Port device team_slave_0 added [ 101.224959][ T6146] team0: Port device team_slave_1 added [ 101.429085][ T6146] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.453055][ T6146] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.583850][ T6146] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.699357][ T6146] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.727265][ T6146] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.825072][ T6146] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.900553][ T5939] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 102.036082][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.061816][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.063922][ T5894] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 102.083991][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.092256][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.099442][ T52] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 102.107244][ T6146] hsr_slave_0: entered promiscuous mode [ 102.132095][ T5851] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 102.142869][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.168291][ T5939] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 102.197785][ T5939] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 102.221544][ T6146] hsr_slave_1: entered promiscuous mode [ 102.237968][ T5939] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 102.251153][ T6146] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.270609][ T5939] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 102.273955][ T6146] Cannot create hsr debugfs directory [ 102.284250][ T5894] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 102.302345][ T52] usb 4-1: config 0 has no interfaces? [ 102.322216][ T52] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 102.334160][ T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.340223][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.342161][ T52] usb 4-1: Product: syz [ 102.342179][ T52] usb 4-1: Manufacturer: syz [ 102.342192][ T52] usb 4-1: SerialNumber: syz [ 102.366333][ T5894] usb 5-1: Product: syz [ 102.372110][ T5894] usb 5-1: Manufacturer: syz [ 102.373371][ T52] usb 4-1: config 0 descriptor?? [ 102.377094][ T5939] usb 1-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 102.392324][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.396042][ T4947] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.400519][ T5894] usb 5-1: SerialNumber: syz [ 102.424124][ T5939] usb 1-1: Product: syz [ 102.459056][ T5939] usb 1-1: Manufacturer: syz [ 102.484081][ T5939] usb 1-1: SerialNumber: syz [ 102.491923][ T5894] usb 5-1: config 0 descriptor?? [ 102.504934][ T5851] Bluetooth: hci4: command tx timeout [ 102.544373][ T5939] usb 1-1: config 0 descriptor?? [ 102.547373][ T4947] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.599493][ T5894] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 102.635986][ T5939] kvaser_usb 1-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 102.752864][ T6243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.770062][ T5894] gspca_sunplus: reg_r err -71 [ 102.781214][ T5894] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 102.796744][ T6243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.823906][ T6243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.846964][ T5894] usb 5-1: USB disconnect, device number 4 [ 102.868073][ T6243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.878743][ T4947] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.992471][ T6243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.058318][ T6243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.073627][ T6243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.083648][ T6243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.098410][ T6243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.107359][ T6243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.138773][ T975] usb 1-1: USB disconnect, device number 6 [ 103.352163][ T4947] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.419373][ T6258] chnl_net:caif_netlink_parms(): no params data found [ 104.024057][ T5939] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 104.086884][ T4947] bridge_slave_1: left allmulticast mode [ 104.104146][ T4947] bridge_slave_1: left promiscuous mode [ 104.110005][ T4947] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.126884][ T4947] bridge_slave_0: left allmulticast mode [ 104.132924][ T4947] bridge_slave_0: left promiscuous mode [ 104.139600][ T4947] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.186094][ T5939] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 104.255147][ T5851] Bluetooth: hci3: command tx timeout [ 104.295650][ T5939] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 559 [ 104.331778][ T5939] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 104.348479][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.385474][ T6285] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 104.408047][ T5939] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 104.522007][ T6303] FAULT_INJECTION: forcing a failure. [ 104.522007][ T6303] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.622100][ T4947] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.638712][ T4947] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.653344][ T4947] bond0 (unregistering): Released all slaves [ 104.669460][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.687186][ T6258] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.698699][ T6258] bridge_slave_0: entered allmulticast mode [ 104.711860][ T6258] bridge_slave_0: entered promiscuous mode [ 104.767013][ T6303] CPU: 1 UID: 0 PID: 6303 Comm: syz.0.81 Not tainted 6.14.0-rc6-syzkaller #0 [ 104.767038][ T6303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 104.767047][ T6303] Call Trace: [ 104.767052][ T6303] [ 104.767059][ T6303] dump_stack_lvl+0x241/0x360 [ 104.767084][ T6303] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.767099][ T6303] ? __pfx__printk+0x10/0x10 [ 104.767118][ T6303] ? snprintf+0xda/0x120 [ 104.767137][ T6303] should_fail_ex+0x40a/0x550 [ 104.767161][ T6303] _copy_to_user+0x31/0xb0 [ 104.767182][ T6303] simple_read_from_buffer+0xca/0x150 [ 104.767204][ T6303] proc_fail_nth_read+0x1e9/0x250 [ 104.767226][ T6303] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.767247][ T6303] ? rw_verify_area+0x243/0x630 [ 104.767262][ T6303] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.767281][ T6303] vfs_read+0x1f8/0xb40 [ 104.767298][ T6303] ? fdget_pos+0x254/0x320 [ 104.767318][ T6303] ? __pfx___mutex_lock+0x10/0x10 [ 104.767339][ T6303] ? __pfx_vfs_read+0x10/0x10 [ 104.767356][ T6303] ? __fget_files+0x2a/0x410 [ 104.767376][ T6303] ? __fget_files+0x395/0x410 [ 104.767407][ T6303] ? __fget_files+0x2a/0x410 [ 104.767434][ T6303] ksys_read+0x18f/0x2b0 [ 104.767451][ T6303] ? __pfx_ksys_read+0x10/0x10 [ 104.767467][ T6303] ? do_syscall_64+0x100/0x230 [ 104.767494][ T6303] ? do_syscall_64+0xb6/0x230 [ 104.767516][ T6303] do_syscall_64+0xf3/0x230 [ 104.767535][ T6303] ? clear_bhb_loop+0x35/0x90 [ 104.767558][ T6303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.767576][ T6303] RIP: 0033:0x7f24f858bb7c [ 104.767590][ T6303] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 104.767601][ T6303] RSP: 002b:00007f24f939e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 104.767617][ T6303] RAX: ffffffffffffffda RBX: 00007f24f87a5fa0 RCX: 00007f24f858bb7c [ 104.767627][ T6303] RDX: 000000000000000f RSI: 00007f24f939e0a0 RDI: 0000000000000004 [ 104.767636][ T6303] RBP: 00007f24f939e090 R08: 0000000000000000 R09: 0000000000000000 [ 104.767644][ T6303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.767652][ T6303] R13: 0000000000000000 R14: 00007f24f87a5fa0 R15: 00007f24f88cfa28 [ 104.767675][ T6303] [ 104.845897][ T6279] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 105.001343][ T6279] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 105.112266][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.119766][ T6258] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.133733][ T6258] bridge_slave_1: entered allmulticast mode [ 105.147761][ T6306] netlink: 16 bytes leftover after parsing attributes in process `syz.0.82'. [ 105.168430][ T5889] usb 5-1: USB disconnect, device number 5 [ 105.178923][ T6258] bridge_slave_1: entered promiscuous mode [ 105.206125][ T6146] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 105.307695][ T5939] usb 4-1: USB disconnect, device number 10 [ 105.393149][ T6146] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 105.401178][ T6147] udevd[6147]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 105.446509][ T6146] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 105.543510][ T6258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.586385][ T6258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.609658][ T6146] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 105.691684][ T6319] FAULT_INJECTION: forcing a failure. [ 105.691684][ T6319] name failslab, interval 1, probability 0, space 0, times 0 [ 105.740567][ T6319] CPU: 1 UID: 0 PID: 6319 Comm: syz.0.85 Not tainted 6.14.0-rc6-syzkaller #0 [ 105.740591][ T6319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 105.740601][ T6319] Call Trace: [ 105.740607][ T6319] [ 105.740614][ T6319] dump_stack_lvl+0x241/0x360 [ 105.740647][ T6319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.740665][ T6319] ? __pfx__printk+0x10/0x10 [ 105.740684][ T6319] ? fs_reclaim_acquire+0x93/0x130 [ 105.740700][ T6319] ? __pfx___might_resched+0x10/0x10 [ 105.740719][ T6319] ? dynamic_dname+0x144/0x1b0 [ 105.740739][ T6319] should_fail_ex+0x40a/0x550 [ 105.740767][ T6319] should_failslab+0xac/0x100 [ 105.740790][ T6319] __kmalloc_noprof+0xdd/0x4c0 [ 105.740810][ T6319] ? tomoyo_encode+0x26f/0x540 [ 105.740832][ T6319] tomoyo_encode+0x26f/0x540 [ 105.740849][ T6319] ? __pfx_anon_inodefs_dname+0x10/0x10 [ 105.740872][ T6319] tomoyo_realpath_from_path+0x59e/0x5e0 [ 105.740901][ T6319] tomoyo_path_number_perm+0x239/0x770 [ 105.740922][ T6319] ? __lock_acquire+0x1397/0x2100 [ 105.740948][ T6319] ? tomoyo_path_number_perm+0x209/0x770 [ 105.740971][ T6319] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 105.741032][ T6319] ? __fget_files+0x2a/0x410 [ 105.741057][ T6319] ? __fget_files+0x2a/0x410 [ 105.741084][ T6319] security_file_ioctl+0xc6/0x2a0 [ 105.741106][ T6319] __se_sys_ioctl+0x46/0x170 [ 105.741126][ T6319] do_syscall_64+0xf3/0x230 [ 105.741150][ T6319] ? clear_bhb_loop+0x35/0x90 [ 105.741174][ T6319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.741194][ T6319] RIP: 0033:0x7f24f858d169 [ 105.741209][ T6319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.741221][ T6319] RSP: 002b:00007f24f939e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.741243][ T6319] RAX: ffffffffffffffda RBX: 00007f24f87a5fa0 RCX: 00007f24f858d169 [ 105.741255][ T6319] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 105.741265][ T6319] RBP: 00007f24f939e090 R08: 0000000000000000 R09: 0000000000000000 [ 105.741274][ T6319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.741284][ T6319] R13: 0000000000000000 R14: 00007f24f87a5fa0 R15: 00007f24f88cfa28 [ 105.741310][ T6319] [ 105.741398][ T6319] ERROR: Out of memory at tomoyo_realpath_from_path. [ 105.988158][ T6258] team0: Port device team_slave_0 added [ 105.996687][ T6258] team0: Port device team_slave_1 added [ 106.043547][ T4947] hsr_slave_0: left promiscuous mode [ 106.095514][ T6331] FAULT_INJECTION: forcing a failure. [ 106.095514][ T6331] name failslab, interval 1, probability 0, space 0, times 0 [ 106.122991][ T4947] hsr_slave_1: left promiscuous mode [ 106.139289][ T4947] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.158302][ T6331] CPU: 1 UID: 0 PID: 6331 Comm: syz.3.87 Not tainted 6.14.0-rc6-syzkaller #0 [ 106.158333][ T6331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.158343][ T6331] Call Trace: [ 106.158349][ T6331] [ 106.158357][ T6331] dump_stack_lvl+0x241/0x360 [ 106.158383][ T6331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.158401][ T6331] ? __pfx__printk+0x10/0x10 [ 106.158418][ T6331] ? kmem_cache_alloc_noprof+0x48/0x380 [ 106.158440][ T6331] ? __pfx___might_resched+0x10/0x10 [ 106.158462][ T6331] should_fail_ex+0x40a/0x550 [ 106.158489][ T6331] should_failslab+0xac/0x100 [ 106.158510][ T6331] ? getname_flags+0xb7/0x540 [ 106.158529][ T6331] kmem_cache_alloc_noprof+0x70/0x380 [ 106.158554][ T6331] getname_flags+0xb7/0x540 [ 106.158571][ T6331] ? do_syscall_64+0x100/0x230 [ 106.158594][ T6331] __x64_sys_renameat2+0xba/0xe0 [ 106.158615][ T6331] do_syscall_64+0xf3/0x230 [ 106.158636][ T6331] ? clear_bhb_loop+0x35/0x90 [ 106.158660][ T6331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.158680][ T6331] RIP: 0033:0x7f446218d169 [ 106.158694][ T6331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.158707][ T6331] RSP: 002b:00007f446300d038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 106.158725][ T6331] RAX: ffffffffffffffda RBX: 00007f44623a5fa0 RCX: 00007f446218d169 [ 106.158736][ T6331] RDX: ffffffffffffff9c RSI: 0000400000000600 RDI: ffffffffffffff9c [ 106.158747][ T6331] RBP: 00007f446300d090 R08: 0000000000000002 R09: 0000000000000000 [ 106.158757][ T6331] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001 [ 106.158767][ T6331] R13: 0000000000000000 R14: 00007f44623a5fa0 R15: 00007f44624cfa28 [ 106.158791][ T6331] [ 106.174900][ T4947] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.344332][ T5851] Bluetooth: hci3: command tx timeout [ 106.456882][ T4947] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.465304][ T4947] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.533787][ T4947] veth1_macvtap: left promiscuous mode [ 106.539844][ T4947] veth0_macvtap: left promiscuous mode [ 106.545844][ T4947] veth1_vlan: left promiscuous mode [ 106.551138][ T4947] veth0_vlan: left promiscuous mode [ 106.564113][ T5889] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 106.709286][ T5889] usb 4-1: device descriptor read/64, error -71 [ 106.976248][ T5889] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 107.115652][ T4947] team0 (unregistering): Port device team_slave_1 removed [ 107.124609][ T5889] usb 4-1: device descriptor read/64, error -71 [ 107.171218][ T4947] team0 (unregistering): Port device team_slave_0 removed [ 107.250315][ T5889] usb usb4-port1: attempt power cycle [ 107.654584][ T5889] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 107.702918][ T5889] usb 4-1: device descriptor read/8, error -71 [ 107.730960][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.738179][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.766228][ T6258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.779078][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.786234][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.812389][ T6258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.906098][ T6258] hsr_slave_0: entered promiscuous mode [ 107.920873][ T6258] hsr_slave_1: entered promiscuous mode [ 107.935431][ T6258] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.944665][ T6258] Cannot create hsr debugfs directory [ 107.964056][ T5889] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 107.965146][ T5894] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 107.995466][ T5889] usb 4-1: device descriptor read/8, error -71 [ 108.104517][ T5889] usb usb4-port1: unable to enumerate USB device [ 108.177364][ T5894] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.203939][ T5894] usb 5-1: config 0 has no interfaces? [ 108.209487][ T5894] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 108.244235][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.284893][ T5894] usb 5-1: config 0 descriptor?? [ 108.332682][ T6146] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.409192][ T4947] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.424225][ T5851] Bluetooth: hci3: command tx timeout [ 108.487774][ T6146] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.594783][ T4947] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.617495][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.627484][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.636897][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.646787][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.665287][ T5844] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 108.676532][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 108.683734][ T6258] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 108.699253][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.706505][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.741842][ T6258] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 108.752982][ T6258] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 108.807569][ T4947] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.832534][ T6258] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 108.857458][ T6338] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.864848][ T6338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.897913][ T4947] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.021413][ T5889] usb 5-1: USB disconnect, device number 6 [ 109.150211][ T4947] bridge_slave_1: left allmulticast mode [ 109.156604][ T4947] bridge_slave_1: left promiscuous mode [ 109.162307][ T4947] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.172256][ T4947] bridge_slave_0: left allmulticast mode [ 109.178512][ T4947] bridge_slave_0: left promiscuous mode [ 109.185201][ T4947] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.705521][ T6378] FAULT_INJECTION: forcing a failure. [ 109.705521][ T6378] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.745268][ T6379] syz.3.97 uses obsolete (PF_INET,SOCK_PACKET) [ 109.754225][ T6378] CPU: 0 UID: 0 PID: 6378 Comm: syz.4.98 Not tainted 6.14.0-rc6-syzkaller #0 [ 109.754248][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.754256][ T6378] Call Trace: [ 109.754270][ T6378] [ 109.754277][ T6378] dump_stack_lvl+0x241/0x360 [ 109.754303][ T6378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.754319][ T6378] ? __pfx__printk+0x10/0x10 [ 109.754338][ T6378] ? snprintf+0xda/0x120 [ 109.754358][ T6378] should_fail_ex+0x40a/0x550 [ 109.754383][ T6378] _copy_to_user+0x31/0xb0 [ 109.754404][ T6378] simple_read_from_buffer+0xca/0x150 [ 109.754426][ T6378] proc_fail_nth_read+0x1e9/0x250 [ 109.754448][ T6378] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.754471][ T6378] ? rw_verify_area+0x243/0x630 [ 109.754485][ T6378] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.754506][ T6378] vfs_read+0x1f8/0xb40 [ 109.754522][ T6378] ? fdget_pos+0x254/0x320 [ 109.754544][ T6378] ? __pfx___mutex_lock+0x10/0x10 [ 109.754567][ T6378] ? __pfx_vfs_read+0x10/0x10 [ 109.754585][ T6378] ? __fget_files+0x2a/0x410 [ 109.754607][ T6378] ? __fget_files+0x395/0x410 [ 109.754626][ T6378] ? __fget_files+0x2a/0x410 [ 109.754654][ T6378] ksys_read+0x18f/0x2b0 [ 109.754673][ T6378] ? __pfx_ksys_read+0x10/0x10 [ 109.754689][ T6378] ? do_syscall_64+0x100/0x230 [ 109.754713][ T6378] ? do_syscall_64+0xb6/0x230 [ 109.754735][ T6378] do_syscall_64+0xf3/0x230 [ 109.754755][ T6378] ? clear_bhb_loop+0x35/0x90 [ 109.754779][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.754798][ T6378] RIP: 0033:0x7f03c838bb7c [ 109.754813][ T6378] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 109.754823][ T6378] RSP: 002b:00007f03c91e6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.754840][ T6378] RAX: ffffffffffffffda RBX: 00007f03c85a5fa0 RCX: 00007f03c838bb7c [ 109.754850][ T6378] RDX: 000000000000000f RSI: 00007f03c91e60a0 RDI: 0000000000000004 [ 109.754859][ T6378] RBP: 00007f03c91e6090 R08: 0000000000000000 R09: 0000000000000000 [ 109.754869][ T6378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.754877][ T6378] R13: 0000000000000000 R14: 00007f03c85a5fa0 R15: 00007f03c86cfa28 [ 109.754899][ T6378] [ 110.015133][ T4947] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 110.054588][ T4947] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 110.099926][ T4947] bond0 (unregistering): Released all slaves [ 110.361634][ T6362] chnl_net:caif_netlink_parms(): no params data found [ 110.494128][ T5844] Bluetooth: hci3: command tx timeout [ 110.647639][ T6258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.709926][ T4947] hsr_slave_0: left promiscuous mode [ 110.716394][ T4947] hsr_slave_1: left promiscuous mode [ 110.722355][ T4947] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.734836][ T5844] Bluetooth: hci1: command tx timeout [ 110.763927][ T4947] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.785706][ T4947] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.793172][ T4947] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.862221][ T4947] veth1_macvtap: left promiscuous mode [ 110.878115][ T4947] veth0_macvtap: left promiscuous mode [ 110.883776][ T4947] veth1_vlan: left promiscuous mode [ 110.889493][ T4947] veth0_vlan: left promiscuous mode [ 111.969485][ T4947] team0 (unregistering): Port device team_slave_1 removed [ 112.009215][ T4947] team0 (unregistering): Port device team_slave_0 removed [ 112.459398][ T6362] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.482361][ T6362] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.490616][ T6362] bridge_slave_0: entered allmulticast mode [ 112.499019][ T6362] bridge_slave_0: entered promiscuous mode [ 112.511395][ T6146] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.554370][ T6362] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.561579][ T6362] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.573551][ T6362] bridge_slave_1: entered allmulticast mode [ 112.581736][ T6362] bridge_slave_1: entered promiscuous mode [ 112.656907][ T6258] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.682899][ T6362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.751296][ T6362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.762740][ T6433] FAULT_INJECTION: forcing a failure. [ 112.762740][ T6433] name failslab, interval 1, probability 0, space 0, times 0 [ 112.800287][ T6433] CPU: 1 UID: 0 PID: 6433 Comm: syz.3.108 Not tainted 6.14.0-rc6-syzkaller #0 [ 112.800311][ T6433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 112.800320][ T6433] Call Trace: [ 112.800327][ T6433] [ 112.800334][ T6433] dump_stack_lvl+0x241/0x360 [ 112.800358][ T6433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.800374][ T6433] ? __pfx__printk+0x10/0x10 [ 112.800391][ T6433] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 112.800412][ T6433] ? __pfx___might_resched+0x10/0x10 [ 112.800433][ T6433] should_fail_ex+0x40a/0x550 [ 112.800459][ T6433] should_failslab+0xac/0x100 [ 112.800480][ T6433] kmem_cache_alloc_node_noprof+0x77/0x380 [ 112.800500][ T6433] ? __alloc_skb+0x1c3/0x440 [ 112.800525][ T6433] __alloc_skb+0x1c3/0x440 [ 112.800547][ T6433] ? mark_lock+0x9a/0x360 [ 112.800565][ T6433] ? __pfx___alloc_skb+0x10/0x10 [ 112.800585][ T6433] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 112.800609][ T6433] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 112.800637][ T6433] virtio_transport_alloc_skb+0x4b/0xe90 [ 112.800664][ T6433] ? __vsock_bind+0xc63/0xe20 [ 112.800682][ T6433] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 112.800705][ T6433] virtio_transport_send_pkt_info+0x56f/0x10b0 [ 112.800729][ T6433] ? __vsock_bind+0xc63/0xe20 [ 112.800760][ T6433] virtio_transport_connect+0xd9/0x140 [ 112.800779][ T6433] ? __pfx_virtio_transport_connect+0x10/0x10 [ 112.800800][ T6433] ? __pfx_vsock_auto_bind+0x10/0x10 [ 112.800821][ T6433] ? vsock_assign_transport+0x51f/0x660 [ 112.800839][ T6433] ? vsock_connect+0x5c3/0xe70 [ 112.800862][ T6433] vsock_connect+0xbdc/0xe70 [ 112.800887][ T6433] ? aa_sk_perm+0x96d/0xab0 [ 112.800910][ T6433] ? __pfx_vsock_connect+0x10/0x10 [ 112.800935][ T6433] ? vfs_write+0x7fa/0xd10 [ 112.800953][ T6433] ? __pfx_autoremove_wake_function+0x10/0x10 [ 112.800973][ T6433] ? __might_fault+0xc6/0x120 [ 112.800995][ T6433] __sys_connect+0x288/0x2d0 [ 112.801017][ T6433] ? __fget_files+0x2a/0x410 [ 112.801037][ T6433] ? __pfx___sys_connect+0x10/0x10 [ 112.801069][ T6433] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 112.801090][ T6433] ? do_syscall_64+0x100/0x230 [ 112.801110][ T6433] __x64_sys_connect+0x7a/0x90 [ 112.801127][ T6433] do_syscall_64+0xf3/0x230 [ 112.801144][ T6433] ? clear_bhb_loop+0x35/0x90 [ 112.801163][ T6433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.801179][ T6433] RIP: 0033:0x7f446218d169 [ 112.801191][ T6433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.801201][ T6433] RSP: 002b:00007f446300d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 112.801217][ T6433] RAX: ffffffffffffffda RBX: 00007f44623a5fa0 RCX: 00007f446218d169 [ 112.801226][ T6433] RDX: 0000000000000010 RSI: 0000400000000080 RDI: 0000000000000004 [ 112.801233][ T6433] RBP: 00007f446300d090 R08: 0000000000000000 R09: 0000000000000000 [ 112.801240][ T6433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.801247][ T6433] R13: 0000000000000000 R14: 00007f44623a5fa0 R15: 00007f44624cfa28 [ 112.801268][ T6433] [ 113.117366][ T5844] Bluetooth: hci1: command tx timeout [ 113.193614][ T6258] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 113.205672][ T6258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 113.245699][ T6258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.256623][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.263857][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.350398][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.357582][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.434054][ T6362] team0: Port device team_slave_0 added [ 113.448036][ T6362] team0: Port device team_slave_1 added [ 113.486191][ T6258] veth0_vlan: entered promiscuous mode [ 113.498380][ T6258] veth1_vlan: entered promiscuous mode [ 113.658355][ T6146] veth0_vlan: entered promiscuous mode [ 113.743206][ T6362] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.761219][ T6362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.823859][ T6362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.863428][ T6146] veth1_vlan: entered promiscuous mode [ 113.937370][ T6362] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.974813][ T6362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.038158][ T6362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.091589][ T6258] veth0_macvtap: entered promiscuous mode [ 114.158978][ T6146] veth0_macvtap: entered promiscuous mode [ 114.311570][ T6362] hsr_slave_0: entered promiscuous mode [ 114.330571][ T6362] hsr_slave_1: entered promiscuous mode [ 114.354975][ T6258] veth1_macvtap: entered promiscuous mode [ 114.380055][ T6146] veth1_macvtap: entered promiscuous mode [ 114.593324][ T6258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.620066][ T6258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.632172][ T6258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.643708][ T6258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.654857][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.771889][ T6258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.804076][ T6258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.814780][ T6258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.833878][ T6258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.847435][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.910026][ T6472] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 114.940537][ T6258] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.956765][ T6258] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.960188][ T6472] netlink: 220 bytes leftover after parsing attributes in process `syz.4.115'. [ 114.966047][ T6258] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.983609][ T6258] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.992421][ T6472] ksmbd: Unknown IPC event: 4, ignore. [ 115.009113][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.027521][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.038419][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.050060][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.060471][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.071401][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.081814][ T975] IPVS: starting estimator thread 0... [ 115.082863][ T6146] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.118371][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.130872][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.143464][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.145274][ T5844] Bluetooth: hci1: command tx timeout [ 115.161012][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.171172][ T6146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.184071][ T6476] IPVS: using max 23 ests per chain, 55200 per kthread [ 115.192622][ T6146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.208255][ T6146] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.263626][ T6146] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.273215][ T6146] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.282470][ T6146] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.291665][ T6146] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.518484][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.540150][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.638243][ T6362] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 115.654059][ T5939] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 115.670645][ T6362] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 115.687046][ T6362] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 115.712318][ T6362] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 115.781333][ T6338] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.807120][ T6338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.814675][ T1801] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.822640][ T1801] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.838059][ T5939] usb 5-1: unable to get BOS descriptor or descriptor too short [ 115.851527][ T5939] usb 5-1: not running at top speed; connect to a high speed hub [ 115.864777][ T5939] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 115.880822][ T5939] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 115.893200][ T5939] usb 5-1: config 1 has no interface number 1 [ 115.906104][ T5939] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 115.920453][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.932691][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.952703][ T6491] warning: `syz.3.117' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 115.967933][ T5939] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 116.003004][ T5939] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 116.012634][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.042279][ T5939] usb 5-1: Product: syz [ 116.065503][ T5939] usb 5-1: Manufacturer: syz [ 116.075972][ T5939] usb 5-1: SerialNumber: syz [ 116.198592][ T6362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.301502][ T6362] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.386683][ T4947] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.394195][ T4947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.416435][ T4947] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.423710][ T4947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.512406][ T6506] netlink: 32 bytes leftover after parsing attributes in process `syz.5.118'. [ 116.558850][ T5939] hub 5-1:1.0: Invalid hub with more than one config or interface [ 116.569095][ T5939] hub 5-1:1.0: probe with driver hub failed with error -22 [ 116.589428][ T5939] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 116.671586][ T5939] usb 5-1: USB disconnect, device number 7 [ 116.728117][ T6362] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.972283][ T6362] veth0_vlan: entered promiscuous mode [ 117.071533][ T6362] veth1_vlan: entered promiscuous mode [ 117.117599][ T6143] udevd[6143]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.224664][ T5844] Bluetooth: hci1: command tx timeout [ 117.371185][ T6362] veth0_macvtap: entered promiscuous mode [ 117.407501][ T6362] veth1_macvtap: entered promiscuous mode [ 117.412870][ T6524] FAULT_INJECTION: forcing a failure. [ 117.412870][ T6524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.470551][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.479037][ T6524] CPU: 0 UID: 0 PID: 6524 Comm: syz.4.123 Not tainted 6.14.0-rc6-syzkaller #0 [ 117.479065][ T6524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 117.479076][ T6524] Call Trace: [ 117.479084][ T6524] [ 117.479092][ T6524] dump_stack_lvl+0x241/0x360 [ 117.479119][ T6524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.479136][ T6524] ? __pfx__printk+0x10/0x10 [ 117.479153][ T6524] ? __pfx_lock_release+0x10/0x10 [ 117.479183][ T6524] should_fail_ex+0x40a/0x550 [ 117.479209][ T6524] _copy_from_iter+0x1df/0x1c40 [ 117.479228][ T6524] ? __virt_addr_valid+0x183/0x530 [ 117.479242][ T6524] ? __pfx_lock_release+0x10/0x10 [ 117.479266][ T6524] ? __alloc_skb+0x28f/0x440 [ 117.479289][ T6524] ? __pfx__copy_from_iter+0x10/0x10 [ 117.479308][ T6524] ? __virt_addr_valid+0x183/0x530 [ 117.479322][ T6524] ? __virt_addr_valid+0x183/0x530 [ 117.479335][ T6524] ? __virt_addr_valid+0x45f/0x530 [ 117.479350][ T6524] ? __phys_addr_symbol+0x2f/0x70 [ 117.479363][ T6524] ? __check_object_size+0x47a/0x730 [ 117.479388][ T6524] pfkey_sendmsg+0x235/0x1070 [ 117.479414][ T6524] ? __pfx___might_resched+0x10/0x10 [ 117.479439][ T6524] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 117.479464][ T6524] ? aa_sk_perm+0x96d/0xab0 [ 117.479499][ T6524] ? __pfx_aa_sk_perm+0x10/0x10 [ 117.479518][ T6524] ? __import_iovec+0x582/0x830 [ 117.479539][ T6524] ? aa_sock_msg_perm+0x91/0x160 [ 117.479566][ T6524] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 117.479584][ T6524] __sock_sendmsg+0x221/0x270 [ 117.479607][ T6524] ____sys_sendmsg+0x53a/0x860 [ 117.479632][ T6524] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.479645][ T6524] ? __fget_files+0x2a/0x410 [ 117.479669][ T6524] ? __fget_files+0x2a/0x410 [ 117.479697][ T6524] __sys_sendmsg+0x269/0x350 [ 117.479718][ T6524] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.479744][ T6524] ? do_sys_openat2+0x17a/0x1d0 [ 117.479786][ T6524] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 117.479809][ T6524] ? do_syscall_64+0x100/0x230 [ 117.479833][ T6524] ? do_syscall_64+0xb6/0x230 [ 117.479857][ T6524] do_syscall_64+0xf3/0x230 [ 117.479878][ T6524] ? clear_bhb_loop+0x35/0x90 [ 117.479901][ T6524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.479921][ T6524] RIP: 0033:0x7f03c838d169 [ 117.479936][ T6524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.479948][ T6524] RSP: 002b:00007f03c91e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.479966][ T6524] RAX: ffffffffffffffda RBX: 00007f03c85a5fa0 RCX: 00007f03c838d169 [ 117.479977][ T6524] RDX: 0000000000000000 RSI: 0000400000000180 RDI: 0000000000000003 [ 117.479986][ T6524] RBP: 00007f03c91e6090 R08: 0000000000000000 R09: 0000000000000000 [ 117.479996][ T6524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.480005][ T6524] R13: 0000000000000000 R14: 00007f03c85a5fa0 R15: 00007f03c86cfa28 [ 117.480028][ T6524] [ 117.992877][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.020080][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.044019][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.064802][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.075571][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.086072][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.097479][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.115492][ T6362] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.192504][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.273663][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.305031][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.344076][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.403951][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.454131][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.498741][ T6362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.550032][ T6362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.602118][ T6362] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.668235][ T6545] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 118.737942][ T6362] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.748082][ T6362] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.765393][ T6362] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.774483][ T6362] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.056099][ T5939] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 119.225157][ T5939] usb 5-1: device descriptor read/64, error -71 [ 119.243008][ T6559] loop6: detected capacity change from 0 to 64 [ 119.295352][ T4947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.303587][ T4947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.424167][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.440998][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.485290][ T5939] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 119.655081][ T5939] usb 5-1: device descriptor read/64, error -71 [ 119.794209][ T5939] usb usb5-port1: attempt power cycle [ 120.018732][ T975] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 120.095239][ T6590] program syz.5.140 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 120.144190][ T5939] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 120.197083][ T5939] usb 5-1: device descriptor read/8, error -71 [ 120.204337][ T975] usb 8-1: Using ep0 maxpacket: 16 [ 120.206248][ T975] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 120.268944][ T975] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 120.312481][ T975] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 120.350567][ T975] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.385213][ T975] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.409222][ T975] usb 8-1: Product: syz [ 120.429494][ T975] usb 8-1: Manufacturer: syz [ 120.464671][ T975] usb 8-1: SerialNumber: syz [ 120.465033][ T5939] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 120.528328][ T5939] usb 5-1: device descriptor read/8, error -71 [ 120.644480][ T5939] usb usb5-port1: unable to enumerate USB device [ 120.713661][ T6577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.751582][ T6577] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.847856][ T975] usb-storage 8-1:1.2: USB Mass Storage device detected [ 120.973351][ T975] usb 8-1: USB disconnect, device number 2 [ 121.237853][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 121.803970][ T26] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 121.864110][ T5939] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 121.882389][ T6649] sctp: [Deprecated]: syz.4.152 (pid 6649) Use of int in max_burst socket option. [ 121.882389][ T6649] Use struct sctp_assoc_value instead [ 121.937881][ T6649] Zero length message leads to an empty skb [ 121.956369][ T6649] program syz.4.152 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 121.974351][ T26] usb 4-1: Using ep0 maxpacket: 8 [ 122.004269][ T26] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 122.032265][ T26] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 122.074265][ T5939] usb 8-1: Using ep0 maxpacket: 16 [ 122.082661][ T26] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.111693][ T5939] usb 8-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 122.121258][ T26] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.121307][ T26] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 122.121327][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.275929][ T5939] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.307611][ T5939] usb 8-1: config 0 descriptor?? [ 122.317219][ T5939] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 122.341478][ T26] usb 4-1: GET_CAPABILITIES returned 0 [ 122.384010][ T26] usbtmc 4-1:16.0: can't read capabilities [ 122.677069][ T975] usb 4-1: USB disconnect, device number 15 [ 123.158435][ T5939] gspca_sonixj: reg_r err -71 [ 123.166160][ T5939] sonixj 8-1:0.0: probe with driver sonixj failed with error -71 [ 123.184527][ T5939] usb 8-1: USB disconnect, device number 3 [ 123.313982][ T26] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 123.486357][ T26] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 123.536452][ T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.580189][ T6708] FAULT_INJECTION: forcing a failure. [ 123.580189][ T6708] name failslab, interval 1, probability 0, space 0, times 0 [ 123.599406][ T26] usb 6-1: config 0 descriptor?? [ 123.603976][ T6708] CPU: 0 UID: 0 PID: 6708 Comm: syz.4.166 Not tainted 6.14.0-rc6-syzkaller #0 [ 123.604001][ T6708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.604012][ T6708] Call Trace: [ 123.604018][ T6708] [ 123.604025][ T6708] dump_stack_lvl+0x241/0x360 [ 123.604052][ T6708] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.604069][ T6708] ? __pfx__printk+0x10/0x10 [ 123.604087][ T6708] ? fs_reclaim_acquire+0x93/0x130 [ 123.604105][ T6708] ? __pfx___might_resched+0x10/0x10 [ 123.604128][ T6708] should_fail_ex+0x40a/0x550 [ 123.604155][ T6708] should_failslab+0xac/0x100 [ 123.604177][ T6708] __kmalloc_noprof+0xdd/0x4c0 [ 123.604196][ T6708] ? kstrtouint_from_user+0x128/0x190 [ 123.604212][ T6708] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 123.604234][ T6708] tomoyo_realpath_from_path+0xcf/0x5e0 [ 123.604261][ T6708] tomoyo_path_number_perm+0x239/0x770 [ 123.604282][ T6708] ? __lock_acquire+0x1397/0x2100 [ 123.604307][ T6708] ? tomoyo_path_number_perm+0x209/0x770 [ 123.604330][ T6708] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 123.604386][ T6708] ? __fget_files+0x2a/0x410 [ 123.604411][ T6708] ? __fget_files+0x2a/0x410 [ 123.604437][ T6708] security_file_ioctl+0xc6/0x2a0 [ 123.604459][ T6708] __se_sys_ioctl+0x46/0x170 [ 123.604478][ T6708] do_syscall_64+0xf3/0x230 [ 123.604500][ T6708] ? clear_bhb_loop+0x35/0x90 [ 123.604524][ T6708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.604543][ T6708] RIP: 0033:0x7f03c838d169 [ 123.604558][ T6708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.604571][ T6708] RSP: 002b:00007f03c91e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.604588][ T6708] RAX: ffffffffffffffda RBX: 00007f03c85a5fa0 RCX: 00007f03c838d169 [ 123.604600][ T6708] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 123.604609][ T6708] RBP: 00007f03c91e6090 R08: 0000000000000000 R09: 0000000000000000 [ 123.604619][ T6708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.604636][ T6708] R13: 0000000000000000 R14: 00007f03c85a5fa0 R15: 00007f03c86cfa28 [ 123.604660][ T6708] [ 123.604668][ T6708] ERROR: Out of memory at tomoyo_realpath_from_path. [ 123.609493][ T26] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 123.874993][ T26] usb 6-1: Detected FT232B [ 124.295165][ T6689] tipc: Invalid UDP bearer configuration [ 124.295213][ T6689] tipc: Enabling of bearer rejected, failed to enable media [ 124.681067][ T26] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 124.748518][ T26] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 124.799258][ T26] usb 6-1: USB disconnect, device number 2 [ 124.861687][ T26] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 124.939024][ T26] ftdi_sio 6-1:0.0: device disconnected [ 125.144542][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 125.335955][ T6773] netlink: 36 bytes leftover after parsing attributes in process `syz.3.180'. [ 125.403989][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 125.443994][ T10] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10 [ 125.503989][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.570015][ T10] usb 5-1: Product: syz [ 125.580467][ T10] usb 5-1: Manufacturer: syz [ 125.593884][ T10] usb 5-1: SerialNumber: syz [ 125.643390][ T10] usb 5-1: config 0 descriptor?? [ 125.694276][ T10] go7007 5-1:0.0: probe with driver go7007 failed with error -12 [ 125.784086][ T5894] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 125.835752][ T6784] trusted_key: encrypted_key: insufficient parameters specified [ 125.915388][ T6757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.930340][ T6757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.015489][ T5894] usb 8-1: Using ep0 maxpacket: 16 [ 126.022700][ T5894] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.070336][ T5894] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.151712][ T5894] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 126.182232][ T5894] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.218854][ T10] usb 5-1: USB disconnect, device number 12 [ 126.238936][ T5894] usb 8-1: config 0 descriptor?? [ 126.694564][ T5894] input: HID 05ac:8241 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:05AC:8241.0003/input/input7 [ 126.802134][ T6809] FAULT_INJECTION: forcing a failure. [ 126.802134][ T6809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.884171][ T6809] CPU: 1 UID: 0 PID: 6809 Comm: syz.5.190 Not tainted 6.14.0-rc6-syzkaller #0 [ 126.884196][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 126.884207][ T6809] Call Trace: [ 126.884213][ T6809] [ 126.884221][ T6809] dump_stack_lvl+0x241/0x360 [ 126.884254][ T6809] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.884272][ T6809] ? __pfx__printk+0x10/0x10 [ 126.884290][ T6809] ? __pfx_lock_release+0x10/0x10 [ 126.884321][ T6809] should_fail_ex+0x40a/0x550 [ 126.884349][ T6809] _copy_from_iter+0x1df/0x1c40 [ 126.884368][ T6809] ? __virt_addr_valid+0x183/0x530 [ 126.884385][ T6809] ? __pfx_lock_release+0x10/0x10 [ 126.884413][ T6809] ? __alloc_skb+0x28f/0x440 [ 126.884436][ T6809] ? __pfx__copy_from_iter+0x10/0x10 [ 126.884456][ T6809] ? __virt_addr_valid+0x183/0x530 [ 126.884471][ T6809] ? __virt_addr_valid+0x183/0x530 [ 126.884484][ T6809] ? __virt_addr_valid+0x45f/0x530 [ 126.884500][ T6809] ? __phys_addr_symbol+0x2f/0x70 [ 126.884515][ T6809] ? __check_object_size+0x47a/0x730 [ 126.884541][ T6809] netlink_sendmsg+0x742/0xcb0 [ 126.884569][ T6809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.884589][ T6809] ? aa_sock_msg_perm+0x91/0x160 [ 126.884616][ T6809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.884633][ T6809] __sock_sendmsg+0x221/0x270 [ 126.884657][ T6809] ____sys_sendmsg+0x53a/0x860 [ 126.884683][ T6809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.884698][ T6809] ? __fget_files+0x2a/0x410 [ 126.884723][ T6809] ? __fget_files+0x2a/0x410 [ 126.884756][ T6809] __sys_sendmsg+0x269/0x350 [ 126.884775][ T6809] ? __pfx___sys_sendmsg+0x10/0x10 [ 126.884802][ T6809] ? do_sys_openat2+0x17a/0x1d0 [ 126.884844][ T6809] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 126.884866][ T6809] ? do_syscall_64+0x100/0x230 [ 126.884891][ T6809] ? do_syscall_64+0xb6/0x230 [ 126.884915][ T6809] do_syscall_64+0xf3/0x230 [ 126.884937][ T6809] ? clear_bhb_loop+0x35/0x90 [ 126.884961][ T6809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.884981][ T6809] RIP: 0033:0x7f5e4858d169 [ 126.884996][ T6809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.885009][ T6809] RSP: 002b:00007f5e49423038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.885028][ T6809] RAX: ffffffffffffffda RBX: 00007f5e487a5fa0 RCX: 00007f5e4858d169 [ 126.885039][ T6809] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000003 [ 126.885050][ T6809] RBP: 00007f5e49423090 R08: 0000000000000000 R09: 0000000000000000 [ 126.885060][ T6809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.885069][ T6809] R13: 0000000000000000 R14: 00007f5e487a5fa0 R15: 00007f5e488cfa28 [ 126.885094][ T6809] [ 127.249321][ T5894] appleir 0003:05AC:8241.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.7-1/input0 [ 127.464777][ T5894] usb 8-1: USB disconnect, device number 4 [ 127.581559][ T6819] FAULT_INJECTION: forcing a failure. [ 127.581559][ T6819] name failslab, interval 1, probability 0, space 0, times 0 [ 127.673978][ T6819] CPU: 1 UID: 0 PID: 6819 Comm: syz.5.192 Not tainted 6.14.0-rc6-syzkaller #0 [ 127.674012][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 127.674022][ T6819] Call Trace: [ 127.674044][ T6819] [ 127.674051][ T6819] dump_stack_lvl+0x241/0x360 [ 127.674174][ T6819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.674193][ T6819] ? __pfx__printk+0x10/0x10 [ 127.674209][ T6819] ? __kmalloc_noprof+0xb5/0x4c0 [ 127.674238][ T6819] ? __pfx___might_resched+0x10/0x10 [ 127.674258][ T6819] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.674285][ T6819] should_fail_ex+0x40a/0x550 [ 127.674314][ T6819] should_failslab+0xac/0x100 [ 127.674337][ T6819] __kmalloc_noprof+0xdd/0x4c0 [ 127.674357][ T6819] ? copy_splice_read+0x17f/0xb40 [ 127.674380][ T6819] copy_splice_read+0x17f/0xb40 [ 127.674406][ T6819] ? __pfx_copy_splice_read+0x10/0x10 [ 127.674432][ T6819] ? __raw_spin_lock_init+0x45/0x100 [ 127.674460][ T6819] ? alloc_pipe_info+0x370/0x4d0 [ 127.674481][ T6819] splice_direct_to_actor+0x4fa/0xc80 [ 127.674519][ T6819] ? __pfx_direct_splice_actor+0x10/0x10 [ 127.674541][ T6819] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 127.674559][ T6819] ? __fget_files+0x2a/0x410 [ 127.674580][ T6819] ? __pfx_lock_release+0x10/0x10 [ 127.674604][ T6819] do_splice_direct+0x289/0x3e0 [ 127.674627][ T6819] ? __pfx_do_splice_direct+0x10/0x10 [ 127.674645][ T6819] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 127.674665][ T6819] ? bpf_lsm_file_permission+0x9/0x10 [ 127.674688][ T6819] ? rw_verify_area+0x243/0x630 [ 127.674707][ T6819] do_sendfile+0x564/0x8a0 [ 127.674733][ T6819] ? __pfx_do_sendfile+0x10/0x10 [ 127.674756][ T6819] ? __fget_files+0x2a/0x410 [ 127.674786][ T6819] __se_sys_sendfile64+0x17c/0x1e0 [ 127.674810][ T6819] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 127.674833][ T6819] ? do_syscall_64+0x100/0x230 [ 127.674860][ T6819] ? do_syscall_64+0xb6/0x230 [ 127.674886][ T6819] do_syscall_64+0xf3/0x230 [ 127.674910][ T6819] ? clear_bhb_loop+0x35/0x90 [ 127.674934][ T6819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.674954][ T6819] RIP: 0033:0x7f5e4858d169 [ 127.674971][ T6819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.674985][ T6819] RSP: 002b:00007f5e49423038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 127.675001][ T6819] RAX: ffffffffffffffda RBX: 00007f5e487a5fa0 RCX: 00007f5e4858d169 [ 127.675013][ T6819] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 127.675023][ T6819] RBP: 00007f5e49423090 R08: 0000000000000000 R09: 0000000000000000 [ 127.675032][ T6819] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000001 [ 127.675042][ T6819] R13: 0000000000000000 R14: 00007f5e487a5fa0 R15: 00007f5e488cfa28 [ 127.675067][ T6819] [ 128.345900][ T6841] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 128.356729][ T6841] netlink: 220 bytes leftover after parsing attributes in process `syz.3.200'. [ 128.366570][ T6841] ksmbd: Unknown IPC event: 4, ignore. [ 128.399579][ T5889] IPVS: starting estimator thread 0... [ 128.508056][ T6850] IPVS: using max 24 ests per chain, 57600 per kthread [ 128.544295][ T5895] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 128.749818][ T5895] usb 7-1: unable to get BOS descriptor or descriptor too short [ 128.793597][ T5895] usb 7-1: not running at top speed; connect to a high speed hub [ 128.829758][ T5895] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.882307][ T5895] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 128.904704][ T5895] usb 7-1: config 1 has no interface number 1 [ 128.911641][ T5895] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 128.925493][ T5895] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 128.942445][ T5895] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 128.966000][ T5895] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.996169][ T5895] usb 7-1: Product: syz [ 129.015278][ T5895] usb 7-1: Manufacturer: syz [ 129.045320][ T5895] usb 7-1: SerialNumber: syz [ 129.134067][ T5894] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 129.358767][ T5894] usb 5-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 129.424205][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.516976][ T5894] usb 5-1: config 0 descriptor?? [ 129.599886][ T5895] hub 7-1:1.0: Invalid hub with more than one config or interface [ 129.654805][ T5895] hub 7-1:1.0: probe with driver hub failed with error -22 [ 129.694447][ T5895] usb 7-1: 2:1 : no or invalid class specific endpoint descriptor [ 129.755229][ T5894] snd-usb-hiface 5-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 129.913947][ T5895] usb 7-1: USB disconnect, device number 2 [ 130.017161][ T6863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.097595][ T6863] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.311712][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 130.333931][ T30] audit: type=1326 audit(1741585014.091:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6883 comm="syz.5.210" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e4858d169 code=0x0 [ 130.714142][ T30] audit: type=1326 audit(1741585014.491:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6891 comm="syz.6.211" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a52d8d169 code=0x0 [ 130.871228][ T5892] usb 5-1: USB disconnect, device number 13 [ 132.656382][ T6935] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 132.674885][ T6935] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 132.688576][ T6935] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 132.726213][ T6935] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 132.760313][ T6956] xt_hashlimit: invalid rate [ 132.761146][ T6935] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 132.772287][ T6935] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 132.823987][ T975] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 132.979824][ T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.985061][ T975] usb 5-1: Using ep0 maxpacket: 32 [ 133.020495][ T975] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 133.030600][ T975] usb 5-1: config 0 has no interface number 0 [ 133.045103][ T975] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 133.054716][ T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.062751][ T975] usb 5-1: Product: syz [ 133.067266][ T975] usb 5-1: Manufacturer: syz [ 133.072025][ T975] usb 5-1: SerialNumber: syz [ 133.088184][ T975] usb 5-1: config 0 descriptor?? [ 133.108979][ T975] smsc95xx v2.0.0 [ 133.115021][ T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.222210][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.233979][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.253961][ T5939] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 133.254349][ T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.345275][ T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.405806][ T5939] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 133.432486][ T5939] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 133.459290][ T5939] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 133.486926][ T5939] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 133.503218][ T5939] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.522447][ T5939] usb 8-1: Product: syz [ 133.537919][ T5939] usb 8-1: Manufacturer: syz [ 133.545838][ T975] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 133.553472][ T5939] usb 8-1: SerialNumber: syz [ 133.579110][ T975] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 133.598239][ T63] bridge_slave_1: left allmulticast mode [ 133.606191][ T63] bridge_slave_1: left promiscuous mode [ 133.614041][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.624811][ T63] bridge_slave_0: left allmulticast mode [ 133.630986][ T63] bridge_slave_0: left promiscuous mode [ 133.639559][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.806666][ T6951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.839439][ T6951] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.888925][ T5939] usb 8-1: 2:1 : no or invalid class specific endpoint descriptor [ 133.910406][ T5939] usb 8-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 133.932321][ T5939] usb 8-1: found format II with max.bitrate = 128, frame size=0 [ 133.942488][ T5939] usb 8-1: 2:1: All rates were zero [ 134.000774][ T5939] usb 8-1: USB disconnect, device number 5 [ 134.194935][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 134.195628][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.234964][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.247587][ T63] bond0 (unregistering): Released all slaves [ 134.281397][ T975] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 134.308004][ T975] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 134.344509][ T975] usb 5-1: USB disconnect, device number 14 [ 194.658944][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.666110][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.098271][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.105205][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 291.944401][ T31] INFO: task kworker/u8:4:63 blocked for more than 143 seconds. [ 291.954240][ T31] Not tainted 6.14.0-rc6-syzkaller #0 [ 291.960851][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 291.971607][ T31] task:kworker/u8:4 state:D stack:20792 pid:63 tgid:63 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 291.986293][ T31] Workqueue: netns cleanup_net [ 291.991587][ T31] Call Trace: [ 292.001657][ T31] [ 292.005549][ T31] __schedule+0x190e/0x4c90 [ 292.011041][ T31] ? __pfx___schedule+0x10/0x10 [ 292.023651][ T31] ? __pfx_lock_release+0x10/0x10 [ 292.029224][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 292.037017][ T31] ? kthread_data+0x52/0xd0 [ 292.042159][ T31] ? schedule+0x90/0x320 [ 292.047159][ T31] ? wq_worker_sleeping+0x66/0x240 [ 292.053122][ T31] ? schedule+0x90/0x320 [ 292.062715][ T31] schedule+0x14b/0x320 [ 292.067631][ T31] schedule_preempt_disabled+0x13/0x30 [ 292.077548][ T31] __mutex_lock+0x817/0x1010 [ 292.084115][ T31] ? __mutex_lock+0x602/0x1010 [ 292.090259][ T31] ? rfkill_unregister+0xd0/0x230 [ 292.096320][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 292.102120][ T31] ? __pfx_device_del+0x10/0x10 [ 292.110388][ T31] rfkill_unregister+0xd0/0x230 [ 292.116248][ T31] wiphy_unregister+0x22a/0xb00 [ 292.123513][ T31] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 292.130857][ T31] ? __pfx_wiphy_unregister+0x10/0x10 [ 292.143883][ T31] ? ieee80211_unregister_hw+0x144/0x2c0 [ 292.151069][ T31] ? kfree+0x196/0x430 [ 292.160009][ T31] ? ieee80211_unregister_hw+0x144/0x2c0 [ 292.169832][ T31] ieee80211_unregister_hw+0x1e2/0x2c0 [ 292.176908][ T31] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 292.183021][ T31] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 292.190305][ T31] hwsim_exit_net+0x5c1/0x670 [ 292.195462][ T31] ? __pfx_hwsim_exit_net+0x10/0x10 [ 292.201465][ T31] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 292.207644][ T31] cleanup_net+0x812/0xd60 [ 292.212557][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 292.218302][ T31] ? process_scheduled_works+0x9c6/0x18e0 [ 292.224562][ T31] process_scheduled_works+0xabe/0x18e0 [ 292.230882][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 292.238255][ T31] ? assign_work+0x364/0x3d0 [ 292.244105][ T31] worker_thread+0x870/0xd30 [ 292.249220][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 292.255832][ T31] ? __kthread_parkme+0x169/0x1d0 [ 292.261095][ T31] ? __pfx_worker_thread+0x10/0x10 [ 292.266298][ T31] kthread+0x7a9/0x920 [ 292.270398][ T31] ? __pfx_kthread+0x10/0x10 [ 292.275624][ T31] ? __pfx_worker_thread+0x10/0x10 [ 292.281209][ T31] ? __pfx_kthread+0x10/0x10 [ 292.286325][ T31] ? __pfx_kthread+0x10/0x10 [ 292.291363][ T31] ? __pfx_kthread+0x10/0x10 [ 292.296194][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 292.301500][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 292.307303][ T31] ? __pfx_kthread+0x10/0x10 [ 292.311928][ T31] ret_from_fork+0x4b/0x80 [ 292.316415][ T31] ? __pfx_kthread+0x10/0x10 [ 292.321149][ T31] ret_from_fork_asm+0x1a/0x30 [ 292.326230][ T31] [ 292.330160][ T31] INFO: task syz-executor:5833 blocked for more than 143 seconds. [ 292.339937][ T31] Not tainted 6.14.0-rc6-syzkaller #0 [ 292.346033][ T31] Blocked by coredump. [ 292.350644][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 292.359579][ T31] task:syz-executor state:D stack:22848 pid:5833 tgid:5833 ppid:5825 task_flags:0x40010c flags:0x00004002 [ 292.371708][ T31] Call Trace: [ 292.375124][ T31] [ 292.378715][ T31] __schedule+0x190e/0x4c90 [ 292.383299][ T31] ? __pfx___schedule+0x10/0x10 [ 292.388661][ T31] ? __pfx_lock_release+0x10/0x10 [ 292.394112][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 292.400652][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 292.407627][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 292.414189][ T31] ? schedule+0x90/0x320 [ 292.418482][ T31] schedule+0x14b/0x320 [ 292.422749][ T31] schedule_preempt_disabled+0x13/0x30 [ 292.428444][ T31] __mutex_lock+0x817/0x1010 [ 292.433397][ T31] ? __mutex_lock+0x602/0x1010 [ 292.438449][ T31] ? rfkill_unregister+0xd0/0x230 [ 292.444251][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 292.450183][ T31] ? __pfx_device_del+0x10/0x10 [ 292.456284][ T31] ? hci_sock_dev_event+0x470/0x660 [ 292.462866][ T31] rfkill_unregister+0xd0/0x230 [ 292.468823][ T31] hci_unregister_dev+0x366/0x510 [ 292.474192][ T31] vhci_release+0x80/0xd0 [ 292.479531][ T31] ? __pfx_vhci_release+0x10/0x10 [ 292.485478][ T31] __fput+0x3e9/0x9f0 [ 292.490302][ T31] task_work_run+0x24f/0x310 [ 292.495629][ T31] ? __pfx_task_work_run+0x10/0x10 [ 292.501073][ T31] ? switch_task_namespaces+0xe4/0x110 [ 292.507609][ T31] do_exit+0xa2a/0x28e0 [ 292.512198][ T31] ? __pfx_do_exit+0x10/0x10 [ 292.517384][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 292.524210][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 292.530969][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 292.536588][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 292.541823][ T31] do_group_exit+0x207/0x2c0 [ 292.546681][ T31] __x64_sys_exit_group+0x3f/0x40 [ 292.551733][ T31] x64_sys_call+0x26a8/0x26b0 [ 292.556478][ T31] do_syscall_64+0xf3/0x230 [ 292.560997][ T31] ? clear_bhb_loop+0x35/0x90 [ 292.565847][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.571762][ T31] RIP: 0033:0x7f446218d169 [ 292.576342][ T31] RSP: 002b:00007fff4062b718 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 292.584870][ T31] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f446218d169 [ 292.592889][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 292.601339][ T31] RBP: 00007f44623a6738 R08: 00007fff406294b7 R09: 0000000000000008 [ 292.610404][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 292.618614][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 292.626709][ T31] [ 292.629770][ T31] INFO: task kworker/1:6:5895 blocked for more than 144 seconds. [ 292.638315][ T31] Not tainted 6.14.0-rc6-syzkaller #0 [ 292.644505][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 292.653368][ T31] task:kworker/1:6 state:D stack:21552 pid:5895 tgid:5895 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 292.666905][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 292.673940][ T31] Call Trace: [ 292.677415][ T31] [ 292.680515][ T31] __schedule+0x190e/0x4c90 [ 292.685134][ T31] ? __pfx___schedule+0x10/0x10 [ 292.690113][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 292.696702][ T31] ? __pfx_lock_release+0x10/0x10 [ 292.702475][ T31] ? kick_pool+0x45c/0x620 [ 292.709079][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 292.716258][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 292.721656][ T31] ? schedule+0x90/0x320 [ 292.726530][ T31] schedule+0x14b/0x320 [ 292.731535][ T31] schedule_preempt_disabled+0x13/0x30 [ 292.738873][ T31] __mutex_lock+0x817/0x1010 [ 292.744129][ T31] ? __mutex_lock+0x602/0x1010 [ 292.749730][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 292.756956][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 292.763114][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 292.770193][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 292.777264][ T31] ? process_scheduled_works+0x9c6/0x18e0 [ 292.785619][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 292.792488][ T31] ? process_scheduled_works+0x9c6/0x18e0 [ 292.799442][ T31] process_scheduled_works+0xabe/0x18e0 [ 292.805518][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 292.812914][ T31] ? assign_work+0x364/0x3d0 [ 292.818436][ T31] worker_thread+0x870/0xd30 [ 292.823546][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 292.830755][ T31] ? __kthread_parkme+0x169/0x1d0 [ 292.836455][ T31] ? __pfx_worker_thread+0x10/0x10 [ 292.841749][ T31] kthread+0x7a9/0x920 [ 292.846657][ T31] ? __pfx_kthread+0x10/0x10 [ 292.851496][ T31] ? __pfx_worker_thread+0x10/0x10 [ 292.858457][ T31] ? __pfx_kthread+0x10/0x10 [ 292.863165][ T31] ? __pfx_kthread+0x10/0x10 [ 292.867876][ T31] ? __pfx_kthread+0x10/0x10 [ 292.872881][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 292.879211][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 292.885121][ T31] ? __pfx_kthread+0x10/0x10 [ 292.889775][ T31] ret_from_fork+0x4b/0x80 [ 292.896810][ T31] ? __pfx_kthread+0x10/0x10 [ 292.901621][ T31] ret_from_fork_asm+0x1a/0x30 [ 292.907171][ T31] [ 292.910393][ T31] INFO: task syz.5.216:6919 blocked for more than 144 seconds. [ 292.918136][ T31] Not tainted 6.14.0-rc6-syzkaller #0 [ 292.924333][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 292.934150][ T31] task:syz.5.216 state:D stack:24960 pid:6919 tgid:6912 ppid:6146 task_flags:0x400040 flags:0x00004006 [ 292.946740][ T31] Call Trace: [ 292.950238][ T31] [ 292.953228][ T31] __schedule+0x190e/0x4c90 [ 292.958055][ T31] ? __pfx___schedule+0x10/0x10 [ 292.963148][ T31] ? __pfx_lock_release+0x10/0x10 [ 292.969442][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 292.976138][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 292.983120][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 292.989917][ T31] ? schedule+0x90/0x320 [ 292.994549][ T31] schedule+0x14b/0x320 [ 292.998853][ T31] schedule_preempt_disabled+0x13/0x30 [ 293.004646][ T31] __mutex_lock+0x817/0x1010 [ 293.009378][ T31] ? __mutex_lock+0x602/0x1010 [ 293.015134][ T31] ? rfkill_unregister+0xd0/0x230 [ 293.020458][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 293.025702][ T31] ? __pfx_device_del+0x10/0x10 [ 293.030683][ T31] rfkill_unregister+0xd0/0x230 [ 293.035761][ T31] nfc_unregister_device+0x96/0x2a0 [ 293.041195][ T31] virtual_ncidev_close+0x56/0x90 [ 293.046517][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 293.052375][ T31] __fput+0x3e9/0x9f0 [ 293.056708][ T31] task_work_run+0x24f/0x310 [ 293.061328][ T31] ? __pfx_task_work_run+0x10/0x10 [ 293.066737][ T31] get_signal+0x15d1/0x1720 [ 293.071436][ T31] ? kick_process+0xef/0x160 [ 293.076200][ T31] ? __pfx_get_signal+0x10/0x10 [ 293.081459][ T31] arch_do_signal_or_restart+0x96/0x860 [ 293.087456][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 293.093681][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 293.099794][ T31] ? syscall_exit_to_user_mode+0xa3/0x340 [ 293.105828][ T31] syscall_exit_to_user_mode+0xce/0x340 [ 293.112531][ T31] do_syscall_64+0x100/0x230 [ 293.117997][ T31] ? clear_bhb_loop+0x35/0x90 [ 293.123918][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.130944][ T31] RIP: 0033:0x7f5e4858d169 [ 293.137592][ T31] RSP: 002b:00007f5e49402038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 293.147441][ T31] RAX: fffffffffffffff2 RBX: 00007f5e487a6080 RCX: 00007f5e4858d169 [ 293.156974][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 293.165451][ T31] RBP: 00007f5e4860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 293.173665][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.182827][ T31] R13: 0000000000000000 R14: 00007f5e487a6080 R15: 00007f5e488cfa28 [ 293.191252][ T31] [ 293.194469][ T31] INFO: task syz.6.219:6935 blocked for more than 144 seconds. [ 293.202619][ T31] Not tainted 6.14.0-rc6-syzkaller #0 [ 293.208725][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 293.218085][ T31] task:syz.6.219 state:D stack:23088 pid:6935 tgid:6931 ppid:6258 task_flags:0x400040 flags:0x00004006 [ 293.230701][ T31] Call Trace: [ 293.234094][ T31] [ 293.237749][ T31] __schedule+0x190e/0x4c90 [ 293.242500][ T31] ? __pfx___schedule+0x10/0x10 [ 293.248272][ T31] ? __pfx_lock_release+0x10/0x10 [ 293.253602][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 293.259709][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 293.266027][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 293.273258][ T31] ? schedule+0x90/0x320 [ 293.277701][ T31] schedule+0x14b/0x320 [ 293.282012][ T31] schedule_preempt_disabled+0x13/0x30 [ 293.287669][ T31] __mutex_lock+0x817/0x1010 [ 293.292392][ T31] ? __mutex_lock+0x602/0x1010 [ 293.297583][ T31] ? nfc_rfkill_set_block+0x50/0x310 [ 293.302967][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 293.308509][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 293.315926][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 293.324147][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 293.333085][ T31] nfc_rfkill_set_block+0x50/0x310 [ 293.338648][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 293.344916][ T31] rfkill_set_block+0x1f1/0x440 [ 293.349983][ T31] rfkill_fop_write+0x5b8/0x790 [ 293.354963][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 293.360384][ T31] ? bpf_lsm_inode_setsecurity+0x20/0x20 [ 293.366294][ T31] ? rw_verify_area+0x243/0x630 [ 293.371895][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 293.377774][ T31] vfs_write+0x29f/0xd10 [ 293.382326][ T31] ? __pfx_vfs_write+0x10/0x10 [ 293.387377][ T31] ? __fget_files+0x2a/0x410 [ 293.392117][ T31] ? __fget_files+0x395/0x410 [ 293.397576][ T31] ? __fget_files+0x2a/0x410 [ 293.402578][ T31] ksys_write+0x18f/0x2b0 [ 293.407216][ T31] ? __pfx_ksys_write+0x10/0x10 [ 293.412213][ T31] ? do_syscall_64+0x100/0x230 [ 293.417712][ T31] ? do_syscall_64+0xb6/0x230 [ 293.422605][ T31] do_syscall_64+0xf3/0x230 [ 293.427735][ T31] ? clear_bhb_loop+0x35/0x90 [ 293.432569][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.438725][ T31] RIP: 0033:0x7f1a52d8d169 [ 293.443202][ T31] RSP: 002b:00007f1a53b71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 293.452641][ T31] RAX: ffffffffffffffda RBX: 00007f1a52fa5fa0 RCX: 00007f1a52d8d169 [ 293.460705][ T31] RDX: 0000000000000008 RSI: 0000400000000080 RDI: 0000000000000003 [ 293.468773][ T31] RBP: 00007f1a52e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 293.477077][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.486400][ T31] R13: 0000000000000000 R14: 00007f1a52fa5fa0 R15: 00007f1a530cfa28 [ 293.495853][ T31] [ 293.499701][ T31] [ 293.499701][ T31] Showing all locks held in the system: [ 293.508429][ T31] 1 lock held by khungtaskd/31: [ 293.514651][ T31] #0: ffffffff8eb39360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 293.525926][ T31] 3 locks held by kworker/u8:2/36: [ 293.533053][ T31] #0: ffff8880b873e958 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 293.544524][ T31] #1: ffffc90000ac7c60 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 293.560642][ T31] #2: ffff8880b872a398 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x24a/0x10e0 [ 293.570990][ T31] 4 locks held by kworker/u8:4/63: [ 293.576751][ T31] #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 293.588895][ T31] #1: ffffc90001547c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 293.601248][ T31] #2: ffffffff8fec9450 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 293.611553][ T31] #3: ffffffff901af3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd0/0x230 [ 293.622978][ T31] 2 locks held by getty/5590: [ 293.628324][ T31] #0: ffff88814df530a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 293.638817][ T31] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770 [ 293.650300][ T31] 1 lock held by syz-executor/5833: [ 293.655704][ T31] #0: ffffffff901af3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd0/0x230 [ 293.669085][ T31] 3 locks held by kworker/1:6/5895: [ 293.674629][ T31] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 293.687778][ T31] #1: ffffc9000438fc60 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 293.702548][ T31] #2: ffffffff901af3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 293.716951][ T31] 2 locks held by syz.5.216/6919: [ 293.723029][ T31] #0: ffff888021e94100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 293.735340][ T31] #1: ffffffff901af3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd0/0x230 [ 293.748208][ T31] 2 locks held by syz.6.219/6935: [ 293.753510][ T31] #0: ffffffff901af3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x1a6/0x790 [ 293.764012][ T31] #1: ffff888021e94100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x310 [ 293.774244][ T31] [ 293.776880][ T31] ============================================= [ 293.776880][ T31] [ 293.788165][ T31] NMI backtrace for cpu 0 [ 293.788185][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc6-syzkaller #0 [ 293.788203][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 293.788213][ T31] Call Trace: [ 293.788219][ T31] [ 293.788227][ T31] dump_stack_lvl+0x241/0x360 [ 293.788253][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.788271][ T31] ? __pfx__printk+0x10/0x10 [ 293.788298][ T31] nmi_cpu_backtrace+0x49c/0x4d0 [ 293.788325][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 293.788343][ T31] ? _printk+0xd5/0x120 [ 293.788355][ T31] ? __pfx__printk+0x10/0x10 [ 293.788371][ T31] ? __wake_up_klogd+0xcc/0x110 [ 293.788393][ T31] ? __pfx__printk+0x10/0x10 [ 293.788415][ T31] ? __rcu_read_unlock+0xa1/0x110 [ 293.788438][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 293.788459][ T31] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 293.788483][ T31] watchdog+0x1058/0x10a0 [ 293.788508][ T31] ? watchdog+0x1ea/0x10a0 [ 293.788535][ T31] ? __pfx_watchdog+0x10/0x10 [ 293.788557][ T31] kthread+0x7a9/0x920 [ 293.788578][ T31] ? __pfx_kthread+0x10/0x10 [ 293.788602][ T31] ? __pfx_watchdog+0x10/0x10 [ 293.788624][ T31] ? __pfx_kthread+0x10/0x10 [ 293.788644][ T31] ? __pfx_kthread+0x10/0x10 [ 293.788669][ T31] ? __pfx_kthread+0x10/0x10 [ 293.788690][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 293.788710][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 293.788731][ T31] ? __pfx_kthread+0x10/0x10 [ 293.788754][ T31] ret_from_fork+0x4b/0x80 [ 293.788773][ T31] ? __pfx_kthread+0x10/0x10 [ 293.788795][ T31] ret_from_fork_asm+0x1a/0x30 [ 293.788826][ T31] [ 293.788833][ T31] Sending NMI from CPU 0 to CPUs 1: [ 293.960412][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x21/0x30 [ 293.961493][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 293.977051][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc6-syzkaller #0 [ 293.985815][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 293.995885][ T31] Call Trace: [ 293.999249][ T31] [ 294.002261][ T31] dump_stack_lvl+0x241/0x360 [ 294.006939][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.012730][ T31] ? __pfx__printk+0x10/0x10 [ 294.017576][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 294.023646][ T31] ? vscnprintf+0x5d/0x90 [ 294.028067][ T31] panic+0x349/0x880 [ 294.031957][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 294.038129][ T31] ? __pfx_panic+0x10/0x10 [ 294.042563][ T31] ? preempt_schedule_thunk+0x1a/0x30 [ 294.048078][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 294.054269][ T31] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 294.061058][ T31] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 294.067299][ T31] watchdog+0x1097/0x10a0 [ 294.071630][ T31] ? watchdog+0x1ea/0x10a0 [ 294.076044][ T31] ? __pfx_watchdog+0x10/0x10 [ 294.080718][ T31] kthread+0x7a9/0x920 [ 294.084783][ T31] ? __pfx_kthread+0x10/0x10 [ 294.089368][ T31] ? __pfx_watchdog+0x10/0x10 [ 294.094047][ T31] ? __pfx_kthread+0x10/0x10 [ 294.098659][ T31] ? __pfx_kthread+0x10/0x10 [ 294.103246][ T31] ? __pfx_kthread+0x10/0x10 [ 294.107840][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 294.113039][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 294.118318][ T31] ? __pfx_kthread+0x10/0x10 [ 294.122904][ T31] ret_from_fork+0x4b/0x80 [ 294.127319][ T31] ? __pfx_kthread+0x10/0x10 [ 294.131934][ T31] ret_from_fork_asm+0x1a/0x30 [ 294.136701][ T31] [ 294.140085][ T31] Kernel Offset: disabled [ 294.144631][ T31] Rebooting in 86400 seconds..