last executing test programs: 13.025459377s ago: executing program 4 (id=2123): sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x30, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0x14}}}, 0x30}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x11, 0x4, 0x4, 0xa, 0x4}, 0x9c) 12.912936358s ago: executing program 4 (id=2124): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, 0x0, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000000)={@rand_addr, @loopback, 0x0}, &(0x7f0000000840)=0xc) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = dup(r2) r4 = memfd_create(&(0x7f0000000200)='&\x00\x00\x1a\xa0mLB\"\x82-/\xceM\xd1f\xe2\x8db\xb4b\x8f\xc9\xe1\xda\xfej9\xe5\x88\x03\xe0.\x82\xbc \a\xe4 \xca~\xfd\x80\xf2\xb8\xb0\xfcd\x1fM\xd7+\x19;a\n7d\xa3\xd8U\xd2\x11\x8a\x13\xc9\x9dw\xe2\xb1\xa0V#a\xd6Q(\xf1\xaa\xc8\\\x8d\xf0\xf4\x0e\xf5\xab\x13\xc8\x0f\x03\xf4\x8d\xcfc\xc31s;\xad\xb5\xde\xd1\xb9\xaa\xf1\xac|\x9c-I\x1b\x17\xd4\xd3\x1c\xf7\x18\x0f\xd5A\x19\xbbP\x8e\xc9\xf9\xd8w\xbc\x01\xde\xa2h\xfa\x06\xf2\xdc\xc6\x9e@&v\xc0\xea\xa9\xdb\xad\rE\xcap\xef\x17*!\xb74\x8b\xc5uNK\x8cUh\xb4\x1aM\x968\xc1*B\x9dQ\xca?\x9f\xb36\xb2\xb8\xe3\xc4\x11\b+l{\xa2n\xf7\xf2\t8O\x8b\xf6\xbf#^\xd5\xa6\xe8\xa8\xc6\xff\xbf\xa2QH\x1dD\x0e\xff,FZ\x80i\xaa\xeat\xc7y?', 0x4) ftruncate(r4, 0x200000) preadv2(r4, &(0x7f0000001600)=[{0x0}, {&(0x7f0000000040)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=ANY=[], 0x4c}}, 0x20000084) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000f80)=ANY=[@ANYBLOB="280000000306010400000000000000000000000005200100070000000900020073797a3200000000"], 0x28}}, 0x0) setsockopt$MRT_ASSERT(r3, 0x0, 0xcf, &(0x7f0000000200), 0x4) r6 = socket$igmp(0x2, 0x3, 0x2) getsockopt$ARPT_SO_GET_INFO(r6, 0x0, 0x60, &(0x7f0000000100)={'filter\x00', 0x0, [0x20, 0x5, 0x8]}, &(0x7f0000000180)=0x44) r7 = socket$igmp(0x2, 0x3, 0x2) ioctl$BTRFS_IOC_SUBVOL_CREATE(0xffffffffffffffff, 0x89e0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="7c00e00300"/20, @ANYRESOCT, @ANYRESHEX, @ANYBLOB="e349068f84965401000000000000008ada43b3185be0dea48c4a980303f3c247a9090000000000000021d2e9f1c182606ac601444234b50b960c13588132f0c7619d40565cb987544a6f3c5a2f8f1057299835d0c92323e5e028ce952f42cb675b036df20bdbeac6ed95dd9a3c9198fa5c13dedd34cf6779bb1dcc0c7169f5b606cc9e3ca95badf125732d11668a41d613b51982cbd93efe8babc7cf98894cd570792a", @ANYRES64=r2, @ANYRES64, @ANYRES64, @ANYRES32=0x0, @ANYRESDEC, @ANYRES16=r5, @ANYBLOB="001ff9d0d1ddd447915858b711fbf6e5f1640c39e00c0584d70f7e8e4f7eee3f04249f6051968d3f8479c862c5fcf62011a12ff7df8ed6705c6c65d32b0a7d9a5eb2183feafb5dccb56102efeddc05cdd4a3b6e18f6bf682f4d8a2f1901f672c", @ANYRESOCT=r7], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280), 0x24142, 0x0) setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000000800), 0x4) setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x4, 0x5, 0x2293, @vifc_lcl_ifindex=r1, @loopback}, 0x10) setsockopt$MRT_DONE(r6, 0x0, 0xc9, 0x0, 0x0) 12.66760377s ago: executing program 4 (id=2127): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x10, 0x5, 0x490, 0x2d0, 0xf0, 0xffffffff, 0xf0, 0x1e0, 0x3c0, 0x3c0, 0xffffffff, 0x3c0, 0x3c0, 0x5, 0x0, {[{{@ipv6={@private0, @private2, [], [], 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x1, @ipv6=@remote, @ipv6=@private2}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@empty, @ipv4=@dev, @port, @gre_key}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4, @port, @gre_key}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv4, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4f0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x38, r4, 0x5, 0x2, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x38}}, 0x0) r5 = socket$inet6(0xa, 0x0, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000480)="fb", 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="c0"], 0xc0}, 0x1) recvmmsg(r8, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x3, &(0x7f00000003c0)={0x77359400}) r10 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000140)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_int(r10, &(0x7f0000000200)=0x6, 0x12) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$FS_IOC_GETFSLABEL(r10, 0x81009431, &(0x7f0000000440)) unshare(0x400) r12 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@ifindex, r12, 0x5, 0x0, 0x0, @link_id}, 0x20) r13 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4) sendmsg$NL80211_CMD_FRAME(r13, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r11, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r7, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) r14 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) socket$rxrpc(0x21, 0x2, 0x2) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010000000000000000001700000008000300", @ANYRES32=r15, @ANYBLOB="300f308094000400403a050c5bae9c544ef2b6d713459a7a100001800800020100000000000400038005e7290002000000"], 0x4c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}, [@ldst={0x5, 0x3, 0x0, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x90) 11.188833262s ago: executing program 4 (id=2134): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(r0, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r3, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f00000002c0)={0x458, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x38, [0x200, 0x1, 0x1, 0x8, 0xfffffff9, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x7, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x2, 0x4, 0x8, 0x7e0, 0x10000, 0x3, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x80000000, 0x2, 0x5, 0xc, 0x5, 0x101, 0x1, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x2, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0xc, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x4, 0x1, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x7, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x9, 0xaf72, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x0, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0xcc8, 0x1, 0x9, 0x7, 0x3, 0xb, 0x0, 0x3, 0x2, 0x0, 0x8, 0x6, 0x0, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x0, 0x0, 0x8, 0x2, 0x3e6f9426, 0x6, 0x1, 0x40b, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x0, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x9, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x38, ['!}\x00', '/dev/uhid\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x458}}, 0x4000041) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x1, 0xa}, {0x0, 0x0, 0x2, 0x2, [0x0]}}}}, 0x17) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) close(0x4) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) syz_open_dev$vivid(&(0x7f0000000240), 0x1, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0) 8.985217366s ago: executing program 0 (id=2143): msgget$private(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0}, 0x90) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) stat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f0000000280)='system.posix_acl_access\x00', &(0x7f0000000500)={{}, {0x1, 0x1}, [{0x2, 0x3, 0xee00}, {0x2, 0x2}, {0x2, 0x2}, {0x2, 0x3}, {}, {0x2, 0x7}], {0x4, 0x2}, [{0x8, 0x0, r3}], {0x10, 0x2}, {0x20, 0x2}}, 0x5c, 0x3) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x4000, 0x2000, &(0x7f000000e000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=@allocspi={0x10c, 0x16, 0x1, 0x0, 0x0, {{{@in, @in6=@mcast1}, {@in6=@loopback, 0x0, 0x32}, @in6=@private2}}, [@XFRMA_IF_ID={0x8}, @mark={0xc}]}, 0x10c}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = getpid() process_vm_readv(r6, &(0x7f0000008400), 0x0, &(0x7f0000008640)=[{&(0x7f0000000200)=""/103, 0x67}], 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$team(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000700)={'team0\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r13 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r13, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="380000006800010000000000000000000a00000000000000100008800c0001000000002000000000060007000800000008000500", @ANYRES32=r14], 0x38}}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000001bf53e32c3a6c0311cc108d1c700", @ANYRES32=r12, @ANYBLOB="18005080050009000100000009000100e59e75e84c000000"], 0x34}}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000007c0)={0x58, r8, 0x401, 0x0, 0x0, {}, [{{0x8, 0x1, r9}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0x58}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x5, 0x2) 8.941159833s ago: executing program 4 (id=2144): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(r0, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r3, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f00000002c0)={0x458, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x38, [0x200, 0x1, 0x1, 0x8, 0xfffffff9, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x7, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x2, 0x4, 0x8, 0x7e0, 0x10000, 0x3, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x80000000, 0x2, 0x5, 0xc, 0x5, 0x101, 0x1, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x2, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0xc, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x4, 0x1, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x7, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x9, 0xaf72, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x0, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0xcc8, 0x1, 0x9, 0x7, 0x3, 0xb, 0x0, 0x3, 0x2, 0x0, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x0, 0x0, 0x8, 0x2, 0x3e6f9426, 0x6, 0x1, 0x40b, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x0, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x0, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x9, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x38, ['!}\x00', '/dev/uhid\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x458}}, 0x4000041) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x1, 0xa}, {0x0, 0x0, 0x2, 0x2, [0x0]}}}}, 0x17) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) close(0x4) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) syz_open_dev$vivid(&(0x7f0000000240), 0x1, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0) 8.049499827s ago: executing program 0 (id=2150): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x4a202) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x800}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) getpgid(0xffffffffffffffff) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100)) r3 = openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000000140)='/sys/fs/smackfs/cipso\x00', 0x2, 0x0) preadv(r3, &(0x7f0000000940)=[{&(0x7f0000000580)=""/162, 0xa2}], 0x1, 0xffff, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$snddsp(r4, 0x0, 0x0) 8.016059695s ago: executing program 4 (id=2152): socket(0xa, 0x3, 0x3a) r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01ee00000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="2e003300d00000000802110000010802110000005050505050500000000425030000003e"], 0x4c}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0xffffffffffffffe8}) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000020000102505a1a4400000000101090248000101000000090400000202020000052406000005240000000d240f0100000000feffffffff042401"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0xfeb2, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb0800450000700000000000019078ac1e0001ac1414aa030090c0e1164cdc7d4b9700000000000004000000000000ac1414aa441c0003ac1e000100000000ac14140000000000ac1414aa00000000860600000000441c00"/126], 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r9 = add_key(&(0x7f00000011c0)='big_key\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000002b40)='n', 0x1, 0xffffffffffffffff) keyctl$read(0x2, r9, &(0x7f0000001b40)=""/4096, 0x1000) keyctl$update(0x2, r9, &(0x7f0000000000)='p', 0x1) r10 = io_uring_setup(0x7e7, &(0x7f0000000500)={0x0, 0x40, 0x0, 0xfffffffd, 0x4, 0x0, r8}) close(r10) clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010003000000000000000200000008000100", @ANYRES32=r5, @ANYBLOB="9c76ce82e3568d77a49734ec6f82c027a8c8f74b2bdb10b757f248cb3515a87f11f5763fb3d12af14b84fc305caa72bb812dcaee37f4c5e87ecff9c63957d9aa34790e"], 0x1c}}, 0x0) connect$nfc_raw(r0, &(0x7f0000000080)={0x27, r5}, 0x10) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) 7.021479456s ago: executing program 0 (id=2156): io_setup(0x7, &(0x7f0000000280)=0x0) r1 = openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/power/pm_freeze_timeout', 0x42, 0x0) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0xfffffc98}]) 6.91896204s ago: executing program 1 (id=2157): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xd, 0x64}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400d0}, 0x8000) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_usb_connect(0x6, 0xb3, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000305660205f0503d0c60e010203010902a10002008000660904730400edcd99800724060001992a05240005000d240f014f510000060007000806241a030000072414ffff090006241b898b00000800060009072401f008040007240195030000072401030900000d240202030000000744e806e8ec1d1224020221000a00077ba123052ac44833cb090493ff00befbf5060e2402020000070006ae358badff10240201070408108c9330e5522c74a6"], 0x0) 6.697073013s ago: executing program 2 (id=2159): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) syz_emit_ethernet(0x46, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-(\xb94\xf1\x9c\x83\nbo<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<>\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f00000003c0)=0xff, 0x4) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) io_setup(0x3, &(0x7f0000000180)) write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 6.660114313s ago: executing program 0 (id=2160): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x75}, 0x90) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='jfs\x00', 0x8240, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) recvfrom(r2, 0x0, 0x30, 0x0, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0x178, 0xc, 0x0, 0x178, 0x2c8, 0x258, 0x258, 0x2c8, 0x258, 0x3, 0x0, {[{{@ipv6={@loopback={0x1f0}, @mcast2, [], [], 'team_slave_0\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}, {{@ipv6={@private1, @mcast1, [], [], 'wg2\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8) syz_usb_connect(0x0, 0x24, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r4, @ANYBLOB="010065bd7000fcdbdf254f00000008000300", @ANYRES32, @ANYBLOB="48007a8014000100c396d979a8f802a09c5d7bfaeb3575f21c0002002c8b2ddcc0a3a020196b852ff1e5776edd2fed6a243a33220c000300b38b3e2d8514cc07080004000500000030007a800800040007000000240001006b367eca9776d5c92ac3b99cce28c8dbdebd62217f9c5f46d4b1a11c682b40d61c007a800c000300e028aa46e44ee6830c0003009cf7debf7cdf5a207c007a80080004003465e91c0c0003"], 0x12c}}, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000f00)={@in6={{0xa, 0x0, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}}, 0x0, 0x0, 0x0, 0x0, "98d3340600c7aa118978ca7de86eab79576839de416be8410f28af80243be2666b66577017a90d1883303b6ac4742f2702c4f139a68f00"}, 0xd8) bind$inet(0xffffffffffffffff, 0x0, 0x0) r5 = syz_io_uring_setup(0x24f9, 0x0, &(0x7f0000000080), &(0x7f0000000140)) r6 = memfd_secret(0x0) ftruncate(r6, 0x0) getdents64(r0, &(0x7f00000006c0)=""/66, 0x42) syz_io_uring_setup(0x7385, &(0x7f00000001c0)={0x0, 0x5ea, 0x200, 0x3, 0x1c6, 0x0, r5}, &(0x7f0000000280), &(0x7f0000000380)) 5.348489146s ago: executing program 2 (id=2161): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001a00010000000000000000000200000000000000000000f107000100ac1414bb"], 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x9, 0xb, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x81}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x44}, @map_fd={0x18, 0x9}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x4}]}, &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000480)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000004c0)=[{0x4, 0x4, 0x3, 0xa}, {0x3, 0x4, 0x0, 0xa}, {0x0, 0x5, 0x3, 0x1}, {0x0, 0x3, 0x4, 0x6}, {0x1, 0x4, 0x9, 0x2}, {0x3, 0x2, 0xa}, {0x3, 0x5, 0x9}, {0x4, 0x3, 0x10, 0x7}], 0x10, 0x8}, 0x90) syz_emit_ethernet(0xfeb2, &(0x7f0000000280)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @local, {[@timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@dev}, {@local}]}, @cipso={0x86, 0x6}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) (fail_nth: 2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000002200006111340000000000180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x80) read$FUSE(0xffffffffffffffff, &(0x7f0000000a40)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_open_procfs(r2, &(0x7f0000000080)='cmdline\x00') bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 5.124170482s ago: executing program 1 (id=2163): openat$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$HIDIOCGRDESC(r0, 0x90044802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x18, 0x0, &(0x7f0000000480)=[@request_death, @decrefs], 0x0, 0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) open_by_handle_at(r5, &(0x7f0000000080)=ANY=[@ANYBLOB='K\x00\x00\x00r'], 0x0) io_setup(0x2, &(0x7f0000000100)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001280)={0x2, 0xd, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x2, 0x0, 0x0, 0x0, {0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @in=@multicast2, @in=@dev}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @loopback}}]}, 0x90}}, 0x0) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) recvmmsg(r8, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10) 4.951930035s ago: executing program 2 (id=2164): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, 0x0, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000000)={@rand_addr, @loopback, 0x0}, &(0x7f0000000840)=0xc) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x3c7, @vifc_lcl_addr=@multicast1, @empty}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = dup(r2) r4 = memfd_create(&(0x7f0000000200)='&\x00\x00\x1a\xa0mLB\"\x82-/\xceM\xd1f\xe2\x8db\xb4b\x8f\xc9\xe1\xda\xfej9\xe5\x88\x03\xe0.\x82\xbc \a\xe4 \xca~\xfd\x80\xf2\xb8\xb0\xfcd\x1fM\xd7+\x19;a\n7d\xa3\xd8U\xd2\x11\x8a\x13\xc9\x9dw\xe2\xb1\xa0V#a\xd6Q(\xf1\xaa\xc8\\\x8d\xf0\xf4\x0e\xf5\xab\x13\xc8\x0f\x03\xf4\x8d\xcfc\xc31s;\xad\xb5\xde\xd1\xb9\xaa\xf1\xac|\x9c-I\x1b\x17\xd4\xd3\x1c\xf7\x18\x0f\xd5A\x19\xbbP\x8e\xc9\xf9\xd8w\xbc\x01\xde\xa2h\xfa\x06\xf2\xdc\xc6\x9e@&v\xc0\xea\xa9\xdb\xad\rE\xcap\xef\x17*!\xb74\x8b\xc5uNK\x8cUh\xb4\x1aM\x968\xc1*B\x9dQ\xca?\x9f\xb36\xb2\xb8\xe3\xc4\x11\b+l{\xa2n\xf7\xf2\t8O\x8b\xf6\xbf#^\xd5\xa6\xe8\xa8\xc6\xff\xbf\xa2QH\x1dD\x0e\xff,FZ\x80i\xaa\xeat\xc7y?', 0x4) ftruncate(r4, 0x200000) preadv2(r4, &(0x7f0000001600)=[{0x0}, {&(0x7f0000000040)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=ANY=[], 0x4c}}, 0x20000084) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000f80)=ANY=[@ANYBLOB="280000000306010400000000000000000000000005200100070000000900020073797a3200000000"], 0x28}}, 0x0) setsockopt$MRT_ASSERT(r3, 0x0, 0xcf, &(0x7f0000000200), 0x4) r6 = socket$igmp(0x2, 0x3, 0x2) getsockopt$ARPT_SO_GET_INFO(r6, 0x0, 0x60, &(0x7f0000000100)={'filter\x00', 0x0, [0x20, 0x5, 0x8]}, &(0x7f0000000180)=0x44) r7 = socket$igmp(0x2, 0x3, 0x2) ioctl$BTRFS_IOC_SUBVOL_CREATE(0xffffffffffffffff, 0x89e0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="7c00e00300"/20, @ANYRESOCT, @ANYRESHEX, @ANYBLOB="e349068f84965401000000000000008ada43b3185be0dea48c4a980303f3c247a9090000000000000021d2e9f1c182606ac601444234b50b960c13588132f0c7619d40565cb987544a6f3c5a2f8f1057299835d0c92323e5e028ce952f42cb675b036df20bdbeac6ed95dd9a3c9198fa5c13dedd34cf6779bb1dcc0c7169f5b606cc9e3ca95badf125732d11668a41d613b51982cbd93efe8babc7cf98894cd570792a", @ANYRES64=r2, @ANYRES64, @ANYRES64, @ANYRES32=0x0, @ANYRESDEC, @ANYRES16=r5, @ANYBLOB="001ff9d0d1ddd447915858b711fbf6e5f1640c39e00c0584d70f7e8e4f7eee3f04249f6051968d3f8479c862c5fcf62011a12ff7df8ed6705c6c65d32b0a7d9a5eb2183feafb5dccb56102efeddc05cdd4a3b6e18f6bf682f4d8a2f1901f672c", @ANYRESOCT=r7], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280), 0x24142, 0x0) setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000000800), 0x4) setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x4, 0x5, 0x2293, @vifc_lcl_ifindex=r1, @loopback}, 0x10) setsockopt$MRT_DONE(r6, 0x0, 0xc9, 0x0, 0x0) 4.50618657s ago: executing program 2 (id=2166): r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x1000000000010001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000a80)=""/102391, 0x542b}], 0x1, 0x0, 0x823) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r2 = gettid() r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@o_path={&(0x7f0000000140)='./file0\x00', 0x0, 0x4008, r3}, 0x18) r5 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x20800) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000200)) ioctl$BTRFS_IOC_RM_DEV_V2(r4, 0x5000943a, 0x0) write$P9_RSTATu(r3, &(0x7f0000000380)=ANY=[@ANYRES32=r5, @ANYRES16=r2], 0x232) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'team0\x00'}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_EXPIRES={0x8}]}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'vlan1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="e5beaa9816e48faa363e73f7255112858e13312ce3831441fa9effc96cf8b2b6818c544eee51b864e82ec4b9e3698e1dc1db349eb530e067e497ad1d18f5d7922a2638cab557", @ANYRESOCT, @ANYBLOB="f2e6a242e6965a823d0e1b45212b497443ecf4bcbd60f30e1db717c78081710ac56d83510f456a71f3b9d2048c3568a100548e4f8cb6fb83f84970dad76b61db6a1e8ebd971bcbaf561513cf1d67cc563fe9e7875776533184584a25b26b515e569f131e7605735d883d6fbe3074efd27ca1db5d1df709db350db27029bc4af25d871a1428e78aa04012c12d5738082843f1c37a86", @ANYRES64, @ANYRESDEC, @ANYBLOB="40d33880400eee32b7671939919f037c3e30910e2f94bae96b31c42a2fe9951fcc8d1fcf4b5600193c196fb182b8841175f548f3e5adba2edc3c06f666b23eadbec6d8c09a5ffa891b4b5bb3a1bebe049135fa848884b5f158d918896cb413b068dd8d0ca870f710dfb14ea36c05bdddecaaedc97600d03e7908a1de717a207376a984f7a14ed4f4885cd8bae39e9333bd0e51bcf7da0fac4e53aaf0eec7749740a702a73af8bc9dbc267fd18440d19f3f1927332aa38d0a98118c1d70a9bfe00f6a93d8d0afd1df74a300b528d08bd8346b6ad84471f6e7467a1e58e01a9fc58b15d478e34ec357ea3c6ddf324fc7c2c8e4", @ANYRESHEX=r3, @ANYRES16=r9, @ANYRES64=r0], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x4c080) unshare(0x600) timer_settime(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r10 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_FILTER(r10, 0x6b, 0x1, &(0x7f0000000000)=[{}], 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) rt_tgsigqueueinfo(0x0, r2, 0x1f, &(0x7f0000000300)) 3.484800171s ago: executing program 1 (id=2167): socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r1, 0x541b, &(0x7f0000000300)=0x8281336) 3.473334013s ago: executing program 0 (id=2168): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1}, 0x0) 3.353790926s ago: executing program 3 (id=2169): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) dup2(r0, r1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000e, 0x12, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f00000009c0)=ANY=[], 0xda00) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.340742292s ago: executing program 2 (id=2170): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x5}, 0x48) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f00000000c0)=0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000000100)={{r1}, r2, 0x4, @unused=[0x9, 0xffffffff, 0xdd9, 0x5], @devid}) syz_genetlink_get_family_id$wireguard(&(0x7f0000001100), r1) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000001140), 0x40800, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r3, 0x80089419, &(0x7f0000001180)) r4 = accept4$vsock_stream(r3, &(0x7f00000011c0)={0x28, 0x0, 0x2710, @hyper}, 0x10, 0x800) getsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000001200), &(0x7f0000001240)=0x4) syz_usb_connect(0x3, 0x4f7, &(0x7f0000001280)={{0x12, 0x1, 0x201, 0x6c, 0xc7, 0x80, 0x8, 0x4cb, 0x131, 0x68a0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4e5, 0x1, 0x3, 0x81, 0x10, 0x1, [{{0x9, 0x4, 0xae, 0x1, 0x10, 0xe, 0x5c, 0xbc, 0x2, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "9a6b4566db"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x8, 0x0, 0x7}, [@obex={0x5, 0x24, 0x15, 0xd}, @network_terminal={0x7, 0x24, 0xa, 0x2, 0x8, 0x6, 0x2}, @mbim_extended={0x8, 0x24, 0x1c, 0x100, 0xfd, 0x1000}, @mdlm={0x15, 0x24, 0x12, 0x4}, @dmm={0x7, 0x24, 0x14, 0x2, 0x1814}]}], [{{0x9, 0x5, 0xd, 0x10, 0xe2bc9553c144f08d, 0x8, 0x2, 0x10, [@generic={0x64, 0xd, "ea4cf3561ad9b7eaebd61edf9853153c7a5c35b60445a4b5fbb62d60f1cabea654b32cd706e2ab07e5c02f5646f4528d1440971322b2562f6dbc91675611a9f01158ded7129cac6946dc025f27e9a14a7363f5e7dfcce9ea46eb04d3edd8be770bbc"}]}}, {{0x9, 0x5, 0xc, 0x4, 0x400, 0xc, 0xb6, 0x2}}, {{0x9, 0x5, 0x5, 0x10, 0x400, 0x0, 0x5, 0x3}}, {{0x9, 0x5, 0xc, 0xc, 0x200, 0x8, 0x6, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0xbcc6}]}}, {{0x9, 0x5, 0x8, 0xc, 0x40, 0x0, 0x5, 0x7}}, {{0x9, 0x5, 0xb, 0x0, 0x200, 0x9, 0x9, 0xa}}, {{0x9, 0x5, 0xb, 0x10, 0x40, 0x1, 0x0, 0x5, [@generic={0x6f, 0x1, "fc0e6b0d143d3fd77fa6e51d46cd8759f5a5f150da10c70e6f63e6c23a38202c8d45a8c49fe791028f5b094e393dd34687cd9f6bf28291408f7f2dcbef9f37e7c3e58bae139172146de3f7c117a23c1ae847c0ea044974a34aed86c717d0655c0390b2b184e5b39c357439c77f"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x10, 0x80, 0x40, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x5}, @generic={0xc0, 0xd, "6f2d8ca6bed84ad51c11e75c531debfd72430f20107aefb7a8792b22648bb650ca0fe7e8441949ac890ae4d5a0053e1d7d63eba1f57345db5dc916799c295ecaf3f29ae3ebc11c504a3780995ddfb8f007b9f866ffe56323ce267858870c4dccf8b8006a58188e6a91bc3b2565da6e321f4e8691150db3255f9def9b2aebeb33995bf177ed73ae9641ca7d9083c79914e1e00305a44496bfede95c57f54891b4f6e38deaa30fc1d62ad3c376ca25bb32bb24e0ec28408c353372cceabd3d"}]}}, {{0x9, 0x5, 0xd, 0x1d, 0x40, 0x8, 0x0, 0x4, [@generic={0xe4, 0x24, "ea0354a3095667e9e15ae34f1fcc71c49258b726b4a8049995c9cfbc6a652c4e5cd95ccdb229d711c09bcc62afe4652ff2266fd6dd78902a8a8c1b201e78548b562764e30750387f0f25ed814afc0940641e3a3ff7ab23944689e2b8080cd1802cb7812e353b1c3d0f03205c350d0ccc978b2c503b699191d0dcb4c30f059ff9d1aa7aa284c4d2d73f8fae99cb3259878efdb00afe612989cb15b1267143d28fe0339e72cfcb01dbea566040272b621cb005a0f2a6db2ce4c0d73263d416c4b2f156fcc20b21cdc123b5a6f470a14bcfbfcaad839535a7fb98a473f76eaaed174b82"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xc1, 0x4}]}}, {{0x9, 0x5, 0x4, 0x10, 0x8, 0x0, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xfe, 0x3}]}}, {{0x9, 0x5, 0xa, 0x0, 0x200, 0x8, 0xff, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x48, 0x9}]}}, {{0x9, 0x5, 0x5, 0x1, 0x10, 0x7, 0x0, 0xea}}, {{0x9, 0x5, 0xa, 0x10, 0x200, 0x1, 0x1, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x2e, 0x5}, @generic={0xfd, 0x24, "e0fbeeaa27910db2b7c3f83ba098c1c18941d5a00c59eb0cda1248e4a558db2d9dd0ffbe4fb5c27579e6508d46632f9507253ef2eafb09274bb5aebe0310e609d4d8027f1c1e30b343836d5f6e36a66e936e790132cda99fb9fd1d654e699c5cdb2d85f3551f1efbfd8dd94f14b25089162dc1a8ede81f947c0c966902537752ad6fe844bf7ae768d32e03aaadd66ad44b2e32eba067904b14ae6b6728655f53d3b0e14025373cb1ac6e8deba23683525aa9e4b6a163a97bc8de286005d74e409399a237afe38e5ac512a76dcb05bbb9730f4f2632d9d793edba905447cf16aac15250276adce8f08604979ca8a3a643bdc05115067cdac1ec1712"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x20, 0x8, 0x8, 0x40}}, {{0x9, 0x5, 0x4, 0xe, 0x8, 0x6, 0x1, 0xd5, [@generic={0x38, 0x31, "e85c33b016ca60e57454b998b40ba1f2ebe9328f2edacea09662088a447319f3d9a8d6847ad450c9227f600ecc8482b66040ebbd2042"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x10, 0x9, 0xcc, 0x1, [@generic={0x21, 0x3e, "2c4b4348130f1dd13690bbc925586c78b5828a58d0dba8f549b67485fcad09"}]}}]}}]}}]}}, &(0x7f0000001a80)={0xa, &(0x7f0000001780)={0xa, 0x6, 0x201, 0x2, 0x2, 0xf, 0xff}, 0x5, &(0x7f00000017c0)={0x5, 0xf, 0x5}, 0x5, [{0xf, &(0x7f0000001800)=@string={0xf, 0x3, "540f7064251fbdab681a5cd78f"}}, {0x21, &(0x7f0000001840)=@string={0x21, 0x3, "32bcd160bfade5419e3cf7d1adc207eca13a843571d91e9439c61e77abe64a"}}, {0xfd, &(0x7f0000001880)=@string={0xfd, 0x3, "b5cb7151a33d881e33742a98e7c8a5d791ef04ea4082816da48fb8a5b267e8e3419d02f388b3d080be3edb225f34b5865f3232ff9ea1f587697b666157eb495fe57f72dee583e8cc5e7aa9a4501d310d8ad33779d6b9d10eae89e3741a5ac297c7e26a35aa697c3ed3b41b4679d23c6c780ecab4ae147a95fccba77af97a7e2d39b2ec3ad93547f0205c5543892670ce06653cf0318d48a3756c1ec93e98b81979c89115de32801c65af5c81bf74eff7a07b2987c25018ff3ec9816fdb3894cf10a78c2183eb531648f51665e1fbfebd609ff794c929bf22904e5cd761cb0e09d55e0f119624b6b8c9d3a2de7cc65574976e90749c644f9f3e78c7"}}, {0xb0, &(0x7f0000001980)=@string={0xb0, 0x3, "5ba3b3f5272680afccf2b561862858496e1fa75a412a4220bbdb18d0dca488f6ec986cdfab2d99937c11f36e2d939d66e42c0fc20dbb51f7311dba6331ca4168f6398fff298d68bca001510c2fe60c1661d7c7365b822ed8c80730071f768cac87eba7b10e2371470ed69b79fd37f0e585c4cbc7695b80479eb8296f001186470e6afab4e73e4255649c61098284bff2472c8b94105daf1b41e97fd4a397f3f550bdc67cdcefae8b23b9f0726597"}}, {0x4, &(0x7f0000001a40)=@lang_id={0x4, 0x3, 0x446}}]}) ioctl$VHOST_VDPA_GET_CONFIG_SIZE(r1, 0x8004af79, &(0x7f0000001c00)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001f00)={0x6, 0x17, &(0x7f0000001c40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, [@exit, @alu={0x4, 0x1, 0xc, 0x6, 0x6, 0x4, 0xfffffffffffffff6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000001d00)='GPL\x00', 0x0, 0x91, &(0x7f0000001d40)=""/145, 0x41000, 0x0, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000001e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000001e40)={0x4, 0xa, 0x7, 0xc}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000001e80)=[{0x1, 0x1, 0xa, 0x9}, {0x0, 0x3, 0x7, 0x5}, {0x5, 0x3, 0x10, 0xa}, {0x4, 0x2, 0x10, 0x8}, {0x2, 0x3, 0x3, 0x4}, {0x0, 0x5, 0x5, 0x2}], 0x10, 0xdef}, 0x90) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002000), r1) sendmsg$NL80211_CMD_ASSOCIATE(r5, &(0x7f0000002140)={&(0x7f0000001fc0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000002100)={&(0x7f0000002040)={0xac, r6, 0x20, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_FILS_KEK={0x38, 0xf2, "9326be9966ad21d72d9f02e3457c39ef67f446d1f215c6f2ad467e822c696f3945bfa8f50c33b0802b42bd0cb4fb5eba44519a9f"}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x14, 0x49, [0xfac02, 0xfac0b, 0xfac01, 0xfac0b]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x18fbc2d2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x80, 0x1, 0x2, 0x0, {0x0, 0x1, 0x0, 0x367, 0x0, 0x1, 0x1}, 0x1, 0x6, 0xf8}}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x8, {0xf, 0x8, 0x5, 0x642}}}]}, 0xac}, 0x1, 0x0, 0x0, 0x98dfa386f28fbf8f}, 0x4000) sendmsg$NL80211_CMD_DEL_TX_TS(r5, &(0x7f0000002280)={&(0x7f0000002180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000002240)={&(0x7f00000021c0)={0x48, r6, 0x200, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xd}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xe}]}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x4000) r7 = getpgid(0x0) ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f00000022c0)=0x0) rt_tgsigqueueinfo(r7, r8, 0x3c, &(0x7f0000002300)={0x33, 0x9, 0x6e}) openat$nullb(0xffffffffffffff9c, &(0x7f0000002380), 0x1, 0x0) r9 = socket$can_bcm(0x1d, 0x2, 0x2) signalfd(r9, &(0x7f00000023c0)={[0x3]}, 0x8) r10 = syz_open_pts(r1, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r10, 0x40806685, &(0x7f0000003480)={0x1, 0x3, 0x1000, 0x1000, &(0x7f0000002400)="d0b179bb19fc433bc7e2ea5276433d8719430ff8b1bf8eb10d6f83063fddde1b5fa60607d754997066426d421609644aaded55ade3c04dd3fdd8939ff0ba55c566a44f45113b1a4ef2e683a93099192dd0522822c06d3afa5ee5970757dfdf5f5c4d218879c101b03a3464a2bceb3adfd2b8ed254da9363690ab4086b1f919befbc39cae49b8ceb735102a64ec549c2e1361480a4e9572a10054e8e2d8c0a86bbe17bc0bda45a6b6ed2f2d54667656c862820cb5818aa586d8bacb41e6abb622aedced4db3afb7f782924f6d4a54da0ccace68a6f946616724e078537360dd2d38bfddf204cbb12dfde2164bc8a194ccfdbb202abe9359fe419079eff33e7fb509dc0f91ce4110e69c883fa6c072f466e2aaf90166ad99c4c331236b9b7d336a437f9187e516ce5f6642e9ec5195ec70b3213ab8a37960545f7439a3670ab29ecaf51dd552acb7e22ba25fc89cb7e3933fc7bdfe1e53a1be985e0f72a2ac19b88b61bbfa447d196f7d795a8766ffb3bbc1251962d3445ccc9c809bfe1e7e3dd23f75a5bf2b28d50872e2361a7006c5dd8413694212944e76d51bc508265ee9394dcba0a07723e6306dd303e643ea1e97fafbca6e4059737fdbb3dec5a927b9efad473c902d1eb4a2a6873f2658c261fd856dbeb2d598f2b25cf5d15e8bf73cd2e59bd73e70a53b829f868cf73ed26af98b8855d1ff1b6e0c4b9f3be1f0265fc5ee907c477ff6878e286067510425e8864fe7a3a65bf83cf1f7defc5106bdf5f095f5a5489da978fac9f76ea962fe58394943c667f7dbb464433ace6334ec6dc08e97a159c7b6b3a5431b358cc64a11a4d2cf4babcae75dffbbfa8047d5479fb444b883d6fa618f69a182b186b5e03432fb9a596db9d32e26de007f9a64451b1361c72df1b66db4c30e09c3b10883c8ebbf9422898079fbd3e0058127d5c5cc2c81d4597a7d2ce3405c58c4f5a2408cba8c75ee610db21e441504da5bc522497be41c84432f410aaeb33f569bb0e4078ca89b6c893a6354444ee60ef01f72815dc0221c076ba34f27c28659bdb228254f342da525d3e2463cd7876964b8e73d281147933017a6d15c3c79f3a15746efc148fb45fed2247d6048f4a14efdbb4797633d35565512f0bf84474b46a6e0cabfbffe9b9f8eff109ddb424ae209402c91f82736ca32a908b14659869604c8b86a7baec260ec21b4f436bc0a29cb45ff1b81e26019eddacdfa88fba040bacaae825e3db9e9849326529bc5ee4c03e94a78b28d213f8488339569c8edd13051b5cf349c7fd06a17c1133847ac2abcba2293e1dd6a7435385c277540ce1edeb8590bf33ed278ce1feb7b9f6ccb67a2bbf8171b477032de27229bbe708c405a79dd0ba1fe7f58888c0ea62e4f3e7519eeb646014d5a98b20f6bc62685007ef7e54f057129642e9cb91a2542888f801c9c61731bd5cd1d49ba12b40fda6eac4fd67e3824dbb6d4898b25ad0f1b3e9dc911369d08848b731c87c723e8881bfa105fb8cd0422ef0bef47c54cb455a5d63de2b2af5a963c0c45c981b024673a89b5743ab8194ef936e5a1b55451813b76bd648ea6fbf8f6415773afdd559d0e0f4fb4cc4f032488bb112accc5d8844da7fdafba437704865793fc8ef049096e514b5c2294bb78f4191a38ec76d0372c22be9d114366d5f546861dbd052e6ed47274cd5ff5622c88345b93381821f588a4657e6d9dc47715ccda5d888cfd50f28147d6eef4b174b529060d4e019b3d0bf186768c3fd2ceef35c63c4f1cb0f20046f8e1d976db23d7db11aee34ccca8acd643c411d0d9cba3e25b7ffa777e077d31c1a856ede90936dbcf67fe28b9ea3634cf99516254a91fe6169339d9ed65b6ef82d09ede38750dc5d670cb150af6783b6c92bc78f020295aae3f6f88d30e1358fe6332e7dd00bc10ef8b0558388dccf270f29c4b00ad7e10dcb7fdf1cd452393bdad25d6a241f6c965d4d4f8d2f6ec0cca974b2f8c387bddce01e9500d23cbf387c76f794213a31556a49a693394ec789177ed1bbcf24227c222ea32d057cd31eb77088df12836e2683a12f3c239979fb874e9e0d7c245760f298dc013c236436e1300cbdb7d609a6001af2351ec9df66a924ea081d3b339b139a3b7c9890f3b433b45c0dc529e594d875087635d1cbd011a75ba5345980c136ed5588d9ac68b8f9ccf050fac43710147fa9ae3496e1fecb9c07135593c1503f103bc99452b90adaca4f361d301a772243a68282bdacfdd38179f2c930dbfd54237f19a0a757020bb982ea1544fc614c864b210628e2ff560d74ebcab1d06ca01401533a6391bc9ef2bc127b682089b01640d0c0ce3eca4f44a2e5b2db412502df7bc80edf0fd6b836450517b446a25934d9da6b2fa08d63a77c9107e1fe8dfd855bed16d1ea1eccb30076ab52828c878773cb30bcd8a957a1e0385e86a8d5517176791d148e65485c3ec05607e56a1dcef6644616933f3295778cf61d5f497eff1f92dc03de8528d270a1876edcd719daf74eef5abced9547fac96d29924770b8d7ef637d0908a600fd7e7dc7af49f4c86f64e153f2b09fc3a937c25781ece8ad4f8ead6cab6f6dbae71e6ea83422351f29ffaa437b1073aec77c15009c7e4c240eb5a2971d3b1b7aef2c3036f1f6db88e039a47e1b934328c71f94536ab450e3fe2b98e944fd84b4dc157f386ed6dc92af9ff69da08b51a527f6a479c989bd4da5172c2fb65bd42d382a368f28a831b4301b2f9285d8f28fc54717bd6f2aa941c20abb90bf96c092254c9cc8f0e74e5308d4b9e5f8e93891630b5e8c504dfc66a4481d79e8b37ba50c0447cb1cf61290fe95e7ddd137d9fb45025803e4c588a2cfc8a1054f1fb62a2998b73772c993159248e1938ce6040a9e3fc5b9db0f05ccf80cbbc269645e1e271d4cdb4015f8aff4fb88dd789057440e79a2c53891e2d0c99b98558ae3f09c81611ddc0d91f7ead25e487cc3548447b2f459924357bc709bc280ae07aed4cfbc9c95faa574f344aa44876e672ed267201375c10828d43111b9e60d2705604379c1e3db738f23fa8232c28ad810999bd831a940889df7086c33f2afa88b5590eb3536bee0fbcd63d027d4d92d89ed4e2ff16b028c8cdba0dde0c2769481927569ea9c041eabb0e472c833ae900594357deffe7d25910b4fa643384ba287dbf4a3ee637f0610644d3765065c3437f82e8abedf88f01fd59e690d64f7a4896e2f006cc69eb63e0a628d3af84182b2b732cb218ab5c5604eeef2b92acba259a90471398258365296798838b9846bc1163e567593f5a0a1876f1912000742b0ec96145471883f4650d9351fa22b84bd796819778e7d257c81177dbe621701fc36f4e94a5336696d22b3bf8b2d4d8b9cf6cf8929b62842262dcb340db180771d2fdfd59deb150b0cf133a6031dd8cdb6c9098b4c2965b86c2c63793faf6dfa45cb70ba46d9ed62cdbd210806876dc02c3a1d0cf035c33d3d1fdc1972bef2043904dc7a50385d096805bbda725ede19e7ba59950e3e06b86f9fbf101ba178ac24ca704afd286d440223baeface0d8c6f43cf3eb58583cf8c36e09645394cca818652058c14e083121c405b9889ffac0a7092376182a25c95f8fcc6d38cba7e85344ec7f57fa7bad03b357b3acaf13b4eaeb0c0fdfc5e2a632c93ab195b29237e7661242ae40a0fbb342860500ffe14f2cbc31986c68665db7e920a1d614f14b4ae792f0d0bef136b89223506f41fefd05f6c524bef43e456f2a2ac06b4d96b1e9ab1ddcd5f4f64e3ac622c6bceb3a10ce513e59886313b6fdddbadf3e58a8bcbe434a7aa9182707b0470ec1b1bc72b27e8d7e7503d91d352f3e48f388b48f0c94ebe6a9a2faeb382071ba10a0d12610d6a024efe0114085ed992775c07f75e37a3b241b78e9b185ec6a21f1d296898935b0a2a1f43da10b3b1a8ffed25c99641c95183912174928c6373e31392cb25685568521b3d3da950cd2a1e68c0f348c531c730e022c38d18a34029490e76bbd8c98c2cc7dd5200cb853599aebf841ab80df9efa734edbf30a8ff09fc7e1e6da3005f0d1222730b0c151ab8379f8946aad5bcc9e5f0b1ea4681a765baa27a7b4027da2c47b867451759784dc8b2af448a61a780eb7073a90dbe8a26379ffa957c818019360cb95a7d5a9ef34d6c43dfafd546592db00925a17c712da8169ed6626166cc1f9163da398c7c4bd23d8be6ef97376b8c84a428a67e2edc410c6301bf35475106fdb3d0165fba5b7d231583340b675c2db052c4d77213f2a93994d2cac83b67044eea21db24fd351913080cf44b66ae98be1a06ec86c129676301cb59e3992186ee5447638a250a0f02b20fb5b51c0e56a00dd329ac8bd14356a291c36bca1714c18e4a86139541e4609838087fce3bfe4eb1932307333068bc4bf45e884cae742b0479f6103e45434849a0f3f505eb22f2a685284d70b342364c94b73d0c1d4b884d46e243487bf27421ffb08eefd0acee7338804cd5b317b9edfdf23a21a47c499ad6d5a069a48161c3790cdea6aafd411b758ea6baee024b8036ab73efcd1fb316e5a433878f8ff82a5284dc9173d80fa4cf635bc28240f12d5c465bea825bcf68fb1a492a34911b77819c701214b05661977c788b252a31c4216948f000e25eecc1a2b32007d733c55fb6ff6fe5f886be65264b101950e03f30f5cc32b7ec2a916df9d015fab4af53ca19184e345035a2d74e7f2b2f182164c079b8041b106aa96cadbc24e7d93ab4d93476ad81a6afd9ec102833b26a4cf82b9412aaed7fd95e6545cc06205531528dbdaf0cddcfe8bd91dd6af452d80e6eb2f55b4720285f9bf752526bd874357e12c57f6eed400f1565ea226c92896830f9c83cbbb7adfeef3ebdb6e684729cd4a60bec29c9d96909cb7fd4aa6623a0ce66796cecb8cd704c288ba85ff18e8c922b0b673cd5bed19d5c674b99413209736a7a5e08d92c3f54bb29dca98a35f035b7bdeedbd5f3ce7875b9a56f62d48cb1f3031c8a49216ab0dff11b6cd8926d1074f7afa11eb1eb838d3e14e0c91d750927c11dcc8f765c60f7f1a397e357dcc72ec82c37be3b905237ec28ad570618b11300616955310305b83708dba8522da499cce11431cc632f80dec1aecd206d0c7fa170ddb1cf90d1b4100e5e4dc67359ed76fac142ab9ae04aec06f66e8356fdac7157d093cc232f211b027503558b1e2368126a9ec13633c5a4dd24af2e16c7417d909782aece599c79806450f321a138799678ba055f921345f0e64f40be90322f579a9ef4dee3ffdbbd19edaf6d40c15c7f580eab73f57575fb5ba128da2049681885885e0b1880a0afc68cb6530924f86a2eb4c89f78d508fe8fc04422ee28f2df93581f8ea44d162349f1c39705bed1a9c6878a3de03f85ac096e2412a3bce8e67dc1d1c7d128c1c6a46fc147c88d045390a49e1b2bc453b326d8d484380e8ab3af938ea38b6c80175d3e727e9a4d8413751aab939a8231c32e05d9174f0de2bde1f790b924d134ffc88601e6cdc37e1055d5388ef5f8002128af2e06a44eb9a8b1ad6d3d07da1b0101ab1dd72116c4c08b21c86efb7ea146328d24ba4b97dc6c2e7a086ba2e081c8c5fde9e3effcb72a113d3288ba6ac5ac32ce9dec4d354b2384f89364c5d7df4c113c80934c4ee23b356986b26fc06ad010f2fc1d1f361da4a0816e476b48c8e0d4d0d7a6ece5c9d606c598747003a30c4250f4e64dd261b321dbb3b7de358cef82025d18c9f9141ca86cc228592422c0896c9292fe7f2bbd6293f7", 0x6b, 0x0, &(0x7f0000003400)="e7e49e98fbb63eae2424bc3b926f2438735a07d67935b143eb0c2cbce4f3d754a0fc3e5bc80a3bf5fc6689a36107194511f07931ca23729e6a0e5c96845c728c9d9e9bc173ea8c47bd83db92e2144663e514c8e5fc0a0e8fe04a9fcc329985e79c98047f8bf5356c7bf167"}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000003500)=0x6) sendmsg$sock(r5, &(0x7f0000003740)={&(0x7f0000003540)=@generic={0x5, "3dcb7923faf942f6d9c42f0c66309274aeb1ded5ba94937d3fbda6b2ce018db6d38bc3dfd3667d1a418749874262b8a10c0f26ec9003e69ee86a756059b493f110ea83075d3571961fc669d96d273a45cb2426733ec3c0ee4af851afba9c4ba62835e13cad39d9d3535afe83cc0d07ed4dda674385c6721b00a6c7a9ad1a"}, 0x80, &(0x7f00000036c0)=[{&(0x7f00000035c0)="3ae6be2a8259a9ad19c1f45c5cc9df532fbd827eb7332ed48fbfa83106552f685be23dc9d0e243483095e7d3649bf738a60cc0d416a6742e3b45ad5ab43c07298a848a2cc49812e271ef3ee75d5dd89ac270d904c304bf1f2a84f690c92cf50b5f08cb865d1d6e34ed48c150bf4f58f5b582c99d0bd735d55ae82fb4020920806ab697cc39bae1a1c26a1470c3fc3deca2d228ffe644926de1b9d36e9a4ecab2df80d86bb494047e31d4976f893474d2f56df720c8b21ef478014acd5b818ed8ebea7ae6d59ba095879d8b3d4e5cd597b5d6fa21bfcb6ae9eed2018b001daa7037b0bf570d3c2c34", 0xe8}], 0x1, &(0x7f0000003700)=[@txtime={{0x18, 0x1, 0x3d, 0x1}}, @timestamping={{0x14}}], 0x30}, 0x0) r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000003780), 0x101000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r11, 0xc04c5349, &(0x7f00000037c0)={0x2, 0x1, 0x2}) syz_genetlink_get_family_id$devlink(&(0x7f0000003840), 0xffffffffffffffff) 3.247951421s ago: executing program 0 (id=2171): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) syz_emit_ethernet(0x46, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-(\xb94\xf1\x9c\x83\nbo<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<>\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f00000003c0)=0xff, 0x4) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) io_setup(0x3, &(0x7f0000000180)) write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 3.199155234s ago: executing program 1 (id=2172): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(r0, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r3, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f00000002c0)={0x458, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x38, [0x200, 0x1, 0x1, 0x8, 0xfffffff9, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x7, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x2, 0x4, 0x8, 0x7e0, 0x10000, 0x3, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x80000000, 0x2, 0x5, 0xc, 0x5, 0x101, 0x1, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x2, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0xc, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x4, 0x1, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x7, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x9, 0xaf72, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x0, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0xcc8, 0x1, 0x9, 0x7, 0x3, 0xb, 0x0, 0x3, 0x2, 0x0, 0x8, 0x6, 0x0, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x0, 0x0, 0x8, 0x2, 0x3e6f9426, 0x6, 0x1, 0x40b, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x0, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x9, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x38, ['!}\x00', '/dev/uhid\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x458}}, 0x4000041) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x1, 0xa}, {0x0, 0x0, 0x2, 0x2, [0x0]}}}}, 0x17) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) close(0x4) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) syz_open_dev$vivid(&(0x7f0000000240), 0x1, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0) 3.198480486s ago: executing program 3 (id=2173): r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/igmp\x00') r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001640), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4) r4 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x5396, 0x10100, 0x2}, &(0x7f0000000000), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r6, r5, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r7, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x3}, 0x90) socket$alg(0x26, 0x5, 0x0) io_uring_enter(r4, 0x5e40, 0x0, 0x0, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000008680000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000003c0003803800008008000340000000022c0002802800028008000180fffffffb"], 0xfc}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040), 0x48) io_uring_enter(r4, 0x92, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001880)={'wlan1\x00'}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f00000001c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000400000000000000003700000008000300", @ANYRES16=r6, @ANYBLOB="08e357000800000008009f00040000000800a00031d300000800a100ff00000008009f00060000000800a100030000000800a10001040000050018011c000100080026006c090000050000080027000200000008005700840e0000"], 0x7c}}, 0x0) readv(r0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/128, 0x80}], 0x1) preadv(r0, &(0x7f0000000840)=[{&(0x7f0000002600)=""/4110, 0x100e}], 0x1, 0x1b, 0x0) 2.885616174s ago: executing program 3 (id=2174): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) ioctl$TUNSETLINK(r0, 0x800454dd, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket(0x18, 0x5, 0x3) close(r1) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000020c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000002100)=0x10) r4 = semget$private(0x0, 0x1, 0x9) semctl$GETNCNT(r4, 0x3, 0xe, &(0x7f0000000040)=""/123) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000140)) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_LOW_RATE_THRESHOLD={0x8}]}}]}, 0x38}}, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r9, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0xf, &(0x7f00000007c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet_int(r9, 0x0, 0x6, &(0x7f00000000c0)=0x7e6, 0x42) bind$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000001500)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080046000028000000000011907800000000000000000100000000004e20001090780200000000000000"], 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket(0x1, 0x803, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="7000000010000104000000000400000000000000", @ANYRES32=r4, @ANYBLOB="0000000050210600480012800b00010067656e6576650000380002800500090001000000080001000100000005000c000000000005000c000000000014000700fc01000000000000000000000000000008000300", @ANYRES32=r12], 0x70}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYRES64=r4, @ANYRESOCT=r3], 0xb4}, 0x1, 0x0, 0x0, 0x8000}, 0x10000) 1.740729005s ago: executing program 3 (id=2175): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(r0, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r3, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f00000002c0)={0x458, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x38, [0x200, 0x1, 0x1, 0x8, 0xfffffff9, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x7, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x2, 0x4, 0x8, 0x7e0, 0x10000, 0x3, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x80000000, 0x2, 0x5, 0xc, 0x5, 0x101, 0x1, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x2, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0xc, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x4, 0x1, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x7, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x9, 0xaf72, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x0, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0xcc8, 0x1, 0x9, 0x7, 0x3, 0xb, 0x0, 0x3, 0x2, 0x0, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x0, 0x0, 0x8, 0x2, 0x3e6f9426, 0x6, 0x1, 0x40b, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x0, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0x0, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x9, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x38, ['!}\x00', '/dev/uhid\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x458}}, 0x4000041) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x1, 0xa}, {0x0, 0x0, 0x2, 0x2, [0x0]}}}}, 0x17) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) close(0x4) r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) syz_open_dev$vivid(&(0x7f0000000240), 0x1, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0) 1.666104981s ago: executing program 1 (id=2176): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80044584, 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x0, 0xa}, {0x0, 0xd9, 0x4, 0x0, [0xffff]}}}}, 0x17) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x7) syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x3c) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x4}}, 0x9) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, r5, 0x1, 0x0, 0x0, {0x26}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4) arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r6, 0x500e, 0x0) r7 = getpid() sched_setscheduler(r7, 0x2, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = fcntl$dupfd(r8, 0x0, r8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r9, 0x84, 0x22, &(0x7f0000000280)={0x0, 0x11}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 105.711991ms ago: executing program 1 (id=2177): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setsig(r0, 0xa, 0x1a) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000004fc0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="495300000000000000006700000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000000000f3fdffff"], 0x28}, 0x1, 0x0, 0x0, 0x24000080}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) socket$kcm(0xa, 0x922000000003, 0x11) fchdir(0xffffffffffffffff) socket$unix(0x1, 0x0, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x8) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) writev(r3, 0x0, 0x0) 105.409615ms ago: executing program 3 (id=2178): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0xa, 0x0, 0x2, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast1, 0x0, 0x86d14cded5d0cba9}]}, 0x38}}, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE(0x141e000000000000, &(0x7f00000000c0)=@base={0x5, 0x3f, 0x6c03, 0xee}, 0x48) 53.592814ms ago: executing program 3 (id=2179): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_012={0x1, 0x0, 0x0, 'd'}, @global=@item_4={0x3, 0x1, 0x0, "05007948"}, @main=@item_4={0x3, 0x0, 0xb, "0577f5d2"}, @local=@item_012={0x2, 0x2, 0x1, "ddbc"}]}}, 0x0}, 0x0) r3 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r3, 0xc018480b, 0x0) ioctl$HIDIOCGUSAGE(r3, 0x40184810, 0x0) 0s ago: executing program 2 (id=2180): socket$inet6_tcp(0xa, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/power/pm_freeze_timeout', 0xea241, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) write$cgroup_int(r0, 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus/file0\x00', 0x80503, 0x4) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00101}]}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r3 = epoll_create1(0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000700)=""/239, 0xef}, {&(0x7f0000000200)=""/171, 0xab}, {&(0x7f0000000600)=""/237, 0xed}], 0x3, 0x2000000, 0x7ff) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000900)=@gettaction={0xbc, 0x32, 0x0, 0x0, 0x2, {}, [@action_gd=@TCA_ACT_TAB={0x2c, 0x1, [{0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x100}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x400}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffff}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x401}}]}]}, 0xbc}}, 0x4000044) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000080)) preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000073011b0000000000950000000000000076ff7f00006979303ff4bbaa27dd333c42db8467cd3785dc824b0300cba156d1d01a0709fbbca33300"/88], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) bpf$PROG_LOAD(0x5, 0x0, 0x0) creat(&(0x7f00000003c0)='./bus/file0\x00', 0xc5) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x34}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) kernel console output (not intermixed with test programs): ng 400 ms programming speed [ 640.921872][ T5210] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input38 [ 640.940380][ T5210] input: failed to attach handler kbd to device input38, error: -5 [ 641.730811][ T5210] usb 2-1: USB disconnect, device number 43 [ 642.525112][T12421] FAULT_INJECTION: forcing a failure. [ 642.525112][T12421] name failslab, interval 1, probability 0, space 0, times 0 [ 642.569409][T12421] CPU: 0 PID: 12421 Comm: syz.1.1864 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 642.579645][T12421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 642.591804][T12421] Call Trace: [ 642.591823][T12421] [ 642.591836][T12421] dump_stack_lvl+0x241/0x360 [ 642.591882][T12421] ? __pfx_dump_stack_lvl+0x10/0x10 [ 642.591919][T12421] ? __pfx__printk+0x10/0x10 [ 642.591956][T12421] ? __pfx___might_resched+0x10/0x10 [ 642.591997][T12421] should_fail_ex+0x3b0/0x4e0 [ 642.592047][T12421] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 642.592076][T12421] should_failslab+0x9/0x20 [ 642.592104][T12421] __kmalloc_noprof+0xd8/0x400 [ 642.592133][T12421] ? kfree+0x4e/0x360 [ 642.592163][T12421] tomoyo_realpath_from_path+0xcf/0x5e0 [ 642.592208][T12421] tomoyo_path_number_perm+0x23a/0x880 [ 642.592253][T12421] ? tomoyo_path_number_perm+0x208/0x880 [ 642.592290][T12421] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 642.592371][T12421] ? __fget_files+0x29/0x470 [ 642.592399][T12421] ? __fget_files+0x3f6/0x470 [ 642.592419][T12421] ? __fget_files+0x29/0x470 [ 642.592451][T12421] security_file_ioctl+0x75/0xb0 [ 642.592480][T12421] __se_sys_ioctl+0x47/0x170 [ 642.592518][T12421] do_syscall_64+0xf3/0x230 [ 642.592554][T12421] ? clear_bhb_loop+0x35/0x90 [ 642.592594][T12421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.592627][T12421] RIP: 0033:0x7f1756375bd9 [ 642.592650][T12421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.592672][T12421] RSP: 002b:00007f17571a4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.592701][T12421] RAX: ffffffffffffffda RBX: 00007f1756503f60 RCX: 00007f1756375bd9 [ 642.592720][T12421] RDX: 00000000200001c0 RSI: 0000000000000001 RDI: 0000000000000003 [ 642.592737][T12421] RBP: 00007f17571a40a0 R08: 0000000000000000 R09: 0000000000000000 [ 642.592754][T12421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 642.592770][T12421] R13: 000000000000004d R14: 00007f1756503f60 R15: 00007ffc85ab6d08 [ 642.592808][T12421] [ 642.606833][T12421] ERROR: Out of memory at tomoyo_realpath_from_path. [ 642.606863][T12421] program syz.1.1864 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 642.885949][T12430] evm: overlay not supported [ 642.889382][T12430] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1868'. [ 642.889763][ T29] audit: type=1804 audit(3867513849.909:26): pid=12430 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1868" name="/newroot/314/bus/file0" dev="overlay" ino=1760 res=1 errno=0 [ 643.031347][T12442] delete_channel: no stack [ 645.862387][T12494] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1894'. [ 645.983943][T12503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1895'. [ 646.017136][T12503] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 646.026680][T12503] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 646.035793][T12503] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 646.044620][T12503] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 646.095308][T12503] vxlan0: entered promiscuous mode [ 646.247401][T12496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1895'. [ 647.051799][T12539] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1907'. [ 647.101120][T12535] syz.0.1904: attempt to access beyond end of device [ 647.101120][T12535] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 647.180691][T12535] syz.0.1904: attempt to access beyond end of device [ 647.180691][T12535] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 647.194020][T12535] Mount JFS Failure: -5 [ 647.413454][T12549] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1910'. [ 647.425556][T12550] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1911'. [ 647.703791][ T5142] usb 5-1: new low-speed USB device number 44 using dummy_hcd [ 648.612216][ T5142] usb 5-1: string descriptor 0 read error: -22 [ 648.622472][ T5142] usb 5-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 648.637724][ T5142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.663392][ T5142] usb 5-1: config 0 descriptor?? [ 649.461659][ T5142] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 649.508408][ T5142] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 649.544188][ T5142] dib0700: firmware download failed at 7 with -22 [ 649.584146][ T5142] usb 5-1: USB disconnect, device number 44 [ 650.237055][T12574] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1918'. [ 650.670015][T12582] ebt_limit: overflow, try lower: 12058624/0 [ 652.178886][T12596] FAULT_INJECTION: forcing a failure. [ 652.178886][T12596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 652.236941][T12596] CPU: 0 PID: 12596 Comm: syz.2.1923 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 652.247175][T12596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 652.257280][T12596] Call Trace: [ 652.260596][T12596] [ 652.263567][T12596] dump_stack_lvl+0x241/0x360 [ 652.268309][T12596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 652.269752][T12598] netlink: 'syz.3.1927': attribute type 10 has an invalid length. [ 652.273579][T12596] ? __pfx__printk+0x10/0x10 [ 652.286109][T12596] ? snprintf+0xda/0x120 [ 652.290411][T12596] should_fail_ex+0x3b0/0x4e0 [ 652.295151][T12596] _copy_to_user+0x2f/0xb0 [ 652.299622][T12596] simple_read_from_buffer+0xca/0x150 [ 652.305149][T12596] proc_fail_nth_read+0x1e9/0x250 [ 652.310322][T12596] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 652.315927][T12596] ? rw_verify_area+0x520/0x6b0 [ 652.320832][T12596] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 652.326439][T12596] vfs_read+0x204/0xbc0 [ 652.330653][T12596] ? __pfx_lock_release+0x10/0x10 [ 652.335726][T12596] ? irqentry_exit+0x63/0x90 [ 652.340406][T12596] ? __pfx_vfs_read+0x10/0x10 [ 652.345132][T12596] ? set_user_sigmask+0x108/0x230 [ 652.350199][T12596] ? __fget_files+0x29/0x470 [ 652.354835][T12596] ? __fget_files+0x3f6/0x470 [ 652.359576][T12596] ksys_read+0x1a0/0x2c0 [ 652.363887][T12596] ? __pfx_ksys_read+0x10/0x10 [ 652.368713][T12596] ? do_syscall_64+0x100/0x230 [ 652.373539][T12596] ? do_syscall_64+0xb6/0x230 [ 652.378284][T12596] do_syscall_64+0xf3/0x230 [ 652.382847][T12596] ? clear_bhb_loop+0x35/0x90 [ 652.387583][T12596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.393536][T12596] RIP: 0033:0x7fc1d1f746bc [ 652.397997][T12596] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 652.417743][T12596] RSP: 002b:00007fc1d2d96040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 652.426220][T12596] RAX: ffffffffffffffda RBX: 00007fc1d2103f60 RCX: 00007fc1d1f746bc [ 652.434247][T12596] RDX: 000000000000000f RSI: 00007fc1d2d960b0 RDI: 0000000000000004 [ 652.442266][T12596] RBP: 00007fc1d2d960a0 R08: 0000000000000000 R09: 0000000020000580 [ 652.450301][T12596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.458321][T12596] R13: 000000000000000b R14: 00007fc1d2103f60 R15: 00007ffec0915e68 [ 652.466354][T12596] [ 652.485393][T12598] bridge0: port 3(team0) entered disabled state [ 652.552833][T12598] team0: left allmulticast mode [ 652.574258][T12598] team_slave_0: left allmulticast mode [ 652.618980][T12598] team_slave_1: left allmulticast mode [ 652.643174][T12598] team0: left promiscuous mode [ 652.666021][T12598] team_slave_0: left promiscuous mode [ 652.671779][T12598] team_slave_1: left promiscuous mode [ 652.694273][T12598] bridge0: port 3(team0) entered disabled state [ 652.726861][T12598] batman_adv: batadv0: Adding interface: team0 [ 652.753285][T12598] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 652.791028][T12598] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 652.806323][T12601] netlink: 'syz.3.1927': attribute type 10 has an invalid length. [ 652.853002][T12601] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1927'. [ 652.880634][T12601] team0: entered promiscuous mode [ 652.887298][T12601] team_slave_0: entered promiscuous mode [ 652.893399][T12601] team_slave_1: entered promiscuous mode [ 652.911352][T12601] 8021q: adding VLAN 0 to HW filter on device team0 [ 652.928155][T12601] batman_adv: batadv0: Interface activated: team0 [ 652.937506][T12601] batman_adv: batadv0: Interface deactivated: team0 [ 652.947973][T12601] batman_adv: batadv0: Removing interface: team0 [ 652.960541][T12601] bridge0: port 3(team0) entered blocking state [ 652.972245][T12601] bridge0: port 3(team0) entered disabled state [ 652.986673][T12601] team0: entered allmulticast mode [ 652.992003][T12601] team_slave_0: entered allmulticast mode [ 653.003045][T12601] team_slave_1: entered allmulticast mode [ 653.015743][T12601] bridge0: port 3(team0) entered blocking state [ 653.022271][T12601] bridge0: port 3(team0) entered forwarding state [ 653.055043][T12612] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1929'. [ 653.083796][ T8] usb 5-1: new low-speed USB device number 45 using dummy_hcd [ 653.277921][ T8] usb 5-1: string descriptor 0 read error: -22 [ 653.292874][ T8] usb 5-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 653.312525][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.351289][ T8] usb 5-1: config 0 descriptor?? [ 653.428566][T12627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1935'. [ 653.817006][T11978] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 653.989893][ T8] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 654.017805][ T8] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 654.040745][ T8] dib0700: firmware download failed at 7 with -22 [ 654.048097][T11978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.067913][ T8] usb 5-1: USB disconnect, device number 45 [ 654.113780][T11978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 654.163833][ T5135] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 654.302102][T11978] usb 4-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 654.311482][T11978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.334913][T11978] usb 4-1: config 0 descriptor?? [ 654.862365][ T5135] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 655.179310][ T5135] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 655.199734][ T5135] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 655.213560][T11978] pantherlord 0003:0F30:0111.0007: item fetching failed at offset 6/7 [ 655.222173][ T5135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.290723][T11978] pantherlord 0003:0F30:0111.0007: parse failed [ 655.318135][T11978] pantherlord 0003:0F30:0111.0007: probe with driver pantherlord failed with error -22 [ 655.643234][T11978] usb 4-1: USB disconnect, device number 30 [ 656.769176][T12647] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 656.775289][T12647] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 656.800153][T12647] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 656.806234][T12647] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 656.903731][T12647] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 656.909701][T12647] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 657.419696][T12650] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1942'. [ 658.353126][ T5093] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 658.377123][ T5093] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 658.389963][ T5093] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 658.415365][ T5093] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 658.435033][ T5093] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 658.442592][ T5093] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 658.486843][ T5135] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 658.534597][ T5135] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input40 [ 658.542709][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 658.582179][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.592809][ T5135] input: failed to attach handler kbd to device input40, error: -5 [ 658.625929][T12668] FAULT_INJECTION: forcing a failure. [ 658.625929][T12668] name failslab, interval 1, probability 0, space 0, times 0 [ 658.644390][ T5135] usb 1-1: USB disconnect, device number 44 [ 658.652985][T12668] CPU: 0 PID: 12668 Comm: syz.4.1947 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 658.663202][T12668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 658.673353][T12668] Call Trace: [ 658.676674][T12668] [ 658.679648][T12668] dump_stack_lvl+0x241/0x360 [ 658.684395][T12668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 658.689653][T12668] ? __pfx__printk+0x10/0x10 [ 658.694341][T12668] ? __pfx___might_resched+0x10/0x10 [ 658.699766][T12668] should_fail_ex+0x3b0/0x4e0 [ 658.704483][T12668] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 658.710244][T12668] should_failslab+0x9/0x20 [ 658.714767][T12668] __kmalloc_noprof+0xd8/0x400 [ 658.719550][T12668] ? kfree+0x4e/0x360 [ 658.723562][T12668] tomoyo_realpath_from_path+0xcf/0x5e0 [ 658.729252][T12668] tomoyo_path_number_perm+0x23a/0x880 [ 658.734750][T12668] ? tomoyo_path_number_perm+0x208/0x880 [ 658.740581][T12668] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 658.746709][T12668] ? __fget_files+0x29/0x470 [ 658.751404][T12668] ? __fget_files+0x3f6/0x470 [ 658.756099][T12668] ? __fget_files+0x29/0x470 [ 658.760718][T12668] security_file_ioctl+0x75/0xb0 [ 658.765708][T12668] __se_sys_ioctl+0x47/0x170 [ 658.770329][T12668] do_syscall_64+0xf3/0x230 [ 658.774877][T12668] ? clear_bhb_loop+0x35/0x90 [ 658.779581][T12668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.785498][T12668] RIP: 0033:0x7ff243f75bd9 [ 658.789927][T12668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 658.809549][T12668] RSP: 002b:00007ff244dcc048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 658.817983][T12668] RAX: ffffffffffffffda RBX: 00007ff244103f60 RCX: 00007ff243f75bd9 [ 658.825972][T12668] RDX: 00000000200001c0 RSI: 0000000000000001 RDI: 0000000000000003 [ 658.833958][T12668] RBP: 00007ff244dcc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 658.841943][T12668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.849926][T12668] R13: 000000000000000b R14: 00007ff244103f60 R15: 00007ffde4c7dce8 [ 658.857931][T12668] [ 658.905201][T12665] netlink: 'syz.2.1945': attribute type 10 has an invalid length. [ 658.931057][T12668] ERROR: Out of memory at tomoyo_realpath_from_path. [ 658.938303][T12668] program syz.4.1947 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 658.994813][T12665] batman_adv: batadv0: Adding interface: team0 [ 659.001049][T12665] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 659.042600][T12665] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 659.099530][T12667] netlink: 'syz.2.1945': attribute type 10 has an invalid length. [ 659.116043][T12667] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1945'. [ 659.126033][T12667] team0: entered promiscuous mode [ 659.131105][T12667] team_slave_0: entered promiscuous mode [ 659.138223][T12667] team_slave_1: entered promiscuous mode [ 659.150161][T12667] 8021q: adding VLAN 0 to HW filter on device team0 [ 659.157597][T12667] batman_adv: batadv0: Interface activated: team0 [ 659.172462][T12667] batman_adv: batadv0: Interface deactivated: team0 [ 659.180398][T12667] batman_adv: batadv0: Removing interface: team0 [ 659.188961][T12667] bridge0: port 3(team0) entered blocking state [ 659.199765][T12667] bridge0: port 3(team0) entered disabled state [ 659.224506][T12667] team0: entered allmulticast mode [ 659.237503][T12667] team_slave_0: entered allmulticast mode [ 659.243795][T12667] team_slave_1: entered allmulticast mode [ 659.257812][T12667] bridge0: port 3(team0) entered blocking state [ 659.264356][T12667] bridge0: port 3(team0) entered forwarding state [ 659.334039][ T5135] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 659.344807][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 659.362468][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.541711][ T5135] usb 1-1: Using ep0 maxpacket: 8 [ 659.550620][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 659.578739][ T5135] usb 1-1: config 3 has an invalid interface number: 174 but max is 0 [ 659.589373][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.603418][ T5135] usb 1-1: config 3 contains an unexpected descriptor of type 0x1, skipping [ 659.618868][ T5135] usb 1-1: config 3 has no interface number 0 [ 659.627598][ T5135] usb 1-1: config 3 interface 174 altsetting 1 endpoint 0xD has invalid maxpacket 61581, setting to 64 [ 659.661799][ T5135] usb 1-1: config 3 interface 174 altsetting 1 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 659.679109][T11978] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 659.693395][ T5135] usb 1-1: config 3 interface 174 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 659.738079][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 659.754291][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 659.763151][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 659.780416][ T5135] usb 1-1: config 3 interface 174 altsetting 1 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 659.824429][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 659.873797][ T35] team0: Port device netdevsim0 removed [ 659.905134][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x8, skipping [ 659.906872][T11978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 659.920080][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 659.946262][T11978] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 659.947393][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xD, skipping [ 659.959621][T11978] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 659.973872][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 660.001683][ T5135] usb 1-1: config 3 interface 174 altsetting 1 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 660.010385][T11978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.041331][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 660.048267][T11978] usb 5-1: config 0 descriptor?? [ 660.058563][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xA, skipping [ 660.088260][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 660.137907][ T5135] usb 1-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xF, skipping [ 660.182223][ T5135] usb 1-1: config 3 interface 174 has no altsetting 0 [ 660.221536][ T5135] usb 1-1: New USB device found, idVendor=04cb, idProduct=0131, bcdDevice=68.a0 [ 660.263414][ T5135] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.279523][ T5135] usb 1-1: Product: 쮵共㶣Ẉ琳頪죧힥艀涁辤ꖸ枲鵁뎈胐㺾⋛㑟蚵㉟Rꆞ蟵筩慦彉翥菥쳨穞꒩ᵐറ펊礷맖໑覮瓣娚韂㕪榪㹼듓䘛퉹氼๸듊ᒮ镺쯼窧竹⵾눹㫬㗙尠䍕⚉칰攆贱ꍈ汵줞頾ᦸ졹ᖑ㋞ᲀ꽥腜璿箠蜩僂8줾澁㣛쾔꜐↌ᙓ攖ﯡ뷾齠铷⧉⊿亐흜쭡ऎ廕ᄏ⒖뢶평왼瑕溗璐撜齏砾 [ 660.345510][T12689] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1953'. [ 660.437217][ T5135] usb 1-1: Manufacturer: 밲惑궿䇥㲞퇷슭㪡㖄鐞옹眞 [ 660.479654][ T5135] usb 1-1: SerialNumber: ꍛ☧꾀憵⢆䥘Ὦ媧⩁⁂퀘ꓜ飬ⶫ鎙ᅼ滳錭暝ⳤ숏묍ᴱ掺쨱桁㧶マ贩뱨Ơ౑ᘌ흡㛇艛߈ܰ瘟게놧⌎䝱혎禛㟽쒅쟋孩䞀뢞漩ᄀ䞆樎듺㻧啂鱤ॡ蒂ⱇ钋崐ᮯ푿鞣뵐糆议뤣狰靥 [ 660.518785][ T5093] Bluetooth: hci0: command tx timeout [ 660.617285][T11978] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 660.651527][T11978] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 660.718711][T11978] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 660.833941][T11978] usb 5-1: USB disconnect, device number 46 [ 660.968385][ T35] team0: left allmulticast mode [ 661.040749][ T35] team_slave_0: left allmulticast mode [ 661.198755][ T35] team_slave_1: left allmulticast mode [ 661.261285][T12670] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 661.283167][ T35] geneve1: left allmulticast mode [ 661.354152][ T35] bridge0: port 3(team0) entered disabled state [ 661.374885][ T35] bridge_slave_1: left allmulticast mode [ 661.380605][ T35] bridge_slave_1: left promiscuous mode [ 661.434504][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.470885][ T35] bridge_slave_0: left allmulticast mode [ 661.504374][ T35] bridge_slave_0: left promiscuous mode [ 661.510227][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.543760][ T5135] gspca_main: finepix-2.14.0 probing 04cb:0131 [ 661.609400][ T5135] usb 1-1: USB disconnect, device number 45 [ 661.999457][T12699] Bluetooth: MGMT ver 1.22 [ 662.473807][ T5135] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 662.544053][ T5210] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 662.593757][ T5093] Bluetooth: hci0: command tx timeout [ 662.766229][ T5210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 662.850872][ T35] geneve1 (unregistering): left promiscuous mode [ 663.292056][ T5135] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 663.515145][T12708] delete_channel: no stack [ 663.545998][ T5210] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 663.553206][ T35] team0: Port device geneve1 removed [ 663.567257][ T5135] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 663.567555][ T5210] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 663.583897][ T5135] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 663.595922][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.627678][ T5210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.646340][ T5210] usb 5-1: config 0 descriptor?? [ 664.096877][ T5210] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 664.127869][ T5210] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 664.151005][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 664.151337][ T5210] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 664.194517][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 664.240700][ T35] bond0 (unregistering): Released all slaves [ 664.388802][T12660] chnl_net:caif_netlink_parms(): no params data found [ 664.655439][ T5093] Bluetooth: hci0: command tx timeout [ 664.721541][T12714] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 665.006050][T12727] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1963'. [ 665.131368][ T35] hsr_slave_0: left promiscuous mode [ 665.153544][ T35] hsr_slave_1: left promiscuous mode [ 665.170971][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 665.194024][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 665.298383][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 665.306126][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 665.391561][T12728] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 665.407657][ T35] veth1_macvtap: left promiscuous mode [ 665.414122][ T35] veth0_macvtap: left promiscuous mode [ 665.421911][ T35] veth1_vlan: left promiscuous mode [ 665.433589][ T35] veth0_vlan: left promiscuous mode [ 665.684993][ T5210] usb 5-1: reset high-speed USB device number 47 using dummy_hcd [ 665.855042][ T5210] usb 5-1: device descriptor read/64, error -32 [ 665.974269][ T5137] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 666.204030][ T5210] usb 5-1: reset high-speed USB device number 47 using dummy_hcd [ 666.326184][ T5137] usb 3-1: Using ep0 maxpacket: 8 [ 666.362167][ T5137] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 666.382065][ T5137] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 666.395816][ T5137] usb 3-1: Product: syz [ 666.404065][ T5137] usb 3-1: Manufacturer: syz [ 666.411588][ T5137] usb 3-1: SerialNumber: syz [ 666.441435][ T5137] usb 3-1: config 0 descriptor?? [ 666.461172][ T5137] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 666.535024][ T5135] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 666.556335][ T5135] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input41 [ 666.595043][ T5135] input: failed to attach handler kbd to device input41, error: -5 [ 666.647641][ T5135] usb 4-1: USB disconnect, device number 31 [ 666.691765][ T35] pimreg (unregistering): left allmulticast mode [ 666.734399][ T5093] Bluetooth: hci0: command tx timeout [ 666.763959][ T25] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 666.965088][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 666.996819][ T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 667.036407][ T25] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 667.088222][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.103779][ T5137] gspca_zc3xx: reg_w_i err -71 [ 667.108840][ T5137] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 667.141858][T11978] usb 5-1: USB disconnect, device number 47 [ 667.177662][ T25] usb 1-1: config 0 descriptor?? [ 667.184773][ T5137] usb 3-1: USB disconnect, device number 23 [ 667.729387][T12748] netlink: 'syz.4.1968': attribute type 3 has an invalid length. [ 667.808220][ T25] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 667.837124][ T25] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 667.884534][ T25] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 668.019778][ T25] usb 1-1: USB disconnect, device number 46 [ 668.041984][ T35] team_slave_1 (unregistering): left promiscuous mode [ 668.066384][ T35] team0 (unregistering): Port device team_slave_1 removed [ 668.163975][ T35] team_slave_0 (unregistering): left promiscuous mode [ 668.172593][ T35] team0 (unregistering): Port device team_slave_0 removed [ 668.533906][T12757] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1970'. [ 668.981463][T12660] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.997208][T12660] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.011291][T12660] bridge_slave_0: entered allmulticast mode [ 669.023490][T12660] bridge_slave_0: entered promiscuous mode [ 669.046662][T12660] bridge0: port 2(bridge_slave_1) entered blocking state [ 669.060678][T12660] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.070764][T12660] bridge_slave_1: entered allmulticast mode [ 669.086259][T12660] bridge_slave_1: entered promiscuous mode [ 669.101153][T12741] netlink: 'syz.3.1966': attribute type 10 has an invalid length. [ 669.115151][ T5210] usb 5-1: new full-speed USB device number 48 using dummy_hcd [ 669.137606][T12741] bridge0: port 3(team0) entered disabled state [ 669.156393][T12741] team0: left allmulticast mode [ 669.161320][T12741] team_slave_0: left allmulticast mode [ 669.176359][T12741] team_slave_1: left allmulticast mode [ 669.183922][T12741] team0: left promiscuous mode [ 669.188823][T12741] team_slave_0: left promiscuous mode [ 669.212273][T12741] team_slave_1: left promiscuous mode [ 669.294773][T12741] bridge0: port 3(team0) entered disabled state [ 669.361817][ T5210] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 669.430991][T12741] batman_adv: batadv0: Adding interface: team0 [ 669.445654][ T5210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.489846][T12741] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.581796][ T5210] usb 5-1: config 0 descriptor?? [ 669.688272][T12741] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 669.767754][T12747] netlink: 'syz.3.1966': attribute type 10 has an invalid length. [ 669.784139][T12747] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1966'. [ 669.793486][T12747] team0: entered promiscuous mode [ 669.809734][T12747] team_slave_0: entered promiscuous mode [ 669.821576][T12747] team_slave_1: entered promiscuous mode [ 669.836854][T12747] 8021q: adding VLAN 0 to HW filter on device team0 [ 669.856622][T12747] batman_adv: batadv0: Interface activated: team0 [ 669.863162][T12747] batman_adv: batadv0: Interface deactivated: team0 [ 669.870582][T12747] batman_adv: batadv0: Removing interface: team0 [ 669.879537][T12747] bridge0: port 3(team0) entered blocking state [ 669.886161][T12747] bridge0: port 3(team0) entered disabled state [ 669.892719][T12747] team0: entered allmulticast mode [ 669.898898][T12747] team_slave_0: entered allmulticast mode [ 669.905135][T12747] team_slave_1: entered allmulticast mode [ 669.913078][T12747] bridge0: port 3(team0) entered blocking state [ 669.919571][T12747] bridge0: port 3(team0) entered forwarding state [ 670.001136][T12660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 670.042093][T12660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 670.070761][T12766] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 670.078552][T12766] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 670.270364][ T5210] pegasus 5-1:0.0: probe with driver pegasus failed with error -32 [ 670.762432][ T25] usb 5-1: USB disconnect, device number 48 [ 671.255127][T12660] team0: Port device team_slave_0 added [ 671.276744][T12660] team0: Port device team_slave_1 added [ 671.434353][T12660] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 671.452801][T12660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 671.479302][T12660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 671.496857][T12660] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 671.504310][T12660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 671.532426][T12660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 671.683927][ T5135] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 671.690479][T12660] hsr_slave_0: entered promiscuous mode [ 671.701376][T12660] hsr_slave_1: entered promiscuous mode [ 671.712276][T12660] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 671.721017][ T25] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 671.736105][T12660] Cannot create hsr debugfs directory [ 671.942649][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 671.960171][ T25] usb 5-1: config 3 has an invalid interface number: 174 but max is 0 [ 671.968688][ T25] usb 5-1: config 3 contains an unexpected descriptor of type 0x1, skipping [ 671.978169][ T25] usb 5-1: config 3 has no interface number 0 [ 671.992174][ T25] usb 5-1: config 3 interface 174 altsetting 1 endpoint 0xD has invalid maxpacket 61581, setting to 64 [ 672.032945][ T5135] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 672.047940][ T5135] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 672.214990][ T5135] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 672.403262][ T5135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.826177][ T25] usb 5-1: config 3 interface 174 altsetting 1 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 672.845096][ T25] usb 5-1: config 3 interface 174 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 672.856422][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 672.881794][ T25] usb 5-1: config 3 interface 174 altsetting 1 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 672.906622][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 672.928260][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x8, skipping [ 672.965653][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xD, skipping [ 673.012111][ T25] usb 5-1: config 3 interface 174 altsetting 1 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 673.042660][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 673.061496][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xA, skipping [ 673.098978][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 673.134568][ T25] usb 5-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xF, skipping [ 673.154203][ T25] usb 5-1: config 3 interface 174 has no altsetting 0 [ 673.167203][ T25] usb 5-1: New USB device found, idVendor=04cb, idProduct=0131, bcdDevice=68.a0 [ 673.189016][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.197751][ T25] usb 5-1: Product: 쮵共㶣Ẉ琳頪죧힥艀涁辤ꖸ枲鵁뎈胐㺾⋛㑟蚵㉟Rꆞ蟵筩慦彉翥菥쳨穞꒩ᵐറ펊礷맖໑覮瓣娚韂㕪榪㹼듓䘛퉹氼๸듊ᒮ镺쯼窧竹⵾눹㫬㗙尠䍕⚉칰攆贱ꍈ汵줞頾ᦸ졹ᖑ㋞ᲀ꽥腜璿箠蜩僂8줾澁㣛쾔꜐↌ᙓ攖ﯡ뷾齠铷⧉⊿亐흜쭡ऎ廕ᄏ⒖뢶평왼瑕溗璐撜齏砾 [ 673.233812][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.236426][T12660] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 673.249600][ T5134] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 673.252169][ T25] usb 5-1: Manufacturer: 밲惑궿䇥㲞퇷슭㪡㖄鐞옹眞 [ 673.266140][ T25] usb 5-1: SerialNumber: ꍛ☧꾀憵⢆䥘Ὦ媧⩁⁂퀘ꓜ飬ⶫ鎙ᅼ滳錭暝ⳤ숏묍ᴱ掺쨱桁㧶マ贩뱨Ơ౑ᘌ흡㛇艛߈ܰ瘟게놧⌎䝱혎禛㟽쒅쟋孩䞀뢞漩ᄀ䞆樎듺㻧啂鱤ॡ蒂ⱇ钋崐ᮯ푿鞣뵐糆议뤣狰靥 [ 673.292144][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.312877][T12660] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 673.318294][T12778] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 673.341658][T12660] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 673.384556][T12660] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 673.456020][ T5134] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 673.481088][ T5134] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 673.510119][ T5134] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 673.534081][ T5134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.565869][ T5134] usb 4-1: config 0 descriptor?? [ 673.651435][T12660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 673.787064][T12660] 8021q: adding VLAN 0 to HW filter on device team0 [ 673.861928][ T25] gspca_main: finepix-2.14.0 probing 04cb:0131 [ 673.877741][ T25] usb 5-1: USB disconnect, device number 49 [ 673.885597][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.893390][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 674.637001][ T5134] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 674.651835][ T5135] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 674.660228][ T5134] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 674.670876][ T5135] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input42 [ 674.697631][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.704938][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 674.716700][ T5134] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 674.744029][ T5135] input: failed to attach handler kbd to device input42, error: -5 [ 674.754138][ T5134] usb 4-1: USB disconnect, device number 32 [ 674.794215][ T5135] usb 1-1: USB disconnect, device number 47 [ 674.813185][T12660] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 674.844624][T12660] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 676.177671][T12823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1989'. [ 676.242643][T12823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1989'. [ 676.404318][ T5135] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 676.457986][T12835] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 676.626233][ T5135] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 676.639339][T12660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 676.661464][ T5135] usb 3-1: config 0 has no interfaces? [ 676.684896][ T5135] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 676.718705][ T5135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.807994][ T5135] usb 3-1: config 0 descriptor?? [ 676.859877][T12660] veth0_vlan: entered promiscuous mode [ 676.921368][T12660] veth1_vlan: entered promiscuous mode [ 677.029866][ T5135] usb 3-1: USB disconnect, device number 24 [ 677.079714][T12660] veth0_macvtap: entered promiscuous mode [ 677.288317][T12660] veth1_macvtap: entered promiscuous mode [ 677.992685][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.034964][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.046503][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.063799][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.074809][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.093827][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.113734][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.137321][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.179746][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.217070][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.244887][T12660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 678.272154][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.413738][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.452866][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.502397][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.540618][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.614604][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.625812][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.643814][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.657273][T12660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.668519][T12660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.681100][T12660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 678.723529][T12660] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.763123][T12660] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.783771][ T5134] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 678.803001][T12660] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.834054][T12660] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.920011][T12855] batadv0: entered promiscuous mode [ 679.011568][ T5134] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 679.074748][ T5134] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 679.122876][ T5134] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 679.158444][ T5134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.177778][ T5378] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.200810][ T5134] usb 4-1: config 0 descriptor?? [ 679.210058][ T5378] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.344208][ T5378] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.363940][ T5378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.506215][ T25] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 679.658030][ T5134] usbhid 4-1:0.0: can't add hid device: -71 [ 679.683932][ T5134] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 679.738996][ T25] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 679.750933][ T5134] usb 4-1: USB disconnect, device number 33 [ 679.780928][ T25] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 679.823633][ T25] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 679.858643][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.072391][T12873] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 681.537061][ T5142] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 682.334813][T12886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2006'. [ 682.370903][ T5142] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 682.381318][ T5142] usb 3-1: config 0 has no interfaces? [ 682.387872][ T5142] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 682.403722][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.435602][ T5142] usb 3-1: config 0 descriptor?? [ 682.454303][T12886] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2006'. [ 682.785883][ T5142] usb 3-1: USB disconnect, device number 25 [ 682.989695][T12894] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2009'. [ 683.024003][T12894] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2009'. [ 683.054480][ T5167] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 683.463861][ T25] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 683.473085][ T25] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input43 [ 683.515844][ T5167] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 683.527195][ T25] input: failed to attach handler kbd to device input43, error: -5 [ 683.543716][ T5167] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 683.553599][ T5167] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 683.566587][ T5167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.577369][ T5167] usb 2-1: config 0 descriptor?? [ 683.591074][ T25] usb 1-1: USB disconnect, device number 48 [ 684.040302][ T5167] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 684.069707][ T5167] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 684.137974][ T5167] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.000C/input/input44 [ 684.988534][ T5167] cm6533_jd 0003:0D8C:0022.000C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 685.004575][ T5167] usb 2-1: USB disconnect, device number 44 [ 685.336144][T12921] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2016'. [ 685.693857][ T8] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 685.823978][ T5142] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 685.913809][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 685.938117][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 685.952262][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 685.997000][ T8] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 686.020848][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.033775][ T5142] usb 2-1: Using ep0 maxpacket: 8 [ 686.049680][ T8] usb 4-1: config 0 descriptor?? [ 686.068642][ T8] hub 4-1:0.0: USB hub found [ 686.076746][ T5142] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 686.098857][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.105313][ T5142] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 686.125828][ T5142] usb 2-1: Product: syz [ 686.125895][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.130047][ T5142] usb 2-1: Manufacturer: syz [ 686.144369][ T5142] usb 2-1: SerialNumber: syz [ 686.153114][ T5142] usb 2-1: config 0 descriptor?? [ 686.164678][ T5142] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 686.710144][ T5091] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 686.723730][ T5091] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 686.733323][ T5091] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 686.752634][ T5091] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 686.762997][ T5091] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 686.770798][ T5091] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 686.822291][ T5093] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 686.834507][ T5093] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 686.842177][ T5093] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 686.851417][ T5093] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 686.867665][ T5093] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 686.876191][ T5093] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 687.383562][ T5142] input: gspca_zc3xx as /devices/platform/dummy_hcd.1/usb2/2-1/input/input45 [ 687.636982][ T5167] usb 2-1: USB disconnect, device number 45 [ 688.042860][T12931] chnl_net:caif_netlink_parms(): no params data found [ 688.344095][ T8] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 688.363581][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 688.374573][ T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 688.425025][ T8] usb 4-1: USB disconnect, device number 34 [ 688.613302][T12931] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.675004][T12931] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.682344][T12931] bridge_slave_0: entered allmulticast mode [ 688.695773][T12931] bridge_slave_0: entered promiscuous mode [ 688.711751][T12931] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.719189][T12931] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.735151][T12931] bridge_slave_1: entered allmulticast mode [ 688.751957][T12931] bridge_slave_1: entered promiscuous mode [ 688.900490][T12931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.961461][T12931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.973933][ T5091] Bluetooth: hci6: command tx timeout [ 689.502015][T12931] team0: Port device team_slave_0 added [ 689.556292][T12931] team0: Port device team_slave_1 added [ 689.824366][T12971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2030'. [ 689.974745][T12974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2030'. [ 690.015502][T12931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 690.059623][T12931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.169729][T12931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 690.256905][T12931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 690.271712][T12931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.354125][T12931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.416101][T12977] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 690.965000][ T25] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 691.035051][T12931] hsr_slave_0: entered promiscuous mode [ 691.053845][ T5091] Bluetooth: hci6: command tx timeout [ 691.062105][T12931] hsr_slave_1: entered promiscuous mode [ 691.088402][T12931] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 691.107267][T12931] Cannot create hsr debugfs directory [ 691.120305][T12997] netlink: 'syz.1.2035': attribute type 10 has an invalid length. [ 691.167740][T12997] batman_adv: batadv0: Adding interface: team0 [ 691.183769][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 691.191868][T12997] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 691.231579][ T25] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 691.252482][ T25] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 691.265167][T12997] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 691.287627][ T25] usb 4-1: Product: syz [ 691.292092][ T25] usb 4-1: Manufacturer: syz [ 691.308296][ T25] usb 4-1: SerialNumber: syz [ 691.325193][ T25] usb 4-1: config 0 descriptor?? [ 691.343282][T12998] netlink: 'syz.1.2035': attribute type 10 has an invalid length. [ 691.354131][ T25] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 691.373125][T12998] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2035'. [ 691.393101][T12998] team0: entered promiscuous mode [ 691.398901][T12998] team_slave_0: entered promiscuous mode [ 691.419800][T12998] team_slave_1: entered promiscuous mode [ 691.445029][T12998] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.452271][T12998] batman_adv: batadv0: Interface activated: team0 [ 691.482755][T12998] batman_adv: batadv0: Interface deactivated: team0 [ 691.492773][T12998] batman_adv: batadv0: Removing interface: team0 [ 691.504381][T12998] bridge0: port 3(team0) entered blocking state [ 691.533033][T12998] bridge0: port 3(team0) entered disabled state [ 691.540804][T12998] team0: entered allmulticast mode [ 691.560678][T12998] team_slave_0: entered allmulticast mode [ 691.567466][T12998] team_slave_1: entered allmulticast mode [ 691.597889][T12998] bridge0: port 3(team0) entered blocking state [ 691.604743][T12998] bridge0: port 3(team0) entered forwarding state [ 691.832122][ T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.972314][ T25] gspca_zc3xx: reg_w_i err -71 [ 691.984755][ T25] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 692.022475][ T25] usb 4-1: USB disconnect, device number 35 [ 692.068948][T13016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2042'. [ 692.114789][T13019] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2042'. [ 692.157344][ T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.361250][ T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.783502][ T8] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 693.071929][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 693.093884][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode [ 693.112531][ T51] team0: Port device netdevsim0 removed [ 693.131931][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.147520][ T5091] Bluetooth: hci6: command tx timeout [ 693.206723][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 693.220248][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 693.241356][ T8] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 693.449703][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 693.574290][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 693.608425][ T8] usb 2-1: SerialNumber: syz [ 693.663840][ T8] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 693.716609][ T8] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 693.723139][ T8] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 693.834708][ T51] team0: left allmulticast mode [ 693.849988][ T51] team_slave_0: left allmulticast mode [ 693.873868][ T51] team_slave_1: left allmulticast mode [ 693.894174][ T51] bridge0: port 3(team0) entered disabled state [ 693.928560][ T51] bridge_slave_1: left allmulticast mode [ 693.937604][ T51] bridge_slave_1: left promiscuous mode [ 693.943474][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.968995][ T51] bridge_slave_0: left allmulticast mode [ 693.981058][ T51] bridge_slave_0: left promiscuous mode [ 693.991597][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.164215][ T51] dvmrp0 (unregistering): left allmulticast mode [ 695.209861][T13025] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 695.218931][ T5091] Bluetooth: hci6: command tx timeout [ 695.386574][ T25] usb 2-1: USB disconnect, device number 46 [ 695.427678][T13067] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2054'. [ 695.494845][T13063] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2054'. [ 697.172001][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.192509][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.226841][ T51] bond0 (unregistering): Released all slaves [ 697.459883][T13073] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 697.466101][T13073] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 698.257269][T13088] netlink: 'syz.0.2061': attribute type 10 has an invalid length. [ 698.306280][T13088] bridge0: port 3(team0) entered disabled state [ 698.330660][T13088] team0: left allmulticast mode [ 698.338073][T13088] team_slave_0: left allmulticast mode [ 698.346985][T13088] team_slave_1: left allmulticast mode [ 698.352849][T13088] team0: left promiscuous mode [ 698.360757][T13088] team_slave_0: left promiscuous mode [ 698.385361][T13088] team_slave_1: left promiscuous mode [ 698.395431][T13088] bridge0: port 3(team0) entered disabled state [ 698.418675][T13088] batman_adv: batadv0: Adding interface: team0 [ 698.432417][T13088] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.491472][T13088] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 698.571465][T13091] netlink: 'syz.0.2061': attribute type 10 has an invalid length. [ 698.618220][T13091] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2061'. [ 698.636765][T13091] team0: entered promiscuous mode [ 698.641988][T13091] team_slave_0: entered promiscuous mode [ 698.656545][T13091] team_slave_1: entered promiscuous mode [ 698.703811][T13091] 8021q: adding VLAN 0 to HW filter on device team0 [ 698.727410][T13091] batman_adv: batadv0: Interface activated: team0 [ 698.741745][T13091] batman_adv: batadv0: Interface deactivated: team0 [ 698.762348][T13091] batman_adv: batadv0: Removing interface: team0 [ 698.782775][T13091] bridge0: port 3(team0) entered blocking state [ 698.795822][T13091] bridge0: port 3(team0) entered disabled state [ 698.818927][T13091] team0: entered allmulticast mode [ 698.837166][T13091] team_slave_0: entered allmulticast mode [ 698.843184][T13091] team_slave_1: entered allmulticast mode [ 698.870883][T13091] bridge0: port 3(team0) entered blocking state [ 698.877424][T13091] bridge0: port 3(team0) entered forwarding state [ 698.959139][T13094] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 699.267192][ T51] hsr_slave_0: left promiscuous mode [ 699.316588][ T51] hsr_slave_1: left promiscuous mode [ 699.341412][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.362391][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.406673][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.416877][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.519736][ T51] veth1_macvtap: left promiscuous mode [ 699.526126][ T51] veth0_macvtap: left promiscuous mode [ 699.532336][ T51] veth1_vlan: left promiscuous mode [ 699.546680][ T51] veth0_vlan: left promiscuous mode [ 699.621852][T13118] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2069'. [ 699.773786][ T5137] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 699.984136][ T5137] usb 4-1: Using ep0 maxpacket: 16 [ 700.018970][ T5137] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 700.031547][ T5137] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 700.065712][ T5137] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 700.086094][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.097841][ T5137] usb 4-1: config 0 descriptor?? [ 700.526310][ T29] audit: type=1326 audit(3867513907.549:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.596059][ T29] audit: type=1326 audit(3867513907.549:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.617959][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.687666][ T29] audit: type=1326 audit(3867513907.579:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.708830][ T5167] libceph: connect (1)[c::]:6789 error -101 [ 700.717906][ T5167] libceph: mon0 (1)[c::]:6789 connect error [ 700.738585][ T29] audit: type=1326 audit(3867513907.579:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.751259][T13115] ceph: No mds server is up or the cluster is laggy [ 700.764690][ T5167] libceph: connect (1)[c::]:6789 error -101 [ 700.794342][ T5167] libceph: mon0 (1)[c::]:6789 connect error [ 700.803335][ T29] audit: type=1326 audit(3867513907.579:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.826862][ T29] audit: type=1326 audit(3867513907.579:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.849189][ T29] audit: type=1326 audit(3867513907.579:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.872867][ T29] audit: type=1326 audit(3867513907.579:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.896479][ T29] audit: type=1326 audit(3867513907.579:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 700.920209][ T29] audit: type=1326 audit(3867513907.579:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13113 comm="syz.3.2068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 701.071369][ T5210] libceph: connect (1)[c::]:6789 error -101 [ 701.077694][ T5210] libceph: mon0 (1)[c::]:6789 connect error [ 701.181900][ T51] team_slave_1 (unregistering): left promiscuous mode [ 701.200165][ T51] team0 (unregistering): Port device team_slave_1 removed [ 701.283437][ T51] team_slave_0 (unregistering): left promiscuous mode [ 701.321497][ T51] team0 (unregistering): Port device team_slave_0 removed [ 701.704603][ T5137] usbhid 4-1:0.0: can't add hid device: -71 [ 701.716398][ T5137] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 701.741098][ T5137] usb 4-1: USB disconnect, device number 36 [ 701.959893][T13135] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 702.212684][T13119] pimreg: entered allmulticast mode [ 702.219900][T13120] pimreg: left allmulticast mode [ 702.274480][ T5142] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 702.314013][T13139] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 702.387396][T13144] netlink: 'syz.0.2076': attribute type 10 has an invalid length. [ 702.436784][T13144] bridge0: port 3(team0) entered disabled state [ 702.471894][T13144] team0: left allmulticast mode [ 702.481343][ T5142] usb 2-1: Using ep0 maxpacket: 8 [ 702.488054][T13144] team_slave_0: left allmulticast mode [ 702.506733][ T5142] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 702.513724][T13144] team_slave_1: left allmulticast mode [ 702.521705][T13144] team0: left promiscuous mode [ 702.532222][ T5142] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 702.540680][T13144] team_slave_0: left promiscuous mode [ 702.540997][T13144] team_slave_1: left promiscuous mode [ 702.553289][T13144] bridge0: port 3(team0) entered disabled state [ 702.562813][ T5142] usb 2-1: Product: syz [ 702.572332][ T5142] usb 2-1: Manufacturer: syz [ 702.588871][ T5142] usb 2-1: SerialNumber: syz [ 702.606336][T13144] batman_adv: batadv0: Adding interface: team0 [ 702.606786][ T5142] usb 2-1: config 0 descriptor?? [ 702.612567][T13144] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.612605][T13144] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 702.698285][T13145] netlink: 'syz.0.2076': attribute type 10 has an invalid length. [ 702.714089][ T5142] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 702.741371][T13145] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2076'. [ 702.764861][T13145] team0: entered promiscuous mode [ 702.771206][T13145] team_slave_0: entered promiscuous mode [ 702.781541][T13145] team_slave_1: entered promiscuous mode [ 702.816679][T13145] 8021q: adding VLAN 0 to HW filter on device team0 [ 702.858634][T13160] ebt_limit: overflow, try lower: 12058624/0 [ 702.862903][T13145] batman_adv: batadv0: Interface activated: team0 [ 702.888468][T13145] batman_adv: batadv0: Interface deactivated: team0 [ 702.909152][T13145] batman_adv: batadv0: Removing interface: team0 [ 702.934315][T13145] bridge0: port 3(team0) entered blocking state [ 702.955853][T13145] bridge0: port 3(team0) entered disabled state [ 702.963115][T13145] team0: entered allmulticast mode [ 702.982510][T13145] team_slave_0: entered allmulticast mode [ 702.992038][T13145] team_slave_1: entered allmulticast mode [ 703.019456][T13145] bridge0: port 3(team0) entered blocking state [ 703.026224][T13145] bridge0: port 3(team0) entered forwarding state [ 703.100732][T12931] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 703.344902][ T5142] gspca_zc3xx: reg_w_i err -71 [ 703.369118][ T5142] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 703.397934][ T5142] usb 2-1: USB disconnect, device number 47 [ 703.405191][T12931] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 703.431649][T12931] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 703.471097][T12931] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 703.670520][T13167] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2082'. [ 704.305220][T12931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.404511][T12931] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.421943][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.429187][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.516784][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 704.524028][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 704.652283][T13176] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2086'. [ 704.684966][T13176] pimreg: entered allmulticast mode [ 704.695661][T13176] pimreg: left allmulticast mode [ 704.908186][T13181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2087'. [ 704.932833][T13183] xt_TCPMSS: Only works on TCP SYN packets [ 704.947001][T13181] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2087'. [ 705.118354][T13194] binder: BINDER_SET_CONTEXT_MGR already set [ 705.127106][T13194] binder: 13189:13194 ioctl 4018620d 20000100 returned -16 [ 705.253023][T12931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 705.296440][T13201] netlink: 'syz.3.2092': attribute type 10 has an invalid length. [ 705.315575][T13202] hub 6-0:1.0: USB hub found [ 705.329120][T13202] hub 6-0:1.0: 1 port detected [ 705.329482][T13201] bridge0: port 3(team0) entered disabled state [ 705.412846][T13201] team0: left allmulticast mode [ 705.422569][T13201] team_slave_0: left allmulticast mode [ 705.435195][T13201] team_slave_1: left allmulticast mode [ 705.454871][T13201] team0: left promiscuous mode [ 705.470988][T13201] team_slave_0: left promiscuous mode [ 705.483021][T13201] team_slave_1: left promiscuous mode [ 705.493550][T13201] bridge0: port 3(team0) entered disabled state [ 705.526606][T13201] batman_adv: batadv0: Adding interface: team0 [ 705.557270][T13201] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 705.584512][T13201] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 705.631947][T13205] netlink: 'syz.3.2092': attribute type 10 has an invalid length. [ 705.640177][T13205] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2092'. [ 705.666941][T13205] team0: entered promiscuous mode [ 705.685696][T13205] team_slave_0: entered promiscuous mode [ 705.691884][T13205] team_slave_1: entered promiscuous mode [ 705.710127][T13205] 8021q: adding VLAN 0 to HW filter on device team0 [ 705.735559][T13205] batman_adv: batadv0: Interface activated: team0 [ 705.753849][T13205] batman_adv: batadv0: Interface deactivated: team0 [ 705.776294][T13205] batman_adv: batadv0: Removing interface: team0 [ 705.800013][T13205] bridge0: port 3(team0) entered blocking state [ 705.844124][T13205] bridge0: port 3(team0) entered disabled state [ 705.861847][T13205] team0: entered allmulticast mode [ 705.875609][T13205] team_slave_0: entered allmulticast mode [ 705.889552][T13205] team_slave_1: entered allmulticast mode [ 705.902258][T13205] bridge0: port 3(team0) entered blocking state [ 705.908716][T13205] bridge0: port 3(team0) entered forwarding state [ 705.950268][T13215] ebt_limit: overflow, try lower: 12058624/0 [ 707.420771][T12931] veth0_vlan: entered promiscuous mode [ 707.492405][T12931] veth1_vlan: entered promiscuous mode [ 707.495185][T13237] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2099'. [ 707.570101][T13239] pimreg: entered allmulticast mode [ 707.620278][T13237] pimreg: left allmulticast mode [ 707.744219][T12931] veth0_macvtap: entered promiscuous mode [ 707.787716][T12931] veth1_macvtap: entered promiscuous mode [ 707.866771][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.892111][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.911743][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.929654][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.960568][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.982310][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.992948][T13247] xt_TCPMSS: Only works on TCP SYN packets [ 708.011770][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.043826][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.088367][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.099924][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.113079][T12931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 708.138743][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.152093][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.162099][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.173775][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.183869][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.194739][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.211889][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.227999][T13255] binder: BINDER_SET_CONTEXT_MGR already set [ 708.234382][T13255] binder: 13251:13255 ioctl 4018620d 20000100 returned -16 [ 708.241684][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.253899][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.277900][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 708.277922][ T29] audit: type=1326 audit(3867513915.299:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.307154][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.342664][T12931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 708.362737][ T29] audit: type=1326 audit(3867513915.339:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.384983][T12931] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.385031][T12931] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.385066][T12931] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.385100][T12931] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.423251][T13255] hub 6-0:1.0: USB hub found [ 708.437574][T13255] hub 6-0:1.0: 1 port detected [ 708.440317][ T29] audit: type=1326 audit(3867513915.339:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc82974610 code=0x7ffc0000 [ 708.482947][ T29] audit: type=1326 audit(3867513915.339:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.504934][ C0] vkms_vblank_simulate: vblank timer overrun [ 708.622127][ T29] audit: type=1326 audit(3867513915.339:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.665332][ T29] audit: type=1326 audit(3867513915.339:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.700958][ T3824] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.731892][ T3824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.740655][ T29] audit: type=1326 audit(3867513915.349:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.789491][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.799109][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.834539][ T29] audit: type=1326 audit(3867513915.349:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.856141][ C0] vkms_vblank_simulate: vblank timer overrun [ 708.921673][ T29] audit: type=1326 audit(3867513915.359:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 708.962721][ T29] audit: type=1326 audit(3867513915.359:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc82975bd9 code=0x7ffc0000 [ 709.065728][T13267] netlink: 'syz.2.2109': attribute type 10 has an invalid length. [ 709.110853][T13267] bridge0: port 3(team0) entered disabled state [ 709.133320][T13267] team0: left allmulticast mode [ 709.151052][T13270] ebt_limit: overflow, try lower: 12058624/0 [ 709.169556][T13267] team_slave_0: left allmulticast mode [ 709.182273][T13267] team_slave_1: left allmulticast mode [ 709.188778][T13267] team0: left promiscuous mode [ 709.193897][T13267] team_slave_0: left promiscuous mode [ 709.208394][T13267] team_slave_1: left promiscuous mode [ 709.217964][T13267] bridge0: port 3(team0) entered disabled state [ 709.242347][T13267] batman_adv: batadv0: Adding interface: team0 [ 709.256233][T13267] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 709.287472][T13267] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 709.315122][T13271] netlink: 'syz.2.2109': attribute type 10 has an invalid length. [ 709.324277][T13271] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2109'. [ 709.350715][T13271] team0: entered promiscuous mode [ 709.363112][T13271] team_slave_0: entered promiscuous mode [ 709.410873][T13271] team_slave_1: entered promiscuous mode [ 709.456641][T13271] 8021q: adding VLAN 0 to HW filter on device team0 [ 709.480990][T13271] batman_adv: batadv0: Interface activated: team0 [ 709.489781][T13271] batman_adv: batadv0: Interface deactivated: team0 [ 709.497061][T13271] batman_adv: batadv0: Removing interface: team0 [ 709.507496][T13271] bridge0: port 3(team0) entered blocking state [ 709.514645][T13271] bridge0: port 3(team0) entered disabled state [ 709.521379][T13271] team0: entered allmulticast mode [ 709.527342][T13271] team_slave_0: entered allmulticast mode [ 709.538824][T13271] team_slave_1: entered allmulticast mode [ 709.552252][T13271] bridge0: port 3(team0) entered blocking state [ 709.558802][T13271] bridge0: port 3(team0) entered forwarding state [ 709.565808][T13285] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2112'. [ 709.589552][T13283] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2113'. [ 709.619302][T13279] pimreg: entered allmulticast mode [ 709.636362][T13279] pimreg: left allmulticast mode [ 709.705334][T13281] pimreg: entered allmulticast mode [ 709.756135][T13281] pimreg: left allmulticast mode [ 710.182599][T13301] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2118'. [ 710.419463][T13314] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2124'. [ 710.438584][T13314] pimreg: entered allmulticast mode [ 710.446534][T13314] pimreg: left allmulticast mode [ 710.641197][T13320] netlink: 'syz.3.2126': attribute type 10 has an invalid length. [ 710.680472][T13320] bridge0: port 3(team0) entered disabled state [ 710.714185][T13320] team0: left allmulticast mode [ 710.736527][T13320] team_slave_0: left allmulticast mode [ 710.737354][T13324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2127'. [ 710.764007][T13320] team_slave_1: left allmulticast mode [ 710.781393][T13320] team0: left promiscuous mode [ 710.823360][T13320] team_slave_0: left promiscuous mode [ 710.885047][T13320] team_slave_1: left promiscuous mode [ 710.904076][T13320] bridge0: port 3(team0) entered disabled state [ 710.928778][T13332] FAULT_INJECTION: forcing a failure. [ 710.928778][T13332] name failslab, interval 1, probability 0, space 0, times 0 [ 710.955801][T13334] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2127'. [ 710.979664][T13320] batman_adv: batadv0: Adding interface: team0 [ 710.984282][T13332] CPU: 0 PID: 13332 Comm: syz.2.2130 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 710.996036][T13332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 710.996711][T13320] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.006103][T13332] Call Trace: [ 711.006120][T13332] [ 711.006133][T13332] dump_stack_lvl+0x241/0x360 [ 711.006178][T13332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 711.047445][T13332] ? __pfx__printk+0x10/0x10 [ 711.052088][T13332] ? __pfx___might_resched+0x10/0x10 [ 711.057406][T13332] ? prepend_path+0x2f/0xbe0 [ 711.062018][T13332] should_fail_ex+0x3b0/0x4e0 [ 711.066725][T13332] ? tomoyo_encode+0x26f/0x540 [ 711.071503][T13332] should_failslab+0x9/0x20 [ 711.076022][T13332] __kmalloc_noprof+0xd8/0x400 [ 711.080813][T13332] tomoyo_encode+0x26f/0x540 [ 711.085529][T13332] tomoyo_realpath_from_path+0x59e/0x5e0 [ 711.091195][T13332] tomoyo_path_number_perm+0x23a/0x880 [ 711.096702][T13332] ? tomoyo_path_number_perm+0x208/0x880 [ 711.102368][T13332] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 711.108412][T13332] ? __fget_files+0x29/0x470 [ 711.113061][T13332] ? __fget_files+0x3f6/0x470 [ 711.117934][T13332] ? __fget_files+0x29/0x470 [ 711.122551][T13332] security_file_ioctl+0x75/0xb0 [ 711.127519][T13332] __se_sys_ioctl+0x47/0x170 [ 711.132148][T13332] do_syscall_64+0xf3/0x230 [ 711.136685][T13332] ? clear_bhb_loop+0x35/0x90 [ 711.141396][T13332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.147324][T13332] RIP: 0033:0x7fc1d1f75bd9 [ 711.151764][T13332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.171399][T13332] RSP: 002b:00007fc1d2d96048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 711.179840][T13332] RAX: ffffffffffffffda RBX: 00007fc1d2103f60 RCX: 00007fc1d1f75bd9 [ 711.187828][T13332] RDX: 0000000000000000 RSI: 0000000000009208 RDI: 0000000000000005 [ 711.195813][T13332] RBP: 00007fc1d2d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 711.203797][T13332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 711.211818][T13332] R13: 000000000000000b R14: 00007fc1d2103f60 R15: 00007ffec0915e68 [ 711.219830][T13332] [ 711.222946][ C0] vkms_vblank_simulate: vblank timer overrun [ 711.284112][T13320] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 711.376548][T13325] netlink: 'syz.3.2126': attribute type 10 has an invalid length. [ 711.401302][T13325] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2126'. [ 711.421254][T13325] team0: entered promiscuous mode [ 711.517834][T13342] ebt_limit: overflow, try lower: 12058624/0 [ 711.524083][T13325] team_slave_0: entered promiscuous mode [ 711.530833][T13325] team_slave_1: entered promiscuous mode [ 711.538912][T13325] 8021q: adding VLAN 0 to HW filter on device team0 [ 711.553608][T13325] batman_adv: batadv0: Interface activated: team0 [ 711.573417][T13325] batman_adv: batadv0: Interface deactivated: team0 [ 711.596828][T13332] ERROR: Out of memory at tomoyo_realpath_from_path. [ 711.603622][T13325] batman_adv: batadv0: Removing interface: team0 [ 711.644795][T13325] bridge0: port 3(team0) entered blocking state [ 711.651311][T13325] bridge0: port 3(team0) entered disabled state [ 711.671077][T13325] team0: entered allmulticast mode [ 711.699143][T13325] team_slave_0: entered allmulticast mode [ 711.732129][T13325] team_slave_1: entered allmulticast mode [ 711.761118][T13325] bridge0: port 3(team0) entered blocking state [ 711.767669][T13325] bridge0: port 3(team0) entered forwarding state [ 711.825897][T13347] FAULT_INJECTION: forcing a failure. [ 711.825897][T13347] name failslab, interval 1, probability 0, space 0, times 0 [ 711.839116][T13347] CPU: 1 PID: 13347 Comm: syz.2.2132 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 711.849341][T13347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 711.859439][T13347] Call Trace: [ 711.862764][T13347] [ 711.865726][T13347] dump_stack_lvl+0x241/0x360 [ 711.870469][T13347] ? __pfx_dump_stack_lvl+0x10/0x10 [ 711.875769][T13347] ? __pfx__printk+0x10/0x10 [ 711.880436][T13347] should_fail_ex+0x3b0/0x4e0 [ 711.885249][T13347] ? dst_alloc+0x12b/0x190 [ 711.889809][T13347] should_failslab+0x9/0x20 [ 711.894366][T13347] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 711.899802][T13347] ? __pfx_rt6_find_cached_rt+0x10/0x10 [ 711.905496][T13347] ? __pfx_ip6_dst_gc+0x10/0x10 [ 711.910403][T13347] dst_alloc+0x12b/0x190 [ 711.914711][T13347] ip6_pol_route+0xb87/0x15d0 [ 711.919450][T13347] ? ip6_pol_route+0x198/0x15d0 [ 711.924360][T13347] ? __pfx_ip6_pol_route+0x10/0x10 [ 711.929558][T13347] fib6_rule_lookup+0x3c2/0x790 [ 711.934476][T13347] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 711.940259][T13347] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 711.945696][T13347] ? __pfx_vsnprintf+0x10/0x10 [ 711.950507][T13347] ? tomoyo_profile+0x11/0x50 [ 711.955255][T13347] ? ip6_route_output_flags+0x30/0x610 [ 711.960778][T13347] ip6_route_output_flags+0x38e/0x610 [ 711.966225][T13347] ip6_dst_lookup_tail+0x189/0x11a0 [ 711.971491][T13347] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 711.973301][T13351] netlink: 'syz.4.2134': attribute type 10 has an invalid length. [ 711.977251][T13347] ? __pfx_lock_acquire+0x10/0x10 [ 711.977310][T13347] ip6_dst_lookup_flow+0xb9/0x180 [ 711.977349][T13347] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 711.977381][T13347] ? l2tp_ip6_sendmsg+0x1038/0x2020 [ 711.977416][T13347] l2tp_ip6_sendmsg+0x13d2/0x2020 [ 711.977462][T13347] ? __pfx_l2tp_ip6_sendmsg+0x10/0x10 [ 711.977486][T13347] ? smack_socket_sendmsg+0x42e/0x540 [ 712.022108][T13347] ? tomoyo_socket_sendmsg_permission+0x2d0/0x420 [ 712.028624][T13347] ? inet_sendmsg+0x330/0x390 [ 712.033319][T13347] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 712.038643][T13347] ? security_socket_sendmsg+0x87/0xb0 [ 712.044165][T13347] __sock_sendmsg+0x1a6/0x270 [ 712.048890][T13347] __sys_sendto+0x3a4/0x4f0 [ 712.053451][T13347] ? __pfx___sys_sendto+0x10/0x10 [ 712.058564][T13347] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 712.064604][T13347] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 712.070990][T13347] __x64_sys_sendto+0xde/0x100 [ 712.075810][T13347] do_syscall_64+0xf3/0x230 [ 712.080376][T13347] ? clear_bhb_loop+0x35/0x90 [ 712.085109][T13347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.091059][T13347] RIP: 0033:0x7fc1d1f75bd9 [ 712.095518][T13347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.115179][T13347] RSP: 002b:00007fc1d2d96048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 712.123648][T13347] RAX: ffffffffffffffda RBX: 00007fc1d2103f60 RCX: 00007fc1d1f75bd9 [ 712.131668][T13347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 712.139690][T13347] RBP: 00007fc1d2d960a0 R08: 0000000020000000 R09: 0000000000000020 [ 712.147710][T13347] R10: 0000000024040050 R11: 0000000000000246 R12: 0000000000000001 [ 712.155726][T13347] R13: 000000000000000b R14: 00007fc1d2103f60 R15: 00007ffec0915e68 [ 712.163792][T13347] [ 712.226118][T13351] batman_adv: batadv0: Adding interface: team0 [ 712.232357][T13351] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.293750][T13351] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 712.324879][T13353] netlink: 'syz.4.2134': attribute type 10 has an invalid length. [ 712.359124][T13353] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2134'. [ 712.381178][T13353] team0: entered promiscuous mode [ 712.390560][T13353] team_slave_0: entered promiscuous mode [ 712.398353][T13361] FAULT_INJECTION: forcing a failure. [ 712.398353][T13361] name failslab, interval 1, probability 0, space 0, times 0 [ 712.414551][T13353] team_slave_1: entered promiscuous mode [ 712.422943][T13353] 8021q: adding VLAN 0 to HW filter on device team0 [ 712.430449][T13361] CPU: 0 PID: 13361 Comm: syz.2.2136 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 712.440659][T13361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 712.450749][T13361] Call Trace: [ 712.454057][T13361] [ 712.457015][T13361] dump_stack_lvl+0x241/0x360 [ 712.461745][T13361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 712.466994][T13361] ? __pfx__printk+0x10/0x10 [ 712.471638][T13361] ? __pfx___might_resched+0x10/0x10 [ 712.476989][T13361] ? validate_chain+0x11e/0x5900 [ 712.481976][T13361] should_fail_ex+0x3b0/0x4e0 [ 712.486709][T13361] should_failslab+0x9/0x20 [ 712.491254][T13361] kmalloc_node_trace_noprof+0x74/0x300 [ 712.496847][T13361] ? __get_vm_area_node+0x113/0x270 [ 712.502093][T13361] __get_vm_area_node+0x113/0x270 [ 712.507169][T13361] __vmalloc_node_range_noprof+0x3bc/0x1460 [ 712.513113][T13361] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.518701][T13361] ? mark_lock+0x9a/0x350 [ 712.523087][T13361] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 712.529454][T13361] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.535033][T13361] __vmalloc_noprof+0x79/0x90 [ 712.539764][T13361] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.545339][T13361] bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.550752][T13361] ? bpf_prog_alloc+0x28/0x1b0 [ 712.555541][T13361] bpf_prog_alloc+0x3a/0x1b0 [ 712.560172][T13361] bpf_prog_load+0x7f7/0x20f0 [ 712.564890][T13361] ? __pfx_bpf_prog_load+0x10/0x10 [ 712.570021][T13361] ? __pfx___might_resched+0x10/0x10 [ 712.575347][T13361] ? __might_fault+0xc6/0x120 [ 712.580047][T13361] ? bpf_lsm_bpf+0x9/0x10 [ 712.584400][T13361] ? security_bpf+0x87/0xb0 [ 712.588923][T13361] __sys_bpf+0x4ee/0x810 [ 712.593192][T13361] ? __pfx___sys_bpf+0x10/0x10 [ 712.597992][T13361] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 712.603988][T13361] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 712.610327][T13361] ? do_syscall_64+0x100/0x230 [ 712.615116][T13361] __x64_sys_bpf+0x7c/0x90 [ 712.619642][T13361] do_syscall_64+0xf3/0x230 [ 712.624176][T13361] ? clear_bhb_loop+0x35/0x90 [ 712.628880][T13361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.634789][T13361] RIP: 0033:0x7fc1d1f75bd9 [ 712.639216][T13361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.658832][T13361] RSP: 002b:00007fc1d2d96048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 712.667265][T13361] RAX: ffffffffffffffda RBX: 00007fc1d2103f60 RCX: 00007fc1d1f75bd9 [ 712.675248][T13361] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000005 [ 712.683229][T13361] RBP: 00007fc1d2d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 712.691210][T13361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 712.699189][T13361] R13: 000000000000000b R14: 00007fc1d2103f60 R15: 00007ffec0915e68 [ 712.707185][T13361] [ 712.710363][ C0] vkms_vblank_simulate: vblank timer overrun [ 712.723326][T13353] batman_adv: batadv0: Interface activated: team0 [ 712.742085][T13353] batman_adv: batadv0: Interface deactivated: team0 [ 712.754752][T13361] syz.2.2136: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 712.762870][T13353] batman_adv: batadv0: Removing interface: team0 [ 712.775641][T13361] CPU: 1 PID: 13361 Comm: syz.2.2136 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 712.788245][T13361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 712.798329][T13361] Call Trace: [ 712.801632][T13361] [ 712.804578][T13361] dump_stack_lvl+0x241/0x360 [ 712.809282][T13361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 712.814508][T13361] ? __pfx__printk+0x10/0x10 [ 712.819128][T13361] ? __rcu_read_unlock+0xa1/0x110 [ 712.824179][T13361] warn_alloc+0x278/0x410 [ 712.828529][T13361] ? __pfx_warn_alloc+0x10/0x10 [ 712.833399][T13361] ? __get_vm_area_node+0x113/0x270 [ 712.838638][T13361] ? __get_vm_area_node+0x261/0x270 [ 712.843859][T13361] __vmalloc_node_range_noprof+0x3e0/0x1460 [ 712.849772][T13361] ? mark_lock+0x9a/0x350 [ 712.854150][T13361] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 712.860508][T13361] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.866062][T13361] __vmalloc_noprof+0x79/0x90 [ 712.870754][T13361] ? bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.876316][T13361] bpf_prog_alloc_no_stats+0x4d/0x4b0 [ 712.881699][T13361] ? bpf_prog_alloc+0x28/0x1b0 [ 712.886489][T13361] bpf_prog_alloc+0x3a/0x1b0 [ 712.891092][T13361] bpf_prog_load+0x7f7/0x20f0 [ 712.895880][T13361] ? __pfx_bpf_prog_load+0x10/0x10 [ 712.901001][T13361] ? __pfx___might_resched+0x10/0x10 [ 712.906319][T13361] ? __might_fault+0xc6/0x120 [ 712.911011][T13361] ? bpf_lsm_bpf+0x9/0x10 [ 712.915371][T13361] ? security_bpf+0x87/0xb0 [ 712.919889][T13361] __sys_bpf+0x4ee/0x810 [ 712.924151][T13361] ? __pfx___sys_bpf+0x10/0x10 [ 712.928945][T13361] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 712.934937][T13361] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 712.941275][T13361] ? do_syscall_64+0x100/0x230 [ 712.946068][T13361] __x64_sys_bpf+0x7c/0x90 [ 712.950502][T13361] do_syscall_64+0xf3/0x230 [ 712.955029][T13361] ? clear_bhb_loop+0x35/0x90 [ 712.959734][T13361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.965647][T13361] RIP: 0033:0x7fc1d1f75bd9 [ 712.970073][T13361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.989693][T13361] RSP: 002b:00007fc1d2d96048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 712.998126][T13361] RAX: ffffffffffffffda RBX: 00007fc1d2103f60 RCX: 00007fc1d1f75bd9 [ 713.006111][T13361] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000005 [ 713.014089][T13361] RBP: 00007fc1d2d960a0 R08: 0000000000000000 R09: 0000000000000000 [ 713.022068][T13361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 713.030047][T13361] R13: 000000000000000b R14: 00007fc1d2103f60 R15: 00007ffec0915e68 [ 713.038047][T13361] [ 713.041615][T13368] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2137'. [ 713.067151][T13353] bridge0: port 3(team0) entered blocking state [ 713.077198][T13353] bridge0: port 3(team0) entered disabled state [ 713.083993][T13353] team0: entered allmulticast mode [ 713.089164][T13353] team_slave_0: entered allmulticast mode [ 713.094275][T13361] Mem-Info: [ 713.102168][T13353] team_slave_1: entered allmulticast mode [ 713.111052][T13353] bridge0: port 3(team0) entered blocking state [ 713.117515][T13353] bridge0: port 3(team0) entered forwarding state [ 713.136848][T13361] active_anon:276 inactive_anon:4950 isolated_anon:0 [ 713.136848][T13361] active_file:9991 inactive_file:36966 isolated_file:0 [ 713.136848][T13361] unevictable:768 dirty:109 writeback:0 [ 713.136848][T13361] slab_reclaimable:9338 slab_unreclaimable:98713 [ 713.136848][T13361] mapped:21437 shmem:1744 pagetables:915 [ 713.136848][T13361] sec_pagetables:0 bounce:0 [ 713.136848][T13361] kernel_misc_reclaimable:0 [ 713.136848][T13361] free:1386348 free_pcp:4038 free_cma:0 [ 713.198955][T13361] Node 0 active_anon:1104kB inactive_anon:22800kB active_file:39884kB inactive_file:147864kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88848kB dirty:436kB writeback:0kB shmem:8440kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10572kB pagetables:3660kB sec_pagetables:0kB all_unreclaimable? no [ 713.241460][T13361] Node 1 active_anon:0kB inactive_anon:0kB active_file:80kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 713.306977][T13361] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 713.339316][T13361] lowmem_reserve[]: 0 2571 2571 0 0 [ 713.344910][T13361] Node 0 DMA32 free:1564444kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:1112kB inactive_anon:29424kB active_file:39624kB inactive_file:147808kB unevictable:1536kB writepending:436kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:21076kB local_pcp:4876kB free_cma:0kB [ 713.375884][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.389455][T13361] lowmem_reserve[]: 0 0 0 0 0 [ 713.400651][T13361] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:260kB inactive_file:56kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 713.476373][T13361] lowmem_reserve[]: 0 0 0 0 0 [ 713.481595][T13361] Node 1 Normal free:3951228kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:80kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 713.781335][T13368] pimreg: entered allmulticast mode [ 713.860236][T13368] pimreg: left allmulticast mode [ 713.928176][T13361] lowmem_reserve[]: 0 0 0 0 0 [ 713.933121][T13361] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 713.946468][T13361] Node 0 DMA32: 1137*4kB (UME) 1042*8kB (UME) 744*16kB (UME) 456*32kB (UME) 291*64kB (UME) 48*128kB (UME) 24*256kB (UME) 12*512kB (UME) 8*1024kB (UME) 4*2048kB (UME) 364*4096kB (UM) = 1583764kB [ 713.966274][T13361] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 713.985192][T13361] Node 1 Normal: 3*4kB (U) 8*8kB (UM) 9*16kB (UM) 11*32kB (UM) 9*64kB (UM) 4*128kB (UM) 4*256kB (UM) 0*512kB 0*1024kB 2*2048kB (U) 963*4096kB (M) = 3951228kB [ 714.002355][T13361] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 714.022457][T13361] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 714.032453][T13361] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 714.047077][T13361] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 714.056970][T13361] 51098 total pagecache pages [ 714.061766][T13361] 0 pages in swap cache [ 714.067728][T13361] Free swap = 124444kB [ 714.072133][T13361] Total swap = 124996kB [ 714.077341][T13361] 2097051 pages RAM [ 714.081305][T13361] 0 pages HighMem/MovableOnly [ 714.086610][T13361] 400873 pages reserved [ 714.090943][T13361] 0 pages cma reserved [ 714.405103][T13386] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2142'. [ 714.471202][T13392] netlink: 'syz.4.2144': attribute type 10 has an invalid length. [ 714.497486][T13394] FAULT_INJECTION: forcing a failure. [ 714.497486][T13394] name failslab, interval 1, probability 0, space 0, times 0 [ 714.523251][T13394] CPU: 1 PID: 13394 Comm: syz.1.2145 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 714.533487][T13394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 714.534595][T13392] bridge0: port 3(team0) entered disabled state [ 714.543563][T13394] Call Trace: [ 714.543583][T13394] [ 714.543596][T13394] dump_stack_lvl+0x241/0x360 [ 714.543644][T13394] ? __pfx_dump_stack_lvl+0x10/0x10 [ 714.543679][T13394] ? __pfx__printk+0x10/0x10 [ 714.543715][T13394] ? __pfx___might_resched+0x10/0x10 [ 714.575933][T13394] ? prepend_path+0x2f/0xbe0 [ 714.580541][T13394] should_fail_ex+0x3b0/0x4e0 [ 714.585258][T13394] ? tomoyo_encode+0x26f/0x540 [ 714.590030][T13394] should_failslab+0x9/0x20 [ 714.594556][T13394] __kmalloc_noprof+0xd8/0x400 [ 714.599458][T13394] tomoyo_encode+0x26f/0x540 [ 714.604092][T13394] tomoyo_realpath_from_path+0x59e/0x5e0 [ 714.609842][T13394] tomoyo_path_number_perm+0x23a/0x880 [ 714.615338][T13394] ? tomoyo_path_number_perm+0x208/0x880 [ 714.621002][T13394] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 714.627036][T13394] ? __fget_files+0x29/0x470 [ 714.631633][T13394] ? __fget_files+0x3f6/0x470 [ 714.636398][T13394] ? __fget_files+0x29/0x470 [ 714.640998][T13394] security_file_ioctl+0x75/0xb0 [ 714.645952][T13394] __se_sys_ioctl+0x47/0x170 [ 714.650558][T13394] do_syscall_64+0xf3/0x230 [ 714.655090][T13394] ? clear_bhb_loop+0x35/0x90 [ 714.659805][T13394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.665726][T13394] RIP: 0033:0x7f36e9575bd9 [ 714.670164][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 714.689792][T13394] RSP: 002b:00007f36ea263048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 714.698216][T13394] RAX: ffffffffffffffda RBX: 00007f36e9703f60 RCX: 00007f36e9575bd9 [ 714.706199][T13394] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000004 [ 714.714176][T13394] RBP: 00007f36ea2630a0 R08: 0000000000000000 R09: 0000000000000000 [ 714.722148][T13394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 714.730123][T13394] R13: 000000000000000b R14: 00007f36e9703f60 R15: 00007ffcc45e7ef8 [ 714.738112][T13394] [ 714.745917][T13392] team0: left allmulticast mode [ 714.750826][T13392] team_slave_0: left allmulticast mode [ 714.762536][T13392] team_slave_1: left allmulticast mode [ 714.768235][T13392] team0: left promiscuous mode [ 714.773236][T13392] team_slave_0: left promiscuous mode [ 714.774442][T13394] ERROR: Out of memory at tomoyo_realpath_from_path. [ 714.778989][T13392] team_slave_1: left promiscuous mode [ 714.798483][T13392] bridge0: port 3(team0) entered disabled state [ 714.811757][T13392] batman_adv: batadv0: Adding interface: team0 [ 714.819786][T13392] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 714.855321][T13392] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 714.879844][T13395] netlink: 'syz.4.2144': attribute type 10 has an invalid length. [ 714.888190][T13395] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2144'. [ 714.909776][T13395] team0: entered promiscuous mode [ 714.925541][T13395] team_slave_0: entered promiscuous mode [ 714.942161][T13395] team_slave_1: entered promiscuous mode [ 714.957933][T13395] 8021q: adding VLAN 0 to HW filter on device team0 [ 714.965198][T13395] batman_adv: batadv0: Interface activated: team0 [ 714.971925][T13395] batman_adv: batadv0: Interface deactivated: team0 [ 714.992015][T13395] batman_adv: batadv0: Removing interface: team0 [ 715.007723][T13395] bridge0: port 3(team0) entered blocking state [ 715.017095][T13395] bridge0: port 3(team0) entered disabled state [ 715.025479][T13395] team0: entered allmulticast mode [ 715.030643][T13395] team_slave_0: entered allmulticast mode [ 715.037246][T13395] team_slave_1: entered allmulticast mode [ 715.046246][T13395] bridge0: port 3(team0) entered blocking state [ 715.052709][T13395] bridge0: port 3(team0) entered forwarding state [ 715.281901][T13410] binder: BINDER_SET_CONTEXT_MGR already set [ 715.293557][T13412] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2149'. [ 715.306112][T13410] binder: 13408:13410 ioctl 4018620d 20000100 returned -16 [ 715.319193][T13412] pimreg: entered allmulticast mode [ 715.347119][T13412] pimreg: left allmulticast mode [ 715.358179][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 715.358199][ T29] audit: type=1326 audit(3867513922.379:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 715.429162][ T29] audit: type=1326 audit(3867513922.409:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 715.849438][T13415] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 715.914269][ T29] audit: type=1326 audit(3867513922.409:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f36e9574610 code=0x7ffc0000 [ 716.092576][ T29] audit: type=1326 audit(3867513922.509:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.167678][ T29] audit: type=1326 audit(3867513922.519:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.189167][ C0] vkms_vblank_simulate: vblank timer overrun [ 716.286818][T13433] netlink: 'syz.3.2154': attribute type 10 has an invalid length. [ 716.302801][ T29] audit: type=1326 audit(3867513922.629:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.324258][ C0] vkms_vblank_simulate: vblank timer overrun [ 716.341002][ T29] audit: type=1326 audit(3867513922.629:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.363373][ T29] audit: type=1326 audit(3867513922.639:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.374924][T13433] bridge0: port 3(team0) entered disabled state [ 716.392238][ T29] audit: type=1326 audit(3867513922.649:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.415246][T13433] team0: left allmulticast mode [ 716.420169][T13433] team_slave_0: left allmulticast mode [ 716.426541][ T29] audit: type=1326 audit(3867513922.649:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13408 comm="syz.1.2148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e9575bd9 code=0x7ffc0000 [ 716.450636][T13433] team_slave_1: left allmulticast mode [ 716.461752][T13433] team0: left promiscuous mode [ 716.471880][T13433] team_slave_0: left promiscuous mode [ 716.482544][T13433] team_slave_1: left promiscuous mode [ 716.492425][T13433] bridge0: port 3(team0) entered disabled state [ 716.513998][T13433] batman_adv: batadv0: Adding interface: team0 [ 716.521590][T13433] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 716.547308][ T8] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 716.565811][T13433] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 716.587381][T13440] netlink: 'syz.3.2154': attribute type 10 has an invalid length. [ 716.623956][T13440] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2154'. [ 716.633040][T13440] team0: entered promiscuous mode [ 716.649778][T13440] team_slave_0: entered promiscuous mode [ 716.662164][T13440] team_slave_1: entered promiscuous mode [ 716.673169][T13440] 8021q: adding VLAN 0 to HW filter on device team0 [ 716.680721][T13440] batman_adv: batadv0: Interface activated: team0 [ 716.687884][T13440] batman_adv: batadv0: Interface deactivated: team0 [ 716.716473][T13440] batman_adv: batadv0: Removing interface: team0 [ 716.754253][T13440] bridge0: port 3(team0) entered blocking state [ 716.763878][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 716.771047][T13440] bridge0: port 3(team0) entered disabled state [ 716.789888][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 716.865801][ T8] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 716.874173][T13440] team0: entered allmulticast mode [ 716.890534][T13440] team_slave_0: entered allmulticast mode [ 716.896834][T13440] team_slave_1: entered allmulticast mode [ 716.902987][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 716.905556][T13440] bridge0: port 3(team0) entered blocking state [ 716.918509][T13440] bridge0: port 3(team0) entered forwarding state [ 717.591888][T13457] syz.0.2160: attempt to access beyond end of device [ 717.591888][T13457] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 717.613187][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 717.614083][T13457] syz.0.2160: attempt to access beyond end of device [ 717.614083][T13457] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 717.633990][ T8] usb 5-1: SerialNumber: syz [ 717.639072][T13457] Mount JFS Failure: -5 [ 717.660710][ T8] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 717.691855][ T8] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 717.702208][ T8] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 718.022582][T13463] netlink: 'syz.3.2162': attribute type 10 has an invalid length. [ 718.043605][T13463] bridge0: port 3(team0) entered disabled state [ 718.065570][T13463] team0: left allmulticast mode [ 718.080821][T13463] team_slave_0: left allmulticast mode [ 718.081960][T13465] netlink: 'syz.2.2161': attribute type 1 has an invalid length. [ 718.089160][T13463] team_slave_1: left allmulticast mode [ 718.100582][T13463] team0: left promiscuous mode [ 718.107072][T13463] team_slave_0: left promiscuous mode [ 718.113479][T13463] team_slave_1: left promiscuous mode [ 718.131538][T13463] bridge0: port 3(team0) entered disabled state [ 718.168295][T13463] batman_adv: batadv0: Adding interface: team0 [ 718.183839][T13463] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.247115][T13463] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 718.261441][T13466] netlink: 'syz.3.2162': attribute type 10 has an invalid length. [ 718.270756][T13466] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2162'. [ 718.280607][T13466] team0: entered promiscuous mode [ 718.295681][T13466] team_slave_0: entered promiscuous mode [ 718.304940][T13472] binder: BINDER_SET_CONTEXT_MGR already set [ 718.312313][T13466] team_slave_1: entered promiscuous mode [ 718.322618][T13472] binder: 13469:13472 ioctl 4018620d 20000100 returned -16 [ 718.337271][T13466] 8021q: adding VLAN 0 to HW filter on device team0 [ 718.351467][T13466] batman_adv: batadv0: Interface activated: team0 [ 718.379792][T13466] batman_adv: batadv0: Interface deactivated: team0 [ 718.395565][T13466] batman_adv: batadv0: Removing interface: team0 [ 718.420377][T13466] bridge0: port 3(team0) entered blocking state [ 718.427625][T13466] bridge0: port 3(team0) entered disabled state [ 718.449626][T13466] team0: entered allmulticast mode [ 718.468122][T13466] team_slave_0: entered allmulticast mode [ 718.484578][T13466] team_slave_1: entered allmulticast mode [ 718.500314][T13466] bridge0: port 3(team0) entered blocking state [ 718.506844][T13466] bridge0: port 3(team0) entered forwarding state [ 718.514573][T13472] hub 6-0:1.0: USB hub found [ 718.521990][T13472] hub 6-0:1.0: 1 port detected [ 718.546200][T13474] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2164'. [ 718.598718][T13474] pimreg: entered allmulticast mode [ 718.617497][T13474] pimreg: left allmulticast mode [ 719.193891][T13484] FAULT_INJECTION: forcing a failure. [ 719.193891][T13484] name failslab, interval 1, probability 0, space 0, times 0 [ 719.206651][T13484] CPU: 1 PID: 13484 Comm: syz.3.2165 Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 719.216846][T13484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 719.226934][T13484] Call Trace: [ 719.230245][T13484] [ 719.233200][T13484] dump_stack_lvl+0x241/0x360 [ 719.237928][T13484] ? __pfx_dump_stack_lvl+0x10/0x10 [ 719.243168][T13484] ? __pfx__printk+0x10/0x10 [ 719.247822][T13484] should_fail_ex+0x3b0/0x4e0 [ 719.252546][T13484] ? tomoyo_encode+0x26f/0x540 [ 719.257346][T13484] should_failslab+0x9/0x20 [ 719.261883][T13484] __kmalloc_noprof+0xd8/0x400 [ 719.266690][T13484] tomoyo_encode+0x26f/0x540 [ 719.271327][T13484] ? __pfx_sockfs_dname+0x10/0x10 [ 719.276559][T13484] tomoyo_realpath_from_path+0x59e/0x5e0 [ 719.282239][T13484] tomoyo_path_number_perm+0x23a/0x880 [ 719.287747][T13484] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 719.293425][T13484] ? tomoyo_path_number_perm+0x208/0x880 [ 719.299101][T13484] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 719.305129][T13484] ? sb_end_write+0xe9/0x1c0 [ 719.309756][T13484] ? vfs_write+0x7c4/0xc90 [ 719.314230][T13484] ? __pfx_vfs_write+0x10/0x10 [ 719.319065][T13484] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 719.325088][T13484] security_file_ioctl+0x75/0xb0 [ 719.330062][T13484] __se_sys_ioctl+0x47/0x170 [ 719.334706][T13484] do_syscall_64+0xf3/0x230 [ 719.339429][T13484] ? clear_bhb_loop+0x35/0x90 [ 719.344154][T13484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.350126][T13484] RIP: 0033:0x7efc82975bd9 [ 719.354575][T13484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.374218][T13484] RSP: 002b:00007efc83741048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 719.382694][T13484] RAX: ffffffffffffffda RBX: 00007efc82b04110 RCX: 00007efc82975bd9 [ 719.390699][T13484] RDX: 00000000200000c0 RSI: 00000000000089ef RDI: 0000000000000003 [ 719.398747][T13484] RBP: 00007efc837410a0 R08: 0000000000000000 R09: 0000000000000000 [ 719.406770][T13484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 719.414829][T13484] R13: 000000000000006e R14: 00007efc82b04110 R15: 00007fffa526a208 [ 719.422864][T13484] [ 719.427692][T13484] ERROR: Out of memory at tomoyo_realpath_from_path. [ 720.122048][T13498] netlink: 'syz.1.2172': attribute type 10 has an invalid length. [ 720.181042][T13500] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2173'. [ 720.207975][T13498] bridge0: port 3(team0) entered disabled state [ 720.259049][T13498] team0: left allmulticast mode [ 720.274973][ T8] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 720.291116][T13498] team_slave_0: left allmulticast mode [ 720.333295][T13498] team_slave_1: left allmulticast mode [ 720.369818][T13498] team0: left promiscuous mode [ 720.374952][T13498] team_slave_0: left promiscuous mode [ 720.381302][T13498] team_slave_1: left promiscuous mode [ 720.387363][T13498] bridge0: port 3(team0) entered disabled state [ 720.430841][T13498] batman_adv: batadv0: Adding interface: team0 [ 720.437977][T13498] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 720.463682][T13498] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 720.622428][T13502] netlink: 'syz.1.2172': attribute type 10 has an invalid length. [ 720.958743][T13502] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2172'. [ 720.993957][T13502] team0: entered promiscuous mode [ 721.019539][T13502] team_slave_0: entered promiscuous mode [ 721.034794][T13502] team_slave_1: entered promiscuous mode [ 721.052307][T13502] 8021q: adding VLAN 0 to HW filter on device team0 [ 721.062661][T13502] batman_adv: batadv0: Interface activated: team0 [ 721.076530][T13502] batman_adv: batadv0: Interface deactivated: team0 [ 721.086625][T13502] batman_adv: batadv0: Removing interface: team0 [ 721.095075][T13502] bridge0: port 3(team0) entered blocking state [ 721.101598][T13502] bridge0: port 3(team0) entered disabled state [ 721.111606][T13502] team0: entered allmulticast mode [ 721.116928][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 721.117397][T13502] team_slave_0: entered allmulticast mode [ 721.126263][ T8] usb 3-1: config 3 has an invalid interface number: 174 but max is 0 [ 721.136521][ T8] usb 3-1: config 3 contains an unexpected descriptor of type 0x1, skipping [ 721.146125][ T8] usb 3-1: config 3 has no interface number 0 [ 721.152509][ T8] usb 3-1: config 3 interface 174 altsetting 1 endpoint 0xD has invalid maxpacket 61581, setting to 64 [ 721.153566][T13502] team_slave_1: entered allmulticast mode [ 721.164411][ T8] usb 3-1: config 3 interface 174 altsetting 1 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 721.172558][T13502] bridge0: port 3(team0) entered blocking state [ 721.187224][T13502] bridge0: port 3(team0) entered forwarding state [ 721.194110][ T8] usb 3-1: config 3 interface 174 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 721.209035][ T5135] usb 5-1: USB disconnect, device number 50 [ 721.227526][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 721.241291][ T8] usb 3-1: config 3 interface 174 altsetting 1 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 721.277657][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 721.292110][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x8, skipping [ 721.308038][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xD, skipping [ 721.323128][ T8] usb 3-1: config 3 interface 174 altsetting 1 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 721.336530][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 721.347842][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xA, skipping [ 721.361336][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 721.372219][ T8] usb 3-1: config 3 interface 174 altsetting 1 has a duplicate endpoint with address 0xF, skipping [ 721.389787][ T8] usb 3-1: config 3 interface 174 has no altsetting 0 [ 721.399924][ T8] usb 3-1: New USB device found, idVendor=04cb, idProduct=0131, bcdDevice=68.a0 [ 721.410213][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.420010][ T8] usb 3-1: Product: 쮵共㶣Ẉ琳頪죧힥艀涁辤ꖸ枲鵁뎈胐㺾⋛㑟蚵㉟Rꆞ蟵筩慦彉翥菥쳨穞꒩ᵐറ펊礷맖໑覮瓣娚韂㕪榪㹼듓䘛퉹氼๸듊ᒮ镺쯼窧竹⵾눹㫬㗙尠䍕⚉칰攆贱ꍈ汵줞頾ᦸ졹ᖑ㋞ᲀ꽥腜璿箠蜩僂8줾澁㣛쾔꜐↌ᙓ攖ﯡ뷾齠铷⧉⊿亐흜쭡ऎ廕ᄏ⒖뢶평왼瑕溗璐撜齏砾 [ 721.457152][ T8] usb 3-1: Manufacturer: 밲惑궿䇥㲞퇷슭㪡㖄鐞옹眞 [ 721.465329][ T8] usb 3-1: SerialNumber: ꍛ☧꾀憵⢆䥘Ὦ媧⩁⁂퀘ꓜ飬ⶫ鎙ᅼ滳錭暝ⳤ숏묍ᴱ掺쨱桁㧶マ贩뱨Ơ౑ᘌ흡㛇艛߈ܰ瘟게놧⌎䝱혎禛㟽쒅쟋孩䞀뢞漩ᄀ䞆樎듺㻧啂鱤ॡ蒂ⱇ钋崐ᮯ푿鞣뵐糆议뤣狰靥 [ 721.499393][T13493] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 721.596243][T13518] netlink: 'syz.3.2175': attribute type 10 has an invalid length. [ 721.618210][T13518] bridge0: port 3(team0) entered disabled state [ 721.635714][T13518] team0: left allmulticast mode [ 721.640737][T13518] team_slave_0: left allmulticast mode [ 721.656208][T13518] team_slave_1: left allmulticast mode [ 721.661962][T13518] team0: left promiscuous mode [ 721.672233][T13518] team_slave_0: left promiscuous mode [ 721.681216][T13518] team_slave_1: left promiscuous mode [ 721.692269][T13518] bridge0: port 3(team0) entered disabled state [ 721.710305][T13518] batman_adv: batadv0: Adding interface: team0 [ 721.719431][T13518] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.758228][T13518] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 721.778055][T13520] netlink: 'syz.3.2175': attribute type 10 has an invalid length. [ 721.791689][T13520] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2175'. [ 721.813560][T13520] team0: entered promiscuous mode [ 721.819141][T13520] team_slave_0: entered promiscuous mode [ 721.832796][T13520] team_slave_1: entered promiscuous mode [ 721.856054][T13520] 8021q: adding VLAN 0 to HW filter on device team0 [ 721.898637][T13520] batman_adv: batadv0: Interface activated: team0 [ 721.907867][T13520] batman_adv: batadv0: Interface deactivated: team0 [ 721.922523][T13520] batman_adv: batadv0: Removing interface: team0 [ 721.931279][T13520] bridge0: port 3(team0) entered blocking state [ 721.951003][T13520] bridge0: port 3(team0) entered disabled state [ 721.952378][ T8] gspca_main: finepix-2.14.0 probing 04cb:0131 [ 721.973645][T13520] team0: entered allmulticast mode [ 721.975459][ T8] usb 3-1: USB disconnect, device number 26 [ 721.990755][T13520] team_slave_0: entered allmulticast mode [ 721.996885][T13520] team_slave_1: entered allmulticast mode [ 722.085907][T13520] bridge0: port 3(team0) entered blocking state [ 722.092349][T13520] bridge0: port 3(team0) entered forwarding state [ 747.537402][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.549058][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.977157][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.983482][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 866.584107][ T30] INFO: task kworker/1:0:25 blocked for more than 143 seconds. [ 866.591852][ T30] Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 866.599576][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 866.608346][ T30] task:kworker/1:0 state:D stack:19640 pid:25 tgid:25 ppid:2 flags:0x00004000 [ 866.618630][ T30] Workqueue: events rfkill_global_led_trigger_worker [ 866.625426][ T30] Call Trace: [ 866.628734][ T30] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 866.631693][ T30] __schedule+0x1796/0x49d0 [ 866.636353][ T30] ? __pfx___schedule+0x10/0x10 [ 866.641684][ T30] ? __pfx_lock_release+0x10/0x10 [ 866.646831][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 866.652252][ T30] ? schedule+0x90/0x320 [ 866.659758][ T30] schedule+0x14b/0x320 [ 866.664383][ T30] schedule_preempt_disabled+0x13/0x30 [ 866.669885][ T30] __mutex_lock+0x6a4/0xd70 [ 866.674551][ T30] ? __mutex_lock+0x527/0xd70 [ 866.679276][ T30] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 866.685672][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 866.690754][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 866.696280][ T30] ? process_scheduled_works+0x945/0x1830 [ 866.702047][ T30] rfkill_global_led_trigger_worker+0x27/0xd0 [ 866.708312][ T30] ? process_scheduled_works+0x945/0x1830 [ 866.753700][ T30] process_scheduled_works+0xa2c/0x1830 [ 866.759384][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 866.766221][ T30] ? assign_work+0x364/0x3d0 [ 866.770885][ T30] worker_thread+0x86d/0xd50 [ 866.775955][ T30] ? __kthread_parkme+0x169/0x1d0 [ 866.781043][ T30] ? __pfx_worker_thread+0x10/0x10 [ 866.786270][ T30] kthread+0x2f0/0x390 [ 866.790786][ T30] ? __pfx_worker_thread+0x10/0x10 [ 866.796075][ T30] ? __pfx_kthread+0x10/0x10 [ 866.800716][ T30] ret_from_fork+0x4b/0x80 [ 866.805245][ T30] ? __pfx_kthread+0x10/0x10 [ 866.809909][ T30] ret_from_fork_asm+0x1a/0x30 [ 866.815126][ T30] [ 866.818299][ T30] INFO: task syz.4.2152:13422 blocked for more than 143 seconds. [ 866.826293][ T30] Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 866.834021][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 866.842708][ T30] task:syz.4.2152 state:D stack:25424 pid:13422 tgid:13417 ppid:12931 flags:0x00004006 [ 866.852955][ T30] Call Trace: [ 866.856419][ T30] [ 866.859380][ T30] __schedule+0x1796/0x49d0 [ 866.864056][ T30] ? __pfx___schedule+0x10/0x10 [ 866.868942][ T30] ? __pfx_lock_release+0x10/0x10 [ 866.874209][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 866.879716][ T30] ? schedule+0x90/0x320 [ 866.884078][ T30] schedule+0x14b/0x320 [ 866.888268][ T30] schedule_preempt_disabled+0x13/0x30 [ 866.893891][ T30] __mutex_lock+0x6a4/0xd70 [ 866.898438][ T30] ? kobject_put+0x443/0x480 [ 866.903068][ T30] ? __mutex_lock+0x527/0xd70 [ 866.907841][ T30] ? rfkill_unregister+0xd0/0x230 [ 866.912897][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 866.918142][ T30] ? __pfx_device_del+0x10/0x10 [ 866.923035][ T30] ? __pfx_nfc_genl_device_removed+0x10/0x10 [ 866.929139][ T30] rfkill_unregister+0xd0/0x230 [ 866.934132][ T30] nfc_unregister_device+0x96/0x2a0 [ 866.939381][ T30] virtual_ncidev_close+0x59/0x90 [ 866.944601][ T30] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 866.950356][ T30] __fput+0x24a/0x8a0 [ 866.954491][ T30] task_work_run+0x24f/0x310 [ 866.959120][ T30] ? __pfx_task_work_run+0x10/0x10 [ 866.964346][ T30] ? switch_task_namespaces+0xe1/0x110 [ 866.969834][ T30] do_exit+0xa27/0x27e0 [ 866.974192][ T30] ? __pfx_do_exit+0x10/0x10 [ 866.978824][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 866.984335][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 866.990343][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 866.996849][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 867.002052][ T30] do_group_exit+0x207/0x2c0 [ 867.006758][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 867.012004][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 867.017352][ T30] get_signal+0x16a1/0x1740 [ 867.021916][ T30] ? __pfx_get_signal+0x10/0x10 [ 867.026887][ T30] arch_do_signal_or_restart+0x96/0x860 [ 867.032476][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 867.039162][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 867.045308][ T30] ? syscall_exit_to_user_mode+0xa3/0x360 [ 867.051074][ T30] syscall_exit_to_user_mode+0xc9/0x360 [ 867.057105][ T30] do_syscall_64+0x100/0x230 [ 867.061757][ T30] ? clear_bhb_loop+0x35/0x90 [ 867.066781][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.072758][ T30] RIP: 0033:0x7f71c5b75bd9 [ 867.077304][ T30] RSP: 002b:00007f71c69dc0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 867.085848][ T30] RAX: fffffffffffffe00 RBX: 00007f71c5d04040 RCX: 00007f71c5b75bd9 [ 867.093998][ T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f71c5d04040 [ 867.102001][ T30] RBP: 00007f71c5d04038 R08: 00007f71c69dc6c0 R09: 00007f71c69dc6c0 [ 867.110084][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71c5d04044 [ 867.118214][ T30] R13: 000000000000006e R14: 00007ffe0ec6a200 R15: 00007ffe0ec6a2e8 [ 867.126310][ T30] [ 867.129371][ T30] INFO: task syz.0.2171:13507 blocked for more than 143 seconds. [ 867.137208][ T30] Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 867.144941][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 867.153703][ T30] task:syz.0.2171 state:D stack:25520 pid:13507 tgid:13495 ppid:11712 flags:0x00004004 [ 867.164032][ T30] Call Trace: [ 867.167340][ T30] [ 867.170317][ T30] __schedule+0x1796/0x49d0 [ 867.174980][ T30] ? __pfx___schedule+0x10/0x10 [ 867.179969][ T30] ? __pfx_lock_release+0x10/0x10 [ 867.185101][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 867.190624][ T30] ? schedule+0x90/0x320 [ 867.194961][ T30] schedule+0x14b/0x320 [ 867.199152][ T30] schedule_preempt_disabled+0x13/0x30 [ 867.204693][ T30] __mutex_lock+0x6a4/0xd70 [ 867.209259][ T30] ? __mutex_lock+0x527/0xd70 [ 867.214365][ T30] ? nfc_rfkill_set_block+0x50/0x310 [ 867.219704][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 867.224890][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 867.230199][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 867.236264][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 867.242653][ T30] nfc_rfkill_set_block+0x50/0x310 [ 867.247879][ T30] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 867.253675][ T30] rfkill_set_block+0x1f1/0x440 [ 867.258590][ T30] rfkill_fop_write+0x5bb/0x790 [ 867.263439][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 867.268735][ T30] ? __pfx_rfkill_fop_write+0x10/0x10 [ 867.274188][ T30] ? bpf_lsm_file_permission+0x9/0x10 [ 867.279603][ T30] ? rw_verify_area+0x1d2/0x6b0 [ 867.284546][ T30] ? __pfx_rfkill_fop_write+0x10/0x10 [ 867.289966][ T30] vfs_write+0x2a2/0xc90 [ 867.300949][ T30] ? __pfx_vfs_write+0x10/0x10 [ 867.306166][ T30] ? do_futex+0x33b/0x560 [ 867.310549][ T30] ? __fget_files+0x29/0x470 [ 867.315596][ T30] ? __fget_files+0x3f6/0x470 [ 867.320315][ T30] ? __fget_files+0x29/0x470 [ 867.325018][ T30] ksys_write+0x1a0/0x2c0 [ 867.329431][ T30] ? __pfx_ksys_write+0x10/0x10 [ 867.334420][ T30] ? do_syscall_64+0x100/0x230 [ 867.339236][ T30] ? do_syscall_64+0xb6/0x230 [ 867.344003][ T30] do_syscall_64+0xf3/0x230 [ 867.348573][ T30] ? clear_bhb_loop+0x35/0x90 [ 867.353282][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.359325][ T30] RIP: 0033:0x7f48b4775bd9 [ 867.363828][ T30] RSP: 002b:00007f48b41ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 867.372278][ T30] RAX: ffffffffffffffda RBX: 00007f48b4904110 RCX: 00007f48b4775bd9 [ 867.380433][ T30] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000008 [ 867.388477][ T30] RBP: 00007f48b47e4a98 R08: 0000000000000000 R09: 0000000000000000 [ 867.396550][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 867.404616][ T30] R13: 000000000000006e R14: 00007f48b4904110 R15: 00007fffa7f8d568 [ 867.412669][ T30] [ 867.415834][ T30] INFO: task syz.1.2177:13531 blocked for more than 144 seconds. [ 867.424187][ T30] Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 867.431833][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 867.440698][ T30] task:syz.1.2177 state:D stack:25376 pid:13531 tgid:13530 ppid:12660 flags:0x00000004 [ 867.451064][ T30] Call Trace: [ 867.454596][ T30] [ 867.457565][ T30] __schedule+0x1796/0x49d0 [ 867.462214][ T30] ? __pfx___schedule+0x10/0x10 [ 867.467177][ T30] ? __pfx_lock_release+0x10/0x10 [ 867.472235][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 867.477825][ T30] ? schedule+0x90/0x320 [ 867.482104][ T30] schedule+0x14b/0x320 [ 867.486391][ T30] schedule_preempt_disabled+0x13/0x30 [ 867.491904][ T30] __mutex_lock+0x6a4/0xd70 [ 867.496538][ T30] ? __mutex_lock+0x527/0xd70 [ 867.501256][ T30] ? rfkill_fop_open+0x131/0x850 [ 867.506715][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 867.511800][ T30] ? __init_waitqueue_head+0xae/0x150 [ 867.517273][ T30] rfkill_fop_open+0x131/0x850 [ 867.522096][ T30] ? module_put+0x13a/0x2d0 [ 867.526705][ T30] ? __pfx_rfkill_fop_open+0x10/0x10 [ 867.532027][ T30] misc_open+0x313/0x390 [ 867.536403][ T30] chrdev_open+0x5b0/0x630 [ 867.540866][ T30] ? __pfx_chrdev_open+0x10/0x10 [ 867.545903][ T30] ? security_file_open+0x51a/0x750 [ 867.551147][ T30] ? __pfx_chrdev_open+0x10/0x10 [ 867.556222][ T30] do_dentry_open+0x970/0x1450 [ 867.561050][ T30] vfs_open+0x3e/0x330 [ 867.565470][ T30] path_openat+0x2c01/0x35f0 [ 867.570116][ T30] ? mark_lock+0x9a/0x350 [ 867.575837][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 867.580925][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 867.586063][ T30] ? __pfx_path_openat+0x10/0x10 [ 867.591071][ T30] do_filp_open+0x235/0x490 [ 867.595712][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 867.600797][ T30] ? _raw_spin_unlock+0x28/0x50 [ 867.605813][ T30] ? alloc_fd+0x5a1/0x640 [ 867.610178][ T30] do_sys_openat2+0x13e/0x1d0 [ 867.614962][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 867.620207][ T30] __x64_sys_openat+0x247/0x2a0 [ 867.625145][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 867.630530][ T30] ? do_syscall_64+0x100/0x230 [ 867.635398][ T30] ? do_syscall_64+0xb6/0x230 [ 867.640122][ T30] do_syscall_64+0xf3/0x230 [ 867.644718][ T30] ? clear_bhb_loop+0x35/0x90 [ 867.649433][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.655449][ T30] RIP: 0033:0x7f36e9575bd9 [ 867.659892][ T30] RSP: 002b:00007f36ea263048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 867.668362][ T30] RAX: ffffffffffffffda RBX: 00007f36e9703f60 RCX: 00007f36e9575bd9 [ 867.676462][ T30] RDX: 0000000000000602 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 867.684513][ T30] RBP: 00007f36e95e4a98 R08: 0000000000000000 R09: 0000000000000000 [ 867.692520][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 867.700599][ T30] R13: 000000000000000b R14: 00007f36e9703f60 R15: 00007ffcc45e7ef8 [ 867.708661][ T30] [ 867.711743][ T30] [ 867.711743][ T30] Showing all locks held in the system: [ 867.719602][ T30] 3 locks held by kworker/1:0/25: [ 867.724702][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 867.735808][ T30] #1: ffffc900001f7d00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 867.749423][ T30] #2: ffffffff8f8a94a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 867.760853][ T30] 1 lock held by khungtaskd/30: [ 867.765813][ T30] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 867.775957][ T30] 2 locks held by getty/4834: [ 867.780666][ T30] #0: ffff88802b2ec0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 867.790532][ T30] #1: ffffc900031432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 867.800741][ T30] 1 lock held by syz-executor/12931: [ 867.806107][ T30] #0: ffffffff8f8a94a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230 [ 867.816350][ T30] 2 locks held by syz.4.2152/13422: [ 867.821568][ T30] #0: ffff888065382100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x63/0x2a0 [ 867.831437][ T30] #1: ffffffff8f8a94a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xd0/0x230 [ 867.841689][ T30] 2 locks held by syz.0.2171/13507: [ 867.846961][ T30] #0: ffffffff8f8a94a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a9/0x790 [ 867.857293][ T30] #1: ffff888065382100 (&dev->mutex){....}-{3:3}, at: nfc_rfkill_set_block+0x50/0x310 [ 867.867100][ T30] 2 locks held by syz.1.2177/13531: [ 867.872311][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.881032][ T30] #1: ffffffff8f8a94a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_open+0x131/0x850 [ 867.891145][ T30] 1 lock held by syz.3.2179/13534: [ 867.896563][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.905185][ T30] 1 lock held by syz.2.2180/13537: [ 867.910318][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.918868][ T30] 1 lock held by syz-executor/13542: [ 867.924224][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.932725][ T30] 1 lock held by syz-executor/13544: [ 867.938129][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.946680][ T30] 1 lock held by syz-executor/13546: [ 867.951981][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.960515][ T30] 1 lock held by syz-executor/13549: [ 867.965864][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.974471][ T30] 1 lock held by syz-executor/13550: [ 867.979776][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 867.988518][ T30] 1 lock held by syz-executor/13552: [ 867.993905][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.002411][ T30] 1 lock held by syz-executor/13554: [ 868.007738][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.016337][ T30] 1 lock held by syz-executor/13558: [ 868.021636][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.030166][ T30] 1 lock held by syz-executor/13559: [ 868.035542][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.044133][ T30] 1 lock held by syz-executor/13560: [ 868.049435][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.058003][ T30] 1 lock held by syz-executor/13562: [ 868.063326][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.071856][ T30] 1 lock held by syz-executor/13564: [ 868.077240][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.085814][ T30] 1 lock held by syz-executor/13567: [ 868.091135][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.099722][ T30] 1 lock held by syz-executor/13568: [ 868.105648][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.116828][ T30] 1 lock held by syz-executor/13570: [ 868.122139][ T30] #0: ffffffff8eb1d208 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5c/0x390 [ 868.130929][ T30] [ 868.133285][ T30] ============================================= [ 868.133285][ T30] [ 868.141959][ T30] NMI backtrace for cpu 0 [ 868.146312][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 868.156216][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 868.166281][ T30] Call Trace: [ 868.169587][ T30] [ 868.172542][ T30] dump_stack_lvl+0x241/0x360 [ 868.177258][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 868.182468][ T30] ? __pfx__printk+0x10/0x10 [ 868.187078][ T30] ? vprintk_emit+0x631/0x770 [ 868.191807][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 868.196869][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 868.201829][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 868.207309][ T30] ? _printk+0xd5/0x120 [ 868.211501][ T30] ? __pfx__printk+0x10/0x10 [ 868.216109][ T30] ? __wake_up_klogd+0xcc/0x110 [ 868.220986][ T30] ? __pfx__printk+0x10/0x10 [ 868.225606][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 868.230663][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 868.236676][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 868.242716][ T30] watchdog+0xfde/0x1020 [ 868.246976][ T30] ? watchdog+0x1ea/0x1020 [ 868.251424][ T30] ? __pfx_watchdog+0x10/0x10 [ 868.256133][ T30] kthread+0x2f0/0x390 [ 868.260222][ T30] ? __pfx_watchdog+0x10/0x10 [ 868.264940][ T30] ? __pfx_kthread+0x10/0x10 [ 868.269555][ T30] ret_from_fork+0x4b/0x80 [ 868.273991][ T30] ? __pfx_kthread+0x10/0x10 [ 868.278592][ T30] ret_from_fork_asm+0x1a/0x30 [ 868.283476][ T30] [ 868.286832][ T30] Sending NMI from CPU 0 to CPUs 1: [ 868.292084][ C1] NMI backtrace for cpu 1 [ 868.292102][ C1] CPU: 1 PID: 4523 Comm: klogd Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 868.292123][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 868.292134][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 [ 868.292159][ C1] Code: 8b 3d 6c 3c 44 0c 48 89 de 5b e9 03 f7 56 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 80 d4 03 00 65 8b 15 10 ae 6d 7e f7 c2 00 01 ff 00 [ 868.292187][ C1] RSP: 0018:ffffc900030df6f8 EFLAGS: 00000206 [ 868.292204][ C1] RAX: ffffffff8b766c32 RBX: ffffffff8bcb8080 RCX: 000000008bcb8000 [ 868.292218][ C1] RDX: 0000000000000002 RSI: ffffffff8f93dbe0 RDI: 000000000000005b [ 868.292231][ C1] RBP: ffffc900030df7f0 R08: 0000000000000001 R09: ffffffff8b766c1a [ 868.292244][ C1] R10: 0000000000000002 R11: ffff88807ca49e00 R12: ffffffff8bcb8080 [ 868.292257][ C1] R13: ffffffff8bcb8080 R14: dffffc0000000000 R15: 000000000000005b [ 868.292270][ C1] FS: 00007fb01f75a380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 868.292286][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 868.292298][ C1] CR2: 0000000000000000 CR3: 000000007cfec000 CR4: 00000000003506f0 [ 868.292313][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 868.292324][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 868.292335][ C1] Call Trace: [ 868.292342][ C1] [ 868.292350][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 868.292371][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 868.292393][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 868.292412][ C1] ? nmi_handle+0x2a/0x5a0 [ 868.292449][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 868.292469][ C1] ? nmi_handle+0x14f/0x5a0 [ 868.292495][ C1] ? nmi_handle+0x2a/0x5a0 [ 868.292523][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 868.292541][ C1] ? default_do_nmi+0x63/0x160 [ 868.292562][ C1] ? exc_nmi+0x123/0x1f0 [ 868.292581][ C1] ? end_repeat_nmi+0xf/0x53 [ 868.292610][ C1] ? format_decode+0x1fa/0x1bb0 [ 868.292628][ C1] ? format_decode+0x212/0x1bb0 [ 868.292648][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 868.292667][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 868.292686][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 868.292705][ C1] [ 868.292711][ C1] [ 868.292717][ C1] format_decode+0x212/0x1bb0 [ 868.292740][ C1] ? __pfx_number+0x10/0x10 [ 868.292758][ C1] ? __pfx_format_decode+0x10/0x10 [ 868.292779][ C1] ? vsnprintf+0x948/0x1da0 [ 868.292800][ C1] vsnprintf+0x14f/0x1da0 [ 868.292824][ C1] ? __pfx_vsnprintf+0x10/0x10 [ 868.292861][ C1] sprintf+0xda/0x120 [ 868.292880][ C1] ? rcu_is_watching+0x15/0xb0 [ 868.292899][ C1] ? vsnprintf+0x1cc3/0x1da0 [ 868.292918][ C1] ? __pfx_sprintf+0x10/0x10 [ 868.292938][ C1] ? __pfx___might_resched+0x10/0x10 [ 868.292965][ C1] info_print_prefix+0x204/0x310 [ 868.292984][ C1] ? __pfx_info_print_prefix+0x10/0x10 [ 868.293002][ C1] ? __might_fault+0xc6/0x120 [ 868.293028][ C1] syslog_print+0x4b7/0x9c0 [ 868.293060][ C1] ? __pfx_syslog_print+0x10/0x10 [ 868.293085][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 868.293117][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 868.293136][ C1] ? smack_privileged_cred+0x341/0x380 [ 868.293164][ C1] ? smack_syslog+0x96/0xf0 [ 868.293189][ C1] do_syslog+0x3bb/0x810 [ 868.293210][ C1] ? __might_fault+0xaa/0x120 [ 868.293233][ C1] ? rcu_is_watching+0x15/0xb0 [ 868.293270][ C1] ? __pfx_do_syslog+0x10/0x10 [ 868.293292][ C1] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 868.293326][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 868.293347][ C1] ? do_syscall_64+0x100/0x230 [ 868.293377][ C1] __x64_sys_syslog+0x7c/0x90 [ 868.293402][ C1] do_syscall_64+0xf3/0x230 [ 868.293429][ C1] ? clear_bhb_loop+0x35/0x90 [ 868.293458][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.293485][ C1] RIP: 0033:0x7fb01f8bbfa7 [ 868.293500][ C1] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48 [ 868.293516][ C1] RSP: 002b:00007ffe5b054138 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 868.293534][ C1] RAX: ffffffffffffffda RBX: 00007fb01fa5a4a0 RCX: 00007fb01f8bbfa7 [ 868.293548][ C1] RDX: 00000000000003ff RSI: 00007fb01fa5a4a0 RDI: 0000000000000002 [ 868.293561][ C1] RBP: 0000000000000000 R08: 0000000000000007 R09: d81ae304c8df7302 [ 868.293573][ C1] R10: 0000000000004000 R11: 0000000000000206 R12: 00007fb01fa5a4a0 [ 868.293590][ C1] R13: 00007fb01fa4a212 R14: 00007fb01fa5a4d2 R15: 00007fb01fa5a4d2 [ 868.293617][ C1] [ 868.297353][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 868.297373][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00061-ge9d22f7a6655 #0 [ 868.297400][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 868.297417][ T30] Call Trace: [ 868.297428][ T30] [ 868.297439][ T30] dump_stack_lvl+0x241/0x360 [ 868.297483][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 868.297521][ T30] ? __pfx__printk+0x10/0x10 [ 868.297552][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 868.297588][ T30] ? vscnprintf+0x5d/0x90 [ 868.297619][ T30] panic+0x349/0x860 [ 868.297655][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 868.297686][ T30] ? __pfx_panic+0x10/0x10 [ 868.297715][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 868.297751][ T30] ? __irq_work_queue_local+0x137/0x410 [ 868.297779][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 868.297807][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 868.297833][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 868.297866][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 868.297898][ T30] watchdog+0x101d/0x1020 [ 868.297928][ T30] ? watchdog+0x1ea/0x1020 [ 868.297964][ T30] ? __pfx_watchdog+0x10/0x10 [ 868.867614][ T30] kthread+0x2f0/0x390 [ 868.871726][ T30] ? __pfx_watchdog+0x10/0x10 [ 868.876437][ T30] ? __pfx_kthread+0x10/0x10 [ 868.881042][ T30] ret_from_fork+0x4b/0x80 [ 868.885482][ T30] ? __pfx_kthread+0x10/0x10 [ 868.890084][ T30] ret_from_fork_asm+0x1a/0x30 [ 868.894887][ T30] [ 868.898349][ T30] Kernel Offset: disabled [ 868.902829][ T30] Rebooting in 86400 seconds..