last executing test programs: 37.721864688s ago: executing program 2 (id=1800): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = dup(r3) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) ioctl$KVM_SET_MSRS(r4, 0x4048aecb, &(0x7f0000000400)=ANY=[@ANYRES64=r0, @ANYRES64, @ANYRES8]) 36.448311406s ago: executing program 2 (id=1803): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x24, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x2c, 0xc0, 0x3, 0x0, [{@multicast1}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@private=0xfffffffd, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@dev}, {@multicast2}, {}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getrlimit(0x0, &(0x7f0000000340)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f00000001c0)=0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x40) sendmsg$unix(r8, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000180)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) setsockopt$sock_int(r9, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r9, &(0x7f0000001140), 0x700, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000e40)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67669c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa497ee129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb6", 0x216, 0x0, 0x0, 0x0) 33.890227147s ago: executing program 2 (id=1811): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2a, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x0, 0x0) connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r7, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_PEER_PORT={0x6}]}, 0x24}}, 0x0) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB, @ANYRES32], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8b, 0x100000500) r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) fsetxattr(0xffffffffffffffff, 0x0, &(0x7f0000000380)='\x00\x00o;\xc8\xdd1\xa4lB&\xa9\xb6\x06\x06\x99\t\xf5\x10\x17\'\xcaV\xab\\rw9+\xba\tl|\xde\x93\xea\x95A}\x89\x82\x8c\nN\x97\xbf\xab\xa4_\xc2\x17\xe7+\xc5\xfe\x16-\xdd\xa7\x00\xfe\xa0\xa2\xbdUw\x01\x80\x92\xea\x15\xc2opg\xee\xbd\t\xba\x9d\x98\x983\xfd\v\xc1\xbd\x1e\xd5h\xc3@\xda\xee\x97\xd5~\xee\xd6$\xc6\x8c\x01l\x1e\xd3\x1f\xe4<\xee\b\xe4\x16\xc3Ku\x84\xcd\x89\xb8\x1bF\xcd\r\xbc\xc0\xbb\xf5Q\x06\xb71>\xcd\xdb\x0f\x8c\x14\xc5\t\x92m/u,^\xe6\xc7V\xca|;j\xc1\xf4$\xe1A\x17\xeb\xf1M\x8c\x82\\\x89\x89\x00\x98\xadr\xd4\x86;\xed+\x899\x8a\xe9\x18\xb4]a\xd2\x15\x93\x84\x8b\x85\xae\'\xf4\xc9\xcb\x8c\'\x88\xff\x02\b\xaf\xe9vc\x9au\xba\xce]\x85\x98>\xa6\xe1\xc0)\xff`\xdepJ\x95E\x98\xa6pu\xbdh\xa2\xe3\x9d\x85\x19El\xf4aO\xb7\xcd\x15', 0xfc, 0x0) ioctl$VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f00000000c0)={0x0, 0x0, 0x0, "b75cbb1844038d2cd97c945462f31638b5394c00"}) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 32.377205876s ago: executing program 2 (id=1815): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) get_mempolicy(0x0, &(0x7f0000001040), 0x7, &(0x7f0000ffd000/0x3000)=nil, 0x6) socket$nl_route(0x10, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0xa) socket$key(0xf, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6erspan0\x00', 0x0}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000200)={'caif0\x00', 0x400}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000200)={'caif0\x00', 0x400}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r4, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000010950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836801ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d09a0a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a504a0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x3c00, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9}, 0x48) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000007000010000000100010000000700", @ANYRES32=r1, @ANYBLOB="100001800c"], 0x28}}, 0x0) 31.535821911s ago: executing program 2 (id=1823): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2f, 0x4, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x0, 0x4]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0xe, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev, 0x65c}, {@broadcast}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @end, @rr={0x7, 0x13, 0x0, [@dev, @loopback, @multicast1, @loopback]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 29.842965673s ago: executing program 2 (id=1832): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3601], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rcu_utilization\x00', r3}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a"], 0x0) recvmmsg(r2, &(0x7f00000055c0), 0x400023c, 0x302, 0x0) r4 = dup3(r0, r1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000080), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x12, r6, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}], 0x1, 0x800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000003c80)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000640)={r7, 0x9, 0x0, [0xfffffffffffffffd, 0x0, 0x0, 0x400], [0x100, 0x7fd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd74e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb062, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x5, 0x0, 0x7ff]}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000300)={{}, 0x0, 0x0, @inherit={0x58, 0x0}, @devid=r7}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000840)={{}, 0x0, 0x0, @unused=[0x0, 0x0, 0x0, 0x60], @devid=r7}) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000600)={0x0, 0xfff, 0x0, [0x9, 0x6, 0x40000, 0xe1fc, 0x9], [0x2, 0x3, 0x80000000, 0x8, 0x9c, 0x7, 0x5, 0x0, 0x0, 0x0, 0x7fff, 0xfffffffffffffffc, 0x6, 0x200, 0xc62d, 0x28b, 0x9, 0x2, 0x20, 0x4dc0000000000000, 0x8, 0x6, 0x8000000000000000, 0xfffffffffffffff7, 0x1fffffffc0, 0x7, 0x5, 0x1, 0x4, 0x8001, 0x5, 0xcad6, 0x0, 0x0, 0x8001, 0x2, 0x4, 0x8, 0xfff, 0x8270, 0xfffffffffffffff9, 0x5, 0x47, 0xc3, 0x1, 0x4, 0x6, 0x9, 0x10001, 0xff, 0x3, 0x2, 0x2, 0x8, 0x1, 0x2, 0x400, 0x4, 0xc32, 0x0, 0x8, 0x80, 0x7, 0x81, 0x6, 0x0, 0xfffffffffffffffd, 0x4, 0x1, 0xffff, 0x9e, 0x0, 0x8, 0x4, 0x3f, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x7, 0x3, 0xd6e1, 0xba2, 0x101, 0x2, 0x844d, 0x2f, 0xffffffffffffffff, 0x80, 0x1, 0x8000, 0x1, 0xff, 0x4, 0x4, 0x6, 0x0, 0x0, 0x0, 0x3, 0x100, 0x3]}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r4, 0xc0182101, &(0x7f0000000200)={0x0, 0x4, 0x6b6}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000a40)={0x0, 0x7fffffffffffffff, 0x5, 0x1}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000e40)={0x14, 0x1, {0x80000000, @struct={0xf04}, r7, 0x6, 0x1993, 0x8000000000000001, 0x8, 0x800, 0x8, @struct={0x7, 0x5}, 0x300, 0x0, [0x100000001, 0x0, 0xfff, 0xa4d, 0x8, 0xfc]}, {0x0, @struct, r8, 0xe9, 0x0, 0x0, 0x8, 0x0, 0x0, @struct, 0x5, 0x4, [0x1, 0x0, 0x7, 0x6, 0x1, 0x8]}, {0x5, @usage=0x1000, r9, 0x1f, 0x6, 0x1, 0x2000000000000, 0x73, 0x5a, @usage=0x6, 0x6, 0xffffffe0, [0x4, 0x3f, 0xfffffffffffffffb, 0x7ff, 0x8, 0x3]}, {0xffffffffffffae58, 0x1, 0x10001}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000012c0)={r7, 0x4, 0x6}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000280)={r7, "ff0eb82321987d1f6984172c3623d721"}) ioctl$BTRFS_IOC_GET_DEV_STATS(r6, 0xc4089434, &(0x7f00000013c0)={r7, 0x6, 0x1, [0x3, 0x4, 0xffffffffffffff0c, 0x7, 0x7fffffffffffffff], [0x3, 0x5, 0xa, 0xfffffffffffffffb, 0x5ac, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x9, 0x5, 0x5, 0x5, 0x8, 0x7ff, 0x2, 0x6, 0x8, 0xfffffffffffffffa, 0x9, 0x5, 0x0, 0x77e4, 0x3, 0xc, 0x0, 0x80, 0x7, 0x100000001, 0x7f, 0x7f, 0x2, 0x2, 0xe5, 0xfff, 0x5cf4, 0xe8, 0x4, 0x401, 0x2, 0x9, 0x3070, 0x3, 0x10001, 0xffffffffffffff7f, 0x6, 0x1, 0x2, 0x62ad821, 0x81, 0x0, 0x5c, 0xf3, 0x5, 0x5, 0xec06, 0x4, 0x7ff, 0x4, 0x6, 0x80, 0x8000000000000001, 0x2, 0x7, 0x9, 0x0, 0xe, 0x4ea, 0x0, 0x2, 0x7, 0xbff, 0x6, 0xe0b, 0xd5ef, 0x6, 0x4c4, 0x3189, 0x874, 0x80000000, 0xe, 0x6, 0xffffffffffffffc0, 0x2b7, 0x3, 0x9, 0x81, 0x7, 0x9, 0xfe1c, 0x80000000, 0x1, 0x0, 0xe83, 0x0, 0x3502352f, 0x8, 0x40, 0x74, 0x3, 0x2, 0x8b, 0x10000, 0x401, 0x2, 0x7, 0xfffffffffffffe00, 0x8001, 0x5, 0x3, 0x8, 0x100000000, 0x2, 0xfff, 0x2800000000, 0x0, 0x5, 0x7, 0x6, 0x5, 0xffff]}) ioctl$MON_IOCG_STATS(r4, 0xc0109207, &(0x7f00000001c0)) 14.051820211s ago: executing program 4 (id=1865): syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = syz_open_dev$video4linux(&(0x7f0000000140), 0x0, 0x0) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f00000002c0)={0x0, 0x0, "e5a3d9a0fc393233c68b6616edd37ca1961a04da0e3aca83cc3c43aa33950479"}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = fsopen(&(0x7f0000000280)='vxfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000002e0000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SG_IO(r4, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x40002, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000400007af6ff00000000000000"], 0x1c}}, 0x0) splice(r4, &(0x7f0000000340)=0xb, r1, &(0x7f00000003c0)=0xc, 0x7, 0xe058a738a5b3e203) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/60, 0x328000, 0x800}, 0x20) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 13.743519504s ago: executing program 1 (id=1868): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0a733709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf49ab7edb835efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c576830c49b18ece887b47c37affa1c3f24fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f7a7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f285afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866434acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21832e6d639822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0c5aeb05fced1e492670cabc370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bcdd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a922cb2727ed8f50e6babd152b96ca623be94c4aedf7e6848650026a7e1df48e00f45714233d9ae79f4e5e13ac220d553da26f7e7bd242d0cd26470bfb99fb84e6035bfb962368222ff72c5a8e34092cc0ecadf270882d604da1b59f09eeb28559b9fa6b91a13d5eb2084b77838ee4aaa241703b17a5e53d042879a15170a1273711989ba2b75c2a5deb21a028dbf9b1445e3ccc419ef5adc4de90be49251813b4fc886920f5ea0f6dc25f8adeabe7065fb3d6bda0aebf27d3593d541d4c101a7c2b04c2fef924f4afaccb0603f769ec075a2eea2394c61917a2fb1e13fccc32ab914321464c81b93ce9989477928c09ca498eeb0e6ef2a15d378976aaf9f069e4bf0cef9c1b81855c6f4e003ce3fdfeaba1e69821970fb5ff0a031368666229afc8f4b07b0addab6d492a6b351af1ec5ba1e78c263e0726ed3495941a28b9da32d56acfe40a32fe58f6e722f9bd647eb7cc74ba6fd4343b18956f40cc8ec68bcd7b231b9b979b8ac899dc27b44ac9a0a73fe2f12102bd6f731415aefc6d74c39f211b8e8b98980d7ffafeb3237bbcaacecc095a29c0a1f3e31824fdf23b953f46e38714615e5e531f531dac3c854c5d35c8e69be5d5c468f28d9b13c35a316ae232ddd3088ba4bc14e19263c4e7f847153633a0a850dbe4c45675e702310b83d20bfd865cda44c87389dc000ebef19b9027bc7de167130892c018e09b9b9cf264f7dc51a7ebd29bbd3e39511c9908be44330fe96f6cb202aae4c0a70bb8aa7daedc8f12e99c087f672c67a4aefd9905476ee4f1bce6f2a760d9823703c55b843d3c74b69652edcd7edeee7791fe5d7786d1745583dcd09596a661d18cada70da172e39ca7ff351ae5d5aa9ae786e0f27509b61113722c11dadb045a45a8d8caa50e44062ecbea4cadd127b1d109b2b2760e9f9760de696523c706fa4d1f0092ae1ab7af8d91f2d1eb0f62b3320b58662bf4e607ac9ebe9c04c4f2279aff0a96072024783d133476614df51e92a7f4e3bc526df588edc8b8d48e82f3d4661f3f68bdc1d657f48b29dfe6069eb30bf25fd20ed83f25528809a70438153526d2b6882890ed73cb6670cae24ae78c7291fcb63bb57cf05703a5f4fa82469d3cb374d948f5fed2946161af65ead4ae75a4b1c7cdb6b2b7afb52012623a8ba17b2044968a903b4e4ea02f90f96e09d98fcf15ddbc27732588f43af4f84589718268322693c1006105522cf4e4b69eb58aac52af881b1533b7a52424f8e9030149b080bb69ca211be12d995b054639754795346c9c9a7a3435e2d781436531da8ad3f597e0ce8391a3ccc25c0ae9f0b7a19db85f12d51773b1cd1b675a402f31f89715d14f00719f38198735d0eca672549fb1c5ea21557afa82a78a86ecf17c177b9404c7e0f99e20eb38a3c331b66f9100ddfb6207eba709e86e41f4e408da583b49435913499d83a5975cc4b074aa7174087f6eb476c33824690e65f61e41cddd742f941ece08a5031887975e473e9583d8bb1cf9ae5fae7925b8254cfd15a9f976cdc554139cfc7828a9ee62493a9316c06c53088192614732efa9e9f9956682341daa1dcf5ef824b1692e5962227a30ac75367d207d13180d01c58bb2576ff84b2f3eaaf4b14c271c508cad97f09a5ef7ffa06b87180e989e62ed4c49fec0dbd260d14320cd11f361b66fbaf73038025ac71c36525062396368bddc66ae5ebf3f3b42bf7d06a8cca2e111e527a612fb0c2f976013f3cb49f4624a3b224f4b1f34c019f0401165373078b238cdfb3ed9f192a46f41d807861effaacd8ec57023bee8b311958da9ebd37da4b8260432ce673e2960cfd85c2faa5c4eec4b63b5178b2893e6f19a07ae95a6f38498b636a189d69d8997bbc15dd7a71a8b32bd4dc4ec967ce35192dad8491bbec40ff917f9db859604796614f62f3cd203a7600d599ee90d307c5d08d202253a81766c3763387fd3271e16629e29abfb74f69ee5ff19f56b355fc4ee84c762fcaa2a37fc11c018e5e15294666c497e9b084f0320eee5728feba9c5c82e2997c0e715d9cde6a98e885478b9c14cf86a0bf93c89987a38ee981c9767b29f3e481f4c91f14aa15ec74667e334bbdce1abca24e67156a3b675e9c87c051154a509a883a079e47f8bc15a842475f44cc873ede41358cf2461d26127f0f5a4c9d219d9ab7530632882c1bdda95474ab5433dcdc3fa2e9b489fb64e9b0ff7f1d3658b48f55e9ff376ed7549e951ec1caf391c93f4f0a031daa651b79717b8a6fa01aae8c0fac3ce1bc05eae689a6b8b391a4e0fc79e6834513d3498df91fd1bbc52f3ed46be28e405c90d9d7403a47161e0682b48d33449ab82dc8e912fb3298b25b10a42b38c12ceaa26ff19950e3e043cecbff9cfd43162df856d097e5f1c9f1627e0d432e219e15b487b118e0b0d0b1dc371ba8c8c6c0204439c57b360ee82b616b36e2ba6ba44ef7f6bc899ba7fbfa103d3d193f1e995d08d723b192f6bd83d7e49622580c05e9356d160d07a9dbfb78255e2826145b6d06d148b51366965f3383ee5245b6b29fb8e08b388632f18229ff64049c3efa253d5713ae13e13fd965512f57a1d19a7782716629ecb41e645afb67b34a9af3836f76599fac7234d27eb5551e03f8a236d5ab1096f2f4eb5e9ac7867966af77d04736033e634476eb6bf0625cbc126ab9f669558a7ee1cc618a1d028ba73306f3e6ce48f0e0b531718e3ecc40f19d5d3822056264ce1010132403c3cfff140ff55270a40ac6fe6872ffba0cff2e7ce0ce86589e66f93454bcbf83b9844303bb8da5878f76e86ed1f205854e826b3efa471d76aaa7e260f082ea19baa0d0195d44a5ab4cb8d783f47129dbdfe199003a9beb67ec4df8f9ba556c8768865466fb5c123428b36a8a8b74788796bcc5057ef4568b18d35128361c00f316b6eccc59418839a902b3af26d5041dc883194754e69aa3d647fad1af599607a0966d0b0c01d61ef9267a01fe6ffee3356e529193b09818b8a1fff13ebc115df78aaaf63fc05de82b1ff03e910dfc347eda7f9837a4eb25df57b30e98a9c7482f0446719c651ddf1955099c1724151973ec8adea1de48846467b2aba8c23acd8ed7430e48c2549b77deee3db02bc1b112700ce1d014df38fa4ac37a8f0d52fb34f2827390b3181351bd38b4fa83fa93ef9c12845f4c667dc8c9beff8cd875b91281c606f727100689a6d97a134b938f44f361fc04ffb396449c9cb8c6c33d2977dc24b02e33f2bbfed13fc1ea1dd47acb96a8f37bafe4c34d08643a3b67ab94305f828625c32e1c064fe13a53988837d5d022901b513745c344aaaeaa3613423708a1b3a45dbdbd55693db754863d2c29f9a372f5426fed2c00cf55fd77945c0c5c83aeff9982e0cdcb089650723f00af3c405d95f7a0e920b252e1c1ba0c60391b1979be75fcffd3f338f2e7fefbf6a0d0d6e0e81fd78308050a2800721f7dcdbd877e611154a12411d9e77d267790eb92cfe6441d6e643269d2d99c4bf2482b791f84b1184be2775d8f3a65fbfdb458f005ed2d861d6e9ed09f041584a1fd1f96cf1977451baf6ea87eef711a1741fa031e233e192d726b57b7ea8e374f565e440771f2567057a10b9a052ac67e4928a559057fb48b9022f806937ea9a08dfe0e9964802137733a3576352d40ecf9169b9d7ccd433ad9c3e8afd2bc3eb143d7a6ea7fd5c1fd83fd9ac89e20d411f223d008dc4e8fc5aa0b4e63f70cc10ea6b37e609fcf077797a0968b5bc976ff2b19d26101a356249bb41ff43eb2516555b69b089a9e1e314aebd36278b7c6d8d5e352626e605919d246cdc5e84b7d069c8d0ddbe2e1bf3ed0aa83070998fe5655ec204f1a2ffa2a0d43240218a38f836e1b96880ea6a2069a8422a863e798807122aa1257289c3d2b3a2a6b27e32d442db99e62a1524a6636c4a76cb7282b9e14e9a97571f7bfca7f16205326b1ace7a6183d1166e592b5a550599568154fe962c76b25d886d18f6aa265862a127cc2b23bab19eab997c8dd4e5aac0017793d90291192f9b0e79eff3df835030ea2fafe7adca294a3dd4ac37f9d63c31d4fcef63639a3ee7f8857412099528e615dfd89cf48813710404bc37c4a104d14e13bd93d5c72dc4eb4cbc49f04d1c7c2750a2f8b9b5887c4d1722bea965948d63b883a26d92c24ecd663f48f95820caeca0810dd850507cb1e176e3c8485196f89a930953180d02551ac6ad17ad905802d5b63b16fce4fb3b1dbf8d94bba538ae28f32ab5bf31e05478b264cd704691ef4f9b98c3c24d0cd249c111e731c5326df23e4fd8f7f4bc02ace6f3cced06d2a48a86bd27028d7834c61ef91f007d14c293cd338e724568454f7e70f223331b3089814dbe7efd6f1d1b406c831a0ec2510311aa341984671d60666aeee5fc285b8765c26f92b0a3fcb970ca8bce7a61e25e4f40299ffe0aed150b51a3687f1fa6da62c3b3daa9545efe0f94dba9e7d55dfa6252e294d00eb9cd16ebc82de8ef7b56e3ae8d7c0f2fd862805fa163afe08af6e20cb281826cafeaa36149a681687887e5fe1105901e5e95a618f5733a2e0c0bd2ce0e662549790c822bd9f7b92da7e305daef5d050d89ce84d015cd5a37b80597435127071a5d84c9017cd896ca4ef3846ceb3f6923c379176faae4fbc2ff6c9dd0cefaa852ae6f7e3dfe45b68d02c7bb1f2d972610a", 0x1000, 0x40000001, &(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x80000000, @private2, 0x80}, 0x80) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$FUSE(r3, &(0x7f0000003680)={0x2020}, 0x2020) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_int(r4, 0x29, 0x48, &(0x7f0000000000)=0x402, 0x4) connect$inet6(r4, &(0x7f0000000340)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x241803, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="d2a113a34296818381e2acb903bf3b010a46c9a087097383ebcb77a593f225aa9caec2b28c51c3b5eeab488172f71048b2a33b2037c4278d5e0c462f8cceb9909e7c5624399548b23e9d424b204221df947ead61839ebcc3c7a2dcd942a369f1a1f2ed803055ccbb133cac0dcf5e5ebb2d1f6e693808e5eea1eb0e2513d18f7d2355f69dbb37a965e4c6128296cb37746c80eae2a7d77e3c279a1d93299c0624125a6497ce68a06f4c508281e4acd9e53d6e577a63801c3df26e100dae5806b029ed634c702f38d5cfcef7b03623c8394643b670a4dadb9723fd67364c120eaf3f8466feb5f92c642b26c5ef46e8844bf489aa620e723b8c736cfec959056ac67134679c15ed1723c13e394c6e221ef1bdae1a34deed1c8517fff5a22347e50fd1a92c1e7a96ce44afef98cf8eb89457543be6973210e4cff2448a", @ANYRESHEX=r2, @ANYBLOB=',\x00']) sendmsg$NFNL_MSG_CTHELPER_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400000001091f01975700000000000000000d0000"], 0x14}}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) setrlimit(0xc, &(0x7f00000001c0)={0x4, 0x408e}) ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, &(0x7f0000000300)={0x8, 0x10, '\x00', 0x0, &(0x7f00000002c0)=[0x0, 0x0]}) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0) pread64(r6, &(0x7f0000000080)=""/75, 0x8e, 0x4000000000a2) 11.093495793s ago: executing program 1 (id=1869): openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000007940), 0x2, 0x0) preadv2(0xffffffffffffffff, &(0x7f0000007b80)=[{&(0x7f0000007980)=""/131, 0x83}], 0x1, 0x83, 0x0, 0x0) 10.766396378s ago: executing program 1 (id=1871): ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x420004}]}) r0 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0x0, 0x1}, 0xfffffffffffffe6c) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x5421, &(0x7f0000000000)) 10.729026627s ago: executing program 0 (id=1872): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getrandom(0x0, 0x12, 0x0) 10.425876614s ago: executing program 0 (id=1874): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getrandom(0x0, 0x0, 0x0) (fail_nth: 4) 8.422074887s ago: executing program 1 (id=1875): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev={0xac, 0x14, 0x14, 0x3}}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000001a80)=[{{&(0x7f00000084c0)={0xa, 0x4e20, 0x1000002, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f00000011c0)="88", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="86", 0x1}], 0x1}}], 0x2, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4}, 0xe) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) read$msr(r1, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @scatter={0x4, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/162, 0xa2}, {&(0x7f0000001280)=""/164, 0xa4}, {&(0x7f0000001340)=""/104, 0x68}, {&(0x7f00000001c0)=""/6, 0x6}]}, &(0x7f0000000380)="259374c96ee3", 0x0, 0xad, 0xb12531df61d0214, 0x0, 0x0}) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000001440)=ANY=[@ANYBLOB="b1eb5400ede293d8530b00000000010000840400000000000000020000000000000000d9050000000000000604000000000097a307882b130148d91076a96978a1efb21b1639ecd14b9791154706feab0cdb86c12e3e6069a8bc5cb033aa", @ANYRESHEX=r3], &(0x7f0000000080)=""/227, 0x3e, 0xe3}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, r4, 0x1, 0x1}, 0x48) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000040)={0x18, 0x0, {0x4, @broadcast, 'wlan1\x00'}}, 0x1e) sendmmsg(r5, &(0x7f00000052c0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000940)='!A', 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000a80)="1fa7", 0x2}], 0x1}}, {{&(0x7f0000005380)=@nfc_llcp={0x27, 0x0, 0x0, 0x6, 0x40, 0x8, "4d71e5f40f456029339810a3c69620974fbdd74a0512fc592e4fb7e895b1c6246daf9934512f6ff08c1c4ea20fbc354f0d7945bf65e5234ba4d3ede5d1e0be", 0x1b}, 0x80, &(0x7f0000001580)=[{&(0x7f00000014c0)="d04d0ee4f88dfc56fc339e7cc2e6c0c6d217b05e7a01c57ad9c252b7c8ee416fc47dfd037712d85abfb6bed957d62540c9f731d800b61d091daff496285877507d7d3ed002b6d94d8bd5173a275ed33a1124eb", 0x53}, {&(0x7f0000001540)="d48656", 0x3}], 0x2, &(0x7f0000005400)=ANY=[@ANYBLOB="600000000b010000b400000086b795c3c7131d354dda98680436c6c043d2fe1ed2bbf2cbcf3fdb39820a110e4e0e8f820bcf7739eb685de344993577ab8c6890d69042d608c77c422e33a0a2406981955dd03b0a175a344ccd5df35466000000bc0000000100000009000000b93df74bccfcc42591c94aee194e322f6fc48760a364eeda08ad00dfa24289da6bf53dce32d2f2041e6531cfc903e1701c336b60568b72a0fe1c11326c3d28e9347873170cde9066b662928924f4fdf8556ce22622431503b69ae35add9e7b63b19f1c4fb51ec0ebbbadacf4e838774551bbff61cc10841308d5d16f3412a1725c43f19bb1d483dc81e6bb2710a38bdb9c25618d4f19d09550152179bfd673fa7472d54b0400f034aac625e8b0ee46000c1000000000000001000000cdfd6671f4bd27b74619688b8ad53b3869a2255be605cc1818ecb02b7389b03ec1ab9844bc488483fa72244b98e08387132abf14f1ab7fc5232d75d9258781eefd3a4e987ea0d1d1bc18fb369d86148ae08f79b7a1043274568fc15845fe872f5664c4633770132e6b2d3207297c5ab47c9556c7afb386f5079caf982aa9c03163b4923bc57cdd55923f547b628c00d5839ead9534185805f63518c5e5fc01edd5c7df962b99c8ba9419edbba0fe6c4827ff10c83211c6342d2ad50dcbe8e970f05bab3ac8428b47347ba0c878a78b756a36537aa55c1ae38130295ba0329effbcc70bfc0ef85eb16fd42922b88982b74c5736d6e74bd786d17475385025c653a7fd980894ad2eec49c99e20951a44864725d48cb2bdb4588f47d08594a8852fcf92fb9dac64830be91ba28979fe5ec879e9096c7ece6d6fdab575f9d1ef7eac04f461a71d002b15696a7f392bab3f17b1c44e6ccecc7a6939c04ec2f7e15813a8b34b6c8270430eadd99ad267940c16b261333b9d23d97011b0c7677ed509c3445226999eb77a023736d04f3a6b1242c7c084cd45dcd711a1609c47cfc87c7f75d83302548d1008bf332d6392e2c1277e9e11cdaf7accf72a59a04d5f04ec4751d500f06b759ba19f2268a43f9ddbee8e558c7b03cb24fb6467e6011f03192c74864786e7e2850418f9a440687ec305b51f5a952103f65606dbb74f45fc9f856ee73a90b486c73a387090c5ed6ee5b20e55aa8cf0cd25733d05c800eca59e578f1df743c1c55e27b5d2396b37692b61b1b54e23ad4fef5ea70e7d30d892cff3188f0a822c544167e44d8bc1fed2dfb356ca194a580c467da2b1a5dac7f31a0c1418364229f683c183a24bd898321ac2b5ce0e31724e895bfa5e050d5c17d2cdc14ba5f08321a6d4e336fb5f48025c1ded036717441e7c9e2fad10f6d7bc59107d1559026e17ae942a9d973acde4535d0fef8fd50686016697808c72611911178b4202493dc3a837245c60cacab9b969dca79dafa4f26aa23e4ebb924d00cf3ea2209051f7e021b73ab8e2498d1fd99dcb221c7c9f3fe87b3930be893d696b98cc95b5852fe9bd8a6ff397574eb244c6857eb06da27bbaf4650e7e5caed6dfd50eba8f73cf7c1459eedece40a7781b098ee3979ca0dba8e057de2ed99ed668e829bdb25c1b0b015f32d13135b95b4a1c4b4e66f2ce03db13db5a85dbe6c52587b0eed3adf786f8904640d13af40c796132e9a4e9ffdd4e13085328e0801d62e955b16bba96f55a72779de77e0cbbdf4cb7cab724bef09181895930cd4ec6ae61114fab85187033e609afe73ba216d30bd5cb8128cfe980e75578608e1c26f7fc105a5c11464a94af3f3253f3066d2fc378bf7d9f6c1734bae8ecc4de9fd37cfdbc02403b671ff4a2d80e9ef6fe5f4396ff27eed62ecff2c318d700b2110a9f4f75fe257109af47a8af6793516cfe90ea37de6265fffce0e8e31041f65c3af9959c866f1ce23d1c5a17cdb2befa89c56e2a9b35923ff47879c0d4e0ed44c1a58f8fd66a7e7f26dfc1dafb1f975761dc1e078452d3601162073bea20763258e1b80385df1a79953e14846c1f724acc7734dc5a7bc47a1cf936950e41bedf9364087f292d65ae5e0404e641bf6049ac7f149ea3d4190a85540181f4cdc011dbaff8dcc14de478005776cf141b2e9f2e79042c2a9904915eedd597ae8aaf2ebc23e8230b0eaa1e52ab048aa051f8c136e9adca1f8cce60cfa68f0d443faf0bd93bf10e1daf01c113eb18f1e34b0ce1fcf16a01231a8559e3bd2450e90575b2576fc0ab582a5deddc631d60af12cd966567ae3f05d42cf70b16df293bdaf46a7d151c2d3927a028a834054544da0cb015a4d63d3936130e4ddf5aa8d260ffbec9c7688fbaec2d7360abb332a21e6d0d1e5f70b2ac5209be67a119f199855d00c3faa9b3bd0981bc1d9cd2fbd2416f28761f6737b4f38195338aa42202c8cd4929a186ee6cce4a408f75e815634fe937fb9cf2eb16c5ce41573f5ce3141a5d36b295a9d15000f0250be487d2b22a871b5bf7fa4742b41be8541333d054ef02f3c4b52af3ffd8908a8aef341668e97ebba81e55d2c8f50e886d65b357b281d21523203e5e36da22c4ba411d2df5c34c6aea26f2bcc6416df15395757121b09ad38f5d02baada832f68cc9c7d43724a78b8662458c2d80f9476ec4b895c03d2ef48e6178099b161a768cbb55127c2ee1629a418ddbabd994b85d621cf109237adf2d1360d97e749d3203efb86946c85e5f025fc78f7e901bfc6623c38a32552f78ac6dd46fd71d5cb90610508085eaf15c91ad31871622097d9d0680e33dc89da9220cbceda7d1d5beb28da171d4c0c2560e98cb2124fe0d3eb80936bdf55193abdc8b2cc9569544f42018195803ab72bf13d19d2d2424600288132071f3285ce0fc14fb80265c2db02668989fefc639ce6bf892856ec352ad84c185435727c91220b09d7eff2ea36c8d714bf51612cb7f9438bee1334fe4a818bbc212fab5d4281ae302b409aaba6d49c9648a8d5050c94d94892c53b13a91e36261765ee75363ae6f86509ad89f4bf2724e59e7b8ff65dd3c2b98956a76ea1c1cc89a522c39bb9d8b50ab8aac9ba8a37554ff3d160476d0971484f404ce81f02740a16ebc7bb6cfc20b1fb9db7ef85f8384729d00ec95e05badd943031567cfe6398c5b79556f71addb6bafb74bb1b1a24bc4bd4978b34ef849f523badf229e0c3674d2d47f8b1e7727860d51726dea6b3bd9db635fb10a4d3dd81b5f53ac953a09b3de60ac36b9bc855a37a6e17e9f5a0ff2b36251d300634cb073a7f2613acb8a9a67bc106370f1e7fe53b903e2236dd6e992415ec4ae139cb444cd6ffaacea54601074497e143e090fe22374f08da08e753c82d02f20142a446824920e817c9ab8798f44147e77878805e43bc5801878ca5fdda2fb8203414e46a8610cb1a6ca01dbb9ce23851c9a6172b72e302c3a49be5d9e9724e1904716ecf89eef3d19e675b0d8ea93d3d352c12c26fa5a4bb7fc78c615470119144f38a0b223ecbd181944b0cbf57af6586449f05e79a22225f8b5bb3cdbefb0ff898644446fa814ce9454e73729a6c6aed2c86ac0ede31256757d3c303381ebe506a517294ed991aef66e2e0bdb0c1fdfbc14f678195abde6bb8e9dcfbc3ee3eb439c7d40247e841f3e4cbb510c74dfbc51f3814965a4eedc3c5f5b2a131ffb3c120cfd60f8bceb592acc3a25ec3b4fdbdcf24988c29012c542570c82345c50b16b2e344225fd04ad11829e9863cd441c9450a096d5b977191c897fb35eaf0d11fcf54b5892c086065bd0f128efc2ac1f82417ce915ee7efd9be013a638635b44fdcdb1575f47ecef4c447331c7b108e44450c1a766e7b8a2a373c600a137275d00a57267b8debdac2d5a5f1979f6719f65e9103ffe155e0c7100fdaf31d2b622f1fab3674896beebbf4ae2f5f7797b01ab1432e0ec131d68cdd16becaefa3edb32c6cc3842de0b53f8e439b8e60344f605c0819521ae5d1521936f1aa0bb67cdb900170be0e840f6721608f23f2eecbe56f353c8f1d621cfe4fb9634045a6d29b274ae616c03b125500e33dab6329623c2205e70cee2282732052f99d7f7888cb4f8529d3557ca1c7921b8b9b8ee18d50ca2d415c0c457139fc5e4ef6c643190cc08f793f70f8402b384469017cea1f50f50af4f3ab52d5cefed124fed9ed548d3c60fece3c1d9d25eab555d254da16554e0f12648ece77a6488c74461e7c53228ad7554b6e764535b1d030a151fafafe5058aae2c39f635768d370115fbfab2eeab92714cb0bb280d4cbaccd2b7ee518463b1e29774d008a91de97919d90ac218970dd0cf2a2c04de7ea9557f81cd909d5fedc6938d9507cbbef981ba0017932ea672a482dfc6765ad25f64959714cc16a95e91ad020d39ac2d52e4e2f02e75459b37c37106a4b524cc33bfdaca093ff11c359b447e5a27a38d3f675ca1189cc8da4aac495f911e9560100aa5f7d644a0aa706bf7f33e86ab17f074f79cd95c7189e2f89345e496605b16f1644b2082834e515d37e6ecc1610fae5aaf130ab3010db0a70b260e57292913ff8a3c79b23b1d4fd17cf6871c2a6a2e8ab975fe0d93882316234c9af9fc02212a12a5045a83c9434a0e2d0080dddbd162b92231aca5315d1c6fb23f510667b526c4c11b7cf36a94a760caad570921f3f3302efbec1f35bb112984641c4c1d4fb02a22bd4e13d93e73b888cccf78a47e4a8da7decd3610c7a5a45039c3612ad872782b9f7d7d3fe571bae0eb3777588291364cb906c6c910a7276beecd838e224a5e5df1d98a777c24d68f6e728690b8e1b918a63c05bd5477794fd2520bdd45266aa0971d5c4a6f6c5aa675b2b2047bb1c60dc49045b8b5505438e9b09cb30a30a3e35b304fc552d4ceb414c991f78f1a4cd174d2f631afbd60e90b3cd095e9648d4536cdd45f7d7e89334d415d58c3ebf613c92eaa8eba84294712003de223e778d24b0ab0689de3db7b6039bee1f28d8e4336d0627a5c3a5a9330b404236be8305a1841fc548197d29d0f2e3f18b7a3c59a09ee42025778693a9d0b025f7e1940d19350cc105b03fe11ffc8a51361b198f054e5fc892ef45a1cdb27ed7cae946a3c57c4d2c0bff3df9b85b050992ced6e72dd8d280fb132217509f88432255548259d3d6a78aba81cf87398ea6d083c236820097197484b4e03944df030e5386386a8439cf284e7040f569d11045fff268233c6c3cfeff14b211dd08412681148dbd9da39a4496353617296deef98ec20d159a0cc8788c3da73693996c5b66ae5551065ee2ccdf43cba10afca0ffd4505a5e2ffa71e0bc7de1a52e3a26e6369e2cd576ad81bf9b27867cdbe172e571b84522ebc9392603129c011c095d4d256d9afc6b91fb3d79421465592c3b27e1afc3b0e194eacfb8cbee1f43858531742df3e4d450c92d4d36ff056c77631e9378e3edf26d8f0277f50980afbcbc73e74569c4ad7af3fd33d225b9cb803bede68b79be8fcf62fdd2ea61eed8c1806bff1ae89efd1f8bdb612fccfcc1319772555834412bd732589d52c8015c0b53a1e325ee1b634e3af0a00d31ad30cf16f7a72df4254de53639828373ed3b8c8e977d72ac5ffb005a940a9d23658952806a49f5d01e19fa44a4c71ce422ff624013af64912abe31848ab5e5349e5f0c94ea670828b92162343a347440e0d1b8c0f3667e69dc33e49178a666e54cd05e71d1f2a76a75d9d228e6c4deb61176a71215efbfee0827e82e6672fe53e89a3b724ef1e274d81bdebcf71387d2c832527ad170b603309e278cc2b85c00c2252911b3f0d55a96cf7d3c617fd1b82f093aa9a196209da498f8e76d403fab0d2c9ddbd55cdb78c6dad520c7a2dd05210a0dc6ea70fc2cfdde45077c7b0cbb54d2ca4d0aa848cb87832d44f361f4c9adbcf72979066271694dfcdcf2988e62b49bad417ebb622b3c6b3bd12a4651caf42c089a003e5af3606269f135677c3bdef2451f4d7e54a085328c0b7dc621fdc2edcc74d5becc5fb3f4b174ff3686942da1a632c3d5e5e6a1c1c7b6193f961e796d520af870af72bcf2e09a72aa8579aac1e20eb0f5ce91a63870e3809d5878b245118502e6705508197416cf1c0af5df7f6590a0e7fcd58814e050aaa42a24f771f686e8fd47438b370e9b9c3adf38edb4d3524f31db14232b00184930aa013efc4c0f48522daad134512cd798f64e94008c102b59eb43897dd22efa7fdc30b71689eb0142e7c7d468d61980000000701000002000000a34ad0e82b914c048691c0eea580bb1289c3d9fe84c4a823a510a26251015ccf1fa5063d6dcff54e7a21f0271482128b42536d8b76f2904fc7c0b867457e6708ba819733fd567d41fc96b049072a11e5866f3ad94ce577cad931ecef4754eda2df30d7b8b271a1241fe97e039054815f9c3f159effcc8561671435f488449b22674c4b0a2391a1d062000000f80000000600000002000000cb69314fe2dc0be0214c58bcf08c68e7f026e18dddbf02de541cf793005891783c9a96b169fd8c873f416e0fdf115f074ed6b38d0007bb00a9685d6b8cd9ba74817cc88beb025e6d19d7e2df1efbc9384b36d37f1a65f07c53b22a20fdb47e37b619c38a1f8d3b4caf298c8dcf3b7cfe3a325cd2631ec8f84b0c816a66e9d654b361f8bcd1c492b3137fc0c0c9683330d0d14bdba53f2801360dec1abed8f9ee96cce3a3f8482bf4ba05d1d7df43cec11bde826cbe1f1ad05944b42677ca895e7c84741e2d0db2e3ddedd7d596723fe76cad9c1b9716730dbb61dfe453c9f5c4b685819b2a0a4b32390000008c00000013010000860300001657f57d284781d19e5272aa36e8199320d64ea468e07d0d4275118b210db101b83abde99ab4a8b587a8320775d4f64702ddf9b74935f15fc2ae94b7fb2aabcbe5235d60f0f619d63d2f35577ede3657a2681fc9536cc876f31efb8fb5d161738d82be31271146244b4bcf8ca2c43fcac2e873acbc389fca0d0086bc236d00003c0000000b010000140000006f24eb208056aca44581317488172c0904b4e58cc772d88178d37445e2a4164675e39ec46a0a286809f80fa1b972100085790bd7edc9a48e667030c9b955a44b6ee6472dd1c40224b8833053dbc6c7ca94ce34dcf8a8ba34f9b1541bf2f4d7f90aedd7457934229ffea6b0846a48920deec2c9c85d9b3efd7fc0057901f7d0dced02318f65a18ce7481dd86c518395e96b586fafa3b359111a9c0f74867c19905cccd7a2b188c8b67415a9db2a5c421b6cff6543e35d53697c9bd41395408f670f6148620cf0eb377d091903bc4df1ec76ff948f0de276ba410c20e9d5c410ef2a47eeb4656610b520ace3677e73d12f7fab9e20044c9f1eabbef6b01354c6bc11ded40884e4c0e1d0bc7f24cb730a9b390423"], 0x1380}}, {{&(0x7f00000015c0)=@ax25={{0x3, @default}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @null, @default]}, 0x80, 0x0, 0x0, &(0x7f0000001800)=[{0x48, 0x101, 0x8001, "f949ee24751815b9ede1d7d3ebe40deb1ff28068e67056d8dd81953094b5b940fe8c25aba0feaf2054acae32e4365666cbd6685ae51536df1e"}, {0xc4, 0x110, 0xfffff213, "ce9592772a7ec7c4a877224c5576c7202a5c0180c0af45debb3d7b96f493d739fb644926cfe9c56e23df49f7a26e8480609c72efba9e49c45b618797db0fd25b687221222c4b88947dd39e326131510f83292806b5db47f7bbf82e154357bbae15fedea5e78a99ff57d730b7f1115c04de1b06fa2d26b6e227fbb0957e449e02692916dcd9c9fe932c1af67b4ec63b8f641469334196b8d5b57253aa8a7ac004c4aa68bf4df807bac89d212b893a048c6ebabd9f2a2a5d2f"}], 0x10c}}, {{&(0x7f0000001940)=@in={0x2, 0x4e21, @empty}, 0x80, &(0x7f0000004140)=[{&(0x7f00000019c0)="f62600dd7af8754b1c325928477bb1c704e6d7bca6d9785efdb9b228feb77428de37b14016802d909ccf6af646b1ddaf7697ff18c8a238111ac1921072291f864ce6", 0x42}, {&(0x7f0000003e40)="dd0dd2977df955b691ad16131b16223bd2e4950ea767b39d0dbd05b70aff6781e3e60999e6776ad78b8af3f69db74d6cb8191a52a9964e7263645a0bd8b5e98f630ece866a14d797db6c8332debf58417fff1255b2adc9a38f3b50dfa32352f57db4c6244f091b5eabeded4d90708d0cc7e7419e6863665d9d2049d456020e1b98ac8d961c767e4135118bec463e5f420fb788e6ed387c7734c7a0f50bb544f13f438d38fe4a02a35046d6d1364b0ea51ba1a0054539d13932d743a131836e880cadea45fd0bf6c83ca47b67eef0df667717c7fcf677572bdea583279122b5f31ff444226b125dc9440e5b6c99190991bec4a83005ab3178", 0xf8}, {&(0x7f0000003f40)="a2f5890ef0a8ba5def3b12c14ddb651cf58f20e6d6e60283ebac37e6378e6499fa21073615bc3bcb06647f4435333d51ba704bfef3a68f87074906cb1785be6e2a4d038224d412ff308988b4f2aa980c25774652cd8e45c69c1bfc8b0116a2312baa010badb7461f3cb2b42d8a52d51a0b1c1fb9478954eec288992feb48715c102cda682f7a4c68a23ada5320fce6e4a536dd9ae92b6b08f5083e99ab8cbea609bfe470c17360c70c0f163f31527cbf5bed3aca8749faf1a336dcf0e92de9452da9660300b677", 0xc7}, {&(0x7f0000001a40)="4c33fe5fe9ba6b9ce119eccdaaaf546f13e7d0923b37a782e56c2e2cb2a62b115f", 0x21}, {&(0x7f0000004040)="967b3899e4cd406edff808ccd3d1abc14bc9230aba4492cbc35117ebc24b5ba367098f08012f5dc08762c50fcb91b9f11d5c42f56d9ade4c311eb544d57e62e956687fd2dead108d1b3884b98d7efca95c1c886cb0617e21372b57713f4c7df43534052965cc255ce62cc0c299fbde1131e4f313043f2fda61dc439571b31daf2cb64c41cd3cde924d55c6a365523a47578c250b84a09d2e92edd439f370ba753c68f9c879462049949e1238894db78456f2bc5b1f6dfdf7f9f17209e0d6741710f1", 0xc2}], 0x5, &(0x7f0000004180)=[{0xdc, 0x84, 0x8, "6da35b637e4030473c0f1f41ac523b9cd61a36d69d3672cbe8f8150ee287a9d01ea9be116daafdb2995a41cccaed551de11d277ee6e2287be5b59894638dd6e060628b86eeddd60c83fb18f653cf7621f1971dff6f185f5f336cc99750bcfb7e33e7083b1377893b0aabcc60d00594ce5d6d854b32d5d312f6132e142c9c015c076d7dfaa288d1cc04d23da3961656c20b04c8b5a275422043ca673102a3b85658bbd7298e385575e0bad668d383e6d7432e267413f9da26315d4d897a7ca942824827d75378e2f8195d53ba46e8"}, {0x100c, 0x1, 0xdf7, "36db050af578e466b5fd4a9d1b3348c4279bed7bf750917c6a03adecfc43bd950d6f95e2ec17483b9c85d4c5dd37dfc2682de6630ca488af78823887ba9b2ad1a7dbdb3e830d332b62b00666ec17519a50e836a8a5b7034ef4ee0793281da150490a6498e2dc8726e76356a39cdcacc1a8aba2bf285c20bd79c1b8642007759f4ed244b8a40a37c5c665721916d7d9ebeae384bb5b67ee52a41c2c6457e6b9ff3b74b8d52609951508309e0300c59d3f3f73d735c3f382a616de70c83facfcdb0a7668c1180dd428d270e6080ee394e153f44eff5bbd614ae02bbe9516fc4380e533643cd8f49f701ce2aed827575013925ef9de9398ebc8f9b50188701451e10c48c4e444e293227eaed288997f580c0c762782fe2bade9901aca70fa015f0886c096cb8d2934848f6e42dcc75e1f012b7f23b39218cd957d6ac1b2572a8da666ce7f20ab6430adbafc23d5b54c89fe0b9a4b96b3c0752cf3dbf726af81b563d2d935ed2dfbaac0a9135c058a210f145a2ae1d8b0f2ce0befff8947632292267a8265712dccb8833bb9f2ffa12f26b74ba10de08fbf410d63fdd73e020eede7ce728c54d9042500c04f1adffdb12785ca29c9d5b6433113fbea591ae8b55e32a2cd4ab896257e0994f4b57d4b3bc4f22fd9ed89b3b02ad397ebcf463b7aac2c3210f0cc3242c59d5e57b5f9a0c1c9a351eac7329a457aeaa3f1b5c0cf3a85653f2e5f56e60015e56b8186ce8c4251f478239f87ef49aa49c4f4f0f2cc63e68a0faf2e7ddaba02d678c8703f50b5d7c8db0aa66d0fbb4fa9988949680e25aba97ca7296535da3fa4e8f54cbaccb47d47ed4e69059844762d1ec5746b026ae7c0da10a4410f98262a293e791259f745dcfebf552d3ebf7714c45600584948b71c84ef0ccdeff92e6a90c3c4667e43e5fb5461e67215b67b30067340ac9bcb01ce9227df91eec2eaa3be6964c35553a83dd0041b310cdd5319efc8e342fd9e0171902ec2acb23e6a1977518ef6f6957706dd458d7314b6e3f8cb4c59d584c1db13c473929194ea75f1390a05e61e1565970fb6cb4b3321956aba8bbb0cdf59c1041709c0ed3c2f5a821b42f4b6856c79c5d81763234968a62cc4db4ac67a881d5c6be0e5b794c4717db9abfcffd561453a7e5dae8a3b3c05e302365e873c9335bcfb40467e62ae2c6b8b476270c05f393d077586bcfd20a33959ea7dbcce1d968a90b233ade82c66f5dcf04e0eea5b76f3360193a36dbc81b645f4ae7313b900cc9d958ae356724307820633c8b7694ae29ca7a29ee5bd8eabd452761b900bea4bc9d48291d64664362d2949f6f924ca0d68debe935163efdd7fb59013440ab77b1606f2482db79efc2d4bce6d630cb35b9b7106729f804959180098f11888bbf18943b7ba3fcc3a1fb1bd4cfa05ab7826b5d2542250d5f7d9ee114807f40bfd34099b0ba54f592255bad46ab9bd07df8b2ee1df77316e43556c755cdd6be39f1c9223d0fa48c8723a21795896023f7a4c36596a9868bf98096889f13879828d774a6e29e1cc00d9633ab72ffe49053786a7c372e1c4dd99cf5c400731ab46c4796c67cc6cbd13050ebbe0b80afe20120fad2f3923f693752be9cde31a72d1e585a2657f6d5d6f93fa7fb633ff29eb81dcd74403999ea61bdc90cc6f42ee6212c68ac50dd879256177a1210d42d00e53d89a32da1ad64c7382fba2954b60e0e5a41d0d20cd2b788e191bf8c7e90b8ae7b63a6c333007a5cb62532ea417b61a29374ba83ef66bcdebda1ddc661735fe8410526fb5cc71bafd4093f26ae7c606790b4e946442e43b79b54252d49d5b9d48cd3824cd1883a273111e9d166758bf786fb9f08e91b59b87baa7fa6b5272e3ea7d622096e4b02cc03d877a4edd57dd533fc0c9eaff82ddb0d1136e6f0f4ddf199c2d16b95d03626b93eef6c40f580a0a4f9067b1af101e5fb51151f68d9e240c9d90d08a16d56340c9ea05a733931c7d7eef92e7cee867102fd6e5ccb87bb70c63e250efbaaa62539530dd3d6f935fa77d1c1dc36648cb11a723f33c30a127a0193c10820bf81c5fbb611edddb606698e38acee0c2473d42507349b07fa7d7d31ba6b0b08d89ad2ed30dca6cdba30c57854bc54f8aa34bac4e6987f75b8000fcc5dfed4624b3fa78bf2c94f7f72220494ee4d4008c12d5f02b6adce8630c9014e2e90c28b6a6d418f86bd26619a813185fd32b6dfacf219fa15cec0b79740b1a14e1c0632d11fef59fbb40ec84db2ed473c019dbd5b1eb4b71fbd3755389d004081215eb3bd47ab69fe25c76641b4a13223839bb09b725b8256758af8116379538306fdee21d5474cc2b6e2e62713d419ec060cad3de489e6142429baa720d69b4d75a2a4f8d807179b8c81d453a092f56d10c31bcbb83c58e4c60dc8675cae64f408ffe8743e29b6ee72b24e77666a00c81087d3f1ffd2b1a9c1929dcfc73754613c4f1d655bd682b1d566422518c5c7680251e0efd1ca7ad8a41ca95c625e82ec94f5fee30bf283d1ad8cae6be92c7878becc6c04a157119e039d7c70576f8e481beefd7d98658ebcdff284844f13531f009da532e34ed34f132bc72a490c953cb075c749f9a83f3d00103c1949d4265bc20b6cefafcd9127b215722825f3e27e376e54c8fae2bde6465ba3b5a02db539d7657d0764e2ff9f2b7fad20263174c4705513eac2a36d6c27dc008408fa74f28be00937ea40f1bc796c0a1455cbaa3bf56457bff9e8526dc9120f388c64d297dc259ad2d3e5185e728d86b2554a55d6d8b6a341e2717b384106f34907f1a76b6f23e0fa6a298adbfdeb8c30c820331dc0b1e53a35fc7151f444cbcf97af165d9fb92da3e65ec3f11e90fdfda5def3fc66fe0c87050b2d78bc7b05ef46ea2044c8cb5a7b942664b3057086c0d5fac03970df8bedda9d0d338be15382e9e5a83b2618036141bd6cb357d7fcf20180ddbe2a09763005d08fbff5d0e5f7efc1515181a9100c04ce9ed7ac75c83c29163225303456ac972bc05a773197a42cbae23fce302f82180da95ba4cc9c7cc6ee5c55fc52dfea48f469acc58d1a3e51ac3eb78b4ff20604bcb93c3cef734135ba3880f8bec12927343ca5cb31a9bcf1ad07bbc9a2bf6664a1081f951e5a9c38ccf5f3e69fd2e27e4de34e15e8cf3b63977dd9628942159d74d7f0c3492866b26b74ae595d45b641a6ec31bee412a014d21c492a7defd9b42c10958bbeebfca622ec8c0034b205aafdfa5082f2f4ae809b4c14cf82c9b4c36defe38674e2629dabde3934b14f88a54b04e76553f7fd2ae6b2d0c154c17bb08c36ded619b12aba4e56d47a438d5f37d46f42299a0d05b7c8e8d0000af9480a80a923ccaf3d484662adf657809c2bfe88903c544ad1b168918ee0f19c38f7f3b8c9d3f7e3b1ff03bb02fe1ecbbdc7f796ba795e3950eb801a0d5cf3a185b3292c438cd88ca7533af6e8ef2d5299fbbe43e9c94c68f8bd256c15fa8c65ae60f6b86bfebb4d69cfb0e42b3f2a2e6bba5922974e6b48d3fac9fe06cd69639747c57ddd0ebdc308e57ce86bee2e767414b90ad10fdcc3cd3161275e009e62952007336365adc8f8786bbf1e01ad823de9c21689d9b79ae7786178bac8a19b1785eac34c7cde09a559e8e66214db62d4ac264e9630fa89bdfa5435173d5d15bba9b2301702d2f184c02d6e048392b68f076831ee3b1391e948d9c0abe69d97e773be0bd57dd32797a2e4bbc55fde0c91fe4327f965aed28e842276a776b1a1fc2042633ba5bceb1bb7ac28db0fb07d7a039500ec55c55b76abd4abe62916123cff75645a12514b3b526c5dc8276669d19b83b8dc495dbe8497249c587a984d5e9eba4d1b963f14a521c35781462ed312459cb712d33052f1968a9313f97f59b073b7f28e4c1b07b59ae916440310394de03c3f2a929bd8015a91ab9ff73e207c88c172370def400502fb99b856cf5f9bbc6443d92ea75785ea15737ad7a46cf8929aca261ef802371035577ca158848d85d3de0162559d4508e156cfc4ae2d887210fe3f597a22e07055d8d3709a92dbfd40ae61d5f6e5a1999239a72f017280432388c779ea0f9e8f6bb65cac2b4f9d8261a85c5860d7c6284e20d094d297c1656c331b8fda91351c3000afdc27f13aa17b574aa109a4e836ae6ef99c5481e93a9fdbefb26f768620ea2b80607c937174d3d4a683ac5e50e32b553dc8325fb1ec1c3cdc98e89b06daf9d282affb24695d275a796fe110c60db3523872e267db05fe569b1ac6f241f5519d9122b52d11a81a727bdc756be335a4e67337a4a5fc771c8fbbf32f433b4c517a9acd49d81c2accbb3b8376d80d3a7f018444cc7dc09274c032947c012736de40a29506102741b522189167cbfcf11e4c14e604ffcc42f3a0dccf355e82b1e15d44ee4b2232417cf1fe0c2d476441a7b3d971e32fc2d320a4041f9eef5e1d58a04b44b13f6c4269ad527f14d177f008268f0e3732d58855be253a521621bf0ea035bbf7b743f7b3f2641609988b8941474e0cf1e3aaecd1926a2da28e650594a2f28c42e389516c8e16f35458cf5ff186022df864073f70a95289ab340135aef0b51bd4d45df51415a28b6b671f394191494451f754bbb05300365afcd872368e51e8f06c7b7016eaac50663d9e16a137c6a744e22c870c7494cd27a0ce5f936d1dd9918641802fe8c919b1a3da5fd8a9e5230a9866d667d8417a981bf9d0820057b327deb35d4997a372e76da7a1d9e23a11eeb693ef44436e33991d66e617524f351f42e008821e43789736a9146d8144731eb7aaf3b3b40fdd5c324a5feb501aa8c17edc271709d2ab6714d97380d387ffb1a9d1f71c8fcc4a714bf1bd5784c7e782b4b8a95657207ad7a71f1305ce74e3d9802964f5e35bde48ea08e15214b7d89fcdd0eb9b436851034428073f4bd1f40ed336acda34080102f2d83b164e322d6d95f678e7dcf1c351716c4f668f8597b39639ba383f957d1ca0734f39e17d71458c98c0030b0409eb333376d1301ab67ae9a70b4bf6ad1bc6fc6e884231a8334ac656f06ba2f8312b8893e9b4c135403953626dbd0c81a1a4c87ec4226b49e05773e59e20e148329b6e29bd22ca833a1af2d4b1b3e4a27a652962f93f7b14ef3ef05eae61b01fe39f8c530bdc8a89e3eb0bb9fc984e1162bbd2730a9ef84e8e4b2ae267beff3776b5696cc9517fa4d716920150f7599e5ebc8e5ba7b423688e0fd8eb9719352134167e3d0ff96c6accd75f07bc5a332655c95a5900604abcb0060bc19656f3ff7925ad3bb0953b96aaf862a0f19f9f530740615180b77a9083237b25905a3cb32cd27af2e051955c6960431e4c370d0753d973206aff9c3b8d4ef79dedbc9c459f159829b49687ee6f54e0797a627d28b6984038d819c3cc6da9f43b139952fa0174964c501e545f909741f5d799be2ca3752cce42ea69dd1a14974886836f87fd08c3f1b0656baf9bd7ac2fa5f13127a32f63d0503b84a373a69672fbac603518b803401430f61259d15b875b12f68d47946ddbe678ea642b6a3c8bd9e55157d31686225ba4842b5926b1f15a400079df92bf49eec9a922cca5d9ef5af8aadc85bc54302599ee35573493c83fda8768ca417d54545238a17a1fc75799da9dabcd9c727ec681a4cdcb77a10f855a56d15bbb7ffd1710afd46829d499c80b724aba1c19e4d2544f7a422cf562322026873468c4384a65297cdf2e28ec64935777defaf88626396470150d685c83d1187a9e892e898bd95e508e3d25dc14bdcace3c0ab0577813ebb7d"}, {0x14, 0xff, 0xffff4b20, "1cd368dcaedb49b8"}, {0x18, 0x104, 0x5, "05e5180b628dca49d8c133"}, {0xc, 0x3a}], 0x1120}}], 0x5, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000001240)=ANY=[@ANYRES16], &(0x7f0000001200)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x6, '\x00', 0x0, 0xc}, 0x90) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xc, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f0", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@sack_info={0x0, 0x7, 0x80}, &(0x7f0000000100)=0xc) 7.0561729s ago: executing program 4 (id=1877): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000029c0)={0x48, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac02}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "cabee339084eeef16f162471f4"}]}]}, 0x48}}, 0x0) 6.946233139s ago: executing program 3 (id=1878): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000032311b6af73ecab33839b70300000000000085000000bb000000b70000000000000095005ba2375f00"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @empty, 0xfffffffc}, {0xa, 0x0, 0x0, @remote}, 0x0, {[0x1]}}, 0x5c) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r3 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./bus\x00', 0x80, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000040000018001681140001801000020000000000000000000000008008001b0000000000cacce0d003e7e1c36eb4adb915e5efdb2f0d9aa0bf731c1a4bae76900428e0e397dac0e9443fadb82819f0a85c0dfef635362d923b5018291fc367473a1a9f3aa60ee00d6d37e73ca5479b4beb7c66951da5a325cfa0afd924bfa5c1bbd1a2c9c46109c65c2bd63cbc8889ba595b2fb642ef5137b807deffb02f0f46e8cbbad7c8a5870afadeee4478d581e2bb49846b608d073fc2e1a62809f36cc7f624a4a6022287e566f5e9ef23078e86384e67e7e4cb89d967a251abdb684bb2c3e3c1d75089cf86825b97ec7c2430df5ba3f813949e01cf05c3c93049e9505426918b9cc4e2355cde39ecb2a0dd38183f5b42c29b5d86d83a465a3baae55469724e41e86b4319fb191657b6b2c261440b18322a615e394ba6c5ad2be2ff41e947fd49d840fff3c627b855e8467074759bf1bbb6d43934993bedf1a0ee2657fc936afdc58098cc6499ef4a7344973a5cf58df24b3a3843bc1f4b79cc6e743b89c9fd6fad334cc4f629017604000000f6cf89546a973dc122ab4b4edc0060f77cb0f2f3046df2e0b1362fe726e1012415be36dcdd"], 0x40}}, 0x0) chdir(&(0x7f0000000140)='./bus\x00') mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2200000, &(0x7f0000000400)='quota\x00\x00\x00') ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) socket$unix(0x1, 0x3, 0x0) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 6.789934262s ago: executing program 0 (id=1879): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x90) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000100)=0x9, 0x4) sendto$packet(r0, &(0x7f00000002c0)="05040800d3fc030000004788031c0910", 0x10, 0x4, &(0x7f0000000140)={0x11, 0x8864, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) socket$inet6(0xa, 0x800000000000002, 0x0) socket$kcm(0xa, 0x5, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$packet(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1, 0x0, 0x6, @random="b6c1c02b5fbb"}, 0x14) r3 = socket(0xa, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000a40)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0xfffffc66) close(r1) socket$kcm(0xa, 0x5, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000300)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000010000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000063d44df12b000000000000d781ab88e29ad75ae39701e6794ad0b7efcb57ef6f1b7ac2de8a14e9c49cfeebe9bc86c0e9d4e7c5a6e29d57127288c835c0522a067ca760b7029bd261fbb72753d3d9c3d3031394158ea1395bbafe43b1b932fb283970069ec5bea49e51ae5704605ed78a65e8456eca133d40936d68a7528e6d2c372975805e347228edf663ad7f8917279d3dbfa191c9f39381d40d22993169a123a0be01224cad5e5328989e3254c93a8868fa5eadc79fc709afbcc2ef751f57bafbfeede98c02798f98f0fe8f09518b7d10e386b4928227875686256bd82eb7dc858b3b3be2b52e583fb024e851148fea40206b1c626c37b86647bd9f606f0edd8c"], 0x48) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206051100000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x0) 6.738330998s ago: executing program 4 (id=1880): openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000007940), 0x2, 0x0) preadv2(0xffffffffffffffff, &(0x7f0000007b80)=[{&(0x7f0000007980)=""/131, 0x83}], 0x1, 0x83, 0x0, 0x0) 6.514565328s ago: executing program 4 (id=1881): socket$pppl2tp(0x18, 0x1, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/vlan/vlan0\x00') syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x8, [{{0x9, 0x2, 0xfffffea7}}]}}, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c"], 0x0, 0x28}, 0x20) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r2}, 0x48) ioctl$SIOCSIFMTU(r0, 0x8923, &(0x7f0000000040)={'macsec0\x00', 0x7}) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0x80}, 0x1) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CONNECT(r3, &(0x7f0000000340)={0x6, 0x118, 0xfa00, {{0x7, 0x37, "49d23fa4d194dd66f7872b424dc03add1d6243207fa21135fd5cd4546acb209fcb7e1e180d24029d841027579ffbe2f69bc45c13962adefdcaf6c8b1b75253b5887eeb53a7f631ce8fb8d9917ffdc4a2af9a926b0ddecfd194aa1ef85c8e8dfef9fa5a21e4aef4051695c767a6f444cdbed24ebfa294aa10d2436d51eac230263ce1d55252d067f4d4142673801ce9002273eee29d994ab3fccc4f16a32a628231c27b6f79ea3cc81fca1bccfda654740db79deda4125d41b6b6acc07093e9e6cfc51421d9911c915d908490d3236ddc497dbbfdbc29089180c510f94361c89129138ab5e626d2c26d1cbe4a01ca7d3ec798e358b67ce6def5e1ec958964a5ff"}}}, 0x120) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x6, 0x0, 0x1, 0x200000}, {0x3, 0x1, 0x6, 0x3}]}) socket$packet(0x11, 0x0, 0x300) 6.245728158s ago: executing program 0 (id=1882): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000002c0)={@val, @void, @eth={@broadcast, @dev, @void, {@mpls_uc}}}, 0x12) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0xa, 0x80, 0x80}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000001c0), 0xbde, r2}, 0x38) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x56, &(0x7f0000000300)=@string={0x56, 0x3, "4f512758cd70d4acb68be8180f6158ca28dc5677e09d9bff9eadd64d51fb756ac85c0970cc8910eabf327a798f3e818d3f30fbe1370d747590bbd151d2c25b3f44550df4f47490c0283a31f4e9ee7c1f0b76a6ef"}}]}) syz_usb_connect$uac1(0x0, 0x8c, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7a, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@processing_unit={0xa, 0x24, 0x7, 0x0, 0x0, 0x0, "323416"}, @output_terminal={0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x0, 0xa1}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f00000006c0)={0x0, 0x0, 0x25, &(0x7f0000000500)={0x5, 0xf, 0x25, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "79f03953c4c96fe6b1d67b8b584cc085"}, @ssp_cap={0xc}]}, 0x4, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x415}}, {0x2, &(0x7f0000000580)=@string={0x2}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0xc1a}}, {0x0, 0x0}]}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f406", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt(r6, 0x65, 0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, &(0x7f0000000100)=""/95, &(0x7f0000000180), &(0x7f00000003c0), 0x4, r2}, 0x38) 5.780853101s ago: executing program 3 (id=1883): syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000950000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x2) r5 = dup(r4) write$char_usb(r5, &(0x7f0000000240)="259772bd9402000000000000008c19f3da78ce7f427cb49491881fac78851681a78c8049cbb19337f4077f7ec86308", 0x2f) r6 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b8, 0x0, 0x168, 0x9, 0x0, 0xb, 0x2e8, 0x250, 0x250, 0x2e8, 0x250, 0x3, 0x0, {[{{@ipv6={@mcast1, @remote, [], [], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x1a0, 0x1e8, 0x0, {0x0, 0x28e}, [@common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@private1, [], @ipv4=@local, [], @ipv6=@ipv4={'\x00', '\xff\xff', @broadcast}, [], @ipv4=@local}}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@rand_addr=0x64010100, 'dvmrp0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'veth0_to_bond\x00', 'caif0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}, {{0x0, 0xfd}}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418) syz_usb_connect(0x0, 0x1b, &(0x7f00000018c0)={{0x12, 0x1, 0x0, 0xb2, 0x1e, 0x66, 0x20, 0x403, 0xd491, 0x3a75, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x0, 0x0, 0x90}}]}}, 0x0) 4.540554852s ago: executing program 1 (id=1884): syz_emit_ethernet(0x4a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000000000140600fe8000000000000000000000000000aafe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="e3"], 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r3}) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r7, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r9}) close_range(r1, 0xffffffffffffffff, 0x0) 4.426382805s ago: executing program 1 (id=1885): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2a, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r2, &(0x7f0000005dc0), 0x0, 0x0, 0x0) connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r7, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_PEER_PORT={0x6}]}, 0x24}}, 0x0) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB, @ANYRES32], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8b, 0x100000500) r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) fsetxattr(0xffffffffffffffff, 0x0, &(0x7f0000000380)='\x00\x00o;\xc8\xdd1\xa4lB&\xa9\xb6\x06\x06\x99\t\xf5\x10\x17\'\xcaV\xab\\rw9+\xba\tl|\xde\x93\xea\x95A}\x89\x82\x8c\nN\x97\xbf\xab\xa4_\xc2\x17\xe7+\xc5\xfe\x16-\xdd\xa7\x00\xfe\xa0\xa2\xbdUw\x01\x80\x92\xea\x15\xc2opg\xee\xbd\t\xba\x9d\x98\x983\xfd\v\xc1\xbd\x1e\xd5h\xc3@\xda\xee\x97\xd5~\xee\xd6$\xc6\x8c\x01l\x1e\xd3\x1f\xe4<\xee\b\xe4\x16\xc3Ku\x84\xcd\x89\xb8\x1bF\xcd\r\xbc\xc0\xbb\xf5Q\x06\xb71>\xcd\xdb\x0f\x8c\x14\xc5\t\x92m/u,^\xe6\xc7V\xca|;j\xc1\xf4$\xe1A\x17\xeb\xf1M\x8c\x82\\\x89\x89\x00\x98\xadr\xd4\x86;\xed+\x899\x8a\xe9\x18\xb4]a\xd2\x15\x93\x84\x8b\x85\xae\'\xf4\xc9\xcb\x8c\'\x88\xff\x02\b\xaf\xe9vc\x9au\xba\xce]\x85\x98>\xa6\xe1\xc0)\xff`\xdepJ\x95E\x98\xa6pu\xbdh\xa2\xe3\x9d\x85\x19El\xf4aO\xb7\xcd\x15', 0xfc, 0x0) ioctl$VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f00000000c0)={0x0, 0x0, 0x0, "b75cbb1844038d2cd97c945462f31638b5394c00"}) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 3.323260861s ago: executing program 0 (id=1886): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r0 = socket$can_bcm(0x1d, 0x2, 0x2) dup3(0xffffffffffffffff, r0, 0x0) 2.797314134s ago: executing program 4 (id=1887): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xe, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 2.093668175s ago: executing program 0 (id=1888): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe800000000000000000000000000000000000000000000000000000000100"/62, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000"], 0x1a0}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x28, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}, @nested={0xa, 0x16, 0x0, 0x1, [@generic="92f2703ff0c7"]}]}, 0x28}, 0x1, 0x3000000}, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r4, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), r0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)={0x70, r6, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe6}, @TIPC_NLA_PROP_PRIO={0xffffffffffffff05, 0x1, 0xb}]}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040010}, 0x24040000) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000200)={0x1f, 0x0, @fixed}, 0xe) socket(0x1d, 0x2, 0x6) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) close(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r8}, './file0\x00'}) ioctl$IOCTL_GET_NCIDEV_IDX(r8, 0x0, &(0x7f0000000200)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r9 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r9, 0x1, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 2.000819559s ago: executing program 4 (id=1889): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x31, 0x4, 0x0, 0x0, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x0, 0x4]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0xe, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @end, @rr={0x7, 0x13, 0x0, [@dev, @loopback, @multicast1, @loopback]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.737996497s ago: executing program 3 (id=1890): openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000007940), 0x2, 0x0) preadv2(0xffffffffffffffff, &(0x7f0000007b80)=[{&(0x7f0000007980)=""/131, 0x83}], 0x1, 0x83, 0x0, 0x0) 1.125892911s ago: executing program 3 (id=1891): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1a, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x90) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000100)=0x9, 0x4) sendto$packet(r0, &(0x7f00000002c0)="05040800d3fc030000004788031c0910", 0x10, 0x4, &(0x7f0000000140)={0x11, 0x8864, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) socket$inet6(0xa, 0x800000000000002, 0x0) socket$kcm(0xa, 0x5, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$packet(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1, 0x0, 0x6, @random="b6c1c02b5fbb"}, 0x14) r3 = socket(0xa, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000a40)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0xfffffc66) close(r1) socket$kcm(0xa, 0x5, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000300)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000010000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000063d44df12b000000000000d781ab88e29ad75ae39701e6794ad0b7efcb57ef6f1b7ac2de8a14e9c49cfeebe9bc86c0e9d4e7c5a6e29d57127288c835c0522a067ca760b7029bd261fbb72753d3d9c3d3031394158ea1395bbafe43b1b932fb283970069ec5bea49e51ae5704605ed78a65e8456eca133d40936d68a7528e6d2c372975805e347228edf663ad7f8917279d3dbfa191c9f39381d40d22993169a123a0be01224cad5e5328989e3254c93a8868fa5eadc79fc709afbcc2ef751f57bafbfeede98c02798f98f0fe8f09518b7d10e386b4928227875686256bd82eb7dc858b3b3be2b52e583fb024e851148fea40206b1c626c37b86647bd9f606f0edd8c"], 0x48) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206051100000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x0) 458.518385ms ago: executing program 3 (id=1892): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000100), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000480)={&(0x7f0000000040), 0x10, &(0x7f0000000340)={&(0x7f0000000400)={0x5, 0x0, 0x0, {0x77359400}, {}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "279798af2ecd0648"}}, 0x48}}, 0x0) dup3(r0, r1, 0x0) 0s ago: executing program 3 (id=1893): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0xfc, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0xb4, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x98, 0x6, [@m_connmark={0x68, 0x0, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}]}, {0x19, 0x6, "66396e732cf67237ecb590a592c571fa73ca19ec26"}, {0xc}, {0xc}}}, @m_bpf={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0xfc}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) (fail_nth: 3) kernel console output (not intermixed with test programs): ): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.683867][T10970] hsr_slave_0: entered promiscuous mode [ 549.707558][T10970] hsr_slave_1: entered promiscuous mode [ 549.721747][T10970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 549.730244][T10970] Cannot create hsr debugfs directory [ 549.771126][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.782420][ T8] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 549.881838][ T35] bond0: (slave netdevsim0): Releasing backup interface [ 549.912924][ T5139] usb 3-1: new low-speed USB device number 32 using dummy_hcd [ 549.914875][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.974853][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 550.002941][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 550.037609][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 550.042952][ T5086] Bluetooth: hci6: command tx timeout [ 550.088690][ T8] usb 2-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 550.115743][ T5139] usb 3-1: No LPM exit latency info found, disabling LPM. [ 550.173200][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.219923][ T5139] usb 3-1: config 1 interface 0 altsetting 11 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 550.234945][ T8] usb 2-1: config 0 descriptor?? [ 550.240122][ T5139] usb 3-1: config 1 interface 0 has no altsetting 0 [ 550.690347][ T8] wacom 0003:056A:0043.0016: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 550.812060][ T8] wacom 0003:056A:0043.0016: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.1-1/input0 [ 550.847676][ T8] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0043.0016/input/input92 [ 550.886288][ T35] bridge_slave_1: left allmulticast mode [ 550.891999][ T35] bridge_slave_1: left promiscuous mode [ 550.912289][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.983454][ T35] bridge_slave_0: left allmulticast mode [ 551.003335][ T35] bridge_slave_0: left promiscuous mode [ 551.009182][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.206083][ T8] usb 2-1: USB disconnect, device number 45 [ 552.153015][ T5086] Bluetooth: hci6: command tx timeout [ 552.682400][ T5139] usb 3-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.40 [ 552.702366][ T5139] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.904891][ T5139] usb 3-1: can't set config #1, error -71 [ 552.957653][ T5139] usb 3-1: USB disconnect, device number 32 [ 553.365249][T11096] FAULT_INJECTION: forcing a failure. [ 553.365249][T11096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 553.379720][T11096] CPU: 0 PID: 11096 Comm: syz.0.1504 Not tainted 6.10.0-rc7-syzkaller #0 [ 553.388178][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 553.398270][T11096] Call Trace: [ 553.401582][T11096] [ 553.404539][T11096] dump_stack_lvl+0x241/0x360 [ 553.409272][T11096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 553.414527][T11096] ? __pfx__printk+0x10/0x10 [ 553.419170][T11096] ? __pfx_lock_release+0x10/0x10 [ 553.424250][T11096] should_fail_ex+0x3b0/0x4e0 [ 553.428992][T11096] _copy_from_user+0x2f/0xe0 [ 553.433634][T11096] __se_sys_mount+0x17d/0x3c0 [ 553.438365][T11096] ? __pfx___se_sys_mount+0x10/0x10 [ 553.443608][T11096] ? do_syscall_64+0x100/0x230 [ 553.448431][T11096] ? __x64_sys_mount+0x20/0xc0 [ 553.453262][T11096] do_syscall_64+0xf3/0x230 [ 553.457819][T11096] ? clear_bhb_loop+0x35/0x90 [ 553.462551][T11096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.468501][T11096] RIP: 0033:0x7f3d0ab75bd9 [ 553.472954][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 553.492596][T11096] RSP: 002b:00007f3d0b94f048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 553.501059][T11096] RAX: ffffffffffffffda RBX: 00007f3d0ad03f60 RCX: 00007f3d0ab75bd9 [ 553.509226][T11096] RDX: 0000000020000b80 RSI: 0000000020000040 RDI: 0000000000000000 [ 553.517221][T11096] RBP: 00007f3d0b94f0a0 R08: 0000000020000580 R09: 0000000000000000 [ 553.525208][T11096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 553.533187][T11096] R13: 000000000000000b R14: 00007f3d0ad03f60 R15: 00007fff1d83d538 [ 553.541182][T11096] [ 553.608294][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 553.635537][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 553.670620][ T35] bond0 (unregistering): Released all slaves [ 553.795282][T10800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 553.917107][T10800] 8021q: adding VLAN 0 to HW filter on device team0 [ 553.977034][ T786] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 554.026984][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.034267][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.118853][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.126118][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.210343][ T786] usb 1-1: config index 0 descriptor too short (expected 65191, got 72) [ 554.238945][T11115] binder: 11114:11115 ioctl c020f509 20000040 returned -22 [ 554.253509][ T786] usb 1-1: config index 1 descriptor too short (expected 65191, got 72) [ 554.280041][ T786] usb 1-1: config index 2 descriptor too short (expected 65191, got 72) [ 554.303848][ T786] usb 1-1: config index 3 descriptor too short (expected 65191, got 72) [ 554.323919][ T786] usb 1-1: config index 4 descriptor too short (expected 65191, got 72) [ 554.351363][ T786] usb 1-1: config index 5 descriptor too short (expected 65191, got 72) [ 554.381420][ T786] usb 1-1: config index 6 descriptor too short (expected 65191, got 72) [ 554.404411][ T8] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 554.422604][ T786] usb 1-1: config index 7 descriptor too short (expected 65191, got 72) [ 554.445920][ T786] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 554.462633][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.476240][ T786] usb 1-1: Product: syz [ 554.480989][ T786] usb 1-1: Manufacturer: syz [ 554.506768][ T786] usb 1-1: SerialNumber: syz [ 554.537932][ T786] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 554.557184][ T9] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 554.566550][ T5139] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 554.653112][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 554.692502][ T8] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 554.702145][ T8] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 554.741893][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.760509][T10970] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 554.763970][ T8] usb 2-1: config 0 descriptor?? [ 554.801908][ T5139] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 554.840484][ T5139] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 554.884118][ T5139] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 554.918198][T10970] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 554.962125][T10970] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 554.994227][ T5141] usb 1-1: USB disconnect, device number 40 [ 555.007431][ T5139] usb 3-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 555.017110][ T5139] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.061705][T10970] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 555.061919][ T5139] usb 3-1: config 0 descriptor?? [ 555.104035][ T35] hsr_slave_0: left promiscuous mode [ 555.110723][ T35] hsr_slave_1: left promiscuous mode [ 555.119224][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 555.127234][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 555.135588][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 555.145889][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 555.175651][ T35] veth1_macvtap: left promiscuous mode [ 555.181375][ T35] veth1_vlan: left promiscuous mode [ 555.187078][ T35] veth0_vlan: left promiscuous mode [ 555.519800][ T5139] wacom 0003:056A:0043.0017: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 555.552026][ T5139] wacom 0003:056A:0043.0017: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.2-1/input0 [ 555.600977][ T5139] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0043.0017/input/input95 [ 555.642692][ T9] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 555.651366][ T9] ath9k_htc: Failed to initialize the device [ 555.840936][ T5141] usb 1-1: ath9k_htc: USB layer deinitialized [ 556.959848][ T9] usb 3-1: USB disconnect, device number 33 [ 557.458584][ T35] team0 (unregistering): Port device team_slave_1 removed [ 557.594615][ T35] team0 (unregistering): Port device team_slave_0 removed [ 559.139830][T10351] usb 2-1: USB disconnect, device number 46 [ 559.360842][T10800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 559.548488][T10800] veth0_vlan: entered promiscuous mode [ 559.655663][T10800] veth1_vlan: entered promiscuous mode [ 559.682662][T10351] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 559.700847][T10970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 559.761192][T10970] 8021q: adding VLAN 0 to HW filter on device team0 [ 559.861750][ T5184] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.868970][ T5184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 559.883462][T10351] usb 2-1: Using ep0 maxpacket: 16 [ 559.894501][T10351] usb 2-1: config 0 has an invalid descriptor of length 253, skipping remainder of the config [ 559.907822][ T5184] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.915056][ T5184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 559.926062][T10351] usb 2-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 559.938475][T10351] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.976347][T10351] usb 2-1: Product: syz [ 559.980582][T10351] usb 2-1: Manufacturer: syz [ 559.985877][ T5086] Bluetooth: hci2: unexpected event for opcode 0x0c05 [ 559.996741][T10351] usb 2-1: SerialNumber: syz [ 560.001640][T10800] veth0_macvtap: entered promiscuous mode [ 560.010773][T10351] usb 2-1: config 0 descriptor?? [ 560.061505][T10800] veth1_macvtap: entered promiscuous mode [ 560.298822][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 560.313312][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 560.323585][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 560.355550][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 560.366234][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 560.375905][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 560.376107][T10351] usb 2-1: USB disconnect, device number 47 [ 560.462016][ T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.530015][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.558067][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.574860][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.585590][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.596119][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.607878][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.618878][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.629618][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.643878][T10800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.723708][ T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.779901][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.793988][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.804758][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.815462][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.825608][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.846197][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.857740][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.868741][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.881905][T10800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.941872][ T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.951372][T11156] binder: 11155:11156 ioctl c020f509 20000040 returned -22 [ 561.005972][T10800] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.026322][T10800] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.041502][T10800] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.050428][T10800] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.158521][ T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.243948][ T5141] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 561.457945][ T5141] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 561.473099][ T5141] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 561.486187][ T5141] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 561.499756][ T5141] usb 2-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 561.513079][ T5141] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.535094][ T5141] usb 2-1: config 0 descriptor?? [ 561.708215][ T2396] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.746069][ T2396] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.796295][ T35] bridge_slave_1: left allmulticast mode [ 561.807933][ T35] bridge_slave_1: left promiscuous mode [ 561.819481][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.836841][ T35] bridge_slave_0: left allmulticast mode [ 561.843638][ T35] bridge_slave_0: left promiscuous mode [ 561.852054][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.994482][ T5141] wacom 0003:056A:0043.0018: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 562.030431][ T5141] wacom 0003:056A:0043.0018: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.1-1/input0 [ 562.057177][ T5141] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0043.0018/input/input98 [ 562.442496][ T5086] Bluetooth: hci1: command tx timeout [ 562.700921][ T8] usb 2-1: USB disconnect, device number 48 [ 562.868409][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.888343][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.910550][ T35] bond0 (unregistering): Released all slaves [ 563.038162][T10970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 563.081392][ T2795] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 563.108343][ T2795] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 563.194343][T11153] chnl_net:caif_netlink_parms(): no params data found [ 563.319428][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.328322][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.596510][T11153] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.598116][ T5086] Bluetooth: hci1: command tx timeout [ 564.718733][T11153] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.762088][T11153] bridge_slave_0: entered allmulticast mode [ 564.784412][T11153] bridge_slave_0: entered promiscuous mode [ 564.828659][T11198] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1523'. [ 564.944464][ T35] hsr_slave_0: left promiscuous mode [ 564.967185][ T35] hsr_slave_1: left promiscuous mode [ 564.981012][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.999928][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 565.015420][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 565.037407][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 565.149186][ T35] veth1_macvtap: left promiscuous mode [ 565.164678][ T35] veth0_macvtap: left promiscuous mode [ 565.177038][ T35] veth1_vlan: left promiscuous mode [ 565.189795][ T35] veth0_vlan: left promiscuous mode [ 566.066518][ T35] team0 (unregistering): Port device team_slave_1 removed [ 566.186585][ T35] team0 (unregistering): Port device team_slave_0 removed [ 566.673236][ T5086] Bluetooth: hci1: command tx timeout [ 566.938747][T11153] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.949746][T11153] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.957234][T11153] bridge_slave_1: entered allmulticast mode [ 566.967464][T11153] bridge_slave_1: entered promiscuous mode [ 567.223899][T11234] binder: 11233:11234 ioctl c020f509 20000040 returned -22 [ 567.239413][T11153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 567.285458][T11153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 567.461712][T11153] team0: Port device team_slave_0 added [ 567.508081][T11153] team0: Port device team_slave_1 added [ 567.540268][ T5131] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 567.649999][T10970] veth0_vlan: entered promiscuous mode [ 567.829398][T11153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 567.855356][T11153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 567.881461][ C1] vkms_vblank_simulate: vblank timer overrun [ 567.915514][ T5131] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.931526][ T5131] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.958117][ T5131] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 567.976557][ T5131] usb 2-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 567.986012][ T5131] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.995713][T11153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 568.009948][ T5131] usb 2-1: config 0 descriptor?? [ 568.049345][T10970] veth1_vlan: entered promiscuous mode [ 568.072017][T11153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 568.079371][T11153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 568.106279][T11153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 568.374861][T11153] hsr_slave_0: entered promiscuous mode [ 568.390103][T11153] hsr_slave_1: entered promiscuous mode [ 569.165171][ T5086] Bluetooth: hci1: command tx timeout [ 569.178924][ T5131] wacom 0003:056A:0043.0019: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 569.197602][ T5131] wacom 0003:056A:0043.0019: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.1-1/input0 [ 569.217733][ T5131] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0043.0019/input/input101 [ 569.254910][T11153] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 569.300417][T11153] Cannot create hsr debugfs directory [ 569.694829][T10970] veth0_macvtap: entered promiscuous mode [ 569.727609][T10970] veth1_macvtap: entered promiscuous mode [ 569.815981][ T5139] usb 2-1: USB disconnect, device number 49 [ 569.929603][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 569.941783][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.953557][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 569.966526][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.977894][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 569.998641][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.017094][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 570.030583][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.042537][ T5141] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 570.050363][T10970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 570.077187][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.102337][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.116286][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.132449][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.142853][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.156347][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.166830][T10970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.184764][T10970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.200145][T10970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 570.244641][ T5141] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 570.267279][ T5141] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 570.272191][T10970] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.294472][T10970] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.311831][T10970] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.314274][ T5141] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 570.320998][T10970] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.339975][ T5141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.505474][ T5089] Bluetooth: hci0: unexpected event for opcode 0x0c05 [ 570.672261][ T9146] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 570.861674][ T5141] usb 1-1: 0:2 : does not exist [ 570.882399][ T9146] usb 4-1: Using ep0 maxpacket: 16 [ 570.896449][ T9146] usb 4-1: config 0 has an invalid descriptor of length 253, skipping remainder of the config [ 570.928931][ T5141] usb 1-1: USB disconnect, device number 41 [ 570.945291][ T9146] usb 4-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 570.969441][ T9146] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.978131][ T9146] usb 4-1: Product: syz [ 570.997159][ T9146] usb 4-1: Manufacturer: syz [ 571.008277][ T9146] usb 4-1: SerialNumber: syz [ 571.027588][ T9146] usb 4-1: config 0 descriptor?? [ 571.078117][ T5287] udevd[5287]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 571.116098][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 571.157904][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 571.271610][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 571.357968][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 571.382615][ T9146] usb 4-1: USB disconnect, device number 32 [ 571.525891][T11153] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 571.596888][T11153] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 571.653819][T11153] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 571.680529][T11153] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 571.900283][T11153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.922404][ T5143] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 571.978657][T11153] 8021q: adding VLAN 0 to HW filter on device team0 [ 572.014933][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.022252][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 572.063867][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.071161][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 572.132413][ T5143] usb 5-1: Using ep0 maxpacket: 8 [ 572.169478][ T5143] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 572.198490][ T5143] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 572.246769][ T5143] usb 5-1: config 0 has no interface number 0 [ 572.423940][ T5143] usb 5-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 572.438093][ T5143] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 572.447845][ T5143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.545786][ T5143] usb 5-1: config 0 descriptor?? [ 572.594712][ T5143] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 572.983823][ T5136] usb 5-1: USB disconnect, device number 37 [ 573.856485][T11328] FAULT_INJECTION: forcing a failure. [ 573.856485][T11328] name failslab, interval 1, probability 0, space 0, times 0 [ 573.870358][T11328] CPU: 0 PID: 11328 Comm: syz.0.1544 Not tainted 6.10.0-rc7-syzkaller #0 [ 573.878842][T11328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 573.888939][T11328] Call Trace: [ 573.892257][T11328] [ 573.895223][T11328] dump_stack_lvl+0x241/0x360 [ 573.899958][T11328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.905212][T11328] ? __pfx__printk+0x10/0x10 [ 573.909858][T11328] ? ref_tracker_alloc+0x332/0x490 [ 573.915025][T11328] should_fail_ex+0x3b0/0x4e0 [ 573.919752][T11328] ? skb_clone+0x20c/0x390 [ 573.924213][T11328] should_failslab+0x9/0x20 [ 573.928756][T11328] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 573.934162][T11328] skb_clone+0x20c/0x390 [ 573.938465][T11328] __netlink_deliver_tap+0x3cc/0x7c0 [ 573.943781][T11328] ? netlink_deliver_tap+0x2e/0x1b0 [ 573.948995][T11328] netlink_deliver_tap+0x19d/0x1b0 [ 573.954126][T11328] netlink_unicast+0x7b8/0x980 [ 573.958916][T11328] ? __pfx_netlink_unicast+0x10/0x10 [ 573.964306][T11328] ? __virt_addr_valid+0x183/0x520 [ 573.969439][T11328] ? __check_object_size+0x49c/0x900 [ 573.974935][T11328] ? bpf_lsm_netlink_send+0x9/0x10 [ 573.980133][T11328] netlink_sendmsg+0x8db/0xcb0 [ 573.984960][T11328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.990289][T11328] ? __import_iovec+0x536/0x820 [ 573.995172][T11328] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 574.000738][T11328] ? security_socket_sendmsg+0x87/0xb0 [ 574.006221][T11328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 574.011518][T11328] __sock_sendmsg+0x221/0x270 [ 574.016207][T11328] ____sys_sendmsg+0x525/0x7d0 [ 574.020991][T11328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 574.026304][T11328] __sys_sendmsg+0x2b0/0x3a0 [ 574.030909][T11328] ? __pfx___sys_sendmsg+0x10/0x10 [ 574.036037][T11328] ? vfs_write+0x7c4/0xc90 [ 574.040505][T11328] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 574.046847][T11328] ? do_syscall_64+0x100/0x230 [ 574.051629][T11328] ? do_syscall_64+0xb6/0x230 [ 574.056324][T11328] do_syscall_64+0xf3/0x230 [ 574.060848][T11328] ? clear_bhb_loop+0x35/0x90 [ 574.065549][T11328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.071460][T11328] RIP: 0033:0x7f3d0ab75bd9 [ 574.075885][T11328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 574.095502][T11328] RSP: 002b:00007f3d0b94f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 574.103928][T11328] RAX: ffffffffffffffda RBX: 00007f3d0ad03f60 RCX: 00007f3d0ab75bd9 [ 574.111906][T11328] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 574.119907][T11328] RBP: 00007f3d0b94f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 574.127888][T11328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.135866][T11328] R13: 000000000000000b R14: 00007f3d0ad03f60 R15: 00007fff1d83d538 [ 574.143944][T11328] [ 574.246334][T11331] binder: 11329:11331 ioctl c020f509 20000040 returned -22 [ 574.259944][T11153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 574.332455][ T5136] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 574.522387][ T5136] usb 4-1: Using ep0 maxpacket: 32 [ 574.531351][ T5136] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 574.583144][ T5136] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 574.611369][ T5136] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 574.689072][ T5136] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 574.772043][ T5136] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 574.858889][ T5136] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 574.963436][T11153] veth0_vlan: entered promiscuous mode [ 574.985068][ T5136] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 575.040085][T11153] veth1_vlan: entered promiscuous mode [ 575.049613][ T5136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.074430][ T9] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 575.091708][ T5136] usb 4-1: config 0 descriptor?? [ 575.298740][T11153] veth0_macvtap: entered promiscuous mode [ 575.310047][T11153] veth1_macvtap: entered promiscuous mode [ 575.353472][ T5136] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 575.385076][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.432293][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.446936][ T5136] usb 4-1: USB disconnect, device number 33 [ 575.470627][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 575.485527][ T5136] usblp0: removed [ 575.500661][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.515185][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 575.535131][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.553522][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 575.577386][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.630863][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 575.642294][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.659641][ T5086] Bluetooth: hci3: command 0x0406 tx timeout [ 575.672982][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.692649][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.694179][ T9] usb 2-1: config 0 descriptor?? [ 575.762629][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.805479][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.831236][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.844733][T11369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1551'. [ 575.864242][T11153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 575.925282][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 575.961673][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.002380][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.035640][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.072297][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.131006][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.153404][ T9] wacom 0003:056A:0043.001A: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 576.170756][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.203388][ T9] wacom 0003:056A:0043.001A: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.1-1/input0 [ 576.204654][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.260543][ T9] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0043.001A/input/input104 [ 576.270309][T11153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.319476][T11153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.365502][T11153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 576.420860][T11153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.532413][T11153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.541185][T11153] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.619626][T11153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.655726][ T5143] usb 2-1: USB disconnect, device number 50 [ 578.008482][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 578.070164][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 578.189829][T11392] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1555'. [ 578.242412][ T8] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 578.317182][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 578.392928][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 578.504668][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 578.526240][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 578.562298][ T8] usb 4-1: config 0 has no interface number 0 [ 578.613475][ T8] usb 4-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 578.702393][ T8] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 578.749765][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.666608][ T8] usb 4-1: config 0 descriptor?? [ 579.689658][ T8] iowarrior 4-1:0.1: no interrupt-in endpoint found [ 579.700274][T10351] libceph: connect (1)[c::]:6789 error -101 [ 579.719429][T11432] usb usb8: usbfs: process 11432 (syz.1.1561) did not claim interface 0 before use [ 579.729386][T10351] libceph: mon0 (1)[c::]:6789 connect error [ 579.812980][T11424] ceph: No mds server is up or the cluster is laggy [ 580.246068][ T5139] usb 4-1: USB disconnect, device number 34 [ 580.272691][T10351] usb 2-1: new full-speed USB device number 51 using dummy_hcd [ 580.505352][T10351] usb 2-1: not running at top speed; connect to a high speed hub [ 580.545974][T10351] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 64 [ 580.591991][T10351] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 580.622302][T10351] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.637953][T11455] binder: 11454:11455 ioctl c020f509 20000040 returned -22 [ 580.809330][T10351] usb 2-1: Product: и [ 580.836662][T11432] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 581.113330][ T5139] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 581.275544][T10351] cdc_ncm 2-1:1.0: bind() failure [ 581.319788][T10351] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 581.324941][ T5139] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.370834][ T5139] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.389432][T10351] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 581.419939][ T5139] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 581.459249][T11472] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1570'. [ 581.460214][T10351] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 581.492828][ T5139] usb 1-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 581.522642][T10351] usb 2-1: USB disconnect, device number 51 [ 581.541162][ T5139] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.651937][ T5139] usb 1-1: config 0 descriptor?? [ 581.984813][ T5143] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 582.220057][ T5143] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 582.260204][ T5143] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 582.295515][ T5143] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 582.322487][ T5143] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.700424][ T5139] usbhid 1-1:0.0: can't add hid device: -71 [ 582.719866][ T5139] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 583.109675][ T5143] usb 3-1: 0:2 : does not exist [ 583.142070][ T5139] usb 1-1: USB disconnect, device number 42 [ 583.347017][ T5143] usb 3-1: USB disconnect, device number 34 [ 583.643559][T11500] netlink: 'syz.3.1577': attribute type 1 has an invalid length. [ 583.687754][ T5287] udevd[5287]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 583.958694][T11508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1577'. [ 584.236379][ T5141] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 584.404964][ T5089] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 584.612465][ T5141] usb 1-1: Using ep0 maxpacket: 8 [ 584.670898][ T5141] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 584.680844][ T5141] usb 1-1: config 0 has no interface number 0 [ 584.696948][ T5141] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 584.924911][T11522] fuse: Bad value for 'fd' [ 584.926820][ T5141] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 585.222434][ T5141] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.244174][ T5141] usb 1-1: config 0 descriptor?? [ 585.258611][ T5141] iowarrior 1-1:0.1: no interrupt-in endpoint found [ 585.569325][ T5139] usb 1-1: USB disconnect, device number 43 [ 586.068860][T11534] binder: 11533:11534 ioctl c020f509 20000040 returned -22 [ 586.272946][ T5139] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 586.362704][ T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 586.472443][ T5139] usb 3-1: Using ep0 maxpacket: 32 [ 586.497163][ T5139] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.548846][ T5139] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.581833][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.616002][ T5139] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 586.630376][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.646307][ T5139] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.658794][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 586.680936][ T5139] usb 3-1: config 0 descriptor?? [ 586.691516][ T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 586.705370][ T5139] hub 3-1:0.0: USB hub found [ 586.713575][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.733437][ T9] usb 5-1: config 0 descriptor?? [ 586.914774][ T5139] hub 3-1:0.0: 1 port detected [ 587.292297][T11553] hub 6-0:1.0: USB hub found [ 587.297364][T11553] hub 6-0:1.0: 1 port detected [ 587.347414][ T5139] usb 3-1: USB disconnect, device number 35 [ 587.701091][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 587.707285][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 587.718725][ T9] usb 5-1: USB disconnect, device number 38 [ 589.002388][ T5143] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 590.242377][ T5143] usb 2-1: Using ep0 maxpacket: 32 [ 590.266039][ T5143] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 590.303106][ T5143] usb 2-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 590.314227][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0 [ 590.325356][ T5143] usb 2-1: Product: syz [ 590.362024][ T5143] usb 2-1: config 0 descriptor?? [ 590.386027][ T5143] usb 2-1: dvb_usb_v2: found a 'Anysee' in warm state [ 590.406988][ T5143] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 590.436828][ T5143] dvb_usb_anysee 2-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 590.544299][T11587] usb usb8: usbfs: process 11587 (syz.3.1606) did not claim interface 0 before use [ 590.671094][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 590.681213][T11566] overlayfs: failed to resolve './file0': -2 [ 590.686086][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 590.722507][T11566] Process accounting resumed [ 590.732931][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 590.777545][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 590.821557][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 590.867947][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 590.883543][ T786] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 590.929379][T11589] netlink: 'syz.0.1607': attribute type 29 has an invalid length. [ 591.094888][ T786] usb 4-1: not running at top speed; connect to a high speed hub [ 591.126470][ T786] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 64 [ 591.208439][ T786] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 591.251398][ T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.265507][ T786] usb 4-1: Product: и [ 591.278837][T11587] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 592.447808][ T786] cdc_ncm 4-1:1.0: bind() failure [ 592.497750][ T786] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 592.505332][ T786] cdc_ncm 4-1:1.1: bind() failure [ 592.609523][ T786] usb 4-1: USB disconnect, device number 35 [ 592.984216][ T5143] usb 2-1: USB disconnect, device number 52 [ 593.107994][T11613] binder: 11612:11613 ioctl c020f509 20000040 returned -22 [ 593.742308][ T5143] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 593.782312][ T9146] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 593.934263][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 593.962604][ T9146] usb 4-1: device descriptor read/64, error -71 [ 593.972298][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.002887][ T5143] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 594.020759][T11623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1617'. [ 594.062766][ T5143] usb 2-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 594.071869][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.108010][ T5143] usb 2-1: config 0 descriptor?? [ 594.252523][ T9146] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 594.412368][ T9146] usb 4-1: device descriptor read/64, error -71 [ 594.550026][ T9146] usb usb4-port1: attempt power cycle [ 594.942305][ T5143] usbhid 2-1:0.0: can't add hid device: -71 [ 594.976017][ T5143] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 595.001634][ T9146] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 595.017244][ T5143] usb 2-1: USB disconnect, device number 53 [ 595.047787][ T9146] usb 4-1: device descriptor read/8, error -71 [ 595.352431][ T9146] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 595.404973][ T9146] usb 4-1: device descriptor read/8, error -71 [ 595.523492][ T9146] usb usb4-port1: unable to enumerate USB device [ 595.526723][T11643] usb usb8: usbfs: process 11643 (syz.1.1625) did not claim interface 0 before use [ 595.592517][ T5143] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 595.797036][ T5143] usb 1-1: Using ep0 maxpacket: 32 [ 595.815346][ T5143] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 595.837698][ T5143] usb 1-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 595.849434][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0 [ 595.866039][ T5143] usb 1-1: Product: syz [ 595.877373][ T5143] usb 1-1: config 0 descriptor?? [ 595.886099][ T5143] usb 1-1: dvb_usb_v2: found a 'Anysee' in warm state [ 595.897954][ T5143] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 595.904929][ T5143] dvb_usb_anysee 1-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 595.962383][ T9146] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 596.165173][ T9146] usb 2-1: not running at top speed; connect to a high speed hub [ 596.188822][ T9146] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 64 [ 596.229578][ T9146] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 596.252850][ T9146] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.386818][ T9146] usb 2-1: Product: и [ 596.410774][T11643] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 596.653534][ T9146] cdc_ncm 2-1:1.0: bind() failure [ 596.719202][ T9146] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 596.744199][ T9146] cdc_ncm 2-1:1.1: bind() failure [ 596.774751][ T9146] usb 2-1: USB disconnect, device number 54 [ 596.925584][T11641] overlayfs: failed to resolve './file0': -2 [ 597.244035][T11641] Process accounting resumed [ 598.069329][ T786] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 598.272701][ T786] usb 3-1: Using ep0 maxpacket: 8 [ 598.291988][ T786] usb 3-1: New USB device found, idVendor=337d, idProduct=503c, bcdDevice=22.8c [ 598.325611][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.365840][ T786] usb 3-1: Product: syz [ 598.370117][ T786] usb 3-1: Manufacturer: syz [ 598.390692][ T786] usb 3-1: SerialNumber: syz [ 598.400886][ T786] usb 3-1: config 0 descriptor?? [ 599.392121][T11682] FAULT_INJECTION: forcing a failure. [ 599.392121][T11682] name failslab, interval 1, probability 0, space 0, times 0 [ 599.410677][ T786] usb 3-1: USB disconnect, device number 36 [ 599.459650][T11682] CPU: 1 PID: 11682 Comm: syz.3.1639 Not tainted 6.10.0-rc7-syzkaller #0 [ 599.468142][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 599.478321][T11682] Call Trace: [ 599.481643][T11682] [ 599.484621][T11682] dump_stack_lvl+0x241/0x360 [ 599.489356][T11682] ? __pfx_dump_stack_lvl+0x10/0x10 [ 599.494636][T11682] ? __pfx__printk+0x10/0x10 [ 599.499286][T11682] ? __pfx___might_resched+0x10/0x10 [ 599.504637][T11682] should_fail_ex+0x3b0/0x4e0 [ 599.509456][T11682] ? sctp_association_new+0x8a/0x23f0 [ 599.514875][T11682] should_failslab+0x9/0x20 [ 599.519605][T11682] kmalloc_trace_noprof+0x6c/0x2c0 [ 599.524776][T11682] sctp_association_new+0x8a/0x23f0 [ 599.530033][T11682] ? sctp_has_association+0x1d4/0x1f0 [ 599.535450][T11682] ? sctp_has_association+0x2f/0x1f0 [ 599.540790][T11682] ? __ipv6_addr_type+0x23c/0x2f0 [ 599.545859][T11682] sctp_connect_new_asoc+0x2d8/0x6c0 [ 599.551171][T11682] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 599.556995][T11682] ? sctp_sendmsg+0xbb9/0x3520 [ 599.561791][T11682] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 599.567358][T11682] ? security_sctp_bind_connect+0x90/0xb0 [ 599.573100][T11682] sctp_sendmsg+0x219a/0x3520 [ 599.577817][T11682] ? __pfx_sctp_sendmsg+0x10/0x10 [ 599.582889][T11682] ? inet_sendmsg+0x330/0x390 [ 599.587578][T11682] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 599.592885][T11682] ? security_socket_sendmsg+0x87/0xb0 [ 599.598463][T11682] __sock_sendmsg+0x1a6/0x270 [ 599.603155][T11682] __sys_sendto+0x3a4/0x4f0 [ 599.607678][T11682] ? __pfx___sys_sendto+0x10/0x10 [ 599.612741][T11682] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 599.618772][T11682] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 599.625129][T11682] __x64_sys_sendto+0xde/0x100 [ 599.630010][T11682] do_syscall_64+0xf3/0x230 [ 599.634537][T11682] ? clear_bhb_loop+0x35/0x90 [ 599.639265][T11682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.645193][T11682] RIP: 0033:0x7f48cf775bd9 [ 599.649629][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 599.669263][T11682] RSP: 002b:00007f48d053e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 599.677793][T11682] RAX: ffffffffffffffda RBX: 00007f48cf903f60 RCX: 00007f48cf775bd9 [ 599.685780][T11682] RDX: 000000000000fee4 RSI: 0000000020847fff RDI: 0000000000000004 [ 599.693767][T11682] RBP: 00007f48d053e0a0 R08: 000000002005ffe4 R09: 000000000000001c [ 599.701771][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 599.709759][T11682] R13: 000000000000000b R14: 00007f48cf903f60 R15: 00007ffc158dff18 [ 599.717879][T11682] [ 599.729972][ T8] usb 1-1: USB disconnect, device number 44 [ 600.171592][T10351] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 600.382320][T10351] usb 4-1: Using ep0 maxpacket: 16 [ 600.403656][T10351] usb 4-1: config 0 has an invalid descriptor of length 253, skipping remainder of the config [ 600.436221][T10351] usb 4-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 600.455124][T10351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.481922][T10351] usb 4-1: Product: syz [ 600.487543][T10351] usb 4-1: Manufacturer: syz [ 600.496331][T10351] usb 4-1: SerialNumber: syz [ 600.506454][T10351] usb 4-1: config 0 descriptor?? [ 601.059305][T10351] usb 4-1: USB disconnect, device number 40 [ 602.450428][T11719] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 602.502551][T11719] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 602.629914][T11721] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 602.736785][T11722] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 602.922814][T11719] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 602.972959][T11719] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 603.009445][T11719] netlink: 'syz.0.1650': attribute type 29 has an invalid length. [ 604.698446][ T8] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 604.844519][ T5086] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 604.858080][ T5086] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 604.874008][ T5086] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 604.884748][ T5086] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 604.896630][ T5086] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 604.904305][ T5086] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 604.922415][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 604.964068][T11739] overlayfs: failed to resolve './file1': -2 [ 604.967234][ T8] usb 1-1: New USB device found, idVendor=337d, idProduct=503c, bcdDevice=22.8c [ 604.982452][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.996920][ T8] usb 1-1: Product: syz [ 605.001145][ T8] usb 1-1: Manufacturer: syz [ 605.013703][ T8] usb 1-1: SerialNumber: syz [ 605.023984][ T8] usb 1-1: config 0 descriptor?? [ 605.270336][ T2396] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.487000][ T2396] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.548394][T11750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1658'. [ 605.669386][ T8] usb 1-1: USB disconnect, device number 45 [ 605.873069][ T2396] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.915432][T11758] hub 6-0:1.0: USB hub found [ 605.920383][T11758] hub 6-0:1.0: 1 port detected [ 606.031445][ T2396] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.221018][ T5089] Bluetooth: hci0: unexpected event for opcode 0x0c05 [ 606.628821][T11740] chnl_net:caif_netlink_parms(): no params data found [ 606.712470][ T2396] bridge_slave_1: left allmulticast mode [ 606.732624][ T2396] bridge_slave_1: left promiscuous mode [ 606.749422][ T2396] bridge0: port 2(bridge_slave_1) entered disabled state [ 606.800997][ T2396] bridge_slave_0: left allmulticast mode [ 606.978865][ T2396] bridge_slave_0: left promiscuous mode [ 606.985305][ T2396] bridge0: port 1(bridge_slave_0) entered disabled state [ 606.995543][ T5089] Bluetooth: hci4: command tx timeout [ 609.073073][ T5089] Bluetooth: hci4: command tx timeout [ 609.114514][ T2396] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 609.176323][ T2396] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 609.223169][ T2396] bond0 (unregistering): Released all slaves [ 609.960693][T11807] hub 6-0:1.0: USB hub found [ 609.965966][T11807] hub 6-0:1.0: 1 port detected [ 610.271989][T11740] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.327140][T11740] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.454373][T11740] bridge_slave_0: entered allmulticast mode [ 610.573974][T11740] bridge_slave_0: entered promiscuous mode [ 610.628511][T11740] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.665902][T11740] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.677853][T11814] FAULT_INJECTION: forcing a failure. [ 610.677853][T11814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 610.691473][T11740] bridge_slave_1: entered allmulticast mode [ 610.701091][T11740] bridge_slave_1: entered promiscuous mode [ 610.707858][T11814] CPU: 1 PID: 11814 Comm: syz.0.1674 Not tainted 6.10.0-rc7-syzkaller #0 [ 610.716323][T11814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 610.726411][T11814] Call Trace: [ 610.729720][T11814] [ 610.732672][T11814] dump_stack_lvl+0x241/0x360 [ 610.737397][T11814] ? __pfx_dump_stack_lvl+0x10/0x10 [ 610.742646][T11814] ? __pfx__printk+0x10/0x10 [ 610.747286][T11814] ? snprintf+0xda/0x120 [ 610.751563][T11814] should_fail_ex+0x3b0/0x4e0 [ 610.756292][T11814] _copy_to_user+0x2f/0xb0 [ 610.760753][T11814] simple_read_from_buffer+0xca/0x150 [ 610.766193][T11814] proc_fail_nth_read+0x1e9/0x250 [ 610.771276][T11814] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.776885][T11814] ? rw_verify_area+0x520/0x6b0 [ 610.781788][T11814] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.787376][T11814] vfs_read+0x204/0xbc0 [ 610.791582][T11814] ? __pfx_lock_release+0x10/0x10 [ 610.796663][T11814] ? __pfx_vfs_read+0x10/0x10 [ 610.801385][T11814] ? __fget_files+0x29/0x470 [ 610.806015][T11814] ? __fget_files+0x3f6/0x470 [ 610.810745][T11814] ksys_read+0x1a0/0x2c0 [ 610.815037][T11814] ? __pfx_ksys_read+0x10/0x10 [ 610.819850][T11814] ? do_syscall_64+0x100/0x230 [ 610.824667][T11814] ? do_syscall_64+0xb6/0x230 [ 610.829425][T11814] do_syscall_64+0xf3/0x230 [ 610.833973][T11814] ? clear_bhb_loop+0x35/0x90 [ 610.838700][T11814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.844640][T11814] RIP: 0033:0x7f3d0ab746bc [ 610.849086][T11814] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 610.868728][T11814] RSP: 002b:00007f3d0b94f040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 610.877281][T11814] RAX: ffffffffffffffda RBX: 00007f3d0ad03f60 RCX: 00007f3d0ab746bc [ 610.885288][T11814] RDX: 000000000000000f RSI: 00007f3d0b94f0b0 RDI: 0000000000000005 [ 610.893288][T11814] RBP: 00007f3d0b94f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 610.901285][T11814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.909288][T11814] R13: 000000000000000b R14: 00007f3d0ad03f60 R15: 00007fff1d83d538 [ 610.917317][T11814] [ 611.162311][ T5089] Bluetooth: hci4: command tx timeout [ 611.216101][ T2396] hsr_slave_0: left promiscuous mode [ 612.037007][ T2396] hsr_slave_1: left promiscuous mode [ 612.070263][ T2396] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 612.108732][ T2396] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 612.155242][ T2396] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 612.181984][ T2396] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.298766][ T2396] veth1_macvtap: left promiscuous mode [ 612.311904][ T2396] veth0_macvtap: left promiscuous mode [ 612.322480][ T2396] veth1_vlan: left promiscuous mode [ 612.327897][ T2396] veth0_vlan: left promiscuous mode [ 612.742385][ T5141] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 612.985021][ T5141] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 613.113514][ T5141] usb 4-1: config 0 has no interface number 0 [ 613.250971][ T5089] Bluetooth: hci4: command tx timeout [ 613.287355][ T5141] usb 4-1: New USB device found, idVendor=15ba, idProduct=0003, bcdDevice=9b.0a [ 613.337524][ T5141] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.384410][ T5141] usb 4-1: Product: syz [ 613.482021][ T5141] usb 4-1: Manufacturer: syz [ 613.511710][ T5141] usb 4-1: SerialNumber: syz [ 613.544312][ T5141] usb 4-1: config 0 descriptor?? [ 613.584120][ T5141] ftdi_sio 4-1:0.1: FTDI USB Serial Device converter detected [ 613.814237][T11854] hub 6-0:1.0: USB hub found [ 613.819259][T11854] hub 6-0:1.0: 1 port detected [ 613.844032][ T5141] ftdi_sio ttyUSB0: unknown device type: 0x9b0a [ 613.926705][ T5141] usb 4-1: USB disconnect, device number 41 [ 613.965593][ T5141] ftdi_sio 4-1:0.1: device disconnected [ 614.571609][T11862] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1687'. [ 614.581147][T11862] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1687'. [ 615.245870][ T2396] team0 (unregistering): Port device team_slave_1 removed [ 615.310122][ T2396] team0 (unregistering): Port device team_slave_0 removed [ 616.002060][T11740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 616.504967][T11740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 616.725062][T11740] team0: Port device team_slave_0 added [ 616.748423][T11740] team0: Port device team_slave_1 added [ 616.966608][T11740] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 617.058439][T11740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.199109][T11740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 617.251329][T11740] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 617.279258][T11740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.305281][ C0] vkms_vblank_simulate: vblank timer overrun [ 617.420102][T11740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 617.452355][ T5089] Bluetooth: hci2: unexpected event for opcode 0x0c05 [ 617.715428][T11740] hsr_slave_0: entered promiscuous mode [ 617.811305][T11740] hsr_slave_1: entered promiscuous mode [ 617.828588][T11883] FAULT_INJECTION: forcing a failure. [ 617.828588][T11883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 617.844628][T11740] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 617.878030][T11883] CPU: 0 PID: 11883 Comm: syz.2.1694 Not tainted 6.10.0-rc7-syzkaller #0 [ 617.878352][T11740] Cannot create hsr debugfs directory [ 617.886505][T11883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 617.886523][T11883] Call Trace: [ 617.886534][T11883] [ 617.886544][T11883] dump_stack_lvl+0x241/0x360 [ 617.886587][T11883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 617.886621][T11883] ? __pfx__printk+0x10/0x10 [ 617.886653][T11883] ? __pfx_lock_release+0x10/0x10 [ 617.886688][T11883] should_fail_ex+0x3b0/0x4e0 [ 617.886726][T11883] _copy_from_user+0x2f/0xe0 [ 617.886755][T11883] copy_msghdr_from_user+0xae/0x680 [ 617.886797][T11883] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 617.886852][T11883] __sys_sendmsg+0x23d/0x3a0 [ 617.886886][T11883] ? __pfx___sys_sendmsg+0x10/0x10 [ 617.886914][T11883] ? vfs_write+0x7c4/0xc90 [ 617.887001][T11883] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 617.887030][T11883] ? do_syscall_64+0x100/0x230 [ 617.887067][T11883] ? do_syscall_64+0xb6/0x230 [ 617.887104][T11883] do_syscall_64+0xf3/0x230 [ 617.887137][T11883] ? clear_bhb_loop+0x35/0x90 [ 617.887174][T11883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.887206][T11883] RIP: 0033:0x7ff500575bd9 [ 617.887228][T11883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.887248][T11883] RSP: 002b:00007ff5013b7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 617.887275][T11883] RAX: ffffffffffffffda RBX: 00007ff500703f60 RCX: 00007ff500575bd9 [ 617.887293][T11883] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 617.887308][T11883] RBP: 00007ff5013b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 617.887325][T11883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.887339][T11883] R13: 000000000000000b R14: 00007ff500703f60 R15: 00007fff289aa808 [ 617.887373][T11883] [ 620.765654][T11923] FAULT_INJECTION: forcing a failure. [ 620.765654][T11923] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 620.822312][T11923] CPU: 1 PID: 11923 Comm: syz.2.1702 Not tainted 6.10.0-rc7-syzkaller #0 [ 620.830892][T11923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 620.841081][T11923] Call Trace: [ 620.844390][T11923] [ 620.847358][T11923] dump_stack_lvl+0x241/0x360 [ 620.852096][T11923] ? __pfx_dump_stack_lvl+0x10/0x10 [ 620.857336][T11923] ? __pfx__printk+0x10/0x10 [ 620.861976][T11923] ? __pfx_lock_release+0x10/0x10 [ 620.867020][T11923] ? smk_access+0x4ab/0x4e0 [ 620.871539][T11923] should_fail_ex+0x3b0/0x4e0 [ 620.876239][T11923] _copy_from_user+0x2f/0xe0 [ 620.880843][T11923] capi_unlocked_ioctl+0x50e/0x1120 [ 620.886063][T11923] ? __pfx_capi_unlocked_ioctl+0x10/0x10 [ 620.891721][T11923] ? __fget_files+0x3f6/0x470 [ 620.896408][T11923] ? __fget_files+0x29/0x470 [ 620.901010][T11923] ? bpf_lsm_file_ioctl+0x9/0x10 [ 620.905976][T11923] ? security_file_ioctl+0x87/0xb0 [ 620.911107][T11923] ? __pfx_capi_unlocked_ioctl+0x10/0x10 [ 620.916774][T11923] __se_sys_ioctl+0xfc/0x170 [ 620.921385][T11923] do_syscall_64+0xf3/0x230 [ 620.925906][T11923] ? clear_bhb_loop+0x35/0x90 [ 620.930606][T11923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.936512][T11923] RIP: 0033:0x7ff500575bd9 [ 620.940936][T11923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.960558][T11923] RSP: 002b:00007ff5013b7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.968993][T11923] RAX: ffffffffffffffda RBX: 00007ff500703f60 RCX: 00007ff500575bd9 [ 620.977065][T11923] RDX: 00000000200001c0 RSI: 00000000c0044306 RDI: 0000000000000005 [ 620.985045][T11923] RBP: 00007ff5013b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 620.993136][T11923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.001201][T11923] R13: 000000000000000b R14: 00007ff500703f60 R15: 00007fff289aa808 [ 621.009198][T11923] [ 621.623921][T11946] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1706'. [ 622.016998][T11957] overlayfs: missing 'lowerdir' [ 623.245359][T11740] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 623.306378][ T5141] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 623.388712][T11740] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 623.444129][T11740] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 623.505746][T11740] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 623.526347][ T5141] usb 2-1: New USB device found, idVendor=0c45, idProduct=6025, bcdDevice=45.12 [ 623.563212][ T5141] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.579431][ T5141] usb 2-1: config 0 descriptor?? [ 623.608004][ T5141] hub 2-1:0.0: bad descriptor, ignoring hub [ 623.624897][ T5141] hub 2-1:0.0: probe with driver hub failed with error -5 [ 623.638911][ T5141] gspca_main: sonixb-2.14.0 probing 0c45:6025 [ 623.930588][T11740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 624.079656][T11740] 8021q: adding VLAN 0 to HW filter on device team0 [ 624.343736][ T786] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.351004][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 624.563397][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.570665][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 624.758255][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.764989][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.773070][ T5139] usb 2-1: USB disconnect, device number 55 [ 625.056584][T11996] ɶƣ0GCTw: entered promiscuous mode [ 626.545526][T11740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 627.880504][T12028] gretap0: entered promiscuous mode [ 627.906189][T12028] macsec1: entered promiscuous mode [ 627.934329][T12028] macsec1: entered allmulticast mode [ 627.939757][T12028] gretap0: entered allmulticast mode [ 628.027563][T12028] gretap0: left allmulticast mode [ 628.133903][T12028] gretap0: left promiscuous mode [ 629.243026][T12063] FAULT_INJECTION: forcing a failure. [ 629.243026][T12063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 629.313209][T12063] CPU: 0 PID: 12063 Comm: syz.3.1727 Not tainted 6.10.0-rc7-syzkaller #0 [ 629.321772][T12063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 629.331869][T12063] Call Trace: [ 629.335184][T12063] [ 629.338149][T12063] dump_stack_lvl+0x241/0x360 [ 629.342882][T12063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 629.348136][T12063] ? __pfx__printk+0x10/0x10 [ 629.352783][T12063] ? __pfx_lock_release+0x10/0x10 [ 629.357862][T12063] should_fail_ex+0x3b0/0x4e0 [ 629.362609][T12063] _copy_from_user+0x2f/0xe0 [ 629.367250][T12063] copy_msghdr_from_user+0xae/0x680 [ 629.372527][T12063] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 629.378409][T12063] __sys_sendmsg+0x23d/0x3a0 [ 629.383073][T12063] ? __pfx___sys_sendmsg+0x10/0x10 [ 629.388326][T12063] ? vfs_write+0x7c4/0xc90 [ 629.392838][T12063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 629.399208][T12063] ? do_syscall_64+0x100/0x230 [ 629.404013][T12063] ? do_syscall_64+0xb6/0x230 [ 629.408846][T12063] do_syscall_64+0xf3/0x230 [ 629.413374][T12063] ? clear_bhb_loop+0x35/0x90 [ 629.418092][T12063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.424022][T12063] RIP: 0033:0x7f48cf775bd9 [ 629.428449][T12063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.448085][T12063] RSP: 002b:00007f48d053e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 629.456513][T12063] RAX: ffffffffffffffda RBX: 00007f48cf903f60 RCX: 00007f48cf775bd9 [ 629.464506][T12063] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000004 [ 629.472531][T12063] RBP: 00007f48d053e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 629.480521][T12063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.488507][T12063] R13: 000000000000000b R14: 00007f48cf903f60 R15: 00007ffc158dff18 [ 629.496506][T12063] [ 630.028865][T11740] veth0_vlan: entered promiscuous mode [ 630.245846][T11740] veth1_vlan: entered promiscuous mode [ 630.360563][T12090] overlay: Unknown parameter 'pcr' [ 630.553928][T11740] veth0_macvtap: entered promiscuous mode [ 630.718374][T11740] veth1_macvtap: entered promiscuous mode [ 630.848200][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 630.886316][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.935562][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 630.961388][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.975118][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.001322][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.024246][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.040641][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.061563][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.081549][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.124737][T11740] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 631.245799][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.433259][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.582520][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.682298][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.722653][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.769997][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.804165][ T5141] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 631.842488][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.894542][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.952538][T11740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.973317][T11740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.996286][T11740] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 632.052795][T11740] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.069212][ T5141] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 632.080180][T11740] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.098501][T11740] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.102499][ T5141] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.132108][T11740] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.174901][ T5141] usb 2-1: config 0 descriptor?? [ 632.497550][ T748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.552333][ T748] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 632.689616][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.721380][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 633.197413][ T9146] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 633.393617][ T5089] Bluetooth: hci5: command tx timeout [ 633.433420][ T9146] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 633.692405][ T9146] usb 3-1: config 1 has no interface number 1 [ 633.698789][ T9146] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 633.714030][ T9146] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 633.728157][ T9146] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 634.505503][ T9146] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 634.518042][ T9146] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.526463][ T9146] usb 3-1: Product: చ [ 634.922962][ T9146] usb 3-1: USB disconnect, device number 37 [ 635.120814][ T5141] usb 2-1: Cannot read MAC address [ 635.127440][ T5141] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 635.226299][ T5141] usb 2-1: USB disconnect, device number 56 [ 635.320672][T12136] udevd[12136]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 636.481195][T12184] overlayfs: failed to resolve './file1/file0': -2 [ 636.692137][T12192] netlink: 'syz.1.1748': attribute type 16 has an invalid length. [ 636.715609][T12192] netlink: 'syz.1.1748': attribute type 17 has an invalid length. [ 637.848005][ T29] audit: type=1326 audit(1720450347.601:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12206 comm="syz.1.1750" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2418375bd9 code=0x0 [ 638.327604][T12216] 9pnet_fd: Insufficient options for proto=fd [ 638.504432][T12225] FAULT_INJECTION: forcing a failure. [ 638.504432][T12225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 638.539042][T12225] CPU: 1 PID: 12225 Comm: syz.2.1756 Not tainted 6.10.0-rc7-syzkaller #0 [ 638.547531][T12225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 638.557633][T12225] Call Trace: [ 638.560947][T12225] [ 638.563914][T12225] dump_stack_lvl+0x241/0x360 [ 638.568647][T12225] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.573902][T12225] ? __pfx__printk+0x10/0x10 [ 638.578536][T12225] ? snprintf+0xda/0x120 [ 638.582801][T12225] should_fail_ex+0x3b0/0x4e0 [ 638.587532][T12225] _copy_to_user+0x2f/0xb0 [ 638.591975][T12225] simple_read_from_buffer+0xca/0x150 [ 638.597376][T12225] proc_fail_nth_read+0x1e9/0x250 [ 638.602419][T12225] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 638.607986][T12225] ? rw_verify_area+0x520/0x6b0 [ 638.612859][T12225] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 638.618535][T12225] vfs_read+0x204/0xbc0 [ 638.622720][T12225] ? __pfx_lock_release+0x10/0x10 [ 638.627758][T12225] ? __pfx_rds_getsockopt+0x10/0x10 [ 638.632984][T12225] ? __pfx_vfs_read+0x10/0x10 [ 638.637681][T12225] ? __fget_files+0x29/0x470 [ 638.642286][T12225] ? __fget_files+0x3f6/0x470 [ 638.646984][T12225] ksys_read+0x1a0/0x2c0 [ 638.651266][T12225] ? __pfx_ksys_read+0x10/0x10 [ 638.656051][T12225] ? do_syscall_64+0x100/0x230 [ 638.660837][T12225] ? do_syscall_64+0xb6/0x230 [ 638.665536][T12225] do_syscall_64+0xf3/0x230 [ 638.670058][T12225] ? clear_bhb_loop+0x35/0x90 [ 638.674757][T12225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.680842][T12225] RIP: 0033:0x7ff5005746bc [ 638.685273][T12225] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 638.704893][T12225] RSP: 002b:00007ff5013b7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 638.713320][T12225] RAX: ffffffffffffffda RBX: 00007ff500703f60 RCX: 00007ff5005746bc [ 638.721300][T12225] RDX: 000000000000000f RSI: 00007ff5013b70b0 RDI: 0000000000000004 [ 638.729281][T12225] RBP: 00007ff5013b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 638.737260][T12225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 638.745281][T12225] R13: 000000000000000b R14: 00007ff500703f60 R15: 00007fff289aa808 [ 638.753276][T12225] [ 638.922664][ T5131] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 639.357130][ T5131] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 639.378895][ T29] audit: type=1326 audit(1720450349.101:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12230 comm="syz.2.1759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff500575bd9 code=0x7fc00000 [ 639.392785][ T5131] usb 1-1: config 0 has no interface number 0 [ 639.725842][ T5131] usb 1-1: New USB device found, idVendor=15ba, idProduct=0003, bcdDevice=9b.0a [ 639.745043][ T5131] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.762380][ T5131] usb 1-1: Product: syz [ 639.766693][ T5131] usb 1-1: Manufacturer: syz [ 639.771707][ T5131] usb 1-1: SerialNumber: syz [ 639.802890][ T5131] usb 1-1: config 0 descriptor?? [ 639.823719][ T5131] ftdi_sio 1-1:0.1: FTDI USB Serial Device converter detected [ 639.851945][ T5131] ftdi_sio ttyUSB0: unknown device type: 0x9b0a [ 639.877779][T12243] 9pnet_fd: Insufficient options for proto=fd [ 639.885515][T12244] usb usb8: usbfs: process 12244 (syz.2.1761) did not claim interface 0 before use [ 639.953347][T12246] usb usb8: usbfs: process 12246 (syz.1.1762) did not claim interface 0 before use [ 640.079427][ T5143] usb 1-1: USB disconnect, device number 46 [ 640.093516][ T5143] ftdi_sio 1-1:0.1: device disconnected [ 640.190471][T12249] FAULT_INJECTION: forcing a failure. [ 640.190471][T12249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 640.204973][T12249] CPU: 1 PID: 12249 Comm: syz.4.1763 Not tainted 6.10.0-rc7-syzkaller #0 [ 640.213426][T12249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 640.223891][T12249] Call Trace: [ 640.227197][T12249] [ 640.230152][T12249] dump_stack_lvl+0x241/0x360 [ 640.234958][T12249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 640.240208][T12249] ? __pfx__printk+0x10/0x10 [ 640.244896][T12249] ? __pfx_lock_release+0x10/0x10 [ 640.249942][T12249] should_fail_ex+0x3b0/0x4e0 [ 640.254642][T12249] _copy_from_user+0x2f/0xe0 [ 640.259247][T12249] get_itimerspec64+0xaa/0x460 [ 640.264030][T12249] ? __pfx_vfs_write+0x10/0x10 [ 640.268842][T12249] ? __pfx_get_itimerspec64+0x10/0x10 [ 640.274248][T12249] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 640.280239][T12249] ? __fget_files+0x3f6/0x470 [ 640.284936][T12249] __x64_sys_timer_settime+0x13d/0x240 [ 640.290409][T12249] ? __pfx___x64_sys_timer_settime+0x10/0x10 [ 640.296509][T12249] ? do_syscall_64+0x100/0x230 [ 640.301302][T12249] ? do_syscall_64+0xb6/0x230 [ 640.306086][T12249] do_syscall_64+0xf3/0x230 [ 640.310607][T12249] ? clear_bhb_loop+0x35/0x90 [ 640.315391][T12249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.321298][T12249] RIP: 0033:0x7f8dc6b75bd9 [ 640.325729][T12249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 640.345354][T12249] RSP: 002b:00007f8dc786d048 EFLAGS: 00000246 ORIG_RAX: 00000000000000df [ 640.353779][T12249] RAX: ffffffffffffffda RBX: 00007f8dc6d03f60 RCX: 00007f8dc6b75bd9 [ 640.361758][T12249] RDX: 0000000020000340 RSI: 0000000000000001 RDI: 0000000000000000 [ 640.369825][T12249] RBP: 00007f8dc786d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 640.377812][T12249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 640.385787][T12249] R13: 000000000000000b R14: 00007f8dc6d03f60 R15: 00007ffebb941378 [ 640.393781][T12249] [ 640.403956][ T9146] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 640.482884][ T5141] usb 2-1: new full-speed USB device number 57 using dummy_hcd [ 640.604845][ T9146] usb 3-1: not running at top speed; connect to a high speed hub [ 640.643266][ T9146] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 64 [ 640.673582][ T9146] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 640.691455][ T5141] usb 2-1: not running at top speed; connect to a high speed hub [ 640.707826][ T9146] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.724256][ T5141] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 64 [ 640.747807][ T9146] usb 3-1: Product: и [ 640.761838][ T5141] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 640.791729][ T5141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.805042][T12244] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 640.813306][ T5141] usb 2-1: Product: и [ 640.838540][T12246] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 641.354721][T12266] 9pnet_fd: Insufficient options for proto=fd [ 642.144287][ T5141] cdc_ncm 2-1:1.0: bind() failure [ 642.149656][ T9146] cdc_ncm 3-1:1.0: bind() failure [ 642.219530][ T5141] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 642.238125][ T9146] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 642.263345][ T5141] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 642.289882][ T9146] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 642.311151][ T5141] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 642.325948][ T9146] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 642.350681][ T5141] usb 2-1: USB disconnect, device number 57 [ 642.372343][ T9146] usb 3-1: USB disconnect, device number 38 [ 644.035591][ T5141] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 644.264299][ T5141] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 644.355017][ T5141] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 644.386496][ T5141] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 644.406108][ T5141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.444908][ T5141] usb 1-1: Product: syz [ 644.476242][ T5141] usb 1-1: Manufacturer: syz [ 644.500761][ T5141] usb 1-1: SerialNumber: syz [ 644.563913][ T5141] usb 1-1: selecting invalid altsetting 1 [ 646.329196][T12309] 9pnet_fd: Insufficient options for proto=fd [ 646.814575][ T5141] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 646.820705][ T5141] cdc_ncm 1-1:1.0: bind() failure [ 647.075824][ T5141] usb 1-1: USB disconnect, device number 47 [ 648.280881][T12330] fuse: Unknown parameter '0x0000000000000006' [ 648.608861][T12332] FAULT_INJECTION: forcing a failure. [ 648.608861][T12332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 648.644727][T12332] CPU: 1 PID: 12332 Comm: syz.4.1785 Not tainted 6.10.0-rc7-syzkaller #0 [ 648.653230][T12332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 648.663351][T12332] Call Trace: [ 648.666677][T12332] [ 648.669636][T12332] dump_stack_lvl+0x241/0x360 [ 648.674370][T12332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 648.679615][T12332] ? __pfx__printk+0x10/0x10 [ 648.684230][T12332] ? __pfx_lock_release+0x10/0x10 [ 648.689275][T12332] should_fail_ex+0x3b0/0x4e0 [ 648.693995][T12332] _copy_from_user+0x2f/0xe0 [ 648.698620][T12332] copy_msghdr_from_user+0xae/0x680 [ 648.703859][T12332] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 648.709726][T12332] __sys_sendmsg+0x23d/0x3a0 [ 648.714371][T12332] ? __pfx___sys_sendmsg+0x10/0x10 [ 648.719593][T12332] ? vfs_write+0x7c4/0xc90 [ 648.724069][T12332] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 648.730497][T12332] ? do_syscall_64+0x100/0x230 [ 648.735288][T12332] ? do_syscall_64+0xb6/0x230 [ 648.740006][T12332] do_syscall_64+0xf3/0x230 [ 648.744710][T12332] ? clear_bhb_loop+0x35/0x90 [ 648.749407][T12332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.755325][T12332] RIP: 0033:0x7f8dc6b75bd9 [ 648.759753][T12332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.779374][T12332] RSP: 002b:00007f8dc786d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 648.787812][T12332] RAX: ffffffffffffffda RBX: 00007f8dc6d03f60 RCX: 00007f8dc6b75bd9 [ 648.795800][T12332] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 648.803785][T12332] RBP: 00007f8dc786d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 648.811768][T12332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.819765][T12332] R13: 000000000000000b R14: 00007f8dc6d03f60 R15: 00007ffebb941378 [ 648.827765][T12332] [ 649.095435][T12345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 650.659921][T12357] binder: 12348:12357 ioctl 400c620e 20000380 returned -22 [ 651.717127][T12378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1795'. [ 652.432412][ T5086] Bluetooth: hci5: command 0x0406 tx timeout [ 652.694551][T12385] bridge0: port 3(gretap0) entered blocking state [ 652.785151][T12385] bridge0: port 3(gretap0) entered disabled state [ 652.813952][T12385] gretap0: entered allmulticast mode [ 652.848888][T12385] gretap0: entered promiscuous mode [ 652.886558][T12385] bridge0: port 3(gretap0) entered blocking state [ 652.888059][T12385] bridge0: port 3(gretap0) entered forwarding state [ 653.113165][ T5141] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 653.313839][ T5141] usb 5-1: Using ep0 maxpacket: 8 [ 653.367718][ T5141] usb 5-1: New USB device found, idVendor=337d, idProduct=503c, bcdDevice=22.8c [ 653.383333][ T5141] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.392444][ T5141] usb 5-1: Product: syz [ 653.397047][ T5141] usb 5-1: Manufacturer: syz [ 653.415280][ T5141] usb 5-1: SerialNumber: syz [ 653.468649][ T5141] usb 5-1: config 0 descriptor?? [ 653.494064][T12401] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 653.763360][T12405] FAULT_INJECTION: forcing a failure. [ 653.763360][T12405] name failslab, interval 1, probability 0, space 0, times 0 [ 653.798245][T12405] CPU: 0 PID: 12405 Comm: syz.1.1805 Not tainted 6.10.0-rc7-syzkaller #0 [ 653.806726][T12405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 653.816822][T12405] Call Trace: [ 653.820134][T12405] [ 653.823093][T12405] dump_stack_lvl+0x241/0x360 [ 653.827826][T12405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 653.833081][T12405] ? __pfx__printk+0x10/0x10 [ 653.837731][T12405] ? netlink_insert+0x10b7/0x14b0 [ 653.842845][T12405] should_fail_ex+0x3b0/0x4e0 [ 653.847576][T12405] ? __alloc_skb+0x1c3/0x440 [ 653.852190][T12405] should_failslab+0x9/0x20 [ 653.856727][T12405] kmem_cache_alloc_node_noprof+0x71/0x320 [ 653.862709][T12405] __alloc_skb+0x1c3/0x440 [ 653.867148][T12405] ? __pfx___alloc_skb+0x10/0x10 [ 653.872124][T12405] ? netlink_autobind+0xd6/0x2f0 [ 653.877085][T12405] ? netlink_autobind+0x2b0/0x2f0 [ 653.882135][T12405] netlink_sendmsg+0x631/0xcb0 [ 653.886939][T12405] ? __pfx_netlink_sendmsg+0x10/0x10 [ 653.892337][T12405] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 653.897635][T12405] ? security_socket_sendmsg+0x87/0xb0 [ 653.903123][T12405] ? __pfx_netlink_sendmsg+0x10/0x10 [ 653.908422][T12405] __sock_sendmsg+0x221/0x270 [ 653.913140][T12405] sock_write_iter+0x2dd/0x400 [ 653.917928][T12405] ? __pfx_sock_write_iter+0x10/0x10 [ 653.923274][T12405] ? bpf_lsm_file_permission+0x9/0x10 [ 653.928663][T12405] ? security_file_permission+0x7f/0xa0 [ 653.934242][T12405] vfs_write+0xa72/0xc90 [ 653.938535][T12405] ? __pfx_sock_write_iter+0x10/0x10 [ 653.943940][T12405] ? __pfx_vfs_write+0x10/0x10 [ 653.948745][T12405] ksys_write+0x1a0/0x2c0 [ 653.953107][T12405] ? __pfx_ksys_write+0x10/0x10 [ 653.957986][T12405] ? do_syscall_64+0x100/0x230 [ 653.963479][T12405] ? do_syscall_64+0xb6/0x230 [ 653.968199][T12405] do_syscall_64+0xf3/0x230 [ 653.972734][T12405] ? clear_bhb_loop+0x35/0x90 [ 653.977447][T12405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.983367][T12405] RIP: 0033:0x7f2418375bd9 [ 653.987792][T12405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.007424][T12405] RSP: 002b:00007f24191b4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 654.015864][T12405] RAX: ffffffffffffffda RBX: 00007f2418503f60 RCX: 00007f2418375bd9 [ 654.023905][T12405] RDX: 0000000000000024 RSI: 0000000020000080 RDI: 0000000000000003 [ 654.031900][T12405] RBP: 00007f24191b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 654.039896][T12405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.047886][T12405] R13: 000000000000000b R14: 00007f2418503f60 R15: 00007ffc82469318 [ 654.056145][T12405] [ 654.447026][ T5141] usb 5-1: USB disconnect, device number 39 [ 655.741572][T12424] hub 6-0:1.0: USB hub found [ 655.746789][T12424] hub 6-0:1.0: 1 port detected [ 657.715774][T12454] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1815'. [ 658.152970][T12467] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 658.232738][T10351] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 658.643225][T10351] usb 2-1: Using ep0 maxpacket: 8 [ 658.661530][T10351] usb 2-1: New USB device found, idVendor=337d, idProduct=503c, bcdDevice=22.8c [ 659.439411][T10351] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.461645][T10351] usb 2-1: Product: syz [ 659.471181][T10351] usb 2-1: Manufacturer: syz [ 659.482413][T10351] usb 2-1: SerialNumber: syz [ 659.496314][T10351] usb 2-1: config 0 descriptor?? [ 660.519039][T12503] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 661.212353][ T9] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 661.271453][T10351] usb 2-1: USB disconnect, device number 58 [ 661.446239][T12512] program syz.0.1833 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 661.462913][T12512] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 661.500882][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 661.520811][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 661.549752][ T9] usb 3-1: config 1 has no interface number 0 [ 661.564808][ T9] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 661.630282][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 661.632484][ T5136] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 661.657129][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.679547][ T9] usb 3-1: Product: syz [ 661.689411][ T9] usb 3-1: Manufacturer: syz [ 661.695989][ T9] usb 3-1: SerialNumber: syz [ 661.718382][ T9] usb 3-1: selecting invalid altsetting 1 [ 661.845193][ T5136] usb 5-1: Using ep0 maxpacket: 8 [ 661.857768][ T5136] usb 5-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41 [ 661.882364][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.933299][ T5136] usb 5-1: config 0 descriptor?? [ 662.175668][T12511] FAULT_INJECTION: forcing a failure. [ 662.175668][T12511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 662.218968][T12511] CPU: 1 PID: 12511 Comm: syz.4.1834 Not tainted 6.10.0-rc7-syzkaller #0 [ 662.227467][T12511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 662.237570][T12511] Call Trace: [ 662.240969][T12511] [ 662.243936][T12511] dump_stack_lvl+0x241/0x360 [ 662.248712][T12511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 662.254006][T12511] ? __pfx__printk+0x10/0x10 [ 662.258649][T12511] ? __mutex_unlock_slowpath+0x21d/0x750 [ 662.264386][T12511] should_fail_ex+0x3b0/0x4e0 [ 662.269127][T12511] strncpy_from_user+0x36/0x2f0 [ 662.274128][T12511] __se_sys_request_key+0xa3/0x3b0 [ 662.279303][T12511] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 662.285320][T12511] ? __pfx___se_sys_request_key+0x10/0x10 [ 662.291142][T12511] ? do_syscall_64+0x100/0x230 [ 662.295992][T12511] ? do_syscall_64+0xb6/0x230 [ 662.300810][T12511] do_syscall_64+0xf3/0x230 [ 662.305360][T12511] ? clear_bhb_loop+0x35/0x90 [ 662.310085][T12511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.316030][T12511] RIP: 0033:0x7f8dc6b75bd9 [ 662.320477][T12511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.342034][T12511] RSP: 002b:00007f8dc786d048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 662.350510][T12511] RAX: ffffffffffffffda RBX: 00007f8dc6d03f60 RCX: 00007f8dc6b75bd9 [ 662.358602][T12511] RDX: 0000000020000cc0 RSI: 0000000020000c80 RDI: 0000000020000c40 [ 662.366603][T12511] RBP: 00007f8dc786d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 662.374612][T12511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 662.382623][T12511] R13: 000000000000000b R14: 00007f8dc6d03f60 R15: 00007ffebb941378 [ 662.390654][T12511] [ 662.496772][ T8] usb 5-1: USB disconnect, device number 40 [ 666.076415][T12541] usb usb8: usbfs: process 12541 (syz.0.1840) did not claim interface 0 before use [ 666.812617][ T9] cdc_ncm 3-1:1.1: bind() failure [ 666.872295][ T8] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 667.085026][ T8] usb 1-1: not running at top speed; connect to a high speed hub [ 667.107766][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 256, setting to 64 [ 667.152365][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 667.171792][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.181929][ T8] usb 1-1: Product: и [ 667.195933][T12541] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 667.211822][ T29] audit: type=1804 audit(1720450376.971:83): pid=12550 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1843" name="/newroot/24/bus/file0" dev="overlay" ino=168 res=1 errno=0 [ 667.241665][T10351] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 667.524809][T10351] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 667.544381][T10351] usb 4-1: config 1 has no interface number 1 [ 667.568671][T10351] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 667.611745][T10351] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 667.635634][T10351] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 667.638824][ T8] cdc_ncm 1-1:1.0: bind() failure [ 667.675900][ T8] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 667.694928][T10351] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 667.712329][ T8] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 667.727356][T10351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.738167][T10351] usb 4-1: Product: చ [ 667.742390][ T8] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 667.757933][ T8] usb 1-1: USB disconnect, device number 48 [ 668.073200][T10351] usb 4-1: USB disconnect, device number 42 [ 668.360189][T11917] udevd[11917]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 670.768529][T12607] x_tables: duplicate underflow at hook 3 [ 671.554510][ T5086] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 671.565987][ T5086] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 671.617473][ T5086] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 671.644397][ T5086] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 671.655544][ T5086] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 671.663694][ T5086] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 672.744221][T12621] FAULT_INJECTION: forcing a failure. [ 672.744221][T12621] name failslab, interval 1, probability 0, space 0, times 0 [ 672.757632][T12621] CPU: 0 PID: 12621 Comm: syz.4.1861 Not tainted 6.10.0-rc7-syzkaller #0 [ 672.766165][T12621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 672.776231][T12621] Call Trace: [ 672.779512][T12621] [ 672.782444][T12621] dump_stack_lvl+0x241/0x360 [ 672.787142][T12621] ? __pfx_dump_stack_lvl+0x10/0x10 [ 672.792349][T12621] ? __pfx__printk+0x10/0x10 [ 672.796962][T12621] should_fail_ex+0x3b0/0x4e0 [ 672.801689][T12621] ? big_key_preparse+0x200/0x4e0 [ 672.807026][T12621] should_failslab+0x9/0x20 [ 672.811548][T12621] kmalloc_trace_noprof+0x6c/0x2c0 [ 672.816682][T12621] big_key_preparse+0x200/0x4e0 [ 672.821561][T12621] ? __pfx_big_key_preparse+0x10/0x10 [ 672.826954][T12621] key_update+0x265/0x6b0 [ 672.831297][T12621] ? __pfx_key_update+0x10/0x10 [ 672.836156][T12621] ? __pfx_keyring_search_iterator+0x10/0x10 [ 672.842153][T12621] ? rep_movs_alternative+0x4a/0x70 [ 672.847380][T12621] keyctl_update_key+0xf4/0x120 [ 672.852273][T12621] __se_sys_keyctl+0x5c2/0xa50 [ 672.857062][T12621] ? __pfx___se_sys_keyctl+0x10/0x10 [ 672.862534][T12621] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 672.868535][T12621] ? __fget_files+0x3f6/0x470 [ 672.873231][T12621] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 672.879283][T12621] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 672.885625][T12621] ? do_syscall_64+0x100/0x230 [ 672.890405][T12621] ? __x64_sys_keyctl+0x20/0xc0 [ 672.895288][T12621] do_syscall_64+0xf3/0x230 [ 672.899819][T12621] ? clear_bhb_loop+0x35/0x90 [ 672.904514][T12621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.910425][T12621] RIP: 0033:0x7f8dc6b75bd9 [ 672.914849][T12621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.934467][T12621] RSP: 002b:00007f8dc786d048 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 672.942979][T12621] RAX: ffffffffffffffda RBX: 00007f8dc6d03f60 RCX: 00007f8dc6b75bd9 [ 672.950959][T12621] RDX: 0000000020003780 RSI: 000000003974ff27 RDI: 0000000000000002 [ 672.958948][T12621] RBP: 00007f8dc786d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 672.966936][T12621] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 672.974919][T12621] R13: 000000000000000b R14: 00007f8dc6d03f60 R15: 00007ffebb941378 [ 672.982919][T12621] [ 673.191344][T12608] chnl_net:caif_netlink_parms(): no params data found [ 673.972414][ T5086] Bluetooth: hci6: command tx timeout [ 674.320399][T12608] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.363696][T12608] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.371016][T12608] bridge_slave_0: entered allmulticast mode [ 674.426473][T12608] bridge_slave_0: entered promiscuous mode [ 674.453834][T12608] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.472397][T12608] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.479733][T12608] bridge_slave_1: entered allmulticast mode [ 674.516828][T12608] bridge_slave_1: entered promiscuous mode [ 675.456163][T12608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.540961][T12608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 675.692694][ T5139] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 676.032548][ T5086] Bluetooth: hci6: command tx timeout [ 678.209684][ T5086] Bluetooth: hci6: command tx timeout [ 678.368234][T12608] team0: Port device team_slave_0 added [ 678.440683][T12608] team0: Port device team_slave_1 added [ 678.501035][ T5139] usb 1-1: device descriptor read/all, error -71 [ 678.736530][T12608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.755757][T12608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.816720][T12608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.850875][T12608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.858208][ T29] audit: type=1326 audit(1720450388.601:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3d0ab6cc27 code=0x7ffc0000 [ 678.905918][T12608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.946447][ T29] audit: type=1326 audit(1720450388.631:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3d0ab115c9 code=0x7ffc0000 [ 678.988791][T12608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 680.680127][ T5086] Bluetooth: hci6: command tx timeout [ 681.346539][ T29] audit: type=1326 audit(1720450388.631:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d0ab75bd9 code=0x7ffc0000 [ 681.418309][T12673] FAULT_INJECTION: forcing a failure. [ 681.418309][T12673] name failslab, interval 1, probability 0, space 0, times 0 [ 681.458962][ T29] audit: type=1326 audit(1720450388.641:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3d0ab6cc27 code=0x7ffc0000 [ 681.539724][ T29] audit: type=1326 audit(1720450388.641:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3d0ab115c9 code=0x7ffc0000 [ 681.562484][T12673] CPU: 1 PID: 12673 Comm: syz.0.1874 Not tainted 6.10.0-rc7-syzkaller #0 [ 681.570964][T12673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 681.581057][T12673] Call Trace: [ 681.584374][T12673] [ 681.587333][T12673] dump_stack_lvl+0x241/0x360 [ 681.592062][T12673] ? __pfx_dump_stack_lvl+0x10/0x10 [ 681.597303][T12673] ? __pfx__printk+0x10/0x10 [ 681.601939][T12673] ? __pfx___might_resched+0x10/0x10 [ 681.607299][T12673] ? audit_log_format+0xdb/0x130 [ 681.612297][T12673] should_fail_ex+0x3b0/0x4e0 [ 681.617021][T12673] ? audit_log_d_path+0xbb/0x310 [ 681.622016][T12673] should_failslab+0x9/0x20 [ 681.626570][T12673] kmalloc_trace_noprof+0x6c/0x2c0 [ 681.631736][T12673] audit_log_d_path+0xbb/0x310 [ 681.636558][T12673] ? get_mm_exe_file+0x1c/0x170 [ 681.641461][T12673] audit_log_d_path_exe+0x45/0x70 [ 681.646539][T12673] audit_log_task+0x219/0x2f0 [ 681.651271][T12673] ? __pfx_audit_log_task+0x10/0x10 [ 681.656516][T12673] ? __pfx___cant_migrate+0x10/0x10 [ 681.661819][T12673] audit_seccomp+0x7b/0x1f0 [ 681.666381][T12673] ? migrate_disable+0xce/0x180 [ 681.671285][T12673] __seccomp_filter+0xb38/0x1fe0 [ 681.676301][T12673] ? vfs_write+0x7c4/0xc90 [ 681.680781][T12673] ? __pfx___seccomp_filter+0x10/0x10 [ 681.686305][T12673] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 681.692348][T12673] ? __fget_files+0x3f6/0x470 [ 681.697096][T12673] ? __secure_computing+0x125/0x370 [ 681.702347][T12673] syscall_trace_enter+0xa8/0x150 [ 681.707430][T12673] do_syscall_64+0xcc/0x230 [ 681.711977][T12673] ? clear_bhb_loop+0x35/0x90 [ 681.716706][T12673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.722660][T12673] RIP: 0033:0x7f3d0ab75bd9 [ 681.727110][T12673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 681.746760][T12673] RSP: 002b:00007f3d0b94f048 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 681.755315][T12673] RAX: ffffffffffffffda RBX: 00007f3d0ad03f60 RCX: 00007f3d0ab75bd9 [ 681.763339][T12673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 681.771371][T12673] RBP: 00007f3d0b94f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 681.771713][ T29] audit: type=1326 audit(1720450388.641:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3d0ab6cc27 code=0x7ffc0000 [ 681.779358][T12673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 681.779379][T12673] R13: 000000000000000b R14: 00007f3d0ad03f60 R15: 00007fff1d83d538 [ 681.779413][T12673] [ 681.829257][ T29] audit: type=1326 audit(1720450388.641:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3d0ab115c9 code=0x7ffc0000 [ 681.885210][ T29] audit: type=1326 audit(1720450388.641:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3d0ab6cc27 code=0x7ffc0000 [ 682.543779][T12608] hsr_slave_0: entered promiscuous mode [ 682.553325][ T29] audit: type=1326 audit(1720450388.641:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3d0ab115c9 code=0x7ffc0000 [ 682.584095][T12608] hsr_slave_1: entered promiscuous mode [ 682.607891][ T29] audit: type=1326 audit(1720450388.641:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12663 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3d0ab6cc27 code=0x7ffc0000 [ 682.629828][T12608] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 682.666022][T12608] Cannot create hsr debugfs directory [ 683.162760][ T5089] Bluetooth: hci1: command 0x0406 tx timeout [ 683.382395][ T8] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 683.625687][ T8] usb 5-1: config index 0 descriptor too short (expected 65191, got 72) [ 683.668930][ T8] usb 5-1: config index 1 descriptor too short (expected 65191, got 72) [ 683.745641][ T8] usb 5-1: config index 2 descriptor too short (expected 65191, got 72) [ 683.778795][ T8] usb 5-1: config index 3 descriptor too short (expected 65191, got 72) [ 683.819653][ T8] usb 5-1: config index 4 descriptor too short (expected 65191, got 72) [ 683.904274][ T8] usb 5-1: config index 5 descriptor too short (expected 65191, got 72) [ 683.939668][ T8] usb 5-1: config index 6 descriptor too short (expected 65191, got 72) [ 683.993321][ T8] usb 5-1: config index 7 descriptor too short (expected 65191, got 72) [ 684.028693][T12608] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.065974][ T8] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 684.107070][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.122407][ T9146] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 684.127639][ T8] usb 5-1: Product: syz [ 684.141350][ T8] usb 5-1: Manufacturer: syz [ 684.149862][ T8] usb 5-1: SerialNumber: syz [ 684.225014][ T8] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 684.293536][ T5139] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 684.334783][ T9146] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 684.369861][ T9146] usb 1-1: config 1 has no interface number 1 [ 684.385863][T12709] sg_write: data in/out 624/1 bytes for SCSI command 0xcb-- guessing data in; [ 684.385863][T12709] program syz.3.1883 not setting count and/or reply_len properly [ 684.414058][ T9146] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 684.425126][T12608] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.438807][ T9146] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 684.438849][ T9146] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 684.451019][ T9146] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 684.451059][ T9146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.451084][ T9146] usb 1-1: Product: చ [ 684.742811][ T9146] usb 1-1: USB disconnect, device number 51 [ 684.862704][ T9] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 685.058837][T12608] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.062832][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 685.105301][ T9] usb 4-1: config 0 has no interfaces? [ 685.123023][ T9] usb 4-1: New USB device found, idVendor=0403, idProduct=d491, bcdDevice=3a.75 [ 685.145515][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.234559][ T9] usb 4-1: config 0 descriptor?? [ 685.401652][ T5139] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 686.091209][T12608] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.413041][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.419733][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.175318][ T9146] usb 4-1: USB disconnect, device number 43 [ 687.536044][T12721] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1888'. [ 689.578331][T12743] FAULT_INJECTION: forcing a failure. [ 689.578331][T12743] name failslab, interval 1, probability 0, space 0, times 0 [ 689.599193][T12743] CPU: 1 PID: 12743 Comm: syz.3.1893 Not tainted 6.10.0-rc7-syzkaller #0 [ 689.607688][T12743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 689.617871][T12743] Call Trace: [ 689.621199][T12743] [ 689.624167][T12743] dump_stack_lvl+0x241/0x360 [ 689.628906][T12743] ? __pfx_dump_stack_lvl+0x10/0x10 [ 689.634181][T12743] ? __pfx__printk+0x10/0x10 [ 689.638831][T12743] should_fail_ex+0x3b0/0x4e0 [ 689.643559][T12743] ? iovec_from_user+0x87/0x240 [ 689.648502][T12743] should_failslab+0x9/0x20 [ 689.653044][T12743] __kmalloc_noprof+0xd8/0x400 [ 689.657860][T12743] iovec_from_user+0x87/0x240 [ 689.662581][T12743] __import_iovec+0x132/0x820 [ 689.667306][T12743] import_iovec+0xeb/0x120 [ 689.671766][T12743] copy_msghdr_from_user+0x52f/0x680 [ 689.677124][T12743] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 689.683105][T12743] do_recvmmsg+0x40f/0xae0 [ 689.687566][T12743] ? mark_lock+0x9a/0x350 [ 689.691956][T12743] ? __pfx_do_recvmmsg+0x10/0x10 [ 689.696967][T12743] ? __pfx___might_resched+0x10/0x10 [ 689.702295][T12743] ? __might_fault+0xaa/0x120 [ 689.707016][T12743] ? __pfx_lock_release+0x10/0x10 [ 689.712090][T12743] ? vfs_write+0x7c4/0xc90 [ 689.716583][T12743] ? get_timespec64+0x19c/0x280 [ 689.721497][T12743] __x64_sys_recvmmsg+0x1b8/0x250 [ 689.726580][T12743] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 689.732170][T12743] ? do_syscall_64+0x100/0x230 [ 689.736992][T12743] ? do_syscall_64+0xb6/0x230 [ 689.741716][T12743] do_syscall_64+0xf3/0x230 [ 689.746265][T12743] ? clear_bhb_loop+0x35/0x90 [ 689.750990][T12743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.756933][T12743] RIP: 0033:0x7f48cf775bd9 [ 689.761385][T12743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 689.781040][T12743] RSP: 002b:00007f48d051d048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 689.789509][T12743] RAX: ffffffffffffffda RBX: 00007f48cf904038 RCX: 00007f48cf775bd9 [ 689.797552][T12743] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003 [ 689.805559][T12743] RBP: 00007f48d051d0a0 R08: 0000000020003700 R09: 0000000000000000 [ 689.813570][T12743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 689.821574][T12743] R13: 000000000000006e R14: 00007f48cf904038 R15: 00007ffc158dff18 [ 689.829625][T12743] [ 689.832765][ C1] vkms_vblank_simulate: vblank timer overrun [ 695.525608][ T5089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 695.536210][ T5089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 695.556182][ T5089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 695.573366][ T5089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 695.583717][ T5089] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 695.591257][ T5089] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 697.652379][ T5086] Bluetooth: hci1: command tx timeout [ 698.364897][ T5089] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 698.376522][ T5089] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 698.386354][ T5089] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 698.396048][ T5089] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 698.405181][ T5089] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 698.413818][ T5089] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 698.561388][ T5086] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 698.580801][ T5086] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 698.611334][ T5086] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 698.620997][ T5086] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 698.630307][ T5086] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 698.638983][ T5086] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 699.722478][ T5086] Bluetooth: hci1: command tx timeout [ 700.523899][ T5089] Bluetooth: hci7: command tx timeout [ 700.541369][ T5089] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 700.560391][ T5089] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 700.572065][ T5089] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 700.587931][ T5089] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 700.607584][ T5089] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 700.616661][ T5089] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 700.682804][ T5086] Bluetooth: hci8: command tx timeout [ 701.803525][ T5086] Bluetooth: hci1: command tx timeout [ 702.602423][ T5086] Bluetooth: hci7: command tx timeout [ 702.689560][ T5086] Bluetooth: hci9: command tx timeout [ 702.762568][ T5086] Bluetooth: hci8: command tx timeout [ 703.884947][ T5086] Bluetooth: hci1: command tx timeout [ 704.682400][ T5086] Bluetooth: hci7: command tx timeout [ 704.762302][ T5086] Bluetooth: hci9: command tx timeout [ 704.842600][ T5086] Bluetooth: hci8: command tx timeout [ 706.763535][ T5086] Bluetooth: hci7: command tx timeout [ 706.842282][ T5086] Bluetooth: hci9: command tx timeout [ 706.924996][ T5086] Bluetooth: hci8: command tx timeout [ 708.912527][ T5086] Bluetooth: hci9: command tx timeout [ 729.254108][ T5089] Bluetooth: hci4: command 0x0406 tx timeout [ 731.150554][ T5089] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 731.162198][ T5089] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 731.171147][ T5089] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 731.179867][ T5089] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 731.189114][ T5089] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 731.198003][ T5089] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 733.245361][ T5089] Bluetooth: hci10: command tx timeout [ 735.326439][ T5089] Bluetooth: hci10: command tx timeout [ 737.405113][ T5089] Bluetooth: hci10: command tx timeout [ 739.482502][ T5089] Bluetooth: hci10: command tx timeout [ 747.827384][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.835102][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 756.121419][ T5086] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 756.135734][ T5086] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 756.145265][ T5086] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 756.154939][ T5086] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 756.163214][ T5086] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 756.170778][ T5086] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 758.291221][ T5086] Bluetooth: hci11: command tx timeout [ 759.296137][ T5089] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 759.308465][ T5089] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 759.317538][ T5089] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 759.365345][T12771] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 759.373684][T12771] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 759.382908][T12771] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 759.433516][T12771] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 759.445615][T12771] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 759.455104][T12771] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 759.465405][T12771] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 759.473608][T12771] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 759.481174][T12771] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 760.362509][ T5089] Bluetooth: hci11: command tx timeout [ 760.615613][T12771] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 760.639351][T12771] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 760.648439][T12771] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 760.659372][T12771] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 760.667613][T12771] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 760.675333][T12771] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 761.482618][T12771] Bluetooth: hci12: command tx timeout [ 761.578547][T12771] Bluetooth: hci13: command tx timeout [ 762.443592][T12771] Bluetooth: hci11: command tx timeout [ 762.767548][T12771] Bluetooth: hci14: command tx timeout [ 763.566076][T12771] Bluetooth: hci12: command tx timeout [ 763.632719][T12771] Bluetooth: hci13: command tx timeout [ 764.522292][ T5089] Bluetooth: hci11: command tx timeout [ 764.832471][ T5089] Bluetooth: hci14: command tx timeout [ 765.642355][ T5089] Bluetooth: hci12: command tx timeout [ 765.725150][ T5089] Bluetooth: hci13: command tx timeout [ 766.922619][ T5089] Bluetooth: hci14: command tx timeout [ 767.722389][ T5089] Bluetooth: hci12: command tx timeout [ 767.812304][ T5089] Bluetooth: hci13: command tx timeout [ 769.002364][ T5089] Bluetooth: hci14: command tx timeout [ 792.889549][T12771] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 792.915642][T12771] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 792.925030][T12771] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 792.934956][T12771] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 792.944287][T12771] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 792.952012][T12771] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 794.992571][ T5089] Bluetooth: hci15: command tx timeout [ 795.893314][ T5089] Bluetooth: hci6: command 0x0406 tx timeout [ 797.082550][T12771] Bluetooth: hci15: command tx timeout [ 798.849331][ T59] kworker/1:2 (59) used greatest stack depth: 18152 bytes left [ 799.170866][T12771] Bluetooth: hci15: command tx timeout [ 801.242490][T12771] Bluetooth: hci15: command tx timeout [ 809.312397][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.318888][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.840391][ T5089] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 816.874816][ T5089] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 816.884408][ T5089] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 816.902576][ T5089] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 816.910892][ T5089] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 816.938183][ T5089] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 819.012407][ T5089] Bluetooth: hci16: command tx timeout [ 820.360682][T12789] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 820.375042][T12789] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 820.392427][T12789] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 820.402313][T12789] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 820.410299][T12789] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 820.417983][T12789] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 820.557555][T12785] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 820.573706][T12785] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 820.583665][T12785] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 820.592203][T12785] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 820.600201][T12785] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 820.615291][T12785] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 821.082867][T12793] Bluetooth: hci16: command tx timeout [ 821.264877][T12789] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 821.277020][T12789] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 821.286483][T12789] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 821.295234][T12789] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 821.303304][T12789] Bluetooth: hci19: unexpected cc 0x0c25 length: 249 > 3 [ 821.310847][T12789] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 821.407049][T12793] Bluetooth: hci1: command 0x0406 tx timeout [ 821.414407][ T53] Bluetooth: hci7: command 0x0406 tx timeout [ 821.420563][T12789] Bluetooth: hci8: command 0x0406 tx timeout [ 822.522872][ T5089] Bluetooth: hci17: command tx timeout [ 822.682446][ T5089] Bluetooth: hci18: command tx timeout [ 823.162831][ T5089] Bluetooth: hci16: command tx timeout [ 823.405843][ T5089] Bluetooth: hci19: command tx timeout [ 824.602790][ T5089] Bluetooth: hci17: command tx timeout [ 824.762344][ T5089] Bluetooth: hci18: command tx timeout [ 825.242917][ T5089] Bluetooth: hci16: command tx timeout [ 825.482525][ T5089] Bluetooth: hci19: command tx timeout [ 826.549500][ T5089] Bluetooth: hci9: command 0x0406 tx timeout [ 826.683303][ T5089] Bluetooth: hci17: command tx timeout [ 826.842203][T12771] Bluetooth: hci18: command tx timeout [ 827.562348][T12771] Bluetooth: hci19: command tx timeout [ 828.762691][T12771] Bluetooth: hci17: command tx timeout [ 828.922444][T12771] Bluetooth: hci18: command tx timeout [ 829.642891][T12771] Bluetooth: hci19: command tx timeout [ 832.762647][ T30] INFO: task syz.2.1832:12500 blocked for more than 143 seconds. [ 832.770456][ T30] Not tainted 6.10.0-rc7-syzkaller #0 [ 832.788358][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 832.800818][ T30] task:syz.2.1832 state:D stack:22720 pid:12500 tgid:12499 ppid:11153 flags:0x00004006 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 832.811386][ T30] Call Trace: [ 832.826214][ T30] [ 832.829226][ T30] __schedule+0x1796/0x49d0 [ 832.856544][ T30] ? __pfx___schedule+0x10/0x10 [ 832.861517][ T30] ? __pfx_lock_release+0x10/0x10 [ 832.899947][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 832.932436][ T30] ? schedule+0x90/0x320 [ 832.936763][ T30] schedule+0x14b/0x320 [ 832.940989][ T30] schedule_preempt_disabled+0x13/0x30 [ 833.030900][ T30] __mutex_lock+0x6a4/0xd70 [ 833.052183][ T30] ? __mutex_lock+0x527/0xd70 [ 833.056946][ T30] ? tun_chr_close+0x3e/0x1b0 [ 833.061666][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 833.077261][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 833.100829][ T30] tun_chr_close+0x3e/0x1b0 [ 833.105699][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 833.110860][ T30] __fput+0x24a/0x8a0 [ 833.119548][ T30] task_work_run+0x24f/0x310 [ 833.127942][ T30] ? __pfx_task_work_run+0x10/0x10 [ 833.135140][ T30] ? do_exit+0xa22/0x27e0 [ 833.139537][ T30] ? kmem_cache_free+0x145/0x350 [ 833.151755][ T30] do_exit+0xa27/0x27e0 [ 833.157336][ T30] ? __pfx_do_exit+0x10/0x10 [ 833.164377][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 833.169997][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 833.182153][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 833.189881][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 833.196357][ T30] do_group_exit+0x207/0x2c0 [ 833.201283][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 833.222196][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 833.227523][ T30] get_signal+0x16a1/0x1740 [ 833.240348][ T30] ? __pfx_get_signal+0x10/0x10 [ 833.250319][ T30] arch_do_signal_or_restart+0x96/0x860 [ 833.256258][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 833.270711][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 833.286108][ T30] ? syscall_exit_to_user_mode+0xa3/0x360 [ 833.291921][ T30] syscall_exit_to_user_mode+0xc9/0x360 [ 833.316825][ T30] do_syscall_64+0x100/0x230 [ 833.321508][ T30] ? clear_bhb_loop+0x35/0x90 [ 833.356019][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 833.362836][ T30] RIP: 0033:0x7ff500575bd9 [ 833.367297][ T30] RSP: 002b:00007ff5013b7048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 833.382139][ T30] RAX: 000000000003fea9 RBX: 00007ff500703f60 RCX: 00007ff500575bd9 [ 833.390177][ T30] RDX: 000000000400023c RSI: 00000000200055c0 RDI: 0000000000000006 [ 833.407091][ T30] RBP: 00007ff5005e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 833.415313][ T30] R10: 0000000000000302 R11: 0000000000000246 R12: 0000000000000000 [ 833.428215][ T30] R13: 000000000000000b R14: 00007ff500703f60 R15: 00007fff289aa808 [ 833.440023][ T30] [ 833.447362][ T30] INFO: task syz-executor:12608 blocked for more than 144 seconds. [ 833.455783][ T30] Not tainted 6.10.0-rc7-syzkaller #0 [ 833.461707][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 833.479070][ T30] task:syz-executor state:D stack:20240 pid:12608 tgid:12608 ppid:1 flags:0x00004006 [ 833.489734][ T30] Call Trace: [ 833.508053][ T30] [ 833.511061][ T30] __schedule+0x1796/0x49d0 [ 833.527361][ T30] ? __pfx___schedule+0x10/0x10 [ 833.542070][ T30] ? __pfx_lock_release+0x10/0x10 [ 833.550828][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 833.567653][ T30] ? schedule+0x90/0x320 [ 833.571977][ T30] schedule+0x14b/0x320 [ 833.579121][ T30] schedule_preempt_disabled+0x13/0x30 [ 833.590298][ T30] __mutex_lock+0x6a4/0xd70 [ 833.594908][ T30] ? __mutex_lock+0x527/0xd70 [ 833.599638][ T30] ? nsim_create+0x408/0x890 [ 833.612170][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 833.617311][ T30] ? kmemdup_noprof+0x45/0x60 [ 833.622036][ T30] ? nsim_udp_tunnels_info_create+0x592/0x7c0 [ 833.636161][ T30] nsim_create+0x408/0x890 [ 833.640689][ T30] ? debugfs_create_symlink+0x191/0x1f0 [ 833.656441][ T30] __nsim_dev_port_add+0x6c0/0xae0 [ 833.661669][ T30] ? __pfx___nsim_dev_port_add+0x10/0x10 [ 833.674867][ T30] ? queue_delayed_work_on+0x267/0x390 [ 833.680422][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 833.701926][ T30] ? init_timer_key+0x197/0x310 [ 833.710607][ T30] nsim_dev_port_add_all+0x33/0xf0 [ 833.717151][ T30] nsim_drv_probe+0x85f/0xb80 [ 833.721899][ T30] ? __pfx_nsim_drv_probe+0x10/0x10 [ 833.746623][ T30] ? kernfs_create_link+0x187/0x1f0 [ 833.753439][ T30] ? sysfs_do_create_link_sd+0xdd/0x110 [ 833.759053][ T30] ? driver_sysfs_add+0x1de/0x1f0 [ 833.771591][ T30] ? really_probe+0x147/0xad0 [ 833.778700][ T30] ? __pfx_nsim_bus_probe+0x10/0x10 [ 833.783997][ T30] really_probe+0x2b8/0xad0 [ 833.788555][ T30] __driver_probe_device+0x1a2/0x390 [ 833.802156][ T30] driver_probe_device+0x50/0x430 [ 833.807344][ T30] __device_attach_driver+0x2d6/0x530 [ 833.832193][ T30] bus_for_each_drv+0x24e/0x2e0 [ 833.837142][ T30] ? __pfx___device_attach_driver+0x10/0x10 [ 833.849441][ T30] ? __pfx_bus_for_each_drv+0x10/0x10 [ 833.860896][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 833.870989][ T30] __device_attach+0x333/0x520 [ 833.875936][ T30] ? __pfx___device_attach+0x10/0x10 [ 833.881517][ T30] bus_probe_device+0x189/0x260 [ 833.886900][ T30] device_add+0x856/0xbf0 [ 833.891291][ T30] new_device_store+0x3f3/0x890 [ 833.908404][ T30] ? kernfs_fop_write_iter+0x1eb/0x500 [ 833.914032][ T30] ? __pfx_new_device_store+0x10/0x10 [ 833.919457][ T30] ? sysfs_kf_write+0x182/0x2a0 [ 833.928227][ T30] ? bus_attr_store+0x4f/0xa0 [ 833.937968][ T30] ? __pfx_sysfs_kf_write+0x10/0x10 [ 833.944481][ T30] kernfs_fop_write_iter+0x3a1/0x500 [ 833.951698][ T30] vfs_write+0xa72/0xc90 [ 833.958446][ T30] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 833.965040][ T30] ? __pfx_vfs_write+0x10/0x10 [ 833.969889][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 833.994923][ T30] ksys_write+0x1a0/0x2c0 [ 833.999457][ T30] ? __pfx_ksys_write+0x10/0x10 [ 834.007419][ T30] ? do_syscall_64+0x100/0x230 [ 834.019306][ T30] ? do_syscall_64+0xb6/0x230 [ 834.024303][ T30] do_syscall_64+0xf3/0x230 [ 834.028862][ T30] ? clear_bhb_loop+0x35/0x90 [ 834.038215][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.059625][ T30] RIP: 0033:0x7fe60cf7475f [ 834.072165][ T30] RSP: 002b:00007fff8429ab10 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 834.082038][ T30] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fe60cf7475f [ 834.097646][ T30] RDX: 0000000000000003 RSI: 00007fff8429ab60 RDI: 0000000000000005 [ 834.107169][ T30] RBP: 00007fe60cfe45c4 R08: 0000000000000000 R09: 00007fff8429a967 [ 834.137438][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 834.145642][ T30] R13: 00007fff8429ab60 R14: 00007fe60dc34620 R15: 0000000000000003 [ 834.153950][ T30] [ 834.158892][ T30] INFO: task syz.0.1888:12720 blocked for more than 144 seconds. [ 834.175464][ T30] Not tainted 6.10.0-rc7-syzkaller #0 [ 834.181423][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 834.198703][ T30] task:syz.0.1888 state:D stack:23840 pid:12720 tgid:12720 ppid:8942 flags:0x00004006 [ 834.209283][ T30] Call Trace: [ 834.212695][ T30] [ 834.215664][ T30] __schedule+0x1796/0x49d0 [ 834.220322][ T30] ? __pfx___schedule+0x10/0x10 [ 834.232146][ T30] ? __pfx_lock_release+0x10/0x10 [ 834.237254][ T30] ? schedule+0x90/0x320 [ 834.241543][ T30] schedule+0x14b/0x320 [ 834.265174][ T30] schedule_timeout+0xb0/0x310 [ 834.270231][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 834.275813][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 834.281853][ T30] ? wait_for_completion+0x2fe/0x620 [ 834.295869][ T30] ? wait_for_completion+0x2fe/0x620 [ 834.301469][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 834.312140][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 834.317399][ T30] ? wait_for_completion+0x2fe/0x620 [ 834.330644][ T30] wait_for_completion+0x355/0x620 [ 834.336089][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 834.341777][ T30] ? __flush_work+0xe6/0xd00 [ 834.355977][ T30] __flush_work+0xaa9/0xd00 [ 834.362249][ T30] ? __flush_work+0xe6/0xd00 [ 834.366900][ T30] ? __pfx___flush_work+0x10/0x10 [ 834.371965][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 834.392159][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 834.398582][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 834.408291][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 834.419555][ T30] unregister_netdevice_many_notify+0x8a0/0x16b0 [ 834.426106][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 834.435278][ T30] ? __asan_memset+0x23/0x50 [ 834.439925][ T30] ? skb_queue_purge_reason+0x2de/0x500 [ 834.451846][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 834.457437][ T30] unregister_netdevice_queue+0x303/0x370 [ 834.468428][ T30] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 834.481022][ T30] __tun_detach+0x6b6/0x1600 [ 834.485773][ T30] tun_chr_close+0x108/0x1b0 [ 834.490410][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 834.511385][ T30] __fput+0x24a/0x8a0 [ 834.521160][ T30] task_work_run+0x24f/0x310 [ 834.526099][ T30] ? __pfx_task_work_run+0x10/0x10 [ 834.531279][ T30] ? syscall_exit_to_user_mode+0xa3/0x360 [ 834.545940][ T30] syscall_exit_to_user_mode+0x168/0x360 [ 834.551675][ T30] do_syscall_64+0x100/0x230 [ 834.556601][ T30] ? clear_bhb_loop+0x35/0x90 [ 834.561348][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.568891][ T30] RIP: 0033:0x7f3d0ab75bd9 [ 834.582211][ T30] RSP: 002b:00007fff1d83d618 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 834.590702][ T30] RAX: 0000000000000000 RBX: 00007f3d0ad05a60 RCX: 00007f3d0ab75bd9 [ 834.608487][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 834.620232][ T30] RBP: 00007f3d0ad05a60 R08: 00007f3d0a201000 R09: 0000001d1d83d93f [ 834.650332][ T30] R10: 00000000005e3ae4 R11: 0000000000000246 R12: 00000000000a80a8 [ 834.658724][ T30] R13: 0000000000000032 R14: 00007f3d0ad05a60 R15: 00007f3d0ad04038 [ 834.672171][ T30] [ 834.675280][ T30] INFO: task syz.4.1889:12723 blocked for more than 145 seconds. [ 834.711986][ T30] Not tainted 6.10.0-rc7-syzkaller #0 [ 834.738192][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 834.761936][ T30] task:syz.4.1889 state:D stack:26272 pid:12723 tgid:12722 ppid:11740 flags:0x00004004 [ 834.802306][ T30] Call Trace: [ 834.805743][ T30] [ 834.808712][ T30] __schedule+0x1796/0x49d0 [ 834.820412][ T30] ? __pfx___schedule+0x10/0x10 [ 834.829183][ T30] ? __pfx_lock_release+0x10/0x10 [ 834.842163][ T30] ? schedule+0x90/0x320 [ 834.851594][ T30] schedule+0x14b/0x320 [ 834.862516][ T30] schedule_timeout+0xb0/0x310 [ 834.867369][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 834.884666][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 834.890743][ T30] ? wait_for_completion+0x2fe/0x620 [ 834.902139][ T30] ? wait_for_completion+0x2fe/0x620 [ 834.907491][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 834.915355][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 834.920606][ T30] ? wait_for_completion+0x2fe/0x620 [ 834.942167][ T30] wait_for_completion+0x355/0x620 [ 834.947389][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 834.958420][ T30] ? __init_swait_queue_head+0xae/0x150 [ 834.971293][ T30] __synchronize_srcu+0x357/0x400 [ 834.977511][ T30] ? __mutex_unlock_slowpath+0x21d/0x750 [ 834.985119][ T30] ? __pfx___synchronize_srcu+0x10/0x10 [ 834.990820][ T30] ? __pfx_wakeme_after_rcu+0x10/0x10 [ 835.006383][ T30] kvm_swap_active_memslots+0x2ea/0x3d0 [ 835.012174][ T30] kvm_set_memslot+0x6ca/0x1280 [ 835.017186][ T30] ? __kvm_set_memory_region+0x6ff/0xb00 [ 835.023149][ T30] __kvm_set_memory_region+0x903/0xb00 [ 835.028678][ T30] kvm_vm_ioctl_set_memory_region+0x6d/0xa0 [ 835.043356][ T30] kvm_vm_ioctl+0xa45/0xd30 [ 835.047957][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 835.053112][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 835.059575][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 835.081136][ T30] ? tomoyo_path_number_perm+0x71a/0x880 [ 835.097725][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 835.112281][ T30] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 835.118389][ T30] ? smack_file_ioctl+0x356/0x3a0 [ 835.128377][ T30] ? __pfx_smack_file_ioctl+0x10/0x10 [ 835.139931][ T30] ? __fget_files+0x29/0x470 [ 835.144975][ T30] ? __fget_files+0x3f6/0x470 [ 835.149702][ T30] ? __fget_files+0x29/0x470 [ 835.156772][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 835.161768][ T30] ? security_file_ioctl+0x87/0xb0 [ 835.172172][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 835.177291][ T30] __se_sys_ioctl+0xfc/0x170 [ 835.189057][ T30] do_syscall_64+0xf3/0x230 [ 835.198472][ T30] ? clear_bhb_loop+0x35/0x90 [ 835.203562][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.209599][ T30] RIP: 0033:0x7f8dc6b75bd9 [ 835.219839][ T30] RSP: 002b:00007f8dc786d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 835.242378][ T30] RAX: ffffffffffffffda RBX: 00007f8dc6d03f60 RCX: 00007f8dc6b75bd9 [ 835.250428][ T30] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 835.274443][ T30] RBP: 00007f8dc6be4e60 R08: 0000000000000000 R09: 0000000000000000 [ 835.285328][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 835.298466][ T30] R13: 000000000000000b R14: 00007f8dc6d03f60 R15: 00007ffebb941378 [ 835.315204][ T30] [ 835.318365][ T30] INFO: task syz.4.1889:12725 blocked for more than 145 seconds. [ 835.335374][ T30] Not tainted 6.10.0-rc7-syzkaller #0 [ 835.341346][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 835.366677][ T30] task:syz.4.1889 state:D stack:27200 pid:12725 tgid:12722 ppid:11740 flags:0x00000004 [ 835.378257][ T30] Call Trace: [ 835.381575][ T30] [ 835.397302][ T30] __schedule+0x1796/0x49d0 [ 835.401921][ T30] ? __pfx___schedule+0x10/0x10 [ 835.412163][ T30] ? __pfx_lock_release+0x10/0x10 [ 835.417266][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 835.428225][ T30] ? schedule+0x90/0x320 [ 835.437321][ T30] schedule+0x14b/0x320 [ 835.441538][ T30] schedule_preempt_disabled+0x13/0x30 [ 835.447307][ T30] __mutex_lock+0x6a4/0xd70 [ 835.451861][ T30] ? __mutex_lock+0x527/0xd70 [ 835.465097][ T30] ? kvm_vm_ioctl_set_memory_region+0x62/0xa0 [ 835.471298][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 835.488867][ T30] ? tomoyo_path_number_perm+0x68d/0x880 [ 835.499850][ T30] ? __might_fault+0xc6/0x120 [ 835.506023][ T30] kvm_vm_ioctl_set_memory_region+0x62/0xa0 [ 835.515932][ T30] kvm_vm_ioctl+0xa45/0xd30 [ 835.520954][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 835.532172][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 835.538585][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 835.549470][ T30] ? tomoyo_path_number_perm+0x71a/0x880 [ 835.562588][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 835.568301][ T30] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 835.575870][ T30] ? smack_file_ioctl+0x356/0x3a0 [ 835.580971][ T30] ? __pfx_smack_file_ioctl+0x10/0x10 [ 835.589692][ T30] ? __fget_files+0x29/0x470 [ 835.599885][ T30] ? __fget_files+0x3f6/0x470 [ 835.613307][ T30] ? __fget_files+0x29/0x470 [ 835.618085][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 835.631678][ T30] ? security_file_ioctl+0x87/0xb0 [ 835.640943][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 835.651171][ T30] __se_sys_ioctl+0xfc/0x170 [ 835.655873][ T30] do_syscall_64+0xf3/0x230 [ 835.660430][ T30] ? clear_bhb_loop+0x35/0x90 [ 835.672150][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.678155][ T30] RIP: 0033:0x7f8dc6b757db [ 835.687006][ T30] RSP: 002b:00007f8dc65fd4a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 835.699824][ T30] RAX: ffffffffffffffda RBX: 00007f8dc65fdbf0 RCX: 00007f8dc6b757db [ 835.714545][ T30] RDX: 00007f8dc65fdbf0 RSI: 000000004020ae46 RDI: 0000000000000004 [ 835.728673][ T30] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000000 [ 835.750904][ T30] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 835.767480][ T30] R13: 0000000020001000 R14: 0000000020000000 R15: 00000000fec00000 [ 835.782168][ T30] [ 835.785452][ T30] INFO: task syz.4.1889:12728 blocked for more than 146 seconds. [ 835.800706][ T30] Not tainted 6.10.0-rc7-syzkaller #0 [ 835.819998][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 835.837232][ T30] task:syz.4.1889 state:D stack:25632 pid:12728 tgid:12722 ppid:11740 flags:0x00000004 [ 835.847739][ T30] Call Trace: [ 835.851054][ T30] [ 835.862162][ T30] __schedule+0x1796/0x49d0 [ 835.866778][ T30] ? __pfx___schedule+0x10/0x10 [ 835.871673][ T30] ? __pfx_lock_release+0x10/0x10 [ 835.877799][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 835.907580][ T30] ? schedule+0x90/0x320 [ 835.912031][ T30] schedule+0x14b/0x320 [ 835.927079][ T30] schedule_preempt_disabled+0x13/0x30 [ 835.936402][ T30] __mutex_lock+0x6a4/0xd70 [ 835.941336][ T30] ? __mutex_lock+0x527/0xd70 [ 835.946636][ T30] ? kvm_vm_ioctl_register_coalesced_mmio+0x11d/0x330 [ 835.961925][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 835.968363][ T30] ? __kasan_kmalloc+0x98/0xb0 [ 835.973268][ T30] ? kvm_vm_ioctl_register_coalesced_mmio+0x8d/0x330 [ 835.980084][ T30] ? kvm_vm_ioctl_register_coalesced_mmio+0x10d/0x330 [ 835.992150][ T30] kvm_vm_ioctl_register_coalesced_mmio+0x11d/0x330 [ 836.006088][ T30] kvm_vm_ioctl+0x988/0xd30 [ 836.010704][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 836.022151][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 836.028556][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 836.051646][ T30] ? __pfx_lock_release+0x10/0x10 [ 836.056808][ T30] ? kfree+0x149/0x360 [ 836.060934][ T30] ? tomoyo_path_number_perm+0x71a/0x880 [ 836.075490][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 836.081330][ T30] ? smack_file_ioctl+0x356/0x3a0 [ 836.086592][ T30] ? __pfx_smack_file_ioctl+0x10/0x10 [ 836.099552][ T30] ? __fget_files+0x29/0x470 [ 836.110727][ T30] ? __fget_files+0x3f6/0x470 [ 836.122162][ T30] ? __fget_files+0x29/0x470 [ 836.126838][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 836.131817][ T30] ? security_file_ioctl+0x87/0xb0 [ 836.146934][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 836.152189][ T30] __se_sys_ioctl+0xfc/0x170 [ 836.156837][ T30] do_syscall_64+0xf3/0x230 [ 836.161479][ T30] ? clear_bhb_loop+0x35/0x90 [ 836.182179][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.194319][ T30] RIP: 0033:0x7f8dc6b75bd9 [ 836.199330][ T30] RSP: 002b:00007f8dc65de048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 836.220257][ T30] RAX: ffffffffffffffda RBX: 00007f8dc6d04110 RCX: 00007f8dc6b75bd9 [ 836.229697][ T30] RDX: 00000000200001c0 RSI: 000000004010ae67 RDI: 0000000000000004 [ 836.245095][ T30] RBP: 00007f8dc6be4e60 R08: 0000000000000000 R09: 0000000000000000 [ 836.262171][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 836.272982][ T30] R13: 000000000000006e R14: 00007f8dc6d04110 R15: 00007ffebb941378 [ 836.281780][ T30] [ 836.291024][ T30] [ 836.291024][ T30] Showing all locks held in the system: [ 836.298909][ T30] 2 locks held by kworker/0:1/9: [ 836.306514][ T30] 1 lock held by khungtaskd/30: [ 836.311412][ T30] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 836.328573][ T30] 3 locks held by kworker/u8:11/3849: [ 836.352063][ T30] #0: ffff88802a55f148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 836.366745][ T30] #1: ffffc9000b807d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 836.388963][ T30] #2: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 836.398998][ T30] 2 locks held by getty/4840: [ 836.408812][ T30] #0: ffff88802b17f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 836.425148][ T30] #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 836.442759][ T30] 2 locks held by kworker/0:5/5139: [ 836.448120][ T30] 3 locks held by kworker/1:6/5143: [ 836.455772][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 836.473858][ T30] #1: ffffc90004227d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 836.505499][ T30] #2: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 836.528256][ T30] 1 lock held by syz.2.1832/12500: [ 836.534948][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 836.552151][ T30] 7 locks held by syz-executor/12608: [ 836.557583][ T30] #0: ffff88802fffa420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 836.574318][ T30] #1: ffff888050426088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 836.584238][ T30] #2: ffff8880230123c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 836.602198][ T30] #3: ffffffff8eee1f28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 836.617135][ T30] #4: ffff88802cffd0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 836.651005][ T30] #5: ffff88802cffe250 (&devlink->lock_key#16){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 836.668668][ T30] #6: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: nsim_create+0x408/0x890 [ 836.680170][ T30] 1 lock held by syz.1.1885/12713: [ 836.691351][ T30] 2 locks held by syz.0.1888/12720: [ 836.696665][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 836.706029][ T30] #1: ffffffff8e1ce5b0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x607/0x16b0 [ 836.729349][ T30] 1 lock held by syz.4.1889/12723: [ 836.734717][ T30] #0: ffffc9000f13b0a8 (&kvm->slots_lock){+.+.}-{3:3}, at: kvm_vm_ioctl_set_memory_region+0x62/0xa0 [ 836.752145][ T30] 1 lock held by syz.4.1889/12725: [ 836.757320][ T30] #0: ffffc9000f13b0a8 (&kvm->slots_lock){+.+.}-{3:3}, at: kvm_vm_ioctl_set_memory_region+0x62/0xa0 [ 836.790740][ T30] 1 lock held by syz.4.1889/12728: [ 836.796032][ T30] #0: ffffc9000f13b0a8 (&kvm->slots_lock){+.+.}-{3:3}, at: kvm_vm_ioctl_register_coalesced_mmio+0x11d/0x330 [ 836.816657][ T30] 2 locks held by syz.3.1893/12742: [ 836.823530][ T30] #0: ffff88801cee4678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 836.852267][ T30] #1: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0x5d3/0xe50 [ 836.862035][ T30] 1 lock held by syz-executor/12745: [ 836.874283][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 836.887791][ T30] 1 lock held by syz-executor/12749: [ 836.896730][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 836.912970][ T30] 1 lock held by syz-executor/12751: [ 836.918306][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 836.944467][ T30] 1 lock held by syz-executor/12754: [ 836.949835][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 836.962130][ T30] 1 lock held by syz-executor/12757: [ 836.967466][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 836.985167][ T30] 1 lock held by syz-executor/12763: [ 836.990806][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.012020][ T30] 1 lock held by syz-executor/12768: [ 837.019262][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.030208][ T30] 1 lock held by syz-executor/12769: [ 837.042229][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.069405][ T30] 1 lock held by syz-executor/12775: [ 837.074905][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.085761][ T30] 1 lock held by syz-executor/12779: [ 837.091081][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.109728][ T30] 1 lock held by syz-executor/12782: [ 837.122409][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.133269][ T30] 1 lock held by syz-executor/12788: [ 837.138886][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.157541][ T30] 1 lock held by syz-executor/12791: [ 837.172151][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.181780][ T30] 1 lock held by syz-executor/12794: [ 837.210395][ T30] #0: ffffffff8f5d4908 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 837.226203][ T30] [ 837.230111][ T30] ============================================= [ 837.230111][ T30] [ 837.251620][ T30] NMI backtrace for cpu 1 [ 837.256009][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller #0 [ 837.264274][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 837.274368][ T30] Call Trace: [ 837.277672][ T30] [ 837.280628][ T30] dump_stack_lvl+0x241/0x360 [ 837.285355][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 837.290595][ T30] ? __pfx__printk+0x10/0x10 [ 837.295216][ T30] ? vprintk_emit+0x631/0x770 [ 837.299940][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 837.305011][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 837.309990][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 837.315566][ T30] ? _printk+0xd5/0x120 [ 837.319766][ T30] ? __pfx__printk+0x10/0x10 [ 837.324495][ T30] ? __wake_up_klogd+0xcc/0x110 [ 837.329387][ T30] ? __pfx__printk+0x10/0x10 [ 837.334017][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 837.339106][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 837.345139][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 837.351165][ T30] watchdog+0xfde/0x1020 [ 837.355445][ T30] ? watchdog+0x1ea/0x1020 [ 837.359898][ T30] ? __pfx_watchdog+0x10/0x10 [ 837.364610][ T30] kthread+0x2f0/0x390 [ 837.368721][ T30] ? __pfx_watchdog+0x10/0x10 [ 837.373431][ T30] ? __pfx_kthread+0x10/0x10 [ 837.378065][ T30] ret_from_fork+0x4b/0x80 [ 837.382526][ T30] ? __pfx_kthread+0x10/0x10 [ 837.387157][ T30] ret_from_fork_asm+0x1a/0x30 [ 837.391978][ T30] [ 837.396133][ T30] Sending NMI from CPU 1 to CPUs 0: [ 837.401392][ C0] NMI backtrace for cpu 0 [ 837.401408][ C0] CPU: 0 PID: 12713 Comm: syz.1.1885 Not tainted 6.10.0-rc7-syzkaller #0 [ 837.401427][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 837.401440][ C0] RIP: 0010:unwind_get_return_address+0x80/0xc0 [ 837.401473][ C0] Code: 8b 3b e8 73 44 21 00 89 c5 31 ff 89 c6 e8 68 3c 55 00 85 ed 74 20 e8 1f 38 55 00 43 80 3c 37 00 74 08 48 89 df e8 c0 a3 b7 00 <48> 8b 03 eb 0e e8 06 38 55 00 eb 05 e8 ff 37 55 00 31 c0 5b 41 5e [ 837.401490][ C0] RSP: 0018:ffffc90000005f18 EFLAGS: 00000046 [ 837.401507][ C0] RAX: ffffffff8140eea1 RBX: ffffc90000005f88 RCX: ffff888027c4bc00 [ 837.401522][ C0] RDX: 0000000080010304 RSI: 0000000000000001 RDI: 0000000000000000 [ 837.401534][ C0] RBP: 0000000000000001 R08: ffffffff8140ee98 R09: ffffffff8141095f [ 837.401548][ C0] R10: 0000000000000003 R11: ffff888027c4bc00 R12: ffff888027c4bc00 [ 837.401562][ C0] R13: ffffffff8181dca0 R14: dffffc0000000000 R15: 1ffff92000000bf1 [ 837.401577][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 837.401593][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 837.401606][ C0] CR2: 0000001b30cf8ff8 CR3: 000000000e132000 CR4: 00000000003526f0 [ 837.401623][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 837.401634][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 837.401646][ C0] Call Trace: [ 837.401654][ C0] [ 837.401661][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 837.401682][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 837.401705][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 837.401725][ C0] ? nmi_handle+0x2a/0x5a0 [ 837.401762][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 837.401783][ C0] ? nmi_handle+0x14f/0x5a0 [ 837.401810][ C0] ? nmi_handle+0x2a/0x5a0 [ 837.401839][ C0] ? unwind_get_return_address+0x80/0xc0 [ 837.401864][ C0] ? default_do_nmi+0x63/0x160 [ 837.401886][ C0] ? exc_nmi+0x123/0x1f0 [ 837.401906][ C0] ? end_repeat_nmi+0xf/0x53 [ 837.401934][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 837.401967][ C0] ? unwind_next_frame+0x196f/0x2a00 [ 837.401991][ C0] ? unwind_get_return_address+0x68/0xc0 [ 837.402015][ C0] ? unwind_get_return_address+0x71/0xc0 [ 837.402047][ C0] ? unwind_get_return_address+0x80/0xc0 [ 837.402074][ C0] ? unwind_get_return_address+0x80/0xc0 [ 837.402103][ C0] ? unwind_get_return_address+0x80/0xc0 [ 837.402132][ C0] [ 837.402139][ C0] [ 837.402146][ C0] ? ieee80211_rx_napi+0x18a/0x3c0 [ 837.402175][ C0] arch_stack_walk+0x125/0x1b0 [ 837.402211][ C0] ? ieee80211_handle_queued_frames+0xe7/0x1e0 [ 837.402246][ C0] stack_trace_save+0x118/0x1d0 [ 837.402278][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 837.402316][ C0] ? debug_check_no_obj_freed+0x561/0x580 [ 837.402348][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 837.402379][ C0] ? __pfx_lock_release+0x10/0x10 [ 837.402404][ C0] kasan_save_track+0x3f/0x80 [ 837.402435][ C0] ? kasan_save_track+0x3f/0x80 [ 837.402465][ C0] ? kasan_save_free_info+0x40/0x50 [ 837.402491][ C0] ? poison_slab_object+0xe0/0x150 [ 837.402522][ C0] ? __kasan_slab_free+0x37/0x60 [ 837.402549][ C0] ? kfree+0x149/0x360 [ 837.402569][ C0] ? dummy_timer+0x7ce/0x45d0 [ 837.402588][ C0] ? __hrtimer_run_queues+0x59b/0xd50 [ 837.402613][ C0] ? hrtimer_interrupt+0x396/0x990 [ 837.402637][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 837.402664][ C0] ? sysvec_apic_timer_interrupt+0x52/0xc0 [ 837.402688][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 837.402714][ C0] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 837.402733][ C0] ? unwind_next_frame+0x6ef/0x2a00 [ 837.402758][ C0] ? arch_stack_walk+0x151/0x1b0 [ 837.402784][ C0] ? stack_trace_save+0x118/0x1d0 [ 837.402811][ C0] ? kasan_save_track+0x3f/0x80 [ 837.402837][ C0] ? kasan_save_free_info+0x40/0x50 [ 837.402859][ C0] ? poison_slab_object+0xe0/0x150 [ 837.402886][ C0] ? __kasan_slab_free+0x37/0x60 [ 837.402912][ C0] ? kfree+0x149/0x360 [ 837.402931][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 837.402956][ C0] ? cfg80211_inform_single_bss_data+0x1121/0x2360 [ 837.402979][ C0] ? cfg80211_inform_bss_data+0x3dd/0x5a70 [ 837.403001][ C0] ? cfg80211_inform_bss_frame_data+0x3bc/0x720 [ 837.403029][ C0] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 837.403056][ C0] ? ieee80211_scan_rx+0x526/0x9c0 [ 837.403081][ C0] ? ieee80211_rx_list+0x2b00/0x3780 [ 837.403107][ C0] ? ieee80211_rx_napi+0x18a/0x3c0 [ 837.403151][ C0] ? dummy_timer+0x7ce/0x45d0 [ 837.403169][ C0] kasan_save_free_info+0x40/0x50 [ 837.403193][ C0] poison_slab_object+0xe0/0x150 [ 837.403222][ C0] __kasan_slab_free+0x37/0x60 [ 837.403250][ C0] ? dummy_timer+0x7ce/0x45d0 [ 837.403269][ C0] kfree+0x149/0x360 [ 837.403292][ C0] dummy_timer+0x7ce/0x45d0 [ 837.403318][ C0] ? __pfx_lock_release+0x10/0x10 [ 837.403349][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 837.403380][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 837.403413][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 837.403446][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 837.403470][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 837.403490][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 837.403517][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 837.403548][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 837.403580][ C0] hrtimer_interrupt+0x396/0x990 [ 837.403620][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 837.403649][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 837.403674][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 837.403702][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 [ 837.403722][ C0] Code: 8b 3d 0c 3c 44 0c 48 89 de 5b e9 c3 f6 56 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 80 d4 03 00 65 8b 15 b0 ad 6d 7e f7 c2 00 01 ff 00 [ 837.403737][ C0] RSP: 0018:ffffc90000006a00 EFLAGS: 00000202 [ 837.403753][ C0] RAX: ffffffff8140f6df RBX: 0000000000000003 RCX: ffff888027c4bc00 [ 837.403767][ C0] RDX: 0000000000000002 RSI: ffffffff8e1a1360 RDI: 0000000000000003 [ 837.403779][ C0] RBP: ffffffff90cf1776 R08: 0000000000000003 R09: ffffffff8140f6b2 [ 837.403793][ C0] R10: 0000000000000002 R11: ffff888027c4bc00 R12: ffffffff90274a00 [ 837.403806][ C0] R13: dffffc0000000000 R14: 1ffff92000000d5c R15: ffffffff90cf1772 [ 837.403824][ C0] ? unwind_next_frame+0x6c2/0x2a00 [ 837.403850][ C0] ? unwind_next_frame+0x6ef/0x2a00 [ 837.403879][ C0] unwind_next_frame+0x6ef/0x2a00 [ 837.403907][ C0] ? entry_SYSCALL_64_after_hwframe+0x76/0x7f [ 837.403935][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.403961][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.403988][ C0] ? __kernel_text_address+0xd/0x40 [ 837.404013][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.404043][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 837.404073][ C0] arch_stack_walk+0x151/0x1b0 [ 837.404105][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.404134][ C0] stack_trace_save+0x118/0x1d0 [ 837.404164][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 837.404194][ C0] ? mark_lock+0x9a/0x350 [ 837.404219][ C0] kasan_save_track+0x3f/0x80 [ 837.404245][ C0] ? kasan_save_track+0x3f/0x80 [ 837.404269][ C0] ? kasan_save_free_info+0x40/0x50 [ 837.404292][ C0] ? poison_slab_object+0xe0/0x150 [ 837.404319][ C0] ? __kasan_slab_free+0x37/0x60 [ 837.404345][ C0] ? kfree+0x149/0x360 [ 837.404364][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 837.404390][ C0] ? cfg80211_inform_single_bss_data+0x1121/0x2360 [ 837.404413][ C0] ? cfg80211_inform_bss_data+0x3dd/0x5a70 [ 837.404435][ C0] ? cfg80211_inform_bss_frame_data+0x3bc/0x720 [ 837.404457][ C0] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 837.404483][ C0] ? ieee80211_scan_rx+0x526/0x9c0 [ 837.404508][ C0] ? ieee80211_rx_list+0x2b00/0x3780 [ 837.404533][ C0] ? ieee80211_rx_napi+0x18a/0x3c0 [ 837.404557][ C0] ? ieee80211_handle_queued_frames+0xe7/0x1e0 [ 837.404583][ C0] ? tasklet_action_common+0x321/0x4d0 [ 837.404603][ C0] ? handle_softirqs+0x2c4/0x970 [ 837.404619][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 837.404636][ C0] ? irq_exit_rcu+0x9/0x30 [ 837.404652][ C0] ? sysvec_apic_timer_interrupt+0xa6/0xc0 [ 837.404676][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 837.404703][ C0] ? rcu_is_watching+0x5a/0xb0 [ 837.404723][ C0] ? lock_acquire+0xe3/0x550 [ 837.404740][ C0] ? mod_memcg_page_state+0xb7/0x770 [ 837.404763][ C0] ? vfree+0x17c/0x2e0 [ 837.404784][ C0] ? kcov_close+0x2b/0x50 [ 837.404802][ C0] ? __fput+0x24a/0x8a0 [ 837.404823][ C0] ? task_work_run+0x24f/0x310 [ 837.404846][ C0] ? do_exit+0xa27/0x27e0 [ 837.404868][ C0] ? do_group_exit+0x207/0x2c0 [ 837.404889][ C0] ? get_signal+0x16a1/0x1740 [ 837.404915][ C0] ? arch_do_signal_or_restart+0x96/0x860 [ 837.404937][ C0] ? syscall_exit_to_user_mode+0xc9/0x360 [ 837.404962][ C0] ? do_syscall_64+0x100/0x230 [ 837.404989][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.405035][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 837.405060][ C0] kasan_save_free_info+0x40/0x50 [ 837.405083][ C0] poison_slab_object+0xe0/0x150 [ 837.405113][ C0] __kasan_slab_free+0x37/0x60 [ 837.405141][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 837.405166][ C0] kfree+0x149/0x360 [ 837.405189][ C0] ieee80211_inform_bss+0xbb2/0x1080 [ 837.405221][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 837.405252][ C0] ? cfg80211_inform_single_bss_data+0xd78/0x2360 [ 837.405275][ C0] ? cfg80211_inform_single_bss_data+0xfc2/0x2360 [ 837.405300][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 837.405328][ C0] cfg80211_inform_single_bss_data+0x1121/0x2360 [ 837.405360][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 837.405396][ C0] ? timekeeping_get_ns+0x2c0/0x420 [ 837.405426][ C0] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 837.405452][ C0] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 837.405474][ C0] ? lapic_next_event+0x11/0x20 [ 837.405501][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 837.405535][ C0] ? mark_lock+0x9a/0x350 [ 837.405560][ C0] ? __pfx_validate_chain+0x10/0x10 [ 837.405586][ C0] ? validate_chain+0x11e/0x5900 [ 837.405621][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 837.405645][ C0] ? __pfx_validate_chain+0x10/0x10 [ 837.405668][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 837.405688][ C0] ? mark_lock+0x9a/0x350 [ 837.405708][ C0] ? __pfx_lock_release+0x10/0x10 [ 837.405729][ C0] ? __lock_acquire+0x1346/0x1fd0 [ 837.405767][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 837.405786][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 837.405817][ C0] cfg80211_inform_bss_frame_data+0x3bc/0x720 [ 837.405847][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 837.405873][ C0] ieee80211_bss_info_update+0x8a7/0xbc0 [ 837.405905][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 837.405938][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 837.405957][ C0] ? kcov_remote_start+0x9e/0x7e0 [ 837.405977][ C0] ? ieee80211_get_channel_khz+0x173/0x920 [ 837.406002][ C0] ieee80211_scan_rx+0x526/0x9c0 [ 837.406079][ C0] ieee80211_rx_list+0x2b00/0x3780 [ 837.406106][ C0] ? __lock_acquire+0x1346/0x1fd0 [ 837.406133][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 837.406167][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 837.406188][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 837.406210][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 837.406235][ C0] ? ieee80211_rx_napi+0xd6/0x3c0 [ 837.406260][ C0] ieee80211_rx_napi+0x18a/0x3c0 [ 837.406287][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 837.406319][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 837.406349][ C0] ? skb_dequeue+0x113/0x150 [ 837.406369][ C0] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 837.406399][ C0] tasklet_action_common+0x321/0x4d0 [ 837.406424][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 837.406450][ C0] ? workqueue_softirq_action+0xca/0x140 [ 837.406475][ C0] handle_softirqs+0x2c4/0x970 [ 837.406496][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 837.406517][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 837.406538][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 837.406566][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 837.406585][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 837.406609][ C0] irq_exit_rcu+0x9/0x30 [ 837.406625][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 837.406651][ C0] [ 837.406658][ C0] [ 837.406665][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 837.406693][ C0] RIP: 0010:rcu_is_watching+0x5a/0xb0 [ 837.406714][ C0] Code: f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 bc 3e 7c 00 48 c7 c3 c8 7c 03 00 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 22 8b 03 65 ff 0d b1 80 87 7e 74 10 83 e0 04 c1 e8 02 5b [ 837.406729][ C0] RSP: 0018:ffffc9000ade76a0 EFLAGS: 00000a06 [ 837.406744][ C0] RAX: 0000000000000000 RBX: ffff8880b9437cc8 RCX: ffffffff81726744 [ 837.406757][ C0] RDX: 0000000000000000 RSI: ffffffff8c1f1520 RDI: ffffffff8c1f14e0 [ 837.406771][ C0] RBP: ffffc9000ade7808 R08: ffffffff8fac1d2f R09: 1ffffffff1f583a5 [ 837.406785][ C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: 1ffff920015bcee0 [ 837.406799][ C0] R13: dffffc0000000000 R14: ffffffff8dda59e0 R15: dffffc0000000000 [ 837.406819][ C0] ? lock_acquire+0xd4/0x550 [ 837.406842][ C0] lock_acquire+0xe3/0x550 [ 837.406865][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 837.406897][ C0] mod_memcg_page_state+0xb7/0x770 [ 837.406921][ C0] ? mod_memcg_page_state+0x96/0x770 [ 837.406945][ C0] ? __pfx___might_resched+0x10/0x10 [ 837.406967][ C0] ? mod_memcg_page_state+0x96/0x770 [ 837.406992][ C0] ? __pfx_mod_memcg_page_state+0x10/0x10 [ 837.407017][ C0] ? free_unref_page+0x634/0xea0 [ 837.407048][ C0] vfree+0x17c/0x2e0 [ 837.407073][ C0] kcov_close+0x2b/0x50 [ 837.407092][ C0] ? __pfx_kcov_close+0x10/0x10 [ 837.407111][ C0] __fput+0x24a/0x8a0 [ 837.407142][ C0] task_work_run+0x24f/0x310 [ 837.407170][ C0] ? __pfx_task_work_run+0x10/0x10 [ 837.407197][ C0] ? do_exit+0xa22/0x27e0 [ 837.407218][ C0] ? kmem_cache_free+0x145/0x350 [ 837.407243][ C0] do_exit+0xa27/0x27e0 [ 837.407271][ C0] ? __pfx_do_exit+0x10/0x10 [ 837.407295][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 837.407325][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 837.407347][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 837.407366][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 837.407397][ C0] do_group_exit+0x207/0x2c0 [ 837.407421][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 837.407448][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 837.407475][ C0] get_signal+0x16a1/0x1740 [ 837.407513][ C0] ? __pfx_get_signal+0x10/0x10 [ 837.407540][ C0] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 837.407565][ C0] arch_do_signal_or_restart+0x96/0x860 [ 837.407590][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 837.407612][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 837.407639][ C0] ? syscall_exit_to_user_mode+0xa3/0x360 [ 837.407667][ C0] syscall_exit_to_user_mode+0xc9/0x360 [ 837.407695][ C0] do_syscall_64+0x100/0x230 [ 837.407723][ C0] ? clear_bhb_loop+0x35/0x90 [ 837.407750][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.407775][ C0] RIP: 0033:0x7f2418375c97 [ 837.407791][ C0] Code: Unable to access opcode bytes at 0x7f2418375c6d. [ 837.407800][ C0] RSP: 002b:00007ffc824692b8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 837.407817][ C0] RAX: 0000000000000000 RBX: 00007f24191726c0 RCX: 00007f2418375c97 [ 837.407830][ C0] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f2419153000 [ 837.407843][ C0] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 837.407854][ C0] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffc82469510 [ 837.407867][ C0] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 837.407889][ C0] [ 839.006200][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 839.013111][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller #0 [ 839.021307][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 839.031397][ T30] Call Trace: [ 839.034712][ T30] [ 839.037674][ T30] dump_stack_lvl+0x241/0x360 [ 839.042399][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 839.047637][ T30] ? __pfx__printk+0x10/0x10 [ 839.052282][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 839.058392][ T30] ? vscnprintf+0x5d/0x90 [ 839.062760][ T30] panic+0x349/0x860 [ 839.066696][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 839.072882][ T30] ? __pfx_panic+0x10/0x10 [ 839.077335][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 839.082744][ T30] ? __irq_work_queue_local+0x137/0x410 [ 839.088324][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 839.093730][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 839.099925][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 839.106125][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 839.112321][ T30] watchdog+0x101d/0x1020 [ 839.116689][ T30] ? watchdog+0x1ea/0x1020 [ 839.121156][ T30] ? __pfx_watchdog+0x10/0x10 [ 839.125870][ T30] kthread+0x2f0/0x390 [ 839.129979][ T30] ? __pfx_watchdog+0x10/0x10 [ 839.134690][ T30] ? __pfx_kthread+0x10/0x10 [ 839.139320][ T30] ret_from_fork+0x4b/0x80 [ 839.144385][ T30] ? __pfx_kthread+0x10/0x10 [ 839.149016][ T30] ret_from_fork_asm+0x1a/0x30 [ 839.154011][ T30] [ 839.159398][ T30] Kernel Offset: disabled [ 839.163747][ T30] Rebooting in 86400 seconds..